Firefox Paws At IE - InformationWeek
04:10 PM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Firefox Paws At IE

Firefox should be a no-brainer for widespread corporate deployment, but so far, that's not the case.

The Firefox open-source Web browser is a certified hit among Internet users, with nearly eight million downloads as of press time. With benefits including tighter security, improved browsing, and the David vs. Goliath pleasure that comes from snubbing Microsoft and its Internet Explorer (IE) browser, Firefox should be a no-brainer for widespread corporate deployment as well. But so far, that's not the case.

One reason is that switching is harder for a corporation than for individuals. "For a large enterprise, it would be a major project to replace a desktop component," says Pete Lindstrom, research director at Spire Security. "They have to make sure there aren't incompatibilities with Web sites or applications designed for IE that are important to the business. It could easily take two years."

Having just had its 1.0 release in early November, Firefox may also be too new to stir significant enterprise interest. "Corporate customers are late adopters," says Anne Camden, a spokesperson for PC manufacturer Dell. "They may be downloading it and testing it internally, but they haven't come to us to say they want it on a Dell system," she says.

In addition, the Web browser isn't typically regarded as a business enabler like other tools, such as e-mail. Executives aren't going to authorize a change just because Firefox provides snappier browsing for workplace distractions such as news sites, pornography, and online shopping.

That said, Firefox is making organizational inroads, particularly among universities and small or tech-savvy businesses. According to the Mozilla Foundation, which oversees Firefox development, Boston University, Yale, and MIT have all deployed Firefox. So have small and medium-sized companies across a wide range of industries, including health care, financial services, and manufacturing.

Chris Hofmann, director of engineering at the foundation, says security is the primary reason Firefox gets its foot in the enterprise door. The problem with IE is that its vulnerabilities are often subject to exploit. In 2004, for example, two high-profile exploits, Download.Ject and an IFRAME exploit, let attackers install keystroke loggers and malware onto machines running IE 6.0.

In that year alone, security research firm Secunia issued 30 advisories concerning IE 6.0 vulnerabilities. Of those advisories, 43 percent were rated as "extremely" or "highly" critical.

Of course, no one claims that Firefox is invulnerable to attack. Researchers have uncovered exploitable vulnerabilities in the browser, as well as in a Java plug-in from Sun Micro-systems that Firefox often uses.

Paradoxically, Firefox's success over time may erase whatever security benefits it offers today. "If Firefox becomes extremely popular, you can be sure people will work to identify vulnerabilities in it," says Lindstrom.

"Microsoft may be the evil empire, but that shouldn't be the decision point for what's best for your IT environment."

Pete Lindstrom, research director, Spire Security

30,000 Number of Windows PCs hijacked by IE Trojans each day in 2004. That's an increase from 2,000 per day the previous year.

Source: EarthLink

1 Number of users infected by WinCE4.Duts, the only mobile device virus ever found in the wild. The virus has no destructive payload and includes an installation routine that asks users if they want to be infected.

Source: Symantec

693 Number of online news stories that warned people about the dangers of viruses on mobile devices the week that WinCE4.Duts first debuted.

Source: Google News

99.4% Proportion of viruses that never infect more than one computer. Of the 55,000 viruses known to the anti-virus industry, only 341 have been found in the wild.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll