Firefox, Opera downloads soar after IE warnings
Advice to drop IE sparks download rush to alternate browsers
Computerworld - Mozilla yesterday reported a "huge increase" in downloads of Firefox in Germany after that country's computer security agency urged users of Microsoft's Internet Explorer (IE) to dump the browser and run a rival instead.
German downloads of Firefox during a four-day stretch starting last Friday jumped by about 300,000 over normal, said Ken Kovash, Mozilla's director of analytics, on the company's "Blog of Metrics." "Over the past few days there has been a huge increase in the number of Firefox downloads from IE users in Germany," Kovash claimed.
Norwegian browser maker Opera Software said that downloads in Germany of its desktop application were double the usual rate last weekend, and downloads in Australia were up 40% over normal.
Mozilla and Opera cited recommendations by German, French and Australian authorities to stop using IE as the cause for the jump. Last Friday, Germany's Federal Office for Information Security, known by its German initials of BSI, and France's CERTA each called for users to stop running IE until Microsoft patches a critical vulnerability. "Pending a patch from the publisher, CERT recommends using an alternative browser," a translation of the French advisory stated.
An alert posted by the Australian government's Department of Broadband, Communications and the Digital Economy made a similar recommendation last week. "If you do not wish to install the temporary fixes [by Microsoft] ... consider using an alternate web browser (Mozilla Firefox, and Apple Safari are two such browsers) until an update becomes available," the alert read.
The countries were responding to Microsoft's confirmation last week that a flaw in IE was exploited by hackers to break into the corporate network of Google and other major Western companies. Google has alleged that the attacks were launched by Chinese attackers and security experts have offered evidence that links the attacks to China.
Today, Microsoft announced that it would deliver an "out-of-band" update tomorrow at approximately 1 p.m. Eastern.
Some security experts have argued that the advice to dump IE is wrong-headed.
"That's an irrational fear," said Richie Lai, the director of vulnerability research at security company Qualys. "Any browser has vulnerabilities. Rather than recommend switching from IE, the messaging should be that corporations should be upgrading to the latest browser, whether it's IE8 or Firefox."
The nearly nine-year-old IE6 is the most vulnerable to the current round of exploits on the Web, in part because the attack code was written specifically for that edition, in part because it lacks advanced security features like DEP (data execution prevention) and Protected Mode, a sandbox-style defense that makes it more difficult for hackers to break into the operating system if they exploit the browser.
Lai acknowledged that many corporate computer users were unable to upgrade from IE6 because they needed it to access older Web applications or intranet sites. Those people, Lai said, are stuck. But if users could install a rival browser, such as Firefox, that meant they could also install IE8, Lai argued.
Other security experts disagree. Sheri McLeish, an analyst with Forrester Research who covers browsers, noted that even if many enterprise workers are forced to use IE6, they often can install a non-Microsoft browser, as a second browser. The same isn't possible with a more secure version of IE, say IE8; that's because Windows does not allow users to run two different versions of IE.
When asked to comment on the dump-IE calls by German, French and Australian organizations, Microsoft instead repeated its assertion that only IE6 has been targeted by hackers. "As such, customers using earlier versions of Internet Explorer, such as Internet Explorer 6, should upgrade to Internet Explorer 8 immediately," said a company spokesman.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, send e-mail to firstname.lastname@example.org or subscribe to Gregg's RSS feed .
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
Read more about Security in Computerworld's Security Topic Center.
- Learn More About Peer 1 Hosting's Mission Critical Cloud Mission Critical Cloud from Peer 1 Hosting is enterprise-ready, creating a perfect point of adoption whether you need an off-premise solution for development
- What Makes a Cloud Solution Truly Enterprise-Grade? Future enterprise cloud capabilities will evolve from five core elements...
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.
- Peer 1's Mission Critical Cloud: Your Cloud, Your Way Peer 1 Hosting's Mission Critical Cloud offers the ultimate in flexible customization of infrastructure, resources and support. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!