Browser War: What Is It Good For?
Apr 15, 2011 5:00 AM PT
In the past month or so, we've been inundated with announcements by browser makers of the latest versions of their products.
Google, Microsoft, the Mozilla Foundation and Opera have all unveiled their latest and greatest browsers.
Most of these companies unveiled full versions of their products after having them in beta for a while, but Microsoft pipped them all when it announced the preview of Internet Explorer 10 was available for download at its Mix event in Las Vegas Tuesday. That was just less than a month after the official rollout of Internet Explorer 9.
Why is the race to unveil a new browser heating up? Do we need newer versions of browsers so soon after the last ones are pushed out? Will this cracking pace make it difficult for users to maintain security?
Who Did What, When
Google unveiled Chrome 10 in early March, just three weeks after putting it in beta.
Opera issued the final release of Opera 11.10 Tuesday, less than one month after issuing the browser in beta.
Microsoft released Internet Explorer 9 after tinkering with it for about a year, but made it up for that with its announcement of the IE 10 preview Tuesday.
Only the Mozilla Foundation moved at anything like a sedate pace, releasing Firefox 4 in late March, after missing its initial release date of October and the revised date in February.
Microsoft, Opera and Mozilla did not respond to requests for comment by press time.
Chrome Is the Spoiler
Browser development has traditionally followed the "waterfall" approach, with development teams spending months on planning, then writing the code, then sending the code to QA to get it as close to perfect as possible, Joshua Bixby, cofounder and president of Strangeloop, told TechNewsWorld.
Google threw a wrench into the works when it decided to use agile development techniques, Bixby stated. That forced most of the other players to follow suit, but Apple and Microsoft are not in the picture, although they're trying because their browsers are "tied in many ways" to their operating systems.
This link makes it difficult for Redmond and Cupertino to adopt an agile methodology, Bixby suggested.
Reducing the release cycles makes the schedule more predictable and easier to scope. It also reduces the pressure on engineering to come up with a release, Google's Lily Lin told TechNewsWorld. "The key tenets of Google Chrome are speed, simplicity and security," Lin added.
Being the Firstest With the Mostest
Competition seems to be keen among browser vendors.
"All vendors are trying to implement the latest trends in the industry in order to remain competitive and face the challenges of the online world, and to react to vulnerabilities," Sorin Mustaca, a data security expert at Avira, told TechNewsWorld.
"For example, two years ago, nobody thought of sandboxing plugins in a different process, and now everybody's doing it," Mustaca added. "And almost every week we see some new vulnerabilities discovered which get exploited. Vendors have to react immediately to these threats," he said.
"Part of the reason you're seeing these vendors ship new versions or preview versions of their browsers is to try to stay ahead of each other," Bradley Anstis, vice president of technical strategy at M86 Security, told TechNewsWorld.
Browser vendors are issuing point releases of their products for security reasons, Anstis postulated. "The recent Comodo RA compromise forced browser vendors to ship new versions of their browsers."
Anstis was referring to a hack in March of U.S. digital certificate authority Comodo's. Three of the company's registration authorities had been breached. A lone Iranian hacker calling himself "ComodoHacker" claimed credit for the first hack, which resulted in his obtaining digital certificates that could have compromised various widely used Web services, including Skype and Gmail.
However, "I believe that, for most desktop users, the primary issue isn't security; it's speed and quickness," Anstis suggested.
Newer Browsers Do It Better
Browsers are continually evolving to keep pace with customer demand as well as to protect users against the increasingly innovative threats online.
"The role of the browser has evolved to where it does much more than simply rendering graphics," Craig Spiezle, executive director and president of the Online Trust Alliance, told TechNewsWorld.
Corporations and end users should upgrade their browsers, Spiezle stated.
New browsers add in features that benefit users from a security standpoint, especially when they've patched vulnerabilities in older versions, M86's Anstis said. His company's research indicates that cybercriminals are still targeting old browser vulnerabilities, which are well known by now.
Many businesses still use Internet Explorer 6, which Spiezle described as "a legacy that's declining daily." The problem is, some businesses have coded their internal line of business applications to IE6, he said.
Browser vendors have to serve two categories of users, Avira's Mustaca pointed out.
One is home users, who adopt new technologies very fast "because they always want the best, the fastest and the richest Internet experience," he said. These users are the testers of new technologies.
The other category is corporate users. They have a very slow adoption rate, and will only change their browsers when they change their operating system, Mustaca stated.
Faster Isn't Always Better
The increasingly frantic pace at which browser vendors are offering new versions of their products has its own pitfalls.
"You get more capabilities, more performance and more innovation," Gartner analyst David Smith told TechNewsWorld. "Overall, it's a good thing, though it's not without its problems."
Those problems include the appearance of new vulnerabilities.
One of the tenets of agile development is the principle that good enough is adequate. This means that once a piece of code can do what it's supposed to do, it's ready to go.
Agile methodology calls for continuous testing, but that testing's cut off once the product's deemed good enough. While that speeds up development, it means that testing and QA aren't taken any further once the product's considered ready to roll. The result is that patching and upgrading take on greater importance.
On the other hand, the traditional "waterfall" development methodology often means products are slow to market, sometimes missing the boat altogether.
That tension between business needs and the quest to make a product as good and secure as possible tends to be resolved in favor of the business side.
"We are seeing right now the effect of this battle to release new versions faster -- every week new vulnerabilities are made public," Avira's Mustaca said.
"Every bug fix and every new feature potentially introduces other bugs," Mustaca elaborated. "And if the reaction time from browser vendors is expected to be closer to hours than days, as it was before, the situation can only become worse."