Gartner urges caution before downloading Firefox

ComputerWorld ^ | 2/10/2005 | Matthew Broersma

[GeorgiaFreeper]

Gartner urges caution before downloading Firefox The Web browser may not be an unstoppable juggernaut

News Story by Matthew Broersma

FEBRUARY 10, 2005 (TECHWORLD.COM) - Companies should think twice before jumping on the Firefox bandwagon, according to research firm Gartner Inc. The open-source browser has been gaining market share steadily over the past few months, helped by industry support and user enthusiasm, but Firefox isn't the unstoppable juggernaut it might seem.

Browser switching is taking place at the level of individual users, rather than organizations, and some of the factors that make Firefox more appealing than Internet Explorer are likely to go away as the browser gets to be more popular, according to Gartner analysts Ray Valdes, David Mitchell Smith and Whit Andrews.

"The growth in usage of Firefox is driven by factors that are not inherently sustainable," they warned in a study released last week.

... [snip] ...

But Firefox is sure to be targeted by more malicious code as its market share grows, Gartner said. Security experts agree, saying more and more malicious code, including spyware, is turning up that targets Mozilla-based browsers, although so far most of it doesn't work properly. Last year, for example, some sites began using XPI extensions to automatically install malicious applications in Mozilla and Firefox, which prompted a patch that stops XPIs from installing when a page loads.

[GeorgiaFreeper]

Gartner, Inc. is the leading provider of research and analysis on the information technology industry. Our principal business segments include Research, Consulting and Events. Clients include chief information officers and other senior executives in corporations and government agencies, as well as technology companies (vendors) and the investment community. Our clients depend on insights provided by Gartner to make better-informed decisions about the impact of technology on their operations, markets and strategies.

The independence and objectivity of our research and advice are hallmarks of the Gartner brand. We founded the technology research and advisory industry on these principles in 1979. With more than 10,000 clients and 75 locations worldwide, we remain the clear market leader. Client trust in our rigorous standards to safeguard independence and objectivity is the basis of our business.

[CitizenHelper]

Firefox is great, Internet Explorer by Microsoft is not. The choice is clear.

[funkywbr]

Sounds like they work for MS Corp to me.

[speed_addiction]

As a Firefox user I can say that it has sopped a lot of the poblems that were being brought on by IE. So far I am happy with it.

[Izzy Dunne]

more and more malicious code, including spyware, is turning up that targets Mozilla-based browsers, although so far most of it doesn't work properly.

So they're shooting at you now, but the bullets bounce off your shields.
Not sure I see the problem here.

[E. Pluribus Unum]

R.I.P. Microsoft

[GeorgiaFreeper]

For now ... what about Gartner's analysis that as Firefox becomes more popular, the hackers will target it more?

[JoJo Gunn]

FUD ping

[proxy_user]

Usually in corporate intranets, software is provided through the network. Individual users are not allowed to install software on their PC. This gives all users a standard build, and facilitates the work of the help desk.

The greatest with Firefox problem will probably not be attacks, but corporate intranet applications that rely on Active-X controls. These require IE to work properly.

Many corporations do not allow their users to connect to the external internet, anyway.

[CitizenHelper]

Firefox is a clean product build and I am sure they can keep ahead of the pack, whereas IE is a POS that has so many band aids and patches on it that I won't even install their updates anymore unless I want my computer to crash, which has happened twice before.

[Izzy Dunne]

what about Gartner's analysis that as Firefox becomes more popular, the hackers will target it more?

It doesn't matter how much they target it; it matters how much they succeed.
And look at the number of successful IE attacks out there.

[lilylangtree]

Thanks for the info.

[GeorgiaFreeper]

Sounds like they work for MS Corp to me.

Shouldn't you have immediately called them microsoft knee-padders? That seems to be the standard OSS reply when organizations post something disagreeable.

Your statement, even if it was true, still does not refute the idea that Firefox's user base is small now, but as and if it grows, it will suffer more and more attacks and we will find out how secure it actually is.

[IamConservative]

"Sounds like they work for MS Corp to me."

They probably do get considerable consulting revenue from MS. The best thing to ask an "industry consultant" is "when is the last time you were right?" It's a pretty shady business.

I haven't had any spyware since the day I started using Firefox. That trend may end, but why not take advantage of it now?

[GeorgiaFreeper]

You are welcome :)

[JohnnyZ]

Why did you post an advertisement for Gartner in your first post?

[VA_Gentleman]

I still think Firefox is a little over-rated. I use it and admit that it's better than IE, but it has problems. It's extremely slow when trying to run/download multiple things at a time. You practically have to stop downloading one thing before you can download the next.

[pepperhead]

Once you use firefox you won't want to use anything else. Yes aholes might start targeting firefox. And the solution to this problem is to start targeting them.

[GeorgiaFreeper]

Why did you post an advertisement for Gartner in your first post?

I didn't. I just posted a blurb about them for the readers of this thread who may not know who Gartner is / claims to be.

[CitizenHelper]

I used to do business with Gartner. Let's not give alot of power to the 28 year old "associate" working in a cubicle who wrote this article. Gartner is just a big consulting company that sells research reports to fools silly enough to buy them.

[bahblahbah]

I had that problem too but it turned out I installed 1.0 over .93 and it didn't do it right. So I uninstalled .93 and reinstalled 1.0 and the problem went away.

[GeorgiaFreeper]

And the solution to this problem is to start targeting them.

I agree. I think the penalties for malicious code writers should be much higher than it is now. It is essentially eco-terrorism and should be handled as such.

[GeorgiaFreeper]

err .. economic-terrorism not eco-terrorism

sorry.

[pepperhead]

It's extremely slow when trying to run/download multiple things at a time. You practically have to stop downloading one thing before you can download the next.

There is some tweaks you can do to firefox that might speed that up. Can't remember what they are but if you search around you might be able to find them.

[zeugma]

more and more malicious code, including spyware, is turning up that targets Mozilla-based browsers, although so far most of it doesn't work properly.

LOL! Sounds a lot like microsoft is writing the anti-mozilla spyware!

O.K., Let me get this straight. It would seem to me they are saying that people shouldn't go ahead and migrate to MozillaWare because it might become vulnerable in the future. I suppose that is as opposed to knowing that your stuff is vulnerable in IE today? Does anyone else think this is manufactured FUD?

If anyone has an example of a page that will hijack my browser, say by installing software, bring it on. Post a pointer, or freepmail it to me. I'd really like to see something that will install software globally, so that it would affect other users as well as myself.

[smonk]

[gulp] index for later.

[kingu]

Why Firefox will never be a good target...

Internet Explorer is targetted by hackers who want to put malicious spyware/adware out there not because they just want to get their code out there, but because they want to accomplish something. Perhaps they want to serve cruddy ads, or porn, or whatever.

Internet Explorer will continue to be the first choice because if someone expends the effort to install Firefox, odds are that they've also expended the effort to get anti-adware, anti-spyware and anti-virus software on their computer. Not only do you have to go out of your way to find new exploits, and hope that those exploits aren'te defeated in mere hours, but you've also got to get through a system that is already locked down.

Firefox is a poor target, will always be a poor target, and malicious hackers will continue to go after Microsoft products. Odds are that if they infect anyone with IE (or Outlook) exploits, that infection will remain in place and active for a hundred times longer than with a Firefox user.

Nice try, Microsoft.

[rocksblues]

I haven't had any spyware since the day I started using Firefox.

Me Too. Of course the fact that I got my daughter her own laptop might of contributed to this fact!

[Bahbah]

I won't even install their updates anymore unless I want my computer to crash, which has happened twice before.

Same here.

[johnb838]

Gartner is a well known industry research group... oops, I sound like I drank the kool-aid. What I mean to say is that when I was with a big 6 firm in the 90s we used them as a reference quite a bit. As far as whether they have the MSkneepads, I don't know. Wouldn't surprise me.

[GeorgiaFreeper]

http://www.pcworld.com/news/article/0,aid,119187,pg,1,RSS,RSS,00.asp

Users of the Mozilla and Firefox browsers and the Thunderbird e-mail client may be vulnerable to flaws that could allow an attacker to spy on or take over a system, according to security researchers.

The most serious bug affects all versions of Mozilla earlier than 1.7.5, and could result in a system crash or the execution of malicious code, the Mozilla Project said. A boundary error in the way Mozilla handles "news://" addresses can be used to cause a heap-based buffer overflow, which crashes the application and may allow for code execution, according to an advisory from Maurycy Prodeus of iSEC Security Research, who discovered the flaw.

[JoJo Gunn]

I suggest you temper your responses unless you want to be considered a kneepadder yourself, especially after how you posted Gartners press release in your post #1 without so much as a qualifier.

[CitizenHelper]

INSTANT POLL - How many times have you had to reboot (Cntrl Alt Delete or power off) your frozen Windows OS in the past three days?

Moi? Twice a day, every day...

[isom35]

if only it had a spellchecker eh?

[johnb838]

Sounds a lot like microsoft is writing the anti-mozilla spyware!

Who says Microsoft isn't writing ALL the spyware?

[Bloody Sam Roberts]

[pepperhead]

I agree. I think the penalties for malicious code writers should be much higher than it is now. It is essentially eco-terrorism and should be handled as such.

Right, this has nothing to do with firefox either. If the penalty was high enough for stuff like this, the internet would be much better place. I think we should have PPV events where we execute spamers.;)

[GeorgiaFreeper]

I suggest you temper your responses unless you want to be considered a kneepadder yourself

LOL...

Why would I care what your consider me?

[ctdonath2]

But Firefox is sure to be targeted by more malicious code as its market share grows, Gartner said. Security experts agree, saying more and more malicious code, including spyware, is turning up that targets Mozilla-based browsers, although so far most of it doesn't work properly.

Ah. I see.

We're supposed to not use a program which MIGHT be targeted by malicious code, and instead continue using a program which IS CURRENTLY targeted by malicious code.

[GeorgiaFreeper]

Me ... none.

And, gasp, I use Microsoft technology to develop and still don't have to reboot very often.

[RFEngineer]

"I still think Firefox is a little over-rated"

I agree.....it didn't work on some sites (one of them Linux-based that I need to access every day) out-of-the-box for me, and I didn't have time to putz with it when I already had a browser that worked. Maybe one day I'll try again.

That said, I consider Gartner less than objective in my own direct experience.

[JoJo Gunn]

I don't "expect" you to give any more of a damn than I would about a knee padder who posts Public Relations blurbs without having the sense to distance himself from it, know what I'm saying?

[PhatHead]

* Run Firefox? Have broadband? Here's Speed Tips

Here's something for broadband people that will really speed up Firefox:

1.Type "about:config" into the address bar and hit return.

Scroll down and look for the following entries:

network.http.pipelining

network.http.proxy.pipelining

network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

2. Alter the entries as follows:

Set "network.http.pipelining" to "true"

Set "network.http.proxy.pipelining" to "true"

Set "network.http.pipelining.maxrequests" to some number like 30.

This means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer. Name it "nglayout.initialpaint.delay" and set its value to "0". This value is the amount of time the browser waits before it acts on information it receives. If you're using a broadband connection you'll load pages MUCH faster now!

[GeorgiaFreeper]

We're supposed to not use a program which MIGHT be targeted by malicious code, and instead continue using a program which IS CURRENTLY targeted by malicious code.

Not at all. The article was not saying that corporations should not switch. IMHO, the article was just pointing out that the switch to Firefox may not be the panacea that the OSS crowd would have you believe and that all ramifications should be considered first.

[FoxInSocks]

Bump issued via Firefox.

[zeugma]

Doesn't seem to affect me. (Mozilla 1.8a6)

Still looking for a page that affects me. It wouldn't appear that the one you linked would have been good for more than a local (i.e., user-directory install) in any case.

Still looking for something that will affect me. Heck, at this point, I'd like to find a site that gets past Mozillaware's popup blocker.

[Chances Are]

Yeah, this phenomenon started about a week, 10 days ago. Had it happen this morning, in fact.

Got any insights???

CA....

[GeorgiaFreeper]

I wish I did get paid to post articles ... it would be a cushy job. Instead I was just taking a break from writing code to catch up on some news and ran across this information in an email that I receive from ComputerWorld. Posting this type of article is somewhat akin hitting a hornets nest with a stick.

It is fun to watch the zealots swarm in...

[zeugma]

Poll answer: never. I don't use windows at all!!!!

[GeorgiaFreeper]

Bump issued via Firefox.

Bully for you ... this one was posted via IE :)