Firefox 4 release with news ads to watch

Brand new Firefox 4.0 is on its final descent. Be it the introduction of awesome TabCandy feature or the new super fast “JaegerMonkey” JavaScript engine, Firefox 4.0 is all over the news for all the right reasons. Take a look.

“Performance is a huge, huge, huge thing for us,” said Mike Beltzner, vice president of engineering for Firefox, in a web-cast on Tuesday about plans for the browser. “We created the performance story, and we’ve got to keep at it.”

Among other features planned for Firefox 4 — and Mozilla emphatically cautions that plans can change — are support for high-speed graphics and text through Direct2D on Windows; a tidier user interface with more prominent and powerful tabs; support for several newer web technologies; 64-bit versions; and compatibility with multi-touch interfaces.

Performance means any number of things in a browser. Among them: the time it takes to launch the program or to load a web page, the responsiveness of the user interface to commands such as opening new tabs, and the speed with which web-based JavaScript programs execute. Firefox programmers also will work on more perceptual speed improvements, Beltzner said, such as changing the order that web page elements appear on the screen and the appearance of the page-loading progress bar.

Speed is only one item on a long list of changes Mozilla has in mind for its five-year-old open-source Firefox browser. Improving Firefox is arguably a greater challenge now, though, for several reasons.

First, there’s new energy in competitors including Microsoft’s Internet Explorer 9 and Chrome from web powerhouse Google. Second, making abrupt changes is harder without ruffling feathers among its large user base — Firefox accounts for roughly a quarter of the browser usage worldwide. Third, Firefox is expanding from PCs to mobile phones and tablets with very different hardware requirements. Last, a long list of new technologies are profoundly transforming browsers into a foundation for web applications, but many of those advancements are far from settled. Beltzner recognizes the challenges.

“We are in it to win it,” Beltzner said. “It’s no longer the case where it’s all easy wins. There’s hard work to be done here. We have to make sure we’re the ones leading the charge in keeping the web open for users.”

Scheduling

Mozilla established a Firefox 3.6, 3.7 and 4.0 release plan in 2009, but the organization warned early this year that the browser schedule was changing. Tuesday’s web-cast offered a new schedule with no Firefox 3.7.

One key feature of 3.7 called out-of-process plug-ins, which moves plug-ins such as Adobe Systems’ Flash Player to their own separate memory area for better stability, was advanced to Firefox 3.6.4, code-named Lorentz and in beta testing right now. Meanwhile, Mozilla concluded it needed more time for a planned user-interface overhaul and to be liberated by a “rebooted” plan for a new extensions foundation called Jetpack.

“I think we need to get to a first beta by the end of June”, before the Mozilla Summit in early July, he said. Releasing that version “puts us in a position where we can ship [the final version] somewhere in October or November”.

Mozilla’s new schedule for releasing Firefox 4 — if all goes well….November 2010.
(Credit: Mozilla)

Given past experience, this deadline may not be met. Firefox 3.6 had been due in that time frame in 2009 and slipped into early 2010. “This is an aggressive schedule to be sure. We have to focus the efforts of projects already under way so it can come together to be a really great Firefox 4,” Beltzner said. And programmers will have to prove the merit of any new projects very soon if they want them included.

So what else is new?

Tabs are one area of change for users. Tabs will be above the address bar, as is the case with Chrome, and a home tab replaces the home button. In addition, narrower application tabs can be dedicated to various web apps. Instead of a menu bar across the top, there’s a single Firefox button with a drop-down menu. Typing in the address bar can be used to switch to other tabs.

One change that had been bandied about, though — a unification of the address bar and the search bar, a la Chrome — didn’t appear in Beltzner’s designs.

Mozilla hopes to change some dialog boxes to make them more effective. Two examples are the option for Firefox to remember a web-site’s password and to permit a website to use the browser user’s physical location.

Significant changes to the user interface can lead to confusion, but in the long run, the pain can be worthwhile, Beltzner said. Sometimes, he said, “we’re going to have to do the uncomfortable thing.”

For developers, Mozilla also has a number of features planned for Firefox 4.

For web applications, the Firefox 4 plan includes support for WebSockets, a mechanism for easier communication between the browser and a web server. And as for dealing with the new class of touch-enabled devices, which often don’t have a keyboard or mouse, Firefox should be able to let web developers build pages controlled with a multi-touch interface.

The heart of web programming is Hypertext Markup Language (HTML), and Mozilla is building into Firefox a new HTML5 “parser”, the part of the browser that interprets the web page code. The new parser can handle Scalable Vector Graphics (SVG) and mathematical equations interleaved with the rest of a web page, runs as a separate computing process to improve browser responsiveness, and fixes “dozens” of long-standing bugs on the previous parser, Mozilla said.

In industry shorthand, HTML5 often stands for many new technologies that aren’t part of the actual HTML5 specification or even the broader HTML renovation effort.

Firefox 4 will support some of those, too, but two important ones are only tentative at this stage: the newer Indexed DB effort designed to improve how information from a website is stored locally on a computer, and the WebGL effort to build hardware-accelerated 3D graphics into the web. Required driver support for graphics chips complicates WebGL, and the Indexed DB specification isn’t likely to be finished in time, Beltzner said.

For the movement to sidestep Flash with web technologies, Firefox 4 has a few features planned. Some newer aspects of Cascading Style Sheets (CSS), used for formatting, are set to be supported, including transitions that can animate the transformation of one web element into another. Firefox 4 also is expected to support more of the newer CSS3 specification.

Also stepping on Flash’s toes will be support for SMIL, the Synchronized Multimedia Integration Language that can be used for some animation chores, and faster performance with the 2D drawing interface called Canvas.

Under the hood

Performance improvements to Firefox will come through improvements to the underlying software. One significant change coming is JaegerMonkey, which combines Firefox’s current JavaScript engine with elements of those used in Chrome and Safari browsers.

“JaegerMonkey has reached a halfway point: we’ve closed about half the performance gap between our baseline performance and the competition,” JaegerMonkey programmer David Mandelin said in a blog post on Monday. However, he added, “you can build a browser with JM [JaegerMonkey] today, but you probably won’t get too far before crashing. Fixing that is next on my list.”

Also on the Firefox 4 plan is support for 64-bit processors. Operating systems have now made the jump in earnest, but not all software has followed suit.

Other hardware changes planned for Firefox 4 include support for Direct2D on Windows, a feature that lets the browser tap into the engine for hardware-accelerated graphics and text. That support exists on Windows 7 and the latest service pack of Vista, but here again, “driver hell” is a risk.

Support for Windows 7 interface features including Aero peek, jump lists, and icons with progress bars are also on the to-do list for Firefox 4.

Support for cameras and microphones is only a tentative goal, as is tighter integration with Mac OS X.

These plumbing details might sound arcane, but they’re important as browsers become a foundation for ever-increasing amounts of computing chores. A Monday blog post from Firefox programmer Vladimir Vukicevic captured the essence of the matter.

“Today’s web browser is in many ways acting like a miniature full operating system,” Vukicevic said.

Copyright 2006 Mozilla Corporation. All rights reserved.

Pwn2Own – What browser and OS are the safest to use?

Pwn2Own is a computer hacking contest held at the annual CanSecWest security conference, beginning in 2007. Contestants are challenged to exploit specific software (especially web browsers and other web related software) / computing platform targets. Contestant winners receive the device/computer that was successfully exploited and a cash prize.

For each successful exploit, the contest’s sponsor, TippingPoint, provides a report to the applicable vendor, detailing the vulnerability and how it was exploited. The details are not released to the public until the vendor has corrected the vulnerability.

Summary: The results of pwn2own is definately a major factor in choosing a browser. The winner was Google Chrome due to its implementation of each tab being sand-boxed from the operating system.

The Competition started at March 24, 2010 and had a total cash prize pool of $100,000. On March 15—nine days before the contest was to begin—Apple released sixteen patches for WebKit and Safari.

Software to exploit

$40 000 of the $100 000 are reserved for web browsers, where each target is worth $10,000.

Day 1

• Microsoft Internet Explorer 8 on Windows 7
• Mozilla Firefox 3.6 on Windows 7
• Google Chrome 4 on Windows 7
• Apple Safari 4 on Mac OS X Snow Leopard

Day 2

• Microsoft Internet Explorer 7 on Windows Vista
• Mozilla Firefox 3 on Windows Vista
• Google Chrome 4 on Windows Vista
• Apple Safari 4 on Mac OS X Snow Leopard

Day 3

• Microsoft Internet Explorer 7 on Windows XP
• Mozilla Firefox 3 on Windows XP
• Google Chrome 4 on Windows XP
• Apple Safari 4 on Mac OS X Snow Leopard

Target: Mobile Phones

$60,000 of the total $100,000 cash prize pool is allotted to the mobile phone portion of the contest, each target is worth $15,000.

• Apple iPhone 3GS
• RIM BlackBerry Bold 9700
• Nokia E72 device running Symbian
• HTC Nexus One running Android

Successful exploit

• Charlie Miller successfully hacked Safari 4 on the Mac OS X.
• Peter Vreugdenhil exploited Internet Explorer 8 on Windows 7 by using two vulnerabilities that involved bypassing ASLR and evading DEP.
• Nils hacked Firefox 3.6 on Windows 7 64-bit by using a memory corruption vulnerability and bypass ASLR and DEP. Mozilla patched the security flaw in Firefox 3.6.3.
• Ralf Philipp Weinman and Vincenzo Iozzo hacked the iPhone 3GS by bypassing the digital code signatures used on the iPhone to verify that the code in memory is from Apple.

It is interesting to see how different companies approached this event:

Mozilla acknowledged the bug, fixed it in 10 days, publicly announced it as critical, and fixed it in a previous version just in case .

Microsoft made a public statement saying that it will be fixed, and that’s all folks, at least for now.

Apple with Safari is all secrecy.

Why switch to Ubuntu?

Most people probably have never heard of an operating system different than Windows. Most of them are not as widely advertised as Windows either. I have completely switched to Ubuntu years ago and I must say I do not regret one single bit of doing so.

I was using Windows XP as my main operating system and I couldn’t help but notice how slow it was at times. Especially when I had all the needed applications installed. It was so frustrating to wait for it to boot up in the mornings when I needed it to boot up fast, because all I needed was Firefox. Right then I found out about Ubuntu and seeing the train wreck that Vista was becoming in 2006 I made the switch.

A friend of mine started talking about how Ubuntu is giving away free CDs and I thought “Hey why shouldn’t I order one as well?” I received my free CDs about a week after the order. I put it right in without any further hesitation and started setting up a dual boot system (Ubuntu and Windows).

After finishing the set up I found Ubuntu faster than any version of Windows that I’ve used before. The boot up time was surprisingly short. I was able to access the web and my mail in a matter of seconds! Ubuntu also came with a pre-installed set of applications, saving me time searching around the internet for software. I thought I will also have to find most of the drivers on my own, but surprisingly Ubuntu already had a pop-up ready for me. It even had a driver for my EMU10K1 sound card. It’s a pretty old card and it does not work with Windows Vista (no 5.1 surround), but Ubuntu managed to pull it off. It had everything I needed – support for all of my hardware and speed.

A lot of people fear Linux, because of the compatibility. People tend to think that Microsoft Office is the ONLY set of office applications out there. Well it’s not. Ubuntu comes with a pre-installed Open Office package. And guess what, it’s compatible with the document formats that Microsoft Office uses. And it’s not just for office applications. Ubuntu comes with a built-in IM client and a built in mail client!

Ubuntu is free, fast, functional, customizable and user friendly!

Microsoft – Vista is history & time to dump Internet Explorer

Vista is history and the the biggest news for Windows seems to be the death of XP Service Pack 2.

Here is some coverage:

• Microsoft to stop security updates for Windows XP Service Pack 2
• Microsoft Will Soon Discontinue Security Support For Windows XP Service Pack 2
• Microsoft to end support for Windows 2000, XP SP2 on July 13
• Microsoft abandons XP SP2
• Microsoft to End XP SP2 Support
• Microsofts Ends Support for Windows XP SP2 and 2000
• Windows XP Service Pack 2 Support Ends Soon

Google Chrome Speed Tests

Google has just released a brand-new beta of its Google Chrome web browser. As is usually the case, it touts it as the fastest Chrome ever and cites significant JavaScript performance improvementsover the previous beta and the first Chrome release. But, unlike the time the Google browser was first launched, it’s facing a much  more serious competition. So is Google Chrome still king or has someone else stolen the crown?

We decided to find out with some quick and dirty benchmarks, putting Google Chrome 5.0.375.23 Beta against its stepbrother Chromium 5.0.396.0 (46440), Mozilla Firefox 3.6.3, Opera 10.53 Beta 1 and Opera 10.10. As you can see, it’s a mix of stable, semi-stable and outright development builds so take that into consideration when looking at the results.

All browsers were running on Ubuntu 10.04 on a dedicated, but rather modest machine so don’t expect any record-breakers. Because we’re talking Linux here, there’s no Internet Explorer or Safari thrown in for comparison. We tried to keep the results as clean as possible, but the benchmarks aren’t scientific, by any means. The scores are the median of several runs of the benchmarks. The V8 benchmark was run 10 times in a row, SunSpider 5 times. The colorful charts were created with this nice tool.

Google V8 benchmarking suite

First up, Google’s own V8 Benchmarking suite, version 5. Google developers created the benchmark for their own internal use and it has been made available to everyone. Google’s browsers lead by a fair margin in this benchmark, though, Opera 10.53, which is still in beta on Linux, is showing some pretty impressive results. Firefox doesn’t like the V8 benchmarks a whole lot. As for Opera 10.10, the results speak for themselves.

SunSpider JavaScript benchmark

The SunSpider benchmark was developed by Apple’s WebKit development team to test JavaScript performance. It has proven balanced and reliable and is regularly used to compare web browser speed. Opera 10.53 beta 1 takes the crown here with a very good showing. When compared to the lacuster performance of Opera 10.10, the speed gains are truly impressive. Google Chrome and Chromium are very close together, with the open-source offering taking a small advantage. Firefox trails behind.

Sputnik JavaScript compliance test

Finally, since speed isn’t always everything, we ran the Sputnik JavaScript compliance suite of tests also developed by Google. It’s a thorough ordeal for the browsers as it goes through 5246 specially designed tests. The winner, perhaps surprising to some, is Opera, which fares a lot better than either Google Chrome or Firefox. Interestingly, it looks like Google’s V8 engine is getting some serious work these days as Chromium is showing significant improvements in compliance, to complement the  decent performance gains also visible. As for conclusions, we’ll leave them up to you.

Google’s Chrome browser is shining brightly, and it’s not hard to see why. First, the stats: According to the latest NetApplications figures, Chrome now has 6.7 percent of the browser market–a stunning rise from zero prior to 2009. Competing browsers are either treading water or, as in the case of Microsoft Internet Explorer, in precipitous freefall.

So what explains Chrome’s sudden burst of popularity? Here are five reasons:

It’s very fast: Google’s browser is a speed demon. PC World’sperformance tests have shown that Chrome has the fastest page-loading times versus leading competitors Internet Explorer, Mozilla Firefox, Apple Safari, and Opera Software’s Opera. Anecdotally, I’ve noticed that the speedy Chrome runs circles around slow, lumbering IE. Sometimes, however, Chrome’s need for speed is annoying. The browser times out too quickly and fails to load web pages because, well, it’s too impatient. Hopefully Google will let users adjust this setting in the future.

It’s very simple: Like many Google apps and services, Chrome emphasizes ease of use. Compared with IE, there are fewer menus, options, and features to configure. Usually that’s a good thing, but not always. Sometimes I find myself reverting to IE for, say, the print preview feature. Could you add that, Google?

Better security: IE’s security mishaps are well chronicled. To be fair, Microsoft has worked diligently to make its browser more secure, but nagging problems persist. By comparison, Chrome is a paradise of protection due in part to two factors: architecture and obscurity. Chrome’s use of “sandboxing,” isolating Internet commands from the operating system and other apps and data, makes it harder for hackers to load malware onto PCs. At Vancouver’s Pwn2Owncontest in March, security experts were able to hack the other leading browsers, but not Chrome. In fact, they didn’t even try to hack Chrome, the New York Timesreports. It’s important to note, however, that Chrome’s low market share also contributes to its relative safety. If you’re a malware creator, why direct your efforts toward Chrome when IE represents such a big, fat target?

Runs well on older hardware: There’s still a very large installed base of Windows XP machines out there, particularly in the enterprise market. Chrome’s speediness is ideal for older hardware with slower components.

Chrome’s ad campaign: Google may have inexplicably under-marketed its tepidly received Nexus One smartphone, but it hasn’t made the same mistake with the Chrome browser. A TV ad campaign helped introduce Chrome to the masses, most of whom don’t give much thought to their choice of browser.

Microsoft, of course, will continue to improve Internet Explorer, as will the developers of competing browsers. But Google Chrome’s early success shows that simplicity sells.

Internet Explorer is dangerous! Part#2

4 out of 5 people use Microsoft Internet Explorer as their web browser. Internet Explorer frequently presents critical security risks to systems that use it, allowing malicious websites to hijack their computers, infect them with viruses, and conduct identity theft, and its lack of technology support has driven up the cost of web development and stifled innovation.

It is in the best interest of all Internet users to stop using Internet Explorer as soon as possible!

There are free alternatives that offer quality as good or better than Internet Explorer. The following article will explain in greater depth the problems with Internet Explorer and what the alternatives are.

Too much to read? An abridged version is available.

Internet Explorer is dangerous! part#1

Why switch from Internet Explorer?

Firefox 3.6 sees 100M downloads, now pushing notifications

Firefox 3.6—the latest version of the popular open source Web browser—was officially released in January, but there are still many users who have not yet updated. In an effort to increase awareness about the availability of version 3.6, Mozilla announced today that it will start rolling out upgrade notifications to its users through the browser’s built-in update system.

According to Mozilla’s statistics, the new version has already been downloaded over 100 million times since its release in January. That doesn’t include the significant number of existing users who have already migrated to 3.6 by using the browser’s built-in upgrade system without being prompted to do so.

Firefox is arguably one of the most successful open source software projects. Mozilla celebrated last year when Firefox surpassed 1 billion total downloads. The current number of active daily users is said to be over 350 million.

Getting such a large user base to migrate to the latest version is not an easy task, but Mozilla always manages to get the job done. Studies show that Firefox ranks high in update effectiveness, getting over 85 percent of its users to switch to a new version within 21 days after release. The only browser that has a better upgrade penetration rate is Chrome, due to its highly aggressive background updater.

Firefox 3.6 is a somewhat modest incremental update. It brought several noteworthy new features for users, such as the Personas lightweight theming system. It also offers some compelling new capabilities for Web development, including CSS gradients, client-side filesystem APIs, and the @font-face feature.

For more details about the automated upgrade process, you can refer to the announcement in the Mozilla Developer Center.

Internet Explorer 6 is Dead But Its Damage to the Internet Persists

Summary: Microsoft is pulling support for Internet Explorer 6, but to suggest that it will improve things is to ignore the short-term impact which is scary

We wrote about Microsoft phasing out support for older versions of Windows (which many businesses still use). This is confirmed by some more publications and it is problematic because some businesses (those using Windows 2000 for example) will be stuck with unpatched software unless they purchase an update to Windows; it’s not only costly but it also creates compatibility issues that many businesses are not prepared to cope with. They have no access to source code, so they cannot quite resolve these issues, either (or hire someone to do this).

Similar issues are now being raised because Microsoft withdraws support for IE6. Web developers are happy [1, 2] as they assume that people will actually depart from IE6. Well, perhaps they have not heard about what happened in Korea. It’s an issue that Mozilla mentioned the other day and the Korea Times has just raised as well:

Korea Sticking to Aging Browser

[...]

In an ironic twist, South Korea, the self-touted high-tech nation of the planet, appears to be clinging to decaying Internet technologies.

Internet giant Google is now telling its users to drop Internet Explorer 6 (IE6), the antiquated Microsoft Web browser that debuted in 2001, planning to kill IE6 support on its key products such as YouTube (www.youtube.com) and Gmail e-mail services.

There is an ActiveX infection that prevents the nation from offering choice. This leads to many problems such as the recent attacks against Google users. Microsoft Nick writes: “Chinese hacker of Internet Explorer, Google ID’d by US investigators, report says”

The important points to make here are that: (1) Internet Explorer 6 will still exist, so sites need to be compatible with it and (2) Internet Explorer 6 users will be even less secure from now on, which helps nobody.

Coincidentally, YouTube will drop support for IE6 in less than two weeks from now [1, 2] and Microsoft Nick calls for a funeral (to take place today).

Internet Explorer 6 died on March 1, 2010, in Mountain View, Calif., after a family rival removed it from life support. The simultaneously beloved and detested Web browser was nearly 8.5 years old.

“Beloved”??? By whom?

Anyway, according to another report, Google keeps gaining at Internet Explorer’s expense.

Adobe, just as flawed as Microsoft

Adobe is urging users of its PDF Reader and Acrobat software to install an update that fixes a couple of critical security holes in the products. The patches come amid news that booby-trapped PDF files were responsible for roughly 80 percent of the exploits detected in the 4th quarter of 2009.

The latest update brings Adobe Reader to version 9.3.1, and fixes a pair of vulnerabilities that Adobe has labeled “critical,” which means the flaws could be used to install malicious software on vulnerable systems. Updates are available for Windows, Mac and Linux versions.

If you use Adobe Reader, please apply this update. Then, take a moment to turn off Javascript, the feature in Reader that is most exploited by attackers. To do this, follow these instructions:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

Better yet, consider using an alternative PDF reader, such as the free Foxit Reader. I also disable Javascript in Foxit, mainly because I find I don’t need it.

Earlier this week, Web security firm ScanSafe released a report (.pdf !) showing that roughly 80 percent of the Web-based exploits it detected in the last three months of 2009 attacked Adobe Reader vulnerabilities. Add Adobe Flash vulnerabilities into the mix, and the two programs made up the lion’s share of the Web exploits ScanSafe detected in Q409.

Source: ScanSafe

For its part, Firefox maker Mozilla at the end of last year began tracking a huge uptick in the number of Firefox crashes due to Adobe Reader. As some posters to this Mozilla Bug Database entry posit, the crashes were almost certainly due to increased exploitation of the Adobe Reader zero-day vulnerability that Adobe finally patched on Jan. 12, weeks after evidence surfaced that criminal hackers were exploiting the flaw in targeted attacks.

Update, 4:06 p.m. ET: If you decide to do without Adobe Reader and uninstall it, you might want to nix the Adobe Download Manager as well. Researcher Aviv Raff points to some nifty work he’s done which shows that Adobe’s Download Manager — which ships with all new versions of Flash and Reader — can be forced to reinstall an application that’s been removed, such as Reader. According to Raff, a Web site could hijack the Adobe Download manager to download and install any of the following:

Adobe Flash 10

• Adobe Reader 9.3
• Adobe Reader 8.2
• Adobe Air 1.5.3
• ARH tool – allows silent installation of Adobe Air applications
• Google Toolbar 6.3
• McAfee Security Scan Plus
• New York Times Reader (via Adobe Air)
• Fanbase (via Adobe Air)
• Acrobat.com desktop shortcut

Raff writes: “So, even if you use an alternative PDF reader, an attacker can force you to download and install Adobe Reader, and then exploit the (yet to be patched, but now known) vulnerability. The attacker can also exploit 0-day vulnerabilities in any of the other products mentioned above.” Read more on his findings at this link here.