Lies, Damned Lies and Microsoft Security Marketing
So it’s one thing to publish a misleading report comparing the security of Internet Explorer and Firefox (ignoring days of risk, time to patch and automated updates), and it’s another thing to paint said report by a Microsoft employee as an unbiased third party study by not disclosing who authored it. (Even on clickthrough of the link on the IE Blog, it isn’t clear who Jeff Jones is, just that he’s posting to “CSO, the Resource for Security Executives.”)
From today’s IE Blog:
“According to a vulnerability report published today, IE7 has fewer vulnerabilities than previous versions of IE over the same time period.”
That should really say:
“According to a vulnerability report published today by Microsoft Security Strategy Director Jeff Jones, IE7 has fewer vulnerabilities than previous versions of IE over the same time period.”
We’ll have more to share on how wrong Jeff’s study is in just a bit on the Mozilla Security blog, but for now, I’d like to encourage our friends at Microsoft to practice responsible disclosure when they issue propagandist literature and portray it as the god’s honest truth. Guys: you are giving marketing a bad name, and you’re misleading your readers.
Updated 12/1/07: Here’s our side of the story.
- Window Snyder: Critical Vulnerability in Microsoft Metrics
- Mike Schroepfer: Apples, Oranges and the truth
- Mike Shaver: Counting still easy, critical thinking still surprisingly hard
Asa Dotzler - Firefox and more 3:49 pm on November 30, 2007 Permalink
according to microsoft employee, microsoft is better…
Nice catch Paul!……
Bill 3:49 pm on November 30, 2007 Permalink
It may be true in the way they wrote it. They didn’t compare it with other company browser statistics (only previous versions of IE; they don’t even say which previous versions) and they never said if they were using public counts of vulnerabilities or just the ones they “knew” about.
It is entirely possible that IE7 has less bugs that they know about than IE6 did (or 5 or 4 or whatever the compared it to). There isn’t a way to tell MS about the IE7 bugs and it is a more mature product with very little actual new functionality; it should be expected to have fewer bugs.
Paul Kim 4:22 pm on November 30, 2007 Permalink
@Bill – the report specifically calls out Firefox, not just previous versions of IE.
Bill 6:06 pm on November 30, 2007 Permalink
ok, sorry after reading the report I want to puke. It is hard to imagine someone actually pushing that garbage. Note that the IEblog post doesn’t say anything about firefox, merely stating that IE7 is better than previous versions of IE. It is only the report from “Jeff Jones” (a person I must admit I have never heard of before and whose statistics skills are rather diminished).
Apples, Oranges, and the truth · Get Latest Mozilla Firefox Browsers 7:59 pm on November 30, 2007 Permalink
[...] vulnerabilities in the first year than the other browsers we compared.” Paul has already pointed out that this report was generated by a Microsoft employee, but not explicitly disclosed as [...]
Shameless bias about IE security at sprignaturemoves.com 9:01 pm on November 30, 2007 Permalink
[...] this article about the first year of IE7 in one of the feeds I read. Nothing like a sneaky plug by a Microsoft employee on a Microsoft product. Stuff like this is what flame wars are made [...]
n-blue 5:58 am on December 1, 2007 Permalink
Better you give a prove of what you believe rather than uncivillized title. Don’t being just for marketing, but showing off your data. Then people can weight. Isn’t it better?
Btw, to note, Firefox is poor and the worse browser when render Thai font. Even Safari is better than Firefox.
Diego 4:31 pm on December 1, 2007 Permalink
Doesn’t this in the IEBlog post point to the fact that the “report” was an internally produced at Microsoft?
“According to internal Microsoft research based on data from Visual Sciences Corporation”
jmdesp 3:12 am on December 2, 2007 Permalink
@n-blue: Try Fx 3 beta. You’ll see that Fx Thai language problems are corrected in it.
fidibert 4:00 pm on December 2, 2007 Permalink
‘Guys: you are giving marketing a bad name, and you’re misleading your readers.’
ROFLMAO
What part of ‘marketing’ didn’t you understand?
n-blue 10:18 pm on December 2, 2007 Permalink
@jmdesp
I and my friends (Fx fanboy and supporter) did test Fx3. It fixed only with line-break. There is other two bugs that need to fix.
1. Fx call the first font in system if you have new font installed then you’re nearly unable to read the page with Thai font. (Picture on first link will tell, it happend even with Google search page).
2. People called it justify bug. You will see it when you run Fx on Vista. This bug arrange or render Thai in terrible way.
These two bug still left in the last beta of Fx3.
CableGuy 5:36 am on December 3, 2007 Permalink
Wow! One more great Microsoft study.
TheXBlog » Browser-Sicherheit: Streit zwischen Microsoft und Mozilla 8:55 am on December 3, 2007 Permalink
[...] ist. Unter anderem an dieser Tatsache regt sich Unmut beim Mozilla-Team. So beklagt sich Paul Kim, Vice President des Marketing-Bereichs bei Mozilla, dass dem Leser des Blog-Eintrags von Microsoft [...]
Mio 9:27 am on December 3, 2007 Permalink
What about testing Linux and Firefox versus Michrosoft Windows and Microsoft Internet Explorer?
SitePoint Blogs » Microsoft and Mozilla Disagree on Browser Security 9:17 pm on December 4, 2007 Permalink
[...] Kim, who pointed out that the report Microsoft was citing was actually prepared by Microsoft, in Lies, Damned Lies, and Microsoft Security Marketing: That should really [...]
Crake2012 8:53 pm on December 5, 2007 Permalink
@filbert
thank you.
Guia do PC » Mozilla rebate elogios ao Internet Explorer 7 3:46 am on December 6, 2007 Permalink
[...] turma do Firefox são a estagnação do programa (da versão 6 para a 7, foram-se seis anos), e a credibilidade da pesquisa que, segundo o texto original do IEBlog, aponta que o IE 7 teve menos falhas em seu primeiro ano do [...]
Maar wat vinden de gebruikers er nou ZELF van? - Doe Niet Zo Moeilijk! 9:20 am on December 6, 2007 Permalink
[...] hoeveel mensen dat ding al gebruiken en hoeveel phishing attempts er zijn tegengehouden en andere vertekende statistieken. Dat is natuurlijk belangrijker dan, pak em beet, zorgen dat het kreng een beetje goed overweg kan [...]
n-blue 12:57 pm on December 6, 2007 Permalink
I just realized I forgot the links showing what I mentioned above.
a) Firfox pick up the first font it found on system. If you have custom installed font, you will see some thing like this.
http://n-blue.nblogz.net/firefox-extreamly-good/
b) People call it justify bug. It can not render Thai correctly on Vista PC. Firefox arrange the word to nearly unable to understand how it was spell.
http://n-blue.nblogz.net/small-but-great-advantage-of-vista/
This is not for blaming but need to be fixed.
David Tan 10:47 pm on December 8, 2007 Permalink
IE is simply the crappiest browser created, period.
n-blue | Firefox 2 vs. Internet Explorer 7: Security 5:42 am on December 15, 2007 Permalink
[...] ถัดจากนั้น Paul Kim การตลาดของ Mozilla ออกมางอแงโวยวายว่า IE โกหก ตั้งแต่แรกเริ่ม Firefox [...]
MICROSPLOT 12:50 am on February 5, 2008 Permalink
Anything but Speechless: 100 Things People Are Really Saying About Windows Vista…
Microsoft's web site offers us "100 Reasons You'll Be Speechless" over Windows Vista. Quoth the copy: "Using Windows Vista for the first time may leave you searching for words".
…