Is Security The Secret Of Firefox’s Success?

Don Reisinger, eWEEK USA 2013. Ziff Davis Enterprise Inc. All Rights Reserved,

It’s Firefox’s reputation for superior security, rapid patching of security holes and its multitude of browser extentions that has allowed it to win converts among corporate and personal Web users

The Mozilla Foundation announced last week that its Firefox Web browser has surpassed one billion downloads. According to the company, it took Firefox less than five years to reach that milestone. In that time, the browser has become a mainstay on millions of computers across the globe, capturing significant market share away from the browser market’s leader, Microsoft’s Internet Explorer.

But is Firefox now, after one billion downloads, the ideal corporate solution for companies trying to escape Microsoft’s grips? It’s tough to say. But undoubtedly, that answer needs to start with security.

Security
Microsoft’s Internet Explorer is often criticized for its security troubles. Unfortunately, Internet Explorer has been the gateway for many malicious outbreaks that have impacted corporate computers. Spyware, adware and viruses have all made their way into corporate computers through Microsoft’s browser.

But one of the most prominent reasons for outbreaks occurs through ActiveX running on Internet Explorer. Malicious hackers use ActiveX as an opportunity to exploit users. Realizing that, in 2006, Microsoft started providing more safeguards in Internet Explorer. Internet Explorer 7 does do a better job of protecting users against ActiveX outbreaks. But according to a security report from research firm Secunia, there were more ActiveX outbreaks (366 total vulnerabilities) in 2008 than those that broke out in 2007. It was a black eye for Microsoft.

On too often an occasion, Microsoft has released critical security updates for Internet Explorer. Granted, some might say that it’s better that the company address issues, but many folks believe it’s too slow to update problems. Patch Tuesday, the day each month that Microsoft releases security updates, has become a running joke in the security community.

For its part, Microsoft contends that Internet Explorer 8 will prove to be far more secure than its predecessors. Whether or not that will be true is up for debate. Judging by its history, Microsoft’s security resume has been big on promises, but small on results.

Mozilla, on the other hand, has handled browser security far more effectively than its main competitor. The browser has often been cited as a more-secure browser than Internet Explorer. That’s partly due to security features, including sandboxing, which it has built into the browser, but it’s also due to the community. Since Firefox is open source, the community has helped the Foundation patch vulnerabilities much sooner than the competition. In fact, a 2006 report in The Washington Post claimed security vulnerabilities in Firefox went “unpatched” for an average of nine days. The average Internet Explorer vulnerability stayed active for 284 days. Microsoft has done better in recent years, but Firefox is still leading the way.

A Secunia report in 2009 found that Firefox 3.5 had no unpatched security vulnerabilities. Internet Explorer 8, which is Microsoft’s most-secure browser yet, had just one unpatched security vulnerability. It’s not bad, but one security problem can still wreak havoc on an organisation.

The extras
Firefox handily beats Microsoft’s browser with extras. Right now, Firefox offers thousands of browser extensions that are designed specifically for improving the corporate browser experience. From productivity tools to Web development to added security, Firefox extensions give companies the options they need to improve employee productivity. Microsoft has some plug-ins available for its own browser, but so far, they don’t compare on any level with Firefox add-ons. And from a company perspective, the more useful add-ons available to companies, the better.

What about Europe?
Although Microsoft announced last Friday that it plans to ship the same Windows 7 version to Europe as it will to the rest of the world, it has faced some serious pressure from Europe over its inclusion of Internet Explorer in its operating system. Opera, another competitor in the space, contends that it’s an unfair business practice. The European Union agreed with that sentiment, leading Microsoft to make it easier for users to use alternative browsers instead of Internet Explorer.

Although the company will still lead the browser market over the short-term, the push-back from regulators will lead to many European companies opting for a different browser. That could mean more employees use different browsers and, in the process, Microsoft’s lead will start to erode.

To regain lost market share, Microsoft needs to do much more with Internet Explorer. It needs to make a more concerted effort to open it to the community. It needs to make its browser more secure. And, without a doubt, Microsoft needs to do more to ensure companies will be getting the fastest, safest and most appealing browser on the market. It won’t be easy. But it will have to start with Internet Explorer 8, Windows 7 and a new, online-focused Microsoft that accepts the power of the community.

It’s on its way. But until it can match Firefox, it seems Mozilla’s browser is still best for enterprise users.