There are many functional benefits to using Firefox over other browsers and Linux over other operating systems but the single most important one is support. Yes, you didn’t read that wrong, I’m praising the support structure behind open source products. Read my read world example below if you want to see why.

On Monday morning, after I powered up my PC and downloaded email, my daily newsletter (featuring Friday’s headlines) from The Register was sitting in my inbox. It featured a story that worried me. You can read the whole story here but the salient bits are the intro:

“There’s bad news for users of alternative browsers this Friday, with both Opera and Firefox subject to security vulnerabilities.”

And a little further down:

“Firefox users also need to upgrade. Version 2.0.0.8 of the popular open source browser fixes a number of vulnerabilities that might lend themselves to data exposure or system compromise risks.”

So I popped over to the Mozilla web site to see if the update was available. It was and, what’s more, it had been posted the day before the story. And while I could have updated my browser immediately, I wanted to see how long it took for me to be notified of the Ubuntu-specific update containing that upgrade. It wasn’t long. It arrived yesterday.

Let me reiterate: The Register, which is usually on top of all things IT, reports a security issue the day AFTER the fix is posted. And the support structure behind my chosen Linux distro delivers the associated update less than a week later – and that includes the intervening weekend.

Now that’s what I call support.

Now consider the alternative. In July 2006 the US Department of Homeland Security’s National Vulnerability Database issued an alert in respect to a flaw discovered in Internet Explorer 6. This particular vulnerability allows remote attackers to cause a denial of service (crash) and execute arbitrary code on a user’s PC. The NVD noted further that, while not critical, the problem was quite severe and, importantly, that authentication on the user’s PC was not required for an attacker to exploit the vulnerability. Scary stuff.

By 3-Oct-2007, Microsoft had still not released a fix. On that day, The Register reported that two groups of security researchers had released unofficial patches to fix the problem and that Microsoft planned a patch in it Patch Tuesday update scheduled for 10-Oct-2007. I have no idea if that actually happened and, frankly, I don’t care. I just very glad I didn’t have to wait fifteen months for a vulnerability in my browser to be fixed.

That’s why I use open source – oh yes and also because I don’t have to reboot my PC twenty times every time I install a new application. I kissed the blue screen of death goodbye three years ago and haven’t looked back.

Disclaimer: As a programmer in a past life I am fully aware that some problems take longer than others to fix. But 15 months is too long by anyone’s measure.

Advertisements