Microsoft's close integration with Windows is a problem in itself, critics say, as it means IE flaws have a more serious impact than bugs in a standalone browser. This integration means it takes longer to create fixes, since testing has to include the entire operating system, and applying the patches is often more time-consuming and expensive. Other factors increasing IE users' risk are its use of ActiveX controls, often used as spyware vectors, and IE's open and extensible architecture, allowing malicious "browser helper objects" to worm their way deep into the operating system.
On top of all this, the browser's effective monopoly has made it the natural focus for attackers, something Firefox hasn't yet had to cope with. Paul Randle, Windows client product marketing manager at Microsoft, says the company has "consistently maintained that that Web browsing functionality is an integral part of the operating system", but has nevertheless released various standalone IE updates anyway, including IE 6 in 2001 and IE 6 SP1 in 2002. Last year's update to IE 6 was bundled with SP2 due to enterprise customer feedback, Randle says, but times have now apparently changed due to more browser-targeted attacks. "Now our customers are asking for more updates to the browser, and we're responding by releasing the new version separate from the service pack or OS update," Randle says.
Microsoft's response
If Microsoft's problems have opened a window of opportunity for Firefox, Microsoft will, to a great extent, end up determining how popular Firefox becomes through the effectiveness of its response, says Ray Valdes, Gartner research director for Internet platforms and Web services.
The two main points in Firefox's favour, its relative security and better user experience, can be argued to be the result of a lack of serious development effort on Microsoft's part over the past few years. Microsoft had no real competitive pressure to worry about, and was under pressure not to break customers' existing application sets. When the company announced it wouldn't be making upgrades to the stand-alone version of IE, it seemed users couldn't expect any real improvements before the arrival of Longhorn.
The announcement of IE 7 made it clear that Microsoft intends to compete against Firefox, at least for Windows XP SP2 -- it seems Windows 2000 users will be left high and dry. IE 7 promises better defences against phishing, malware and spyware, and may include other long-awaited features, such as improvements to CSS and PNG support.
Microsoft denies it is motivated by the increased competition. "This is not related to Firefox. This is about ensuring that our customers get the protection and functionality they ask us for," says Randle.
In a best-case scenario for Microsoft, the security and usability improvements in IE 7 and Longhorn, as well as other factors, could keep IE from sliding below 70 percent, with Microsoft later regaining up to 90 percent share, Gartner believes. Some browser improvements, adding features such as tabbed browsing, should be straightforward. "Microsoft has historically been able to execute well in any competition centred around features, for example, with Microsoft Word," says Gartner's Valdes. "However, improved features are only a secondary concern to users."
The real challenge will be improving IE's security, and getting that improvement message across to users. "There are perceptions that must be shifted, and it is difficult to provide tangible evidence that the average observer can directly relate to," Gartner's Valdes says. "How does one demonstrate the absence of something? How does a user directly experience the absence of vulnerability? The campaign to change hearts and minds must be made on a less direct level, that is, on an emotional, political and social level."
Continued ...
15%
7%
As an IT network sysadmin, I have watched the development of Firefox with interest. I have been using it since the 0.7 release and have had very few problems. Some sites don't display correctly, and when checked with the W3.org HTML validator, usually reveal that they are not HTML standards compliant. If the site if programmed exclusively for IE then you must use IE. If it is standards compliant then Firefox will work.
I like Firefox as it makes my job easier. I load up 6 websites in the morning to see what is happening, so when clients call up I am informed. I can do this in three clicks in Firefox (including loading the program itself), and uncountably more in IE - which do you think I use?
The integrated Google search gets used uncountable times per day. This and tabbed browsing are the killer features for me in my job as sysadmin and
tech support.
I use Firefox for Internet Banking as my bank uses a Java Console. As long as that is up to date, I am protected.
I like Firefox and have it installed on all the PC's I use - work and various home machines. My work is a Microsoft house, so I will never get it installed on anything else, but it saves me time and we know time is money, so my boss does not mind too much!