Firefox's 'retreat' ensures Microsoft excels

Contractor UK ^ | Aug 22, 2005 | Contractor UK

[Bush2000]

Firefox's 'retreat' ensures Microsoft excels

Open source web browser Firefox has lost the momentum it has steadily gained since it was unleashed last year, according to Web analysts at Net Applications.

The online portal’s unique Hit List service reveals a slump in the Mozilla browser’s market share, falling from 8.7% to 8.1 % in July.

Coinciding with its demise, was the advance of Microsoft's IE that has gained some of the ground surrendered in June, climbing back from 86.6 % to 87.2% last month.

The revival for the dominant browser comes on the back of average monthly losses of between .5 to 1% for Redmond, as Firefox started to gain acceptance among a wider audience than just tech-savvy users.

When asked by Contractor UK whether Microsoft’s sudden gains were from the unveiling of a new IE, Net Applications said a re-launch tends revive industry interest, and could have bolstered Microsoft’s market share of the browser market.

When a company launches a new product, there is always renewed interest in what the company has produced and it would also be fair to say that this may have had an effect, said a member of the Hit List team.

Although, there have been browser issues with Windows 2000 in the news, so it is possible that again you may see a dip [in Microsoft’s market share]. Right now, people are looking for security and whenever there are issues with the security of one's system, they will use what they feel will be the most secure.”

Besides Net Applications, web developer site W3 Schools, confirms that adoption of Firefox is falling, just as IE is reaching its highest share of the market in 2005.

According to W3's data on specialist users, Microsoft IE (6) enjoyed a 67.9% share in July, improving to 68.1% in August matched against Firefox’s top share of 21% in May, which has now dropped to 19.8% for the last two months.

Observers noted that both sets of analysis concur that Microsoft’s loss, up until now, has been Firefox’s gain, but over the last month roles have reversed.

Security fears concerning Mozilla and its browser product have recently emerged, coinciding with Microsoft’s high-profile trumpeting of its new safer browser product (IE 7), complete with glossy logo.

Experts at Net Applications said they were surprised at Firefox’s sudden retreat, saying they expected a slow down before any decline.

Yet they told CUK: “Whenever there may be problems with security, there always is a decline with users changing browsers.”

Data from the Web analytics company is based on 40,000 users, gleaned from their global internet operations, prompting some commentators to question the so-called ‘global decline’ in the Firefox market share.

The Counter.com reportedly finds that between June and July, Firefox actually increased its share by two points, and overtook IE5 for the first time ever.

The Web Standard Project suggests webmasters should treat data from web analysis providers with caution, before rushing to make service changes.

So what can we conclude?” asks the WSP, a grass roots project fighting for open access to web technologies.

“Not much: Mozilla-based browsers are probably used by just under 10% of the web audience and their share is growing slowly. IE5.x is probably used by somewhat less than that and its share is declining slowly. IE6 is roughly holding steady.”

Meanwhile, Spread Firefox, which measures actual download rates of the browser, reports that it took just one month for the Mozilla Foundation’s showpiece to reach 80 million downloads in August – from its July total of 70 million.

At the time of writing, Firefox had been downloaded 80701444 times, meaning adoption rates of over 10m occurred one month after Net Applications says Firefox bolted in light of the dominant IE.

[antiRepublicrat]

My review of Rainbow Crack looks like it's a brute force method to crack. Not a dictionary attack; therefore, Linux hash is at as much risk as a Windows hash.

Read 426. Rainbow Crack is a brute force attack, but the brute force is calculated in advance by a bunch of computers adding to the lookup table. As of now it only does 14 characters, and could therefore not handle a salted password of any decent length if you count the salt simply as part of the password. I guess there is a small probability that it could run across a short, salted password that is in its lookup table. Any Linux password of greater than six characters (assuming an eight-character salt) would be outside its range, meaning it couldn't crack the average 8-character long password.

In any case, it's success rate on Linux would be nowhere near the 99.9% success rate it has on Windows passwords up to 14 characters in length.

[adam_az]

You gonna respond to the REST of #423?

http://www.freerepublic.com/focus/chat/1471641/posts?page=423#423

[for-q-clinton]

wasn't it you that said Linux was using a 4 character salt? It may have been someone else.

But what size salt does the typical Linux build use?

[Bush2000]

I always thought it was the more eyes on the code allows the black hats to exploit your system.

;-)

[for-q-clinton]

BTW: thought you'd like to see this: http://gdataonline.com/

it's free.

[Bush2000]

What a "humanitarian" project. Probably intended to "recover" your password, in case you "forget it". /SARCASM

[for-q-clinton]

You gonna respond to the REST of #423?

Wasn't planning on it as what you say is true of all OS's. You mentioned that keeping systems fully patched is an issue for large enterprises (completely agree). All OS's need to improve on this.

So let's pretend Linux actually is viable for the desktop of a large enterprise. How does that ensure patches are fully deployed to 100% of all machines? Assuming that a few machines are missed then those too can be exploited. Especially since Linux has more posted patches that need to be deployed.

[antiRepublicrat]

You can't even admit that OS licensing was a brilliant move, as opposed to a stroke of "luck". You're hopeless.

I admit it was a great move, lucky in that IBM misjudged the future so much and allowed it. Lucky in that Kildall wasn't home, because that's even the OS Gates suggested they go with since he didn't have any experience writing an OS.

A few posts back, you argued that Microsoft wasn't competing against IBM. I just pointed out that, in fact, Windows came out before OS/2.

And therefore there was no competition until OS/2. Actually, there was a lot of cooperation until Microsoft decided to end the partnership. That's the reason for all the OS/2 files in Windows NT.

Are you seriously deluded enough to think that IBM didn't know what was going on?

That is absolutely what was going on. IBM was still in its old model and didn't believe real money was to be made in the OS. They also believed they owned the PC market and therefore there would be no other PC makers for Gates to sell his OS to. So they paid about $80,000 and no royalties. IBM then sued a couple attemted clone manufacturers, but then Compaq did a clean-room, and soon after Bill had lots of people to sell his OS to.

Virtual PC is available as a separate SKU on Windows. It doesn't have to be incorporated.

That's not the point. What I mean is seamless, behind-the-scenes emulation of old-architecture Windows on a new-architecture Windows. That way Vista could have been new instead of a hodge-podge of wrappers. Maybe installing an app could be as easy as it is on the Mac, just drop the folder onto your hard drive (that's how MS Office installs).

Which is a damned fine operating system. Even you have to admit that.

I will admit unconditionally that it is the finest operating system Microsoft has ever produced, a big improvement over any previous version.

Surge? Is that what it is? LMAO! Wake me up when they crack 5%.

Yes, surge, a relative term. When your sales go up far past the average for PC sales, and your marketshare gains in mid double-digits, that's a big surge. Those millions of sales had to come from somewhere.

[Bush2000]

I admit it was a great move

Thanks for admitting the obvious.

That is absolutely what was going on.

Gates and IBM signed a non-exclusive agreement. IBM attorneys knew that the agreement was non-exclusive and, regardless of your protestations to the contrary, IBM doesn't employ dumb attorneys. They understand the nature of the document that they were signing. It wasn't luck that caused them to put pen to paper and sign.

What I mean is seamless, behind-the-scenes emulation of old-architecture Windows on a new-architecture Windows. That way Vista could have been new instead of a hodge-podge of wrappers.

There's no need for emulation. Windows will run with reduced privilege accounts by default, which eliminates the vast majority of threats. That capability is already built into XP -- it just isn't enabled by default. Consequently, there's no reason to require emulation. The reason that Apple has had to require emulation is that it has changed processors several times. Apple was *forced* into requiring emulation. It didn't do so because it was more architecturally "pure".

I will admit unconditionally that it is the finest operating system Microsoft has ever produced, a big improvement over any previous version.

That's big of you. Too bad there's a veiled caveat attached to your declaration.

Yes, surge, a relative term. When your sales go up far past the average for PC sales, and your marketshare gains in mid double-digits, that's a big surge. Those millions of sales had to come from somewhere.

Like I said, wake me up when you get to 5%.

[antiRepublicrat]

wasn't it you that said Linux was using a 4 character salt? It may have been someone else.

Someone else. But even four characters would make it harder. Microsoft not salting its passwords was completely inexcusable, as they knew the concept existed, and had been used in UNIX for years before they thought to design NT.

But what size salt does the typical Linux build use?

It depends on the distro, but MD5 with an 8-character salt is pretty much what everybody recognizes as good. Crypt() with a two-character salt went out long ago, only used on very old UNIXes.

[antiRepublicrat]

Gates and IBM signed a non-exclusive agreement. IBM attorneys knew that the agreement was non-exclusive and, regardless of your protestations to the contrary, IBM doesn't employ dumb attorneys.

They saved money by signing a non-exclusive agreement in a marketplace where they believed there would be no competition (and thus a need for an exclusive agreement).

There's no need for emulation.

You're not getting the point. Instead of wrappers and a very outdated API and general OS structure (can you say registry?), they could have done it new, more modern. In such a case, they could have used behind-the-scenes emulation for legacy applications.

The reason that Apple has had to require emulation is that it has changed processors several times.

The Mac has changed processors to the point of there being any compability problems only once, from 68K to PPC. But that's not what I'm talking about. I'm talking about changing the OS to something more modern while still allowing for legacy applications. With VirtualPC, I'm sure Microsoft could pull it off even better than Apple did, but they're not interested in quality, only marketshare.

Too bad there's a veiled caveat attached to your declaration.

Not veiled at all. It's a good OS, the best Microsoft has ever produced, but it's not as good as the competition.

Like I said, wake me up when you get to 5%.

At the latest, probably early next year, especially with the huge initial MacTel sales they will have -- and this time Apple won't be limited in how many they can sell due to lack of CPU availability.

[for-q-clinton]

Actually many Unix systems still use non-salt or 2 character salt. Many of the systems keep the old stuff around for backwards compat.

As I said salting is a good thing, but so are longer user passwords. What you're describing is a way for users to have a shorter password and be as secure as a windows user with a longer password.

Is that really inexcuseable? Not allowing users to have a shorter password? I'd say it's an annoyance, but not inexcuseable.

To me what's inexcuseable is when a new OS comes out and they say to hell with backwards compat--we're starting over. Or when someone convinces my grandma to run Linux on the desktop.

[for-q-clinton]

At the latest, probably early next year, especially with the huge initial MacTel sales they will have -- and this time Apple won't be limited in how many they can sell due to lack of CPU availability.

Hmmm.....I thought he said "Like I said, wake me up when you get to 5%.".

But you must have read "let me know when you THINK they'll get to 5%".

Having said that, if/when they hit 5% does that mean Windows is no longer a monopoly? If not, at what % is required?

[for-q-clinton]

But then again what does any of this have to do with Firefox's 'retreat' ensures Microsoft excels

Open source web browser Firefox has lost the momentum it has steadily gained since it was unleashed last year, according to Web analysts at Net Applications.

The online portal’s unique Hit List service reveals a slump in the Mozilla browser’s market share, falling from 8.7% to 8.1 % in July.

Coinciding with its demise, was the advance of Microsoft's IE that has gained some of the ground surrendered in June, climbing back from 86.6 % to 87.2% last month.

[for-q-clinton]

Here's an interesting read on performance of hash tables vs. on the spot generation.

http://security.sdsc.edu/publications/teracrack.pdf

[Sprite518]

It will not matter what browser you use if you have McAfee and a Router. I have two fire wall, plus a spam zapper, a virus checker (that updates daily per my permission), and a privacy service. I have virtually no spy ware. My notebook flies like a champ.


Just to let you know I am using a Dell Inspiron 9300. Its got all the bells and whistles along with Office 2003. I got 80 gigs and 512 megs of Ram with Intel Mobile chip.

[Bush2000]

They saved money by signing a non-exclusive agreement in a marketplace where they believed there would be no competition (and thus a need for an exclusive agreement).

That wasn't luck. That was stupidity. Gates clearly understood that he wanted a non-exclusive agreement.

Instead of wrappers and a very outdated API and general OS structure (can you say registry?), they could have done it new, more modern.

Oh, I certainly get your point. I'm questioning the benefit. There's a significant tradeoff with emulation: Performance. Some applications may benefit from emulation but far more don't benefit. And, in a market in which performance is closely measured against past versions, MS has to be careful about deploying emulation. Apple didn't have a choice. It had to use emulation. It also knew that, despite anything that it does, Apple's users would slavishly suck down Stevie's Kool-Aid and upgrade.

The Mac has changed processors to the point of there being any compability problems only once, from 68K to PPC. But that's not what I'm talking about. I'm talking about changing the OS to something more modern while still allowing for legacy applications.

There is no reason to derail Vista because of what you consider to be architectural purity. The benefit does not outweigh the cost.

The Mac has changed processors to the point of there being any compability problems only once, from 68K to PPC.

Yeah, but it's more than that. Mac moved from MacOS9 to OS X, which was a complete architectural shift to the ripped-off-from-BSD kernel. The apps were completely incompatible with the new operating system; so, in fact, Apple had no choice but to use emulation for legacy apps.

Not veiled at all. It's a good OS, the best Microsoft has ever produced, but it's not as good as the competition.

Define "competition".

At the latest, probably early next year, especially with the huge initial MacTel sales they will have -- and this time Apple won't be limited in how many they can sell due to lack of CPU availability.

My best wishes go out to Apple, but I wouldn't hold my breath, if I were you. The processor choice has little to do with why people buy Macs. Performance isn't really a factor, either, because perf isn't so disparate between PCs and Macs. No, people buy Macs primarily because of an aesthetic and one-size-fits-all mentality that isn't present in the PC market. Even when Apple migrates to the PC, it won't allow Mac OS X to run on non-Apple PCs. That means a continuation of the same trend that Apple started with 68K -> PPC -> PC. Meaning, the only thing that Apple really gains is performance parity; which isn't enough to drive their sales.

[antiRepublicrat]

Here's an interesting read on performance of hash tables vs. on the spot generation.

Notice that paper was on using the obsolete Crypt() and two-character (4096 possibilities) salts. Their tables were also not so big, as they were doing dictionary attacks, not the all-possible permutations of Rainbow Crack. The brute force was also using supercomputers.

One of the great things about Linux, aside from licensing costs and TCO is the ability to modify to suit your needs. For example, a paranoid person could easily change his password system to recursively MD5 the entered password with the salt many times. This will be more computationally intensive and cause an acceptable delay (say 1/2 second on a modern system) upon entering a password. Even if a cracker disassembled the code to find the routine, figure 1/2 second more time per hash generation to brute-force it or create a lookup table, times billions of hashes. A half-second times billions is decades more computer time.

No security like this is perfect, but you can do things to make password cracking impractical. Things Microsoft has not done.

[for-q-clinton]

Things Microsoft has not done.

I may be wrong on this but I thought that starting with win2k, that one could replace the crypto stuff in windows and use their own. If you don't like it, just put in your own. I guess that makes it comparable with the Linux feature you speak of.

Also just because you CAN do it on linux doesn't mean that people DO that with linux. That's been proven on the most widely used platform in history--windows. Most people take the easy way out because they just want it to work. So they don't understand the holes they exposed.

Since you're so worried about windows security and like to customize Linux to be more secure, have you changed the crypto on Windows?

[antiRepublicrat]

Having said that, if/when they hit 5% does that mean Windows is no longer a monopoly?

Windows would still be a monopoly. Remember, monopolies aren't illegal or necessarily a bad thing. However, abuse of monopoly power is both.