• United States



by Paul Kerstein

Firefox Faces Challenges As it Matures

Sep 20, 20057 mins
CSO and CISOData and Information Security

When version 1.0 of Firefox was released in November 2004, it caused asensation as a seemingly more secure and more feature-rich option toMicrosoft Corp.’s ubiquitous Internet Explorer (IE) which for years hadheld a market share north of 90 percent and which Microsoft had barelybothered to improve.

Since Firefox 1.0 was released, it has achieved what no other browserhad accomplished in years: attain a significant market share at IE’sexpense. Firefox now holds a market share of between 7 percent and 9percent, according to various market research estimates.

But as Firefox nears its first birthday, its maker, The MozillaFoundation, faces significant challenges, analysts say. These includequickly discovering and fixing security vulnerabilities, competingagainst an upcoming IE upgrade and broadening Firefox’s user basebeyond its core of technically savvy users.

The stream of Firefox security vulnerabilities uncovered in recentmonths is par for the course for a young software product. But it maydisappoint users who switched to Firefox expecting it would be immuneto security holes.

While the myth of Firefox as a totally secure browser evaporates,Microsoft is now upgrading IE to try and close the features gap thathas attracted users to Firefox. IE 7 is now in a test, or beta, phase.Mozilla must keep Firefox one step ahead of IE in features andinnovation, a bigger challenge now that Microsoft is for the first timein years paying attention to its browser’s development.

Finally, although Firefox has anywhere between 40 million and 50million active users, according to Mozilla, it needs to appeal to moremainstream individual users as well as to corporate IT departments, inorder to give its usage growth a boost, analysts say.

Mozilla isn’t keeping still. The first major Firefox upgrade,code-named Deer Park and also known as version 1.5, is now in betatesting and is slated for general availability by November or Decemberof this year.

The new and improved features in Firefox 1.5 are adequate andconvenient, but not earth-shattering, and the coming months will becritical for Firefox to hold on to its user base and remain a viablealternative to IE, analysts say.

“Firefox 1.5 features improvements that are necessary and valuable butnot necessarily compelling. It will not re-energize the usage growth,which is going through a natural slowing down that happens withmaturity,” said Ray Valdes, a Gartner Inc. analyst.

Firefox 1.5 features enhancements in usability, performance,extensibility, security and privacy, including faster Web navigation,due to advanced capabilities for caching and pre-rendering content,Chris Beard, head of products and marketing at Mozilla Corp., told IDGNews Service recently. Mozilla Corp. is the subsidiary of the nonprofitMozilla Foundation that is charged with developing, marketing anddistributing Mozilla products.

The product’s tabbed browsing feature has also been improved by makingit possible for users to re-arrange pages by dragging and droppingthem, Beard said.

In terms of security and privacy, the biggest improvement is anautomated update feature to make it easy for users to keep theirbrowser current with the latest improvements and patches available forit, Beard said. For example, with the current version users have todownload the entire browser again to get updates, but with Firefox 1.5users will be able to simply download the patches, making the processfaster, he said.

The updates will be downloaded in the background in bits and pieces ata time, so as to not interfere with the browsing experience, and userswill be prompted to install them once the patch has been completelydownloaded, he said. Moreover, the automated update feature also willtake into account the add-ins a user has installed on a browser, toensure compatibility between the updates to the browser and theextensions, he said.

“We’re delivering a software update capability that is holistic, thattakes into account how people use Firefox,” Beard said. “This featureis one of the most significant enhancements. It has been a pain pointfor Firefox users and we believe we’ve delivered a solution that willlet people stay current.”

Microsoft, however, is reacting to the challenge by improving IE, analysts say.

“The real question is how well will Firefox fare against areinvigorated IE,” said Michael Gartenberg, a Jupiter Research analyst.”For many users, IE 7 will address some of the key reasons why they mayhave looked at Firefox, such as security or new features [not in IE.]”

In the excitement that surrounded its launch last year, Firefox wasunreasonably portrayed by some as having unbreakable security, but thevulnerabilities that have been detected in recent months are injectinga dose of reality into this myth, analysts say.

Users who adopted Firefox, hoping never having to patch it, aredisappointed and this in turn is slowing down its growth, said analystRob Enderle of The Enderle Group. “Firefox has had some visible growingpains,” Enderle said. “As the product grows up, you face reality … andthe massive interest has dropped off.”

In the face of unavoidable security holes, the important thing is forMozilla to react quickly to the discoveries with fixes, analysts say.”What the market has learned is that there are going to bevulnerabilities on any platform and that switching from one browser toanother is not going to be a panacea,” Gartenberg said.

This is why the automated update feature in Firefox 1.5 is aparticularly important one, said Eric Peterson, a Jupiter Researchanalyst. “It’s the kind of functionality they should have. They need tobe ready to quickly address any kind of hacker threat to theapplication,” Peterson said. “If they’re making it fairly transparentto the user, that’s great news. In retrospect, it’s probably somethingthey should have built in with the 1.0 release.”

On the question of how responsive Mozilla has been in patching thesecurity holes, the opinions are mixed. Gartenberg and Valdes both giveMozilla high marks, but others are less impressed. “Putting in place anautomated update mechanism doesn’t really get you anything unless thereare updates to feed through it. What we’ve seen with some of the firstsecurity problems in Firefox is that their speed of getting to marketwith an update is the bigger factor,” said Nate Root, a ForresterResearch Inc. analyst.

As Mozilla continues to improve Firefox, it needs to place moreattention on quality assurance, because the browser is developed by acommunity of open source volunteers, Root said. Particular stringencyneeds to be applied to reviewing the hundreds of add-ins available forthe browser, some of which have been sources of securityvulnerabilities, Root said.

Then there’s the issue of keeping the growth momentum going, whichnecessarily involves appealing to users outside of Firefox earlyadopters. These core users are mostly technically savvy peoplecomfortable with open source software and eager to take advantage ofFirefox’s extensible architecture to customize the product, analystssay. Places to find new adopters are in the massive consumer market andin the corporate market, they say. “One could argue they’re getting[close] to saturating that portion of the market of technically adeptusers,” said Gartner’s Valdes.

To appeal to mainstream individual users, Firefox needs to remain astep ahead of Microsoft in features and innovation, analysts say.However, some don’t see anything close to a massive migration from IEto Firefox happening any time soon.

“IE works perfectly fine for the vast majority of consumer, mainstreamusers,” Jupiter’s Gartenberg said. “I don’t think we’ll see massivemainstream consumers opting to use Firefox.”

Regarding the enterprise market, Mozilla officials acknowledge that, atleast for now, their focus remains on individual users, not on makingthe browser attractive for IT departments that may in turn roll it outto their corporate users.

That needs to change, said Gartner’s Valdes. “If they want to keepgrowing their usage base, they need to address the needs of differentsectors of the user population, including corporate users,” he said.

By Juan Carlos Perez – IDG News Service (Miami Bureau)