As Firefox wins new fans and Internet Explorer clings to its captive audience, IT managers have to accept that two browsers are better than one.
Claim: Firefox is promoted as a stable, simple, and secure Web browser that allows users to limit what sites can do and control how Web pages are presented.
Context: Security is Firefox's biggest selling point, and despite planned new features, that won't change anytime soon. Although it isn't the only challenger to IE, its success is assured because it's both cross-platform and free.
Credibility: Everyone who uses IE should consider migrating to another browser, or at least confining IE's use to sites tucked safely behind the firewall. Firefox is the leading alternative, but not the only one.
Worried about security threats on the Web? According to the CERT, one of the most important steps you can take is to use a browser other than Microsoft's Internet Explorer (IE). Many people have followed that advice: The Mozilla Foundation estimates that more than 23 million people downloaded its free Firefox browser in its first four months of release. According to the Gartner Group, its share at some sites went from zero to 25 percent over the same time period.
While individual users have flocked to Firefox, enterprises have been more cautious. Part of this is just corporate conservatism, but there are also legitimate concerns. Firefox currently lacks centralized installation and management features, and many enterprises rely on in-house or third-party intranet applications that require IE. The first problem will be solved within months, but the second is more difficult to overcome.
SPREADING LIKE FIRE
Firefox has become the Web's most popular open-source project, attracting the support of volunteers and big companies alike. This has enabled it to progress very rapidly: The Foundation already has three new releases of Firefox planned for later this year.
The exact feature set of Firefox 2.0, due by the end of 2005, is still under discussion. (Likely improvements include simplified management of cookies, passwords, and other personal information.) In the meantime, two "point" releases aim to make the browser as popular among IT managers as end users by simplifying large-scale installation.
The first of these, Firefox 1.1, will be released as a "preview" (beta) next month, with the finished form due by June. Version 1.1 will allow more customization at install time and be available as a Microsoft Installer (MSI) package, making it compatible with Microsoft's Systems Management Server (SMS). Firefox 1.5, due later in 2005, will add further centralized management features, such as the ability to preinstall extensions or download patches from an internal server instead of mozilla.org. While these options are currently available, they need to be configured manually on each machine.
BEAR OR RACCOON?
Although Firefox itself only shipped last November, it can trace its ancestry back much further. It shares much of its code--including the all-important Gecko layout engine, the part that actually renders Web pages on the screen--with the Mozilla suite, a set of applications based on Netscape Communicator. Firefox is a deliberate decoupling of the browser from the other applications. The principle is that a browser is simpler, faster, and more secure if it isn't integrated with an e-mail client, contact database, or calendar, let alone an OS.
Firefox isn't the only standalone browser, of course. Much of its functionality was pioneered by Opera Software. However, Firefox does have one huge advantage: It's free. Opera's main selling point is that it can run on almost any platform, from OS/2 to a cell phone.
The division between browser and layout engine isn't unique to Mozilla. In IE, the layout engine is the part that's truly inseparable from Windows. (It's also used for help files and some folder views.) Because Gecko is free and IE is always present in Windows, both are also used by many other browsers. The two most famous are both from AOL: The client for its ISP service uses IE's layout engine, while Netscape uses Mozilla's Gecko.
In theory, this should make it easier for Web sites to ensure that they display properly on a wide variety of browsers because pages only need to be tested with each layout engine, not each individual browser. Firefox's growing popularity is forcing many IE-only sites to adapt, but a few still depend on its quirks.
OUTSIDE THE BOX
On the intranet, it's a different story. Many applications require ActiveX, but because their servers are behind the firewall, its functionality isn't such a security risk. Individual users who install Firefox on a work PC often find that they need to keep IE around for these sites, and enterprises may find the same thing.
Even sticking with IE won't avoid all intranet incompatibilities. This is because many IE-only applications don't rely on ActiveX or the browser's own quirks, but Microsoft's version of Java. As part of the settlement of its lawsuit with Sun Microsystems, Microsoft has agreed not to ship this anymore--something that may be good for the industry in the long term, but bad in the short term. That's because Microsoft has embraced and extended the technology in ways that aren't compatible with Sun's implementation.
To run any Java application, users need a Java Virtual Machine (JVM) installed, usually from either Sun or Microsoft. Sun's JVM works with most browsers and is included with Opera and Apple's Safari. (Firefox and IE users must download it from Sun.) Microsoft's JVM requires IE, but customers must get it elsewhere--usually from the vendor of the intranet application that requires it. The only way to ensure compatibility is to run both JVMs, which in turn means running two browsers--usually IE with Microsoft's and Firefox with Sun's.
IT managers may bristle at the thought of supporting two browsers. But until either Microsoft fixes IE or vendors of Web-based applications adapt their products, it could be the best strategy. From a security perspective, using one browser for the intranet and another for the Internet is helpful because it forces users to recognize the difference between accessing a trusted internal application and surfing the Web.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.