Every once in a while, various "experts" suggest that "replacing product x with product y" will bring about security nirvana. This is partially true in the short term but pretty much useless in the long-term.

The current debate (actually, there is no real debate here but should be) is about using Firefox instead of Internet Explorer because Firefox is more secure. I agree that in the short term, Firefox is more secure, but wish it would be stated as follows: "Currently, there are not as many (or no) known vulnerabilities associated with Firefox and so it is more likely that script kiddies and worm writers will want to attack Internet Explorer simply because there is more information about vulnerabilities and a much larger target population to get nasty with."

A couple of things about this: 1) we always discuss finding vulnerabilities as if the process makes us more secure, yet when comparing products, we suggest that those with fewer vulnerabilities are actually more secure. I would suggest that there are simply more vulnerabilities left to find – which could easily apply to Firefox. 2) popularity is a strange thing – at some point, if everybody takes the advice to switch to Firefox, then it becomes a more attractive target and will suffer the same consequences as IE does currently.

Bottom line: Firefox may be the girl you want to date but not marry – you like the features and need a short-term ‘fix’ (security fix, that is). If you decide to marry, make sure you do it for the right reasons.