It's probably a gross understatement to say that 2004 has been a tough year for Microsoft Internet Explorer. The world's most widely-used Web browser has gotten hammered by repeated vulnerability disclosures throughout the year, and more and more hackers are trying to trick users into visiting malicious Web sites that can take advantage of IE in order to plant spyware and other malware onto PCs.
This security deluge has prompted some disgruntled users to abandon Internet Explorer for other browsers. Between June and July of 2004, IE market share slipped by over 1 percent from 95.48 to 94.16, according to a News.com report. It was the first time that IE has experienced such a downward trend since Web analytics company WebSideStory began tracking browser market share in 1999.
While alternative browsers such as Opera and Apple's Safari browser for Mac OS X now offer viable alternatives to Internet Explorer, the browser that is picking up most of the slack from IE is Mozilla, which increased its market share from 3.54 to 4.59 during the same period that IE lost its record number of users. Mozilla appears to be the biggest winner because of the growing popularity of its new upstart browser for Windows called Firefox.
Firefox, a newly-engineered Web browser that uses Mozilla's Gecko engine, differs from the actual Mozilla product (and its Netscape legacy) in that it is only a browser and does not contain all of the additional built-in applications such as a mail client, a newsreader, and a chat client that come with the Mozilla suite. As a result, Firefox is leaner and faster and has less of an imprint on RAM utilization.
However, the value proposition of Firefox isn't simply a "less is more" move. It has a different interface than Mozilla and includes unique features such as popup blocking, an integrated Google search toolbar, and tabbed browsing (a way to open different windows as tabs, similar to the way different spreadsheets are on different tabs in Microsoft Excel).
While all of those features are appealing, the reason Firefox is winning converts is because of its security. Mozilla developers have built this browser with security and privacy as top priorities. Firefox does not load Active X controls, it does not support VBScript, and it is not integrated directly into Windows, so even if a hacker exploited the browser, the system itself couldn't be compromised quite as easily.
Next to its security, the best thing about Firefox is probably the fact that it renders most Web sites clearly and effectively—in most cases, it does a better job than Opera and Mozilla in this regard. That helps to ease the pain for someone migrating from IE to Firefox as the primary Web browser. For an administrator making that switch for the users on a network, the following is a short list of things to like and dislike about using Firefox in a corporate environment.
What to like
- Currently, Firefox simply isn't as big of a target as IE, so most hackers aren't wasting their time trying to exploit it.
- By virtue of not including Active X and VBS support, Firefox is inherently more secure than IE in its default configuration.
- It can automatically import all favorites/bookmarks from IE during the first launch of Firefox.
- Firefox includes popup-blocking functionality and strong privacy controls.
- Tabbed browsing is built into the default installation of Firefox.
What to dislike
- It does not fully work with Outlook Web Access.
- Sites that use non-standard programming features available only in IE will not function correctly in Firefox. This also applies to some IT appliances and other devices that have a Web interface.
- It can't use the official Google toolbar as well as many other popular IE add-ons (though Firefox is quickly developing a nice body of "extensions" of its own).
- It cannot be used for downloading software updates through Windows Update.
What TechRepublic members think about Firefox
When the Download.Ject flaw in Internet Explorer was disclosed, I used a discussion post in the TechRepublic forums to raise the question of whether it was worth switching to another browser in order to improve security on a corporate network. Much of that discussion turned into a debate over the merits of Firefox, which was put forward by the largest number of TechRepublic members as the best alternative to IE.
By far, the largest number of respondents said that not only was it worth switching to Firefox, but a lot of them are already in the process of doing it. Member firstname.lastname@example.org said, "I am going with FireFox as the primary browser [on my network]. But I have two mission critical apps that require IE, so I have to educate users when to use IE and when not to. It's a pain, but I think IE is too huge a vulnerability to tolerate it."
Another member, CJNMIS, has had a similar experience. "I've done it. I switched to using both Opera and Firefox. Some Web sites do not display properly, and I am forced to use IE on those sites. Cisco GUIs also do not [render] properly. CallManager 3.2 doesn't work at all, and TACACS can be buggy."
One issue that TechRepublic members brought up was the actual process of deploying Firefox in a corporate environment. TechRepublic member Brendon asked, "Does anyone have a good resource list for deploying Firefox in a corporate environment (e.g., Win2K domain)? I am looking to make the change in our office (110 users) and would appreciate any advice."
TToE responded by saying, "I've looked for this as well, and there doesn't seem to be an .msi available right now. However, there are .xpi files that are supposedly able to run install scripts for Firefox. I haven't pursued this too far yet, but I'm hoping there's a deployment guide by the time version 1.0 rolls around."
Multiple TechRepublic members also reported that after they switched to Firefox and then ran a program such as Ad-aware or SpyBot, they noticed a dramatic decrease in the amount of adware and spyware that showed up on their systems.
It's doubtful that any organization can drop Internet Explorer altogether. However, a number of IT pros have begun to experiment with making Firefox the default browser for the systems on their network and then having employees use only IE for the sites, applications, or devices that are unusable in Firefox.
This works well because the sites that are most dangerous are anonymous sites. Using Firefox to handle these anonymous sites as part of general Web use can reduce the potential of danger. Meanwhile, limiting use of IE to Windows Update, Outlook Web Access, network devices, and other trusted sources can keep IE from being such a security and privacy risk.
For those who are serious about a Firefox switch, the following links can provide additional assistance: