Firefox, Opera downloads soar after IE warnings
Advice to drop IE sparks download rush to alternate browsers
Computerworld - Mozilla yesterday reported a "huge increase" in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.
German downloads of Firefox during a four-day stretch starting last Friday jumped by about 300,000 over normal, said Ken Kovash, Mozilla's director of analytics, on the company's "Blog of Metrics." "Over the past few days there has been a huge increase in the number of Firefox downloads from IE users in Germany," Kovash claimed.
Norwegian browser maker Opera Software said that downloads in Germany of its desktop application were double the usual rate last weekend, and downloads in Australia were up 40% over normal.
Mozilla and Opera cited recommendations by German, French and Australian authorities to stop using IE as the cause for the jump. Last Friday, Germany's Federal Office for Information Security, known by its German initials of BSI, and France's CERTA each called for users to stop running IE until Microsoft patches a critical vulnerability. "Pending a patch from the publisher, CERT recommends using an alternative browser," a translation of the French advisory stated.
An alert posted by the Australian government's Department of Broadband, Communications and the Digital Economy made a similar recommendation last week. "If you do not wish to install the temporary fixes [by Microsoft] ... consider using an alternate web browser (Mozilla Firefox, and Apple Safari are two such browsers) until an update becomes available," the alert read.
The countries were responding to Microsoft's confirmation last week that a flaw in IE was exploited by hackers to break into the corporate network of Google and other major Western companies. Google has alleged that the attacks were launched by Chinese attackers and security experts have offered evidence that links the attacks to China.
Today, Microsoft announced that it would deliver an "out-of-band" update tomorrow at approximately 1 p.m. Eastern.
Some security experts have argued that the advice to dump IE is wrong-headed.
"That's an irrational fear," said Richie Lai, the director of vulnerability research at security company Qualys. "Any browser has vulnerabilities. Rather than recommend switching from IE, the messaging should be that corporations should be upgrading to the latest browser, whether it's IE8 or Firefox."
The nearly nine-year-old IE6 is the most vulnerable to the current round of exploits on the Web, in part because the attack code was written specifically for that edition, in part because it lacks advanced security features like DEP (data execution prevention) and Protected Mode, a sandbox-style defense that makes it more difficult for hackers to break into the operating system if they exploit the browser.
Lai acknowledged that many corporate computer users were unable to upgrade from IE6 because they needed it to access older Web applications or intranet sites. Those people, Lai said, are stuck. But if users could install a rival browser, such as Firefox, that meant they could also install IE8, Lai argued.
Other security experts disagree. Sheri McLeish, an analyst with Forrester Research who covers browsers, noted that even if many enterprise workers are forced to use IE6, they often can install a non-Microsoft browser, as a second browser. The same isn't possible with a more secure version of IE, say IE8; that's because Windows does not allow users to run two different versions of IE.
When asked to comment on the dump-IE calls by German, French and Australian organizations, Microsoft instead repeated its assertion that only IE6 has been targeted by hackers. "As such, customers using earlier versions of Internet Explorer, such as Internet Explorer 6, should upgrade to Internet Explorer 8 immediately," said a company spokesman.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, send e-mail to firstname.lastname@example.org or subscribe to Gregg's RSS feed .
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts