In the 1982 Cold War action flick “Firefox,” Clint Eastwood prevails over the might of the Soviet Union in stealing the supersonic Firefox airplane. Will the Firefox browser do the same thing and steal the browser market from Microsoft’s Internet Explorer (IE)? Or will the open source browser find itself shot down in a far wilderness against impossible odds?
While Firefox has made an impressive start — reaching more than 10 percent market share and dropping IE to around 84 percent, according to the latest numbersfrom research firm Janco Associates — it is a long way from usurping Microsoft in the new-millennium equivalent of the ’90s browser wars.
“There is a chicken and egg effect whereby Firefox won’t be completely successful until it gains broad support from enterprise applications/solution providers, yet it won’t obtain that support until it reaches at least a 20 percent share,” says Jon Collins, an analyst with UK-based IT consultancy Quocirca Ltd. “In my opinion, Microsoft will make sure that it doesn’t lose this war.”
Firefox certainly has plenty of advantages over its Redmond rival. According to Gartner Inc. research director Ray Valdes, it is more nimble than IE because it is separated from the operating system. Other advantages, he says, include tabbed browsing and an integrated search engine that save time and system resources.
“As well as tabbing and Google-search features, Firefox is small enough that it can be installed and deinstalled easily,” says Valdes. “However, it is primarily oriented to individual usage, not the enterprise.”
And there’s the rub. While many use it personally and love it, they can’t always utilize it at the office. In many cases, financial applications and corporate intranets are actually integrated with IE and are coded to depend upon IE’s features.
“I’m a considerable Firefox fan myself due to its more functional interface, but some web sites just don’t work with it,” says Gordon Haff, an analyst with Illuminata Inc. of Nashua, N.H. “Firefox doesn’t support ActiveX controls, for example, and it definitely doesn’t work with Microsoft Windows Update.”
This isn’t because Firefox is broken. It’s due to some web sites being architected in IE-specific ways that cause them not to operate properly with Firefox. This fact could prove to be a barrier to enterprise adoption. IT help desks may find it easier to stick to IE rather than be subjected to a stream of calls about web pages not displaying or working properly on Firefox.
Collins, though, doesn’t believe this to be a significant problem, based on his own experience.
“On the whole, Firefox is better than most at presenting sites that have been optimized for IE,” he says. There are differences, but nothing that I have noticed that would make an enterprise shy away from it.
A more major hurdle, in his opinion, concerns third-party add-ons. Although both products support quite a few third-party extensions, they’re not all the same ones. Firefox has more than 400 to choose from. Linky, for example, lets the user open or download all or selected links, image links and even web addresses found in the text in separate or different tabs or windows. Conversely, IE has many add-ons you won’t find in Firefox.
“Issues will come up all the time due to a dearth of plug-ins for the likes of Flash and Acrobat,” says Collins. “If you are attempting to use Firefox with Outlook Web Access, you may encounter difficulties as they work differently.”
He outlines an example: setting up a meeting/appointment. This is simple in IE, but in Firefox there has to be at least one invitee. This can become as bizarre, he says, as having to invite yourself and then responding to the invitation.
In the area of enterprise management capabilities, too, Firefox comes in a distant second.
“Organizations are likely to prefer a browser that has admin tools that tie into existing systems for code maintenance and configuration management,” says Valdes.
IE can be centrally managed in an enterprise, while Firefox is designed for individual users. Later this year, Netscape is releasing an enterprise browser based on the Mozilla engine (the same one used by Firefox). But IE enterprise dominance will be hard to shake until it comes up against a product with at least comparable manageability.
Firefox certainly has benefited from the ongoing security flaws in IE. With every security alert and well-publicized vulnerability, IE has lost ground. As it is tightly coupled to the Windows OS, security holes in one can lead to an exposure in the other.
“Firefox has a better security record than Internet Explorer, but that’s not the same as being completely secure and bug-free,” says Haff. “It’s a question of degree.”
Indeed, Collins points out that the very popularity of the open source browser could actually represent a security situation due to uncontrolled usage. It’s quite common to find IE organizations where many of the IT guys have downloaded Firefox.
“This could be a back door for by-passing some types of security, particularly if desktop controls are in place,” says Collins. “If it’s firewall-based, there will be less of a problem.”
He also indicates that there have been plenty of vulnerabilities reported with Firefox, notably with tabbed browsing and with code-related vulnerabilities that can be exploited through scripting attacks. While the open source community may claim to be quick to release patches, he says, this does not help IT managers trying to keep control of their environments.
This past Sunday, security company Secunia labeled cross-site scripting and remote system access flaws in Firefox 1.0.3 as “extremely critical,” warning that they are vulnerable to existing exploit code.
Then, of course, there is the threat posed by hundreds of relatively uncontrolled Firefox add-on extensions, which are generally written by individuals or teams. While individual add-ons might be tested, there is no organized process to ensure they are tested together. It is here that bugs and vulnerabilities can creep in.
“There’s nothing to stop a plug-in being a host for some kind of spyware, or offering a conduit for it, and this might be difficult to spot as it would operate as part of the browser,” says Collins. “Also, once the black hats perceive that Firefox is gaining a good foothold in the enterprise, expect to see some fairly nasty, well-titled worms/Trojans being written as add-ons.”
Now that Firefox has made a real impression on the marketplace, there is no doubt that Microsoft has taken notice. It has already announced plans for an early release of a standalone IE7, a move initially forced upon the company by the DoJ and its European equivalent.
By pushing for a separation of OS and browser, these bodies inadvertently may have created what they intended to break up — a browser monopoly. Microsoft has been constrained by how much IE is embedded into the OS. Its recent loss of market share has exposed this weakness. Had the OS and browser remained tightly coupled, the company would have been far more sluggish in its response to upstart browsers. By breaking this link, that constraint goes. Therefore, any clever upgrades made by Firefox will probably be quickly replicated in IE.
“Microsoft will be able to carry out more upgrades on a standalone IE than they have been able to do on an embedded IE, and so be more responsive to threats such as Firefox,” says Collins. “The cruel irony is that this could completely backfire on the lawyers by allowing Microsoft to kill the competition faster than in the past.”