Subscribe via e-mail: 
You’ve probably noticed the coverage of Internet Explorer’s inexorable slide at several new sites. In Germany (the country that issued my passport), Firefox overtook IE for the first time. I find this news interesting because it is not that easy to explain why Microsoft can’t stop users from moving to Firefox.
However, the fact that Germany is leading in this development is no surprise for me. It is often claimed that security-aware Germans avoid Microsoft’s allegedly unsecure browser. But that’s only half of the truth considering that Firefox has now become the most vulnerable browser. Of course, most people don’t know this yet, and it will certainly take a while until Firefox’s reputation as a secure browser will be destroyed for good.
Firefox as a political statement
But this won’t really help IE in Germany and in other European countries because the main reason for IE’s bad reputation on the old continent is mostly of a political nature. The European Commission pushes this anti-IE and anti-Microsoft stance because they know that many Europeans will applaud simply out of enjoyment if one of the big animals is cut down to size. And I can tell you that the EC really needs this applause because they are bashed heavily for the bureaucracy they have created in EU countries in the last decade.
Thus, many Europeans just move to Firefox because 1) it is not from Microsoft, and 2) the Open Source browser stands for another political system. The reason why this is only happening in significant numbers lately is that browser compatibility is no longer an issue now that Microsoft is seriously trying to comply with open web standards.
Firefox success story
IE’s decline in countries where the political issue is not predominant has to be explained differently. In my opinion, the main reason is not that Firefox is a better browser. The browser features themselves, and browser performance in particular, are irrelevant for 99% of all users. Most people don’t even know about these browser benchmarks with their fancy Javascript-based apps that don’t play a role in the real web.
I think, the only explanation for Firefox’s most recent success story—and it is the same reason that made Windows big—is the plugin ecosystem. I wanted to move from Firefox to Chrome recently (certainly not because of performance reasons), but, then I realized that I would miss a few plugins that are unavailable for Chrome. The number of available Firefox add-ons is quite impressive and no other browser is a match for the Open Source browser in this field. Therefore, it won’t help Microsoft if they improve IE’s performance or add new fancy features. There will always be a free add-on for Firefox that copies that feature. This is a fight against windmills, just in the same way Windows competitors had no real chance to gain significant market shares in the last years.
FORget Firefox
I don’t feel comfortable anymore with Firefox now that I know how vulnerable this browser is. I am surfing in more dangerous waters than the average user because I am fishing for tools I could review for 4sysops. Thus, I would prefer a browser with a low market share. And that brings me to my last point.
I believe that Mozilla can’t really handle Firefox’s success. The more popular the browser has become for users, the more bad guys got interested in the Open Source browser. And since anyone can search for vulnerabilities in the code (and usually only the bad guys have the time and the energy to do so), it is not that difficult to find the next security hole. Furthermore, Mozilla doesn’t have Microsoft’s resources to fight against the growing armada of hackers out there.
I have already outlined a while back why I think that IE is the best choice in corporate environments (see the links in the article). Now we can add an additional argument. Since Firefox is now almost as popular as IE, the Mozilla browser has finally lost the advantage of being an underdog that is neglected by hackers and crackers. Obviously, the Mozilla guys can no longer cope with the growing number of security hole searchers. From a hacker’s point of view, it now makes much more sense to scan the source code for undetected vulnerabilities instead of dealing with the new protection mechanisms that Microsoft has added to IE lately. The IE vs. Firefox question has now become a no-brainer for corporate environments.
IE’s powerful remote management features simply outweigh the plugin ecosystem in corporate networks. Firefox is an option only if it offers add-ons that your users really need for their work. Of course, if security is most important for you, you would always go for the new underdog, Chrome, or perhaps for the everlasting underdog Opera. I wouldn’t consider Safari because it is almost as vulnerable as Firefox.
I was a die-hard FireFox fan, loved the extensions, but now I’ve switched to Chrome, love the speed.
What exactly is faster in Chrome?
Another solid article. I do use Firefox knowing it’s less secure then IE or Chrome. I find the only thing I can’t live without is the adblock plug-in, would love to switch to Chrome or back to IE, but I can’t live with the advertising.
I expect a lot of IT people do what I do, browse the web at large with Chrome/Firefox, and use IE for Microsoft-centric sites.
Chrome is my default browser on Mac and on Windows 7, though Firefox is powerful extensions capable, but I absolutely love the speed of Chrome page rendering. I used to love IE but I started hating it has become completely dumb browser with no extensions, ridiculously slow rendering and with no standards.
I really wonder what kind of web apps you guys are using because I also want to experience this speed burst of Chrome. I have tried all browsers with different web apps and never experienced any difference. Could it be that you just believe in this fancy benchmarks tools?
I dont believe in those numbers, I am big fan of Firefox on Mac still, because of the extensions. Did you try Google Wave? or even simple Facebook for that matter? For testing I just opened twitter on my Chrome and on IE8, IE8 takes noticeable time to load the page.
I’ve tried mostly business related apps and management tools. Just now I tried Twitter in Firefox, IE and Chrome. There is absolutely no difference.
Firefox is also a browser that works (almost?) no matter what OS you are using; linux distroes, Windows and Mac. Same browser, same features => ease of use.
IE7/8 only works on WinXP and newer, and we are still some that has older Windows versions. And IE7/8s keyboard shortcuts are different depending on OS language.
“Obviously, the Mozilla guys can no longer cope with the growing number of security hole searchers.”
Could you please explain this further? How is it “obviusly” and what makes you think, that they can’t cope with the number of security holes? Beacuse they report all of the security holes being discorvered? I think Mozilla is doing fine. I don’t trust Microsoft to be open about anything related to security. I’m not saying that Microsofts security has no been improved over the last couple of years (it certanly have), but I don’t trust them about reporting every security hole discovered. I like a security hole to be fixed, when there is a fix available and not, when we come to patch thursday or when Microsoft feels like relasing a security patch.
Another thing I like about Chrome and Firefox is the speed and stability. Working with IE I often wait for a new tab to open or the whole browser window because … well, I don’t know, I just have to wait – some times I have to close the browser via Task Manager. I like to test the browsers and I am switching between them – currently using IE8 full time. Homepage rendering speed in IE is like the rest, but the “lag” I experience sometimes while doing stuff, like waiting for it to open a new tap and close the browser, is stupid. Microsoft needs to speed up the UI like Chrome. Some times keyboard shortcuts don’t work for a couple of seconds, after opening a new page. Its all small things, I know, but when other browsers don’t have these things, why do IE?
My computer is a Core 2 Duo 2,6 GHz with 4 GB of RAM running Windows 7, so the system should be able to handle things alot better. If Chrome can do it, IE should be able to do it too.
IE7 was a big change. IE8 is getting there. I can’t wait for IE9 to come.
Two metrics you’ve conveniently forgotten to publish, which is a shame because tey’re what really matters:
1: Time to fix vulnerability (Mozilla scores well here in comparison to Microsoft)
2: Existence of active exploits (where are the Firefox exploits in the wild? I don’t see them, do you? Honestly?)
Meanwhile, in the real world, I see repeated attemtped exploitation of IE (all versions).
I don’t mind Microsoft fanboys too much, you’re good for a laugh, but please, at least try to be rational and honest.
“Firefox is most insecure” – Michael, I find your posts interesting and usually well balanced but with this penchant for disliking Firefox you label yourself as a Microsoft apologist at the very least (especially when you take on board egregious items such as the one you based this post on).
This is *not* to say Firefox is perfect, totally secure or without deficiencies (e.g. central management) but where IE *really* falls down (as I see it)
1) Deeply embedded with the operating system
2) ActiveX
3) Time to fix serious bugs
For security advice I think I will take it from people who do it for a living such as those found at http://www.sans.org.
The reason I don’t use IE is that it stops working all the time randomly with the message “IE has stopped working”
Firefox doesn’t do this it just does its job.
My reliability score using IE was always around 6.5
Since switching to Firefox it is currently 9.8
The only reason its not 10 is that Windows explorer likes to stop working now and again when moving a file from one place to another.
So as a European I didn’t switch for anti Microsoft or political reasons but because IE is unreliable.
So at least until something nasty gets through one of the holes in Firefox I won’t be switching back.
The only time I got a problem from malicious code was with Opera, The same code was blocked by no-script using Firefox.
I am not an IT pro just an average member of the public trying to use an imperfect system.
The security of ANY browser is in the hands of the user.
I use IE8. It is secure because:
I have DEP enabled on my computer.
I use the -noaddons extension for almost all sites.
I took the time in tools–internet options–security–internet zone to understand everything and tweak appropiately.
I keep my computer and all software updated.
It’s not that hard and isn’t ever inconvient, and my browser has never been compromised.
The problem with the Firefox extension system is that you’re dependent on the honesty of the author. Is it safe to let it make web requests while you use it?
(blog.wired.com/27bstroke6/2008/05/firefox-infects.html)
(My problems with AdBlock and similar tools is that you aren’t contributing to the sites you use. Good for you, too bad for them. I use my hosts file to block the more annoying ad network domains, but allow smaller companies’ and site owners’ ads to display. –noaddons blocks all Flash.)
There ARE Firefox vulnerabilities in the wild, but like IE, they need human interaction. Example: matevarga.com/firefox-gone-wild
I use all browsers because I build and maintain webpages. I’ve never seen a significant speed difference.
I concur with #12. No-Script will pretty much take care of most of the web baddies.
I’ll make my bias known up front. I use Firefox at home, IE7 at work and think IE8 is a piece of shit bordering on nuisanceware.
I’ve seen one eyed MS supporters argue that there are more security issues with MS products because it has more of the market share and as a consequence more security holes will be found / targeted but I am yet to hear any of these one eyed monsters use this argument for Firefox…….. mud slinging at its best.
I feel the success of Firefox has come from add-ons and themes which MS has chosen(?) to largely ignore since it became the dominant browser. Lets talk about noscript and adblock for example and then compare that to IE8 offerings. AND yes this is a two edge sword. People want applets but then the applets themselves may introduce issues and vulnerabilities.
….. oh and how easy was it for Mozilla to put a web page together highlighting vulnerable versions of Flash installed. Shame on you Adobe.