Firefox's 'retreat' ensures Microsoft excels

Contractor UK ^ | Aug 22, 2005 | Contractor UK

[Bush2000]

Firefox's 'retreat' ensures Microsoft excels

Open source web browser Firefox has lost the momentum it has steadily gained since it was unleashed last year, according to Web analysts at Net Applications.

The online portal’s unique Hit List service reveals a slump in the Mozilla browser’s market share, falling from 8.7% to 8.1 % in July.

Coinciding with its demise, was the advance of Microsoft's IE that has gained some of the ground surrendered in June, climbing back from 86.6 % to 87.2% last month.

The revival for the dominant browser comes on the back of average monthly losses of between .5 to 1% for Redmond, as Firefox started to gain acceptance among a wider audience than just tech-savvy users.

When asked by Contractor UK whether Microsoft’s sudden gains were from the unveiling of a new IE, Net Applications said a re-launch tends revive industry interest, and could have bolstered Microsoft’s market share of the browser market.

When a company launches a new product, there is always renewed interest in what the company has produced and it would also be fair to say that this may have had an effect, said a member of the Hit List team.

Although, there have been browser issues with Windows 2000 in the news, so it is possible that again you may see a dip [in Microsoft’s market share]. Right now, people are looking for security and whenever there are issues with the security of one's system, they will use what they feel will be the most secure.”

Besides Net Applications, web developer site W3 Schools, confirms that adoption of Firefox is falling, just as IE is reaching its highest share of the market in 2005.

According to W3's data on specialist users, Microsoft IE (6) enjoyed a 67.9% share in July, improving to 68.1% in August matched against Firefox’s top share of 21% in May, which has now dropped to 19.8% for the last two months.

Observers noted that both sets of analysis concur that Microsoft’s loss, up until now, has been Firefox’s gain, but over the last month roles have reversed.

Security fears concerning Mozilla and its browser product have recently emerged, coinciding with Microsoft’s high-profile trumpeting of its new safer browser product (IE 7), complete with glossy logo.

Experts at Net Applications said they were surprised at Firefox’s sudden retreat, saying they expected a slow down before any decline.

Yet they told CUK: “Whenever there may be problems with security, there always is a decline with users changing browsers.”

Data from the Web analytics company is based on 40,000 users, gleaned from their global internet operations, prompting some commentators to question the so-called ‘global decline’ in the Firefox market share.

The Counter.com reportedly finds that between June and July, Firefox actually increased its share by two points, and overtook IE5 for the first time ever.

The Web Standard Project suggests webmasters should treat data from web analysis providers with caution, before rushing to make service changes.

So what can we conclude?” asks the WSP, a grass roots project fighting for open access to web technologies.

“Not much: Mozilla-based browsers are probably used by just under 10% of the web audience and their share is growing slowly. IE5.x is probably used by somewhat less than that and its share is declining slowly. IE6 is roughly holding steady.”

Meanwhile, Spread Firefox, which measures actual download rates of the browser, reports that it took just one month for the Mozilla Foundation’s showpiece to reach 80 million downloads in August – from its July total of 70 million.

At the time of writing, Firefox had been downloaded 80701444 times, meaning adoption rates of over 10m occurred one month after Net Applications says Firefox bolted in light of the dominant IE.

[Bush2000]

They released a a POC *after* notifying MS and *after* MS denied there was an issue.

I've read the thread, and the conclusion that I've drawn is that the so-called "researchers" were in such a rush to publish their findings to the security community (for credz, no doubt) that they didn't bother to work with MS to ensure that the flaw was properly understood. MS couldn't repro the problem and, rather than work with the vendor, the researcher sent code out to the world ON THE SAME DAY! Clearly, they weren't interested in preventing the exploitation of this flaw. They were more interested in claiming credit for finding it. And that's damned irresponsible.

[Bush2000]

I am providing them nothing, lol. Take your beef up w the Finnish embassy.

Your posts make it clear that you fully support helping out the Chinese, though.

GE is on the record as being OK w BSD, are you? It was developed w taxpayer $, too.

Can you read? I said no technology transfers to the Chinese. Period.

[Bush2000]

Then explain to us how the Chinese military running Linux is a good thing for America; how the Chinese government using Linux to track dissidents, Christians, and tourists is a good thing for human rights.

[antiRepublicrat]

Lucky? Talk about ridiculous statements.

Lucky because his competition was unavailable and his wife wouldn't sign the paperwork. Luck that IBM in their shortsightedness didn't think to keep Bill from licensing DOS out to everyone. The rest shows a good businessman, not necessarily a maker of quality software.

MS was competing against IBM.

Until OS/2, MS was mainly a supplier to IBM.

If IBM was predatory and controlled "business", then MS should never have been able to gain a foothold in the market. But it did

Because of IBM's mistake in not getting an exclusive license to MS-DOS, thus allowing competitors to be easily compatible.

MS couldn't simply change Windows wihout incurring huge compatibility problems -- and compatibility is one of the virtues that MS offers that keeps it on top of the desktop OS market.

Like I said, a modern Vista with something like Virtual PC running in the background for legacy apps.

Vista is being built on top of the Server 2003 codebase, which is solid code.

And they're also wrapping the hell out of everything to try to get some semblance of security. This is why OS X is better -- trash the old stuff, give an upgrade path, give backwards compatibility through an compatibility environment, and go forward with a new OS that is far more stable and capable than what would have been possible had they just upgraded the old OS.

Apple's marketshare is now higher after the switch. If anyone can afford a little hiccup in the interests of quality, it's Microsoft.

[antiRepublicrat]

You guys would love to see China running Linux everywhere, regardless of whether it's being used to track dissidents, run military simulations, and target us with nukes.

I don't care what China runs. Actually, I'd prefer if they ran Microsoft software (legally). We'd get the money and the Chinese would have crappy, less secure software instead of something more advanced.

[antiRepublicrat]

Do I think we should divert our attention from the global WOT in order to make this happen? No.

I pasted the wrong text into the original reply, sorry. I meant to paste the text about Windows' vaunted new (yet old hat for everyone else) security.

[antiRepublicrat]

Compare RHEL to W2003. Vista is being built on top of the Server 2003 codebase, which is solid code.

Wow RHEL has over three times the advisories. OTOH, three times 0% unpatched is still zero. And three times 0% extremely critical vulnerability is still zero.

[N3WBI3]

No, fact. You support releasing exploit code if a vendor isn't "responsive enough".

And you support companies that leave swiss cheese exploit code out there rather than being responsible for the products they provide..

It isn't enough to point out the vulnerability.

Sadly for some companies its not enough. Many companies would sit for years on broken code if they could get away with it *despite* the fact their customers are exposed to vulnerabilities..

You want to give tools to script kiddies to wreak havoc.

And you want one or two lone and serious hackers to know something about the vulnerabilities of my systems that I do not..

[N3WBI3]

the Chinese government using Linux to track dissidents, Christians, and tourists is a good thing for human rights.

Actually china is using Microsoft (msn), to block people from information, and Cisco to track them... So I guess you hate Cisco and MS as much as Linux right?

[Bush2000]

Lucky because his competition was unavailable and his wife wouldn't sign the paperwork. Luck that IBM in their shortsightedness didn't think to keep Bill from licensing DOS out to everyone. The rest shows a good businessman, not necessarily a maker of quality software.

Attributing all of Microsoft's success to luck is just plain bizarre, even for you. Fact is that licensing its OS was (and remains) one of the more brilliant business decisions ever made. That decision had nothing whatsoever to do with Gary Kildall. Not surprisingly, anti-Microsoft bigots (or ABMers) tend to see Microsoft in a less than favorable light, so it doesn't surprise me that you feel that way.

l OS/2, MS was mainly a supplier to IBM.

MS came out with its first version of Windows in 1985. That was 20 years ago. OS/2 1.0 wasn't announced until 1987. Microsoft was competing against IBM, even while the two were cooperating with DOS.

Because of IBM's mistake in not getting an exclusive license to MS-DOS, thus allowing competitors to be easily compatible.

And you think that that decision was luck?

Like I said, a modern Vista with something like Virtual PC running in the background for legacy apps.

Microsoft is already doing that on its servers. It's only a matter of time before it brings that capability down to the desktop.

And they're also wrapping the hell out of everything to try to get some semblance of security.

That's nonsense. OS X, like Windows Server 2003, has been available for the past couple years. In that time, it has seen 56 advisories from Secunia; Windows Server 2003 has seen 64 advisories. Not a significant difference, given the so-called "advantages" that you're touting. Vista is written on top of Windows Server 2003, so the security benefit is going to trickle down. I know that's bad news to you, given how much you've staked on OS X.

Apple's marketshare is now higher after the switch. If anyone can afford a little hiccup in the interests of quality, it's Microsoft.

I wish Apple well in its competition against Linux. I truly do. But that's all that it's competing against on the desktop.

[Bush2000]

I don't care what China runs.

Enough said. Ignorance is a steep price to pay.

[Bush2000]

Wow RHEL has over three times the advisories. OTOH, three times 0% unpatched is still zero. And three times 0% extremely critical vulnerability is still zero.

Reports which pose near-zero threat or which have ready workarounds don't need to be patched.

[Bush2000]

And you support companies that leave swiss cheese exploit code out there rather than being responsible for the products they provide..

You're full of crap. Open source software is even more buggy and insecure than Microsoft's software. You, like most other ABM bigots, are trying to sell a myth.

Microsoft scores well on security analysis

Microsoft's performance on security may not be as bad as it is painted, according to an analysis of vendor security advisory notices issued over the past month.

US-based website Secunia logs security advisory notices issued by more than 700 hardware and software vendors, listing each with a severity rating and link to details of the notice and patches. Next analysed these listings last week to understand which vendors or developers were issuing the most warnings.

Contrary to much industry press coverage, however, Microsoft only just makes the top 10.

The analysis, covering September and the beginning of October, shows developers of open-source systems (systems released under a special licence, which - among other provisions - allows free access to the source code of programs) releasing far more security advisories than traditional software vendors.

Different vendors report their vulnerabilities in different ways, and some can be reluctant to report them at all. Oracle, for instance, issued only one advisory in the period studied, according to Secunia.

[Bush2000]

Actually china is using Microsoft (msn), to block people from information, and Cisco to track them... So I guess you hate Cisco and MS as much as Linux right?

If you're expecting me to pat MS on the back because it cooperates with China, you're delusional. I'm not in favor of trading with bullies; particularly bullies that run over their own people in tanks. My position is consistent on the matter. But you guys, of all people, are falling all over yourselves to dump OSS shovelware on China's doorstep for free. You don't care how the software will be used to oppress the Chinese people or target us with munitions, or build out the Chinese military. Admit it. You simply don't care about how you're helping the Chinese. It's all about hatred of American companies for who have the audacity to sell software. Oh, the horrrrrrrrror!

[N3WBI3]

Way to ignore:

Severity

Longevity

Obscurity

and Source

For Example, all of Mozilla's advisories would also count as Redhat Advisories becuase Redhat Packeages them, same with PHP. Both PHP and Mozilla products run on windows, so are they also counted with MS? I highly doubt it.

You seem incapable of even reading your own source... too distracted by all the pretty colors in the graph I imagine. From your source:

Different vendors report their vulnerabilities in different ways, and some can be reluctant to report them at all. Oracle, for instance, issued only one advisory in the period studied, according to Secunia.

However, that one advisory covered multiple security issues - 22, in fact - that would have promoted the company to second place if each of these were reported separately, as do both the open-source developers and Microsoft. Microsoft in each notice then goes on to list the products that are affected by that vulnerability. Sometimes that list can be extensive.

Linux application developer Gentoo, for instance, produces "10 to 20 to 30 times" the number of applications Microsoft produces, Zymaris says.

When one does a quick and dirty calculation," he wrote at the time, Linux "can be viewed as being 20 times more secure than Windows (in that) it ships with 20 times as much material but releases approximately the same number of security alerts as Windows."

[Bush2000]

Sadly for some companies its not enough. Many companies would sit for years on broken code if they could get away with it *despite* the fact their customers are exposed to vulnerabilities..

Name a few.

And you want one or two lone and serious hackers to know something about the vulnerabilities of my systems that I do not..

When people release code which shows how to exploit a flaw, it's a simple matter to turn it into a working exploit. This isn't rocket science. And, assuming that the vendor hasn't been able to fix the problem -- or fixed it incorrectly, as we saw recently with FireFox -- you're basically inviting malice.

[N3WBI3]

If you're expecting me to pat MS on the back because it cooperates with China, you're delusional.

No I expect you to ignore, and try to call it unimportant compared to the evil of OSS

I'm not in favor of trading with bullies; particularly bullies that run over their own people in tanks. My position is consistent on the matter. But you guys, of all people, are falling all over yourselves to dump OSS shovelware on China's doorstep for free. You don't care how the software will be used to oppress the Chinese people or target us with munitions, or build out the Chinese military. Admit it. You simply don't care about how you're helping the Chinese. It's all about hatred of American companies for who have the audacity to sell software. Oh, the horrrrrrrrror!

Wow was I ever dead on there..

[Bush2000]

For Example, all of Mozilla's advisories would also count as Redhat Advisories becuase Redhat Packeages them, same with PHP. Both PHP and Mozilla products run on windows, so are they also counted with MS? I highly doubt it.

Rubbish. Mozilla counts with Redhat because it's distributed with Redhat. Mozilla isn't distributed with Windows. You guys love to compartmentalize advisory reporting -- separating OS kernel flaws from application flaws -- so that Red Hat and other Linux distributions would appear to have a smaller number of vulnerabilities. But that's simply a lie. If you examine Windows vulnerabilities, you will also see that it encompasses flaws in applications distributed with Windows. See how this game works? You want your cake and you want to eat it, too. You want the freedom to attack Windows apps distributed with the OS (ie. IE, Outlook Express, etc) -- but then don't want to take criticism for apps distributed with Redhat. Too bad.

As for your other nonsensical post, I'm not double-counting Gentoo and other Linux distributions. I think it's fine to look at Gentoo or Redhat. Either way, you're still way more vulnerable using those open source products than Windows.

[Bush2000]

No I expect you to ignore, and try to call it unimportant compared to the evil of OSS

I'm doing no such thing. I'm pretty damned pissed off at MS for dealing with Chinese thugs. I hate what they're doing there.

[for-q-clinton]

Rubbish. Mozilla counts with Redhat because it's distributed with Redhat. Mozilla isn't distributed with Windows. You guys love to compartmentalize advisory reporting -- separating OS kernel flaws from application flaws -- so that Red Hat and other Linux distributions would appear to have a smaller number of vulnerabilities. But that's simply a lie. If you examine Windows vulnerabilities, you will also see that it encompasses flaws in applications distributed with Windows. See how this game works? You want your cake and you want to eat it, too. You want the freedom to attack Windows apps distributed with the OS (ie. IE, Outlook Express, etc) -- but then don't want to take criticism for apps distributed with Redhat. Too bad.

I'm amazed they even try to argue the point. It's pretty obvious to any rational thinking person that anything bugs with the distro counts against the distro.