Firefox, Opera downloads soar after IE warnings
Advice to drop IE sparks download rush to alternate browsers
Computerworld - Mozilla yesterday reported a "huge increase" in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.
German downloads of Firefox during a four-day stretch starting last Friday jumped by about 300,000 over normal, said Ken Kovash, Mozilla's director of analytics, on the company's "Blog of Metrics." "Over the past few days there has been a huge increase in the number of Firefox downloads from IE users in Germany," Kovash claimed.
Norwegian browser maker Opera Software said that downloads in Germany of its desktop application were double the usual rate last weekend, and downloads in Australia were up 40% over normal.
Mozilla and Opera cited recommendations by German, French and Australian authorities to stop using IE as the cause for the jump. Last Friday, Germany's Federal Office for Information Security, known by its German initials of BSI, and France's CERTA each called for users to stop running IE until Microsoft patches a critical vulnerability. "Pending a patch from the publisher, CERT recommends using an alternative browser," a translation of the French advisory stated.
An alert posted by the Australian government's Department of Broadband, Communications and the Digital Economy made a similar recommendation last week. "If you do not wish to install the temporary fixes [by Microsoft] ... consider using an alternate web browser (Mozilla Firefox, and Apple Safari are two such browsers) until an update becomes available," the alert read.
The countries were responding to Microsoft's confirmation last week that a flaw in IE was exploited by hackers to break into the corporate network of Google and other major Western companies. Google has alleged that the attacks were launched by Chinese attackers and security experts have offered evidence that links the attacks to China.
Today, Microsoft announced that it would deliver an "out-of-band" update tomorrow at approximately 1 p.m. Eastern.
Some security experts have argued that the advice to dump IE is wrong-headed.
"That's an irrational fear," said Richie Lai, the director of vulnerability research at security company Qualys. "Any browser has vulnerabilities. Rather than recommend switching from IE, the messaging should be that corporations should be upgrading to the latest browser, whether it's IE8 or Firefox."
The nearly nine-year-old IE6 is the most vulnerable to the current round of exploits on the Web, in part because the attack code was written specifically for that edition, in part because it lacks advanced security features like DEP (data execution prevention) and Protected Mode, a sandbox-style defense that makes it more difficult for hackers to break into the operating system if they exploit the browser.
Lai acknowledged that many corporate computer users were unable to upgrade from IE6 because they needed it to access older Web applications or intranet sites. Those people, Lai said, are stuck. But if users could install a rival browser, such as Firefox, that meant they could also install IE8, Lai argued.
Other security experts disagree. Sheri McLeish, an analyst with Forrester Research who covers browsers, noted that even if many enterprise workers are forced to use IE6, they often can install a non-Microsoft browser, as a second browser. The same isn't possible with a more secure version of IE, say IE8; that's because Windows does not allow users to run two different versions of IE.
When asked to comment on the dump-IE calls by German, French and Australian organizations, Microsoft instead repeated its assertion that only IE6 has been targeted by hackers. "As such, customers using earlier versions of Internet Explorer, such as Internet Explorer 6, should upgrade to Internet Explorer 8 immediately," said a company spokesman.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, send e-mail to firstname.lastname@example.org or subscribe to Gregg's RSS feed .
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Security in Computerworld's Security Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts