The browser war is once again being waged by a half dozen or more software companies who are fighting for a bigger share of the Web browser real estate. But as alternative Web browsers become more popular, so are intrusions by hackers aimed at them.
Skirmishes among Web browser companies ended in the mid-1990’s when Microsoft gained prominence by embedding its Internet Explorer application into the Windows operating system. After that, leap frog introductions of browser revisions by Microsoft and the then-developer of the Netscape browser ended. Alternative browsers became a thing of interest only to a cult following. Until recently, consumers showed little interest in going outside the box to surf the Internet.
But growing concerns over vulnerabilities embedded in Microsoft Internet Explorer is driving interest once again in alternative browsers. So is the quest for a browser with features not provided by IE.
Still, the road to browser Nirvana is not always paved with improved productivity and better security. Switching browsers may be more challenging for hard-core Web surfers and business users. Many users who consider breaking with IE also have to resolve concerns about cost, staff training and compatibility issues.
User Reactions Changing
According to WebSideStory, a Web analysis firm, Microsoft now owns more than 95 percent of the browser turf. The remaining 5 percent is held by AOL’s Netscape, the Mozilla Foundation’s Mozilla and Firefox, Opera Software’s Opera browser and Apple’s Safari.
The only motivation for most users to find a substitute for IE was the increasing number of browser vulnerabilities that led to countless security risks. Microsoft saw little need to update the look and feel of its Internet Explorer environment. Security issues aside, the only real draw consumers saw in switching browsers was the tabbed design that Netscape and most other alternative browsers provided.
But the United States Computer Emergency Readiness Team (USCERT) in June urged consumers and businesses to stop using IE until Microsoft solves the worsening security vulnerabilities and hardens the flaws inherent in its Web browser. That request is pushing more interest in finding suitable replacement browser software.
Analysts says they don’t think that the user base Microsoft enjoys with its browser dominance will erode any time soon. But they do see a significant movement towards alternative browsers.
“In 1996, there was a huge focus on getting the same browsing experience with the top five browsers. We are starting to see a return to that again,” Michael Hrabik, CTO of Solutionary, a managed-security service provider, told TechNewsWorld.
Switchers, Lookers Growing
According to a recent tracking analysis from WebSideStory, since early June, the number of visits with Internet Explorer to Web sites the firm tracks declined 1.3 percent. The analysis shows that the use of other browsers is starting to increase.
Two other popular alternative browsers are gaining more users as well. The Mozilla Foundation this summer released a new version of its famous Mozilla browser, called Firefox 0.9. The foundation grew out of the team that developed Netscape and a predecessor, Mosaic. The foundation reports downloads of Mozilla and Firefox have doubled recently.
“This new release brings Firefox closer to its much-anticipated 1.0 release, which will mark a milestone in the history of the Mozilla Foundation,” said Mitchell Baker, president of the Mozilla Foundation.
Opera Software, a Norwegian company, reports that purchases of its ad-free browser nearly tripled from June to July. The free version puts targeted ads in the browser real estate.
“Opera is not only the fastest browser on Earth, but the most customizable browser on Earth,” Opera Software CEO Jon S. von Tetzchner said.
He added: “We are doing everything we can to encourage people to move on to more advanced technologies with a simple start in Opera, offering them the sort of settings that they are accustomed to before they dive in to everything Opera offers. There should be no learning curve for Web surfers wanting a better Internet experience.”
Not All Browsers Compatible
Chris Capra, director of Lotus public relations, headed an effort to switch browsers but gave up the quest because of functionality and compatibility concerns. He said his firm considered getting rid of IE for security purposes when his boss’s computer appeared to be hacked. His staff evaluated both Mozilla and Opera. He quickly discovered that many Web sites were not compatible with those browsers.
“Since we utilize many online services like Media Map for our media research, eWatch and Factiva for editorial research and even online timesheet and banking tools, it is critical to our day-to-day efficiency to have a browser that actually works with the applications,” Capra said.
The long and short of it is that after many hours of research, deployment and use of an alternative browser, Capra’s staff came back to IE for its functionality and compatibility. Instead of switching browsers, his firm focused on securing its network better and providing better antivirus and antispyware capabilities for each desktop.
“We will live with the risks until there is actually something better. It’s our opinion that for the smaller enterprise, the time spent trying to research and deploy a different browser is not worth the time and expense when performance doesn’t meet expectations,” Capra told TechNewsWorld.
For some uses, Microsoft’s Internet Explorer was never in the picture. The Omega Management Group, a customer loyalty consulting firm, always used Netscape and never looked back. William Bradley, an Omega spokesperson, said concerns about vulnerability issues led company officials to order its IT staff to block IE in the Windows 2000 policy restrictions.
Bradley said Omega, which has 80 employees and runs five servers, has used Netscape with a firewall and Norton’s antivirus software for 10 years with almost no intrusions.
“But in the last two years, we saw weekly attempts at compromising security from trojans,” Bradley told TechNewsWorld. “Now we are evaluating Mozilla Firefox. It is less well known and less targeted.”
False Securities Abound
Switching browsers might not be a completely safe solution to the Internet security problem, according to Robert Shively, CEO of PivX Solutions. His company developed Qwik-Fix Pro to block Windows vulnerabilities.
“Our contention is that Microsoft’s Internet Explorer cannot be separated from the Windows operating system. So even if you switch browsers, you are still vulnerable. Switching just gives you a false sense of security,” Shively told TechNewsWorld.
That’s not necessarily so, said other security experts. Whether an alternative browser opens the system to IE’s vulnerabilities depends on what core files the replacement browser uses.
“If the browser uses a shared library file, then it’s true that the vulnerabilities still exist. If the browser has its own code, then the vulnerabilities are not still there,” Solutionary’s Hrabik said.
Security Not Guaranteed
Switching browsers might let you run but not hide from embedded IE vulnerabilities.
“Using an alternative browser will significantly reduce the chance of an exploit from executing. But it is not a failsafe from spyware and exploits on the Web,” Webroot founder and CTO Steve Thomas told TechNewsWorld. Webroot offers privacy and security software for home and office environment.
According to Thomas, exploits that might remain present with a different browser results from a hole in one of the IE components, not the iexplore.exe application itself.
“Take, for example, mshtml.dll. The cross-domain and iframe exploits targeted this module. Anything that uses this module will permit the exploit until patched when it is loaded by another application,” he said. Outlook Express, Outlook, Windows Help are a few such applications that use IE’s HTML rendering engine.
“While IE is embedded in Windows, it has to be used in order to provide the opening necessary for most spyware installations. It should also be noted that patched versions of IE are relatively safe today, but this implies that users are vigilant about updating patches,” Thomas said.
Since most alternative browsers such as Mozilla and Opera have their own HTML rendering engine, they are not susceptible to these specific exploits. However, Thomas said alternative browsers are now being targeted as well. For example, well-known hijacker Lop is now targeting Netscape, Mozilla and Firefox browsers as well as IE, he said.
“And spyware developers are increasingly using Mozilla’s java archive (.jar) plugin model to attempt installation of their software in a fashion similar to exploits against Internet Explorer’s Active X objects,” Thomas warned.