Firefox Paws At IEFirefox Paws At IE

The Firefox open-source Web browser is a certified hit among Internet users, with nearly eight million downloads as of press time. With benefits including tighter security, improved browsing, and the David vs. Goliath pleasure that comes from snubbing Microsoft and its Internet Explorer (IE) browser, Firefox should be a no-brainer for widespread corporate deployment as well. But so far, that's not the case.

One reason is that switching is harder for a corporation than for individuals. "For a large enterprise, it would be a major project to replace a desktop component," says Pete Lindstrom, research director at Spire Security. "They have to make sure there aren't incompatibilities with Web sites or applications designed for IE that are important to the business. It could easily take two years."

Having just had its 1.0 release in early November, Firefox may also be too new to stir significant enterprise interest. "Corporate customers are late adopters," says Anne Camden, a spokesperson for PC manufacturer Dell. "They may be downloading it and testing it internally, but they haven't come to us to say they want it on a Dell system," she says.

In addition, the Web browser isn't typically regarded as a business enabler like other tools, such as e-mail. Executives aren't going to authorize a change just because Firefox provides snappier browsing for workplace distractions such as news sites, pornography, and online shopping.

That said, Firefox is making organizational inroads, particularly among universities and small or tech-savvy businesses. According to the Mozilla Foundation, which oversees Firefox development, Boston University, Yale, and MIT have all deployed Firefox. So have small and medium-sized companies across a wide range of industries, including health care, financial services, and manufacturing.

Chris Hofmann, director of engineering at the foundation, says security is the primary reason Firefox gets its foot in the enterprise door. The problem with IE is that its vulnerabilities are often subject to exploit. In 2004, for example, two high-profile exploits, Download.Ject and an IFRAME exploit, let attackers install keystroke loggers and malware onto machines running IE 6.0.

In that year alone, security research firm Secunia issued 30 advisories concerning IE 6.0 vulnerabilities. Of those advisories, 43 percent were rated as "extremely" or "highly" critical.

Of course, no one claims that Firefox is invulnerable to attack. Researchers have uncovered exploitable vulnerabilities in the browser, as well as in a Java plug-in from Sun Micro-systems that Firefox often uses.

Paradoxically, Firefox's success over time may erase whatever security benefits it offers today. "If Firefox becomes extremely popular, you can be sure people will work to identify vulnerabilities in it," says Lindstrom.

"Microsoft may be the evil empire, but that shouldn't be the decision point for what's best for your IT environment." Pete Lindstrom, research director, Spire Security

30,000 Number of Windows PCs hijacked by IE Trojans each day in 2004. That's an increase from 2,000 per day the previous year.

Source: EarthLink

1 Number of users infected by WinCE4.Duts, the only mobile device virus ever found in the wild. The virus has no destructive payload and includes an installation routine that asks users if they want to be infected.

Source: Symantec

693 Number of online news stories that warned people about the dangers of viruses on mobile devices the week that WinCE4.Duts first debuted.

Source: Google News

99.4% Proportion of viruses that never infect more than one computer. Of the 55,000 viruses known to the anti-virus industry, only 341 have been found in the wild.

Source: WildList.org