Browsers: A return to arms

C|Net News ^ | 01/01/05 | Paul Festa

[holymoly]

For a market segment Microsoft was said to have won decisively in the mid-1990s, the company spent a lot of time in 2004 putting out fires on the browser front.

Like the ghost of the Netscape browser rising to haunt its slayer, Firefox emerged with a vengeance from the Mozilla open-source group, which was founded by Netscape in 1998 and last year spun off by parent company Time Warner. Firefox started off the year a prerelease, name-challenged project by a group that had lost much of its credibility after chronic delays and significant setbacks.

But Firefox ended 2004 as a force to be reckoned with. While IE went much of the year with a lock on better than 90 percent of the browser market, surveys showed it slipping incrementally through the second half. By November, one survey showed that Firefox had forced the dominant browser below the 90 percent mark for the first time since the browser wars of the last decade.

In the meantime, Mozilla made progress on other fronts, including a Nokia-funded project to produce a version of Firefox for cell phones and other small devices; a new effort to create an alternative to Microsoft's ActiveX plug-in technology; and an alliance with the Gnome desktop software project to improve the browser-desktop integration in advance of Microsoft's much-delayed Longhorn operating system, in which browser and desktop will be significantly more blended together.

As for Netscape, America Online spent the year proving to the world that its storied browser is not dead yet. In the spring, the company started hiring with an eye to revitalize the Netscape division, and in the fall--as the Netscape browser celebrated its 10th anniversary--word got out that AOL was preparing not only a standalone browser based on Internet Explorer but a new Firefox-based browser that can also run on IE; a redesigned portal site; and an accompanying marketing campaign for the storied, bloodied brand.

The catalyst for the Firefox explosion was the havoc wrought on the Internet by phishing schemes, spyware and other security menaces. In response to complaints about IE's security, Microsoft in August issued an operating system update, Service Pack 2, that significantly changed the way the browser handled pop-up windows, Web site plug-ins like Macromedia's Flash application, and software downloads.

The browsing changes incensed some Web application developers, who predicted hard times for plug-in vendors. It also raised questions about Microsoft's decision to issue the browser changes through an operating system update only, which would require about half the people running Windows to pay for an upgrade to Windows XP.

Microsoft battled more plug-in headaches with the continuation of its defense against the University of California and its Eolas spinoff, which in 2003 won a landmark $521 million patent infringement judgment--later upped to $565 million--against the software giant for IE's plug-in mechanism.

In the spring, Microsoft won a significant round against UC when the U.S. Patent and Trademark Office initiated its own re-examination of the patent. And based on the composition of the federal appeals court panel that convened in December to hear Microsoft's appeal, legal eagles gave the company good chances of having at least part of the judgment overturned.

[holymoly]

While IE went much of the year with a lock on better than 90 percent of the browser market

This continues to amaze me, particularly when the United States Computer Emergency Readiness Team (a partnership between the Department of Homeland Security and the public and private sectors) has advised that web surfers use a different browser.

  U.S. Government (US-CERT) warns web surfers: Stop using Microsoft Internet Explorer

U.S. Government Computer Emergency Readiness Team

Vulnerability Note VU#713878

Excerpt:

"Use a different web browser"

"There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.

It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML)."

Check my FR homepage for more PC security-related links, etc.

[searchandrecovery]

I like firefox. It blocks the drudge popups, and I've had few problems viewing pages since I installed it (month ago?). Good stuff - although the mail tool thing is a bit slow.

[Jotmo]

If you could tell me where to get a spell checker for FireFox (like "iespel" for IE) so I wouldn't have to use Word, I would use FireFox almost exclusively. Also, some web sights features don't work with FireFox either, and that's annoying.

Otherwise, I like FireFox, and will use it most of the time.

[Gorzaloon]

All this is true, MSIE Sux, etc, etc, but possibly it is time to stop considering script kiddies, trojan writers and proxy spammers as being "cute" and start nailing them to the wall. Is anything conceptually wrong with that, other than bribes from the Direct Marketing Association and others?

If Firefox, or any other browser, captures a large majority of the market, then it also will be a target.

I think is is more productive to attack the problem at its source. Why do we have to jump through hoops and keep changing our software or installing countermeasures all the time? It is the same thing as perpetually buying new locks for our doors because nobody goes after burglars.

[El Gran Salseron]

"Now let's see. IE is free and comes with part of the Windows package but is backed by Microsoft who has multi-millions to spend on the browser.

Firefox is free and it is their only product.

Something doesn't add up.

Something is rotten in Denmark.

[Willie Green]

word got out that AOL was preparing not only a standalone browser based on Internet Explorer but a new Firefox-based browser that can also run on IE;

Uhhhhh... can anybody explain to me why I would want "a new Firefox-based browser that can also run on IE"???

That sounds awfully redundant and inefficient to me.

[holymoly]

If Firefox, or any other browser, captures a large majority of the market, then it also will be a target.

It may be a target, but Firefox will never be as vulnerable as IE.

The info provided by US-CERT (above) lists the many IE-only faults and vulnerabilities. However, for those who think Firefox can/could become as vulnerable as IE, I suggest they read the following:

An extended explanation on why Internet Explorer is insecure

[Malsua]

Google: Firefox spellbound

Should do what you need.

[Poser]

The quick adoption of Firefox shows that Microsoft has no monopoly on any software market. Lots of people whine about Microsoft, but they are only a couple of good applications away from becoming the next Wordstar, WordPerfect, Visicalc, Supercalc, Lotus or Novell. Remember ARCnet?

The continued success of Microsoft is amazing.

Firefox is a great application. It is better than IE and is being adopted by millions because of that.

The more things change, the more they stay the same. The constants in the computer software business are that todays programs will be bypassed by better ones in a couple of years and that standardization is more important than bells and whistles.

[Quix]

EVIDENTLY part of or the main reason I have trouble with FIREFOX is

my dual CPU AMD ASUS MOTHERBOARD SYSTEM. . . . that Firefox doesn't do well with dual processors.

Any recommendations?

Is Opera really worth the money--having so little of the latter?

Anything better, free?

I've used OFF BY ONE and it's nice but limited and also seems to be a bit glitchy in some area--I forget what.

[FateAmenableToChange]

I just got two pop ups on Firefox in the last two days. One for Hollywood Video, another for a collection of smileys. And yes, my pop up blocker is turned on.

Firefox is good, but it's not perfect. It also crashes when I try to go to Yahoo Games to play Go.

[FreedomPoster]

>>but possibly it is time to stop considering script kiddies, trojan writers and proxy spammers as being "cute" and start nailing them to the wall.

Personally, I've been saying for some time, that I am for capital punishment for spammers, malware and virus writers, and others of that ilk. Those in foreign countries, we should nail with CIA wetwork.

I am not kidding.

[holymoly]

EVIDENTLY part of or the main reason I have trouble with FIREFOX is my dual CPU AMD ASUS MOTHERBOARD SYSTEM. . . . that Firefox doesn't do well with dual processors.

Any recommendations?

Sorry, no. Have you tried asking at the Mozilla Firfox Support Forum?

Is Opera really worth the money--having so little of the latter?

Only you can answer that. As you probably know, the "free" version displays an ad. You may want to give it a test spin & see for yourself.

Anything better, free?

Have you tried the "old" Mozilla browser (not Firefox)?

I've used OFF BY ONE and it's nice but limited and also seems to be a bit glitchy in some area--I forget what.

Lol. No java, ActiveX, plugins, HTML 3.2 mean it has trouble displaying some sites. However, it is safe. ;)

[tubebender]

My computer use is typical of the millions of home users. I surf a few web sites, buy on eBay and send and receive a few eMails. I rely on a guy to help me from time to time because I don't learn well at my age. I have been using Netscape 7.2 on my iMac for about 3 months and it works well for me. I use Eudora for mail and delete spam on the Cox Cable site before downloading it. Filters tend to delete some mail from eBay sellers and that's a worry to me.

By sliding my cursor off the scroll bar a pop up menu lets me hit a back or refresh button without going to the top left of the page which IE also does but Safari does not...

[primatreat]

Firefox looks like the younger brother of Safari, a native OS X program. It is even set up the same. Made by the same people. At last the PC group will have some relief from the Microsoft stuff.

[230FMJ]

I've been using Firefox for a week now, and I'm very impressed. I have yet to explore the tabs option that I read about in other FR threads.

[holymoly]

I just got two pop ups on Firefox in the last two days. One for Hollywood Video, another for a collection of smileys. And yes, my pop up blocker is turned on.

Firefox is good, but it's not perfect. It also crashes when I try to go to Yahoo Games to play Go.

No, it certainly isn't perfect. Which is why I also have a version of Opera on my system, as well as "Off By One". I use Opera for those rare sites which don't seem to work with Mozilla (I still run Mozilla, and am quite happy with it).

Still, when considering the vulnerabilities of IE, I consider Mozillas' problems to be minor in comparison.

[Fresh Wind]

Firefox is good, but it's not perfect.

I got hit with a Startpage.6.BQ trojan about a week ago. Norton ignored it, which is another reason Symantec products are permanently off my buy list.

[discostu]

It shouldn't amaze you. The computer has become an appliance, the vast majority of users are not technically savvy and don't even know where to start looking for a new browser. IE comes bundled with the OS, and if they've signed onto AOL they get another version from there (being bought by AOL was the worst thing that ever happened to Netscape). The only way I can see IE dropping below 2/3 of the market is if AOL drops it entirely, even then it will still probably have the majority of the market.

[discostu]

It's AOL, they don't have to make sense, and rarely do. Remember they spent millions on buying Netscape and have done nothing with it other than bundling their crap in with the Netscape install, and notice they still don't have a plan to use Netscape as their primary distributed browser, or even AS a browser distributed to AOL users at all.