It’s probably a gross understatement to say that 2004 has
been a tough year for Microsoft Internet Explorer. The world’s most widely-used
Web browser has gotten hammered by repeated vulnerability disclosures
throughout the year, and more and more hackers are trying to trick users into
visiting malicious Web sites that can take advantage of IE in order to plant
spyware and other malware onto PCs.

This security deluge has prompted some disgruntled users to
abandon Internet Explorer for other browsers. Between June and July of 2004, IE
market share slipped by over 1 percent from 95.48 to 94.16, according to a News.com report. It was
the first time that IE has experienced such a downward trend since Web analytics
company WebSideStory began tracking browser market share in 1999.

While alternative browsers such as Opera and Apple’s Safari browser for Mac OS X now offer
viable alternatives to Internet Explorer, the browser that is picking up most of
the slack from IE is Mozilla, which
increased its market share from 3.54 to 4.59 during the same period that IE lost
its record number of users. Mozilla appears to be the biggest winner because of
the growing popularity of its new upstart browser for Windows called Firefox.

Why Firefox?

Firefox, a newly-engineered Web browser that uses Mozilla’s
Gecko engine, differs from the actual Mozilla product (and its
Netscape legacy) in that it is only a browser and does not contain all of the
additional built-in applications such as a mail client, a newsreader, and a
chat client that come with the Mozilla suite. As a result, Firefox is leaner
and faster and has less of an imprint on RAM utilization.

However, the value proposition of Firefox isn’t simply a
“less is more” move. It has a different interface than Mozilla and
includes unique features such as popup blocking, an integrated Google search
toolbar, and tabbed browsing (a way to open different windows as tabs, similar
to the way different spreadsheets are on different tabs in Microsoft Excel).

While all of those features are appealing, the reason
Firefox is winning converts is because of its security. Mozilla developers have
built this browser with security and privacy as top priorities. Firefox does
not load Active X controls, it does not support VBScript, and it is not
integrated directly into Windows, so even if a hacker exploited the browser, the
system itself couldn’t be compromised quite as easily.

Next to its security, the best thing about Firefox is
probably the fact that it renders most Web sites clearly and effectively—in
most cases, it does a better job than Opera and Mozilla in this regard. That
helps to ease the pain for someone migrating from IE to Firefox as the primary
Web browser. For an administrator making that switch for the users on a
network, the following is a short list of things to like and dislike about
using Firefox in a corporate environment.

What to like

  • Currently,
    Firefox simply isn’t as big of a target as IE, so most hackers aren’t
    wasting their time trying to exploit it.
  • By
    virtue of not including Active X and VBS support, Firefox is inherently
    more secure than IE in its default configuration.
  • It can
    automatically import all favorites/bookmarks from IE during the first
    launch of Firefox.
  • Firefox
    includes popup-blocking functionality and strong privacy controls.
  • Tabbed
    browsing is built into the default installation of Firefox.

What to dislike

  • It
    does not fully work with Outlook Web Access.
  • Sites
    that use non-standard programming features available only in IE will not
    function correctly in Firefox. This also applies to some IT appliances and
    other devices that have a Web interface.
  • It can’t
    use the official Google toolbar as well as many other popular IE add-ons
    (though Firefox is quickly developing a nice body of “extensions” of its
    own).
  • It
    cannot be used for downloading software updates through Windows Update.

What TechRepublic members think about Firefox

When the Download.Ject flaw in Internet Explorer was
disclosed, I used a discussion
post
in the TechRepublic forums to raise the question of whether it was
worth switching to another browser in order to improve security on a corporate
network. Much of that discussion turned into a debate over the merits of
Firefox, which was put forward by the largest number of TechRepublic members as
the best alternative to IE.

By far, the largest number of respondents said that not only
was it worth switching to Firefox, but a lot of them are already in the process
of doing it. Member jm2@imagemining.net
said, “I am going with FireFox as the primary browser [on my network]. But
I have two mission critical apps that require IE, so I have to educate users
when to use IE and when not to. It’s a pain, but I think IE is too huge a
vulnerability to tolerate it.”

Another member, CJNMIS,
has had a similar experience. “I’ve done it. I switched to using both
Opera and Firefox. Some Web sites do not display properly, and I am forced to
use IE on those sites. Cisco GUIs also do not [render] properly. CallManager
3.2 doesn’t work at all, and TACACS can be buggy.”

One issue that TechRepublic members brought up was the actual
process of deploying Firefox in a corporate environment. TechRepublic member Brendon asked, “Does anyone have a
good resource list for deploying Firefox in a corporate environment (e.g.,
Win2K domain)? I am looking to make the change in our office (110 users) and
would appreciate any advice.”

TToE responded by
saying, “I’ve looked for this as well, and there doesn’t seem to be an
.msi available right now. However, there are .xpi files that are supposedly able
to run install scripts for Firefox. I haven’t pursued this too far yet, but I’m
hoping there’s a deployment guide by the time version 1.0 rolls around.”

Multiple TechRepublic members also reported that after they
switched to Firefox and then ran a program such as Ad-aware or SpyBot, they
noticed a dramatic decrease in the amount of adware and spyware that showed up
on their systems.

Final analysis

It’s doubtful that any organization can drop Internet
Explorer altogether. However, a number of IT pros have begun to experiment
with making Firefox the default browser for the systems on their network and
then having employees use only IE for the sites, applications, or devices that
are unusable in Firefox.

This works well because the sites that are most dangerous are
anonymous sites. Using Firefox to handle these anonymous sites as part of
general Web use can reduce the potential of danger. Meanwhile, limiting use of
IE to Windows Update, Outlook Web Access, network devices, and other trusted sources
can keep IE from being such a security and privacy risk.

For those who are serious about a Firefox switch, the
following links can provide additional assistance: