Internet Explorer attacked in Europe - by Firefox!

Filed Under: Data loss, Google, Malware, Privacy, Social networks

Move over, Internet Explorer - here comes Firefox!

According to web site statistics-gathering outfit StatCounter, Firefox sneaked into first place over Internet Explorer for the first time ever at the end of 2010 - just over half a percentage point ahead with 38.1% to IE's 37.5%.

Global celebrations will have to wait a bit, though: Firefox has yet to triumph over IE worldwide. IE still rules in North America - even though IE has dropped to less than half of the browser marketplace, coming in at 49% to Firefox's 27% - and the rest of the world follows a similar pattern to bring IE home with a global score of 47%.

Firefox is in a convincing second place worldwide with 31%, whilst don't-be-evil poster-boy Google surged to just under 15% to nab third place with the company's much younger Chrome product.

What does this mean to security professionals? What does it mean to you?

Firstly, companies with change control committees which have selected IE, and only IE, on the grounds that it is the only browser suitable for day-to-day use, need to take action. In particular, they need to put through a change control committee change to the change control committee.

Don't misunderstand me: there is nothing wrong, organisationally, with standardising on a single browser. It makes all sorts of things easier - configuration management, security patching, and support. (Indeed, Sophos has a handy solution which allows you to decide exactly which browsers to allow - and you might be be surprised just how many distinct browser flavours there are out there.)

Just don't try to carry the argument to your staff that your anointed browser is an "obvious choice", or that it's "clearly better" - the sort of dismissive remark which is still regularly heard around the traps. Be honest to your constituents about the reasons for your browser choice.

Secondly, companies with software products which have web interfaces need to do their best to avoid coding in a way which locks their products, and their users, into a specific browser. Avoiding the programmatic pecadillos of any individual browser gives your customers more choice, and it also ensures that you don't fall into an even deeper hole: getting stuck requiring, rather than merely supporting, a single specific version of a single browser. (IE6, anyone?)

Thirdly, today's mainstream browsers aren't wildly different in their attention to security. All of them are huge, complex software projects - probably too complex ever to be called properly secure, but possibly secure enough for day-to-day use - made yet more complex by plugins, add-ons and other customisation tweaks.

So your choice of browser isn't your most important security step. After all, even if your preferred browser could be considered theoretically secure, it would nevertheless suffer from the rather insultingly-named issue known as PEBKAC. (I shan't explain the acronym here. You'll have to watch the video to see it spelled out in detail - complete with an illustrative example!)

Whichever browser you choose, make sure you invest time and effort in your best security asset: YOU.

, , , , , , , , , ,

You might like

5 Responses to Internet Explorer attacked in Europe - by Firefox!

  1. Andre · 1736 days ago

    According to the chart Firefox should thank Chrome for
    pushing IE down below Firefox.

    • Paul Ducklin · 1736 days ago

      Be careful - that chart alone doesn't show anything of the sort - it shows IE and FF both going down slightly over the past four months, and Chrome going up.

      Perhaps Chrome stole its users from Firefox as much as from IE?

      Some observers quite reasonably suggest that the higher-than-elsewhere percentage of both Chrome and Firefox in Europe is a side-effect of the EU's requirement that Windows offer new OS installers a randomised choice of browser.

      In other words, IE has suffered because people are now more likely to switch from IE. If Chrome weren't there, perhaps all the Chrome users would still have switched from IE - except they'd have switched to Firefox :-)

  2. Dr Bob Matthews · 1736 days ago

    I am not surprised that Firefox is sneaking ahead and not only in Europe. Most IT professionals in government, industry and engineering are fed up with Microsoft's
    IE offerings, the word in the street is a sieve is more effective than the security of IE8.
    The other complaints to which Microsoft has not responded, is the footprint thay every update to IE that is left behind in the page file. Most Microsoft products are both disc, page file and memory intensive. The company seems more intent on selling "apps" for gamers than solving the glaring code problems both in their OS and Office applications.
    Some of the fixes that MIcrosoft includes in updates are already out of date by the time they appear as downloads. It really begs the question are the products fit for purpose?

  3. Kelly · 1736 days ago

    I might remind everyone that Mozilla... firefox's first incarnation had the huge market share before Microsoft decided to make their browser integrated into their operating system. Microsoft wasn't the world first to conquer the browser market. They were second.

  4. coda · 1736 days ago

    I use chrome & IE9 on my computer. why? both are fast, as secure (may be better) than firefox.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog