Popular new browser is not immune to attacks, researchers say.
Matthew Broersma, Techworld.com
Thursday, February 10, 2005
Companies should think twice before jumping on the Firefox bandwagon, says a respected research group.
The open-source browser has been gaining market share steadily over the past few months, helped by industry support and user enthusiasm, but Firefox isn't the unstoppable juggernaut it might seem, according to a recent Gartner study.
Browser switching is taking place at the level of individual users, rather than organizations, and some of the factors that make Firefox more appealing than Internet Explorer are likely to go away as the browser gets to be more popular, said Gartner analysts Ray Valdes, David Mitchell Smith, and Whit Andrews. "The growth in usage of Firefox is driven by factors that are not inherently sustainable," they have warned.
In a study released last week, Gartner pointed out that Microsoft may regain market share simply by updating Explorer. The main question is whether the company will choose to make a significant Explorer upgrade before the arrival of the next-generation Windows, codenamed Longhorn.
"Microsoft's response to Firefox growth is limited by how much it ties a revamped Internet Explorer to the release of Longhorn," Valdes, Smith and Andrews said in the study.
Microsoft could halt the slide in Explorer's market share through an upgrade program or Firefox and other browsers could continue to gain ground unabated, Gartner said. But a more likely outcome is coexistence--users will continue to run Explorer but will also use Firefox alongside it in order to avoid problems, Gartner said. Companies should look at ways of managing this coexistence, analysts recommended.
Firefox's Simplicity Appeals
In the meantime, Firefox's growth may prove to be relatively limited. Individuals are switching to the browser because of the appeal of features such as tabbed browsing, integrated search, better standards support, and easy installation and removal, Gartner said. The browser's design--without ActiveX or deep hooks into the operating system--also makes security flaws less serious and patches easier to test and apply.
But Firefox is sure to be targeted by more malicious code as its market share grows, Gartner said. Security experts agree--more and more malicious code, including spyware, is turning up that targets Mozilla-based browsers, although so far most of it doesn't work properly, they said. Last year, for example, some sites began using XPI extensions to automatically install malicious applications in Mozilla and Firefox, which prompted a patch that stops XPIs from installing when a page loads.
"XPIs don't seem to be anywhere as successful as traditional Explorer exploits," said Graham Cluley, senior technology consultant with antivirus firm Sophos. "As the market for Firefox grows, however, attackers are going to say 'let's try and find new exploits'. But it's a good idea not to get too hung up on specific browser exploits, when there are plenty of spyware Trojans that don't depend on a specific browser."
Gartner also noted that Firefox benefits from the support of major industry players that want to back a browser alternative. "Google is supporting Firefox by providing an infrastructure for downloads. Amazon's A9 toolbar now supports Firefox. Major independent software vendors that aggressively linked their user interfaces to specific versions of Explorer (contrary to long-standing Gartner advice) will likely shift to a neutral stance," the analysts wrote.
Major Players Jump In
Google's desktop search application is likely to support Firefox soon, and IBM is supporting Firefox with its Workplace software, Gartner said.
Starting Thursday, Firefox gained the support of another big search player, Yahoo, which has launched a version of its popular Toolbar for the Windows version of Firefox. The browser add-in lets users create bookmarks and custom buttons and customizes search and site syndication capabilities.
It doesn't include the antispyware feature found in the Explorer version. Yahoo said it would add antispyware and other platforms, such as Mac OS X, soon. Search toolbars from Microsoft's MSN, Google, and Ask Jeeves remain tied to Explorer.
In other recent studies, Gartner has recommended companies re-examine their standardization policies and reduce their dependency on a specific browser. But the reality is that operational considerations make Explorer difficult and costly to replace for most companies, Gartner said.
http://www.pcworld.com/news/article/0,aid,119650,tk,dn021105X,00.aspJerry