The news that IE 7 won't be released for Windows 2000 is good news for Firefox, prolonging the browser's window of opportunity, Valdes says. Microsoft says it is leaving its options open where Windows 2000 is concerned, but industry observers say a release is unlikely, leaving an application switch as the best option for improving browser security. "In some sense, they have ceded the security war -- a war of perceptions -- for system releases prior to SP2," Valdes says. "They are seeking to win the war of perceptions by building on the substantial security-related advances in SP2."
The neglect of pre-SP2 systems has already encouraged some companies to look at browser alternatives. Voltrex Options, a London-based brokerage house, migrated fully to Firefox after its 1.0 release, mainly to lower the risk to its workstations. "As the majority of desktop machines run on Windows 2000, none of the extra security features in XP SP2 or any future versions of IE are available to us," said Voltrex network manager David Hallowell, who has done some volunteer work for the Mozilla Foundation. "If Firefox had not been around we'd have evaluated Opera or the Mozilla Suite for deployment. [Firefox] has an interface so similar to IE that no one here has had a problem being able to use it."
Limitations in Firefox
But Firefox is hampered by some of its own current limitations. The Mozilla Foundation admits the current version is aimed at end-users, rather than organisations, and at the moment it lacks enterprise tools for deployment, management and patching. Many companies say they wouldn't even consider deploying Firefox as their principal browser without these features. There's no commercial support infrastructure, although the project is planning to announce partnerships to provide this.
As for security, observers say attackers will start to turn up the heat on Firefox once it passes the 20 percent mark, and it remains to be seen how the open source organisation will cope. What's more, as serious flaws and exploits inevitably turn up, they are likely to erode the browser's reputation for better security. Then there is the inescapable fact that many companies are tied to IE by their own applications and those of major ISVs. For this reason alone a complete switch simply isn't an option for many companies, at least not in the near future.
But progress is being made even on this front. Once upon a time, many companies would only test their Web applications for IE compatibility as a matter of course, but this attitude has evaporated, says David McGuinness, an independent consultant who has worked with the Mozilla Foundation. "With the increasing popularity of Firefox companies are more willing to ensure that their site is tested completely in that browser," he says. "It is now very unusual to find a company that only wants their site tested in IE."
Companies switching from a single browser to multiple browsers should expect an extra cost, but this should only be incremental, and is offset by benefits such as flexibility, the ability to reach more users and user satisfaction, says Gartner's Valdes. "One of the benefits to be gained, albeit hard to quantify, is a reduction in vulnerability for the organization," such as avoiding large costs when a security breach happens, he says.
An increasing number of companies are likely to end up with various combinations of IE and non-IE usage, industry observers say. Votrex, for example, came across the inevitable Web applications that only worked with Internet Explorer -- including the firm's corporate bankers. "To get around this we can just create shortcut icons on the desktop to those few sites that still [require] IE," Hallowell says. For companies tied to IE-only internal applications, one option is to limit IE usage to the intranet and specify Firefox for the Internet.
Talkback
I'm not sure why the author says Firefox would be attacked more once it passes the (random) 20% mark. Keep in mind - for example - that Apache servers power about 2/3 of the world's WWW sites while Windows servers about 1/3. Yet Apache is attacked far less.
I agree. I think the author is making a rather wide generalisation . . . popularity must therefore equal more attacks, which is true to an extent.
However, also bear in mind that attacks on windows systems don't necessarily only arise because the hacker can (i.e. it's easier to hack into) but also becuase many are idealogically opposed to microsoft! Or to put it another way, mircrosoft Sucks!
I doubt that the same hackers will be opposed to mozzila and firefox in the same way that they're opposed to microsoft. That alone will account for less attacks I think!