Firefox, Opera downloads soar after IE warnings
Advice to drop IE sparks download rush to alternate browsers
Computerworld - Mozilla yesterday reported a "huge increase" in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.
German downloads of Firefox during a four-day stretch starting last Friday jumped by about 300,000 over normal, said Ken Kovash, Mozilla's director of analytics, on the company's "Blog of Metrics." "Over the past few days there has been a huge increase in the number of Firefox downloads from IE users in Germany," Kovash claimed.
Norwegian browser maker Opera Software said that downloads in Germany of its desktop application were double the usual rate last weekend, and downloads in Australia were up 40% over normal.
Mozilla and Opera cited recommendations by German, French and Australian authorities to stop using IE as the cause for the jump. Last Friday, Germany's Federal Office for Information Security, known by its German initials of BSI, and France's CERTA each called for users to stop running IE until Microsoft patches a critical vulnerability. "Pending a patch from the publisher, CERT recommends using an alternative browser," a translation of the French advisory stated.
An alert posted by the Australian government's Department of Broadband, Communications and the Digital Economy made a similar recommendation last week. "If you do not wish to install the temporary fixes [by Microsoft] ... consider using an alternate web browser (Mozilla Firefox, and Apple Safari are two such browsers) until an update becomes available," the alert read.
The countries were responding to Microsoft's confirmation last week that a flaw in IE was exploited by hackers to break into the corporate network of Google and other major Western companies. Google has alleged that the attacks were launched by Chinese attackers and security experts have offered evidence that links the attacks to China.
Today, Microsoft announced that it would deliver an "out-of-band" update tomorrow at approximately 1 p.m. Eastern.
Some security experts have argued that the advice to dump IE is wrong-headed.
"That's an irrational fear," said Richie Lai, the director of vulnerability research at security company Qualys. "Any browser has vulnerabilities. Rather than recommend switching from IE, the messaging should be that corporations should be upgrading to the latest browser, whether it's IE8 or Firefox."
The nearly nine-year-old IE6 is the most vulnerable to the current round of exploits on the Web, in part because the attack code was written specifically for that edition, in part because it lacks advanced security features like DEP (data execution prevention) and Protected Mode, a sandbox-style defense that makes it more difficult for hackers to break into the operating system if they exploit the browser.
Lai acknowledged that many corporate computer users were unable to upgrade from IE6 because they needed it to access older Web applications or intranet sites. Those people, Lai said, are stuck. But if users could install a rival browser, such as Firefox, that meant they could also install IE8, Lai argued.
Other security experts disagree. Sheri McLeish, an analyst with Forrester Research who covers browsers, noted that even if many enterprise workers are forced to use IE6, they often can install a non-Microsoft browser, as a second browser. The same isn't possible with a more secure version of IE, say IE8; that's because Windows does not allow users to run two different versions of IE.
When asked to comment on the dump-IE calls by German, French and Australian organizations, Microsoft instead repeated its assertion that only IE6 has been targeted by hackers. "As such, customers using earlier versions of Internet Explorer, such as Internet Explorer 6, should upgrade to Internet Explorer 8 immediately," said a company spokesman.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, send e-mail to firstname.lastname@example.org or subscribe to Gregg's RSS feed .
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!