Thursday, April 27, 2006

When will Firefox be the next target?

So today, Google started advertising Firefox and their toolbar to any US resident using Internet Explorer. This led me to some thinking about why Firefox is currently considered the safest browser and why it's prefered by a lot of sources when recommending browsing software.

People use Ffox for different reasons, for example compatibility, ease of use, tabbed browsing and nowadays for security. Analysts argue that Ffox is less of a target for hackers and virus programmers because it's less popular than Internet Explorer. This is true right now and will probably still be true for another year or so - IE's 60% market share is slowly diminishing, while Ffox's percentage is growing up to 25% and more now - but when the balance tips over in favor of the alternative and it's not the alternative anymore... What browsers will hackers and virus writers target?

True, hackers are mostly biased against Microsoft in general and target their products out of some blind hate targeted at Bill. In my opinion that's justified by the fact that MS is largely basing their "R&D" on copying other existing products, something they've been doing from day 1.

But there's always a part of that dark community that completely disregards the background of the product they target, wishing only their 15 minutes of fame when they discover any random vulerability in a product and creating an exploit out of it. It happens sooner or later with all software even when we least expected - OSX.Leap recently showed that even Mac users are at risk - and so it will happen with Ffox at one point.

And the more it becomes popular, the more it will become a target. The more it's percentage of market rises, the larger the target becomes and the easiest it is to hit.

One can only hope that the open community on which Firefox is built will be enough of a solid foundation to protect it from this dreaded possible future. By having inputs from a larger base of programmers, it's possible that vulnerabilities will be quickly targeted and eliminated before they are exploited by the community. Being protected will then mean being sure you have the latest version of the browser, something the majority of home users need to learn to keep up with.

I modified my blog's template to include a rather large warning banner on the top of the screen if you're using Internet Explorer, prompting you to download FireFox. You might think this goes against this very post, however I beleive it it best to think positive and think that the community will always be quick enough to protect everyone from massive and dangerous vulnerabilities in FireFox. It's up to you to choose.

1 comment:

  1. Firefox isn't only more secure than IE (and not only because it does NOT allow any ActiveX content), it also gets more secure faster! If a serious security hole is found in Firefox, it'll be fixed within a week, if not within a day, and automatically pushed out to everyone's computer through the auto-update. On the other hand, if such an exploit is found in IE... Well, you can either stop using your computer for a few months or risk visiting one of those websites which can instantly infect you with about 30 different viruses and rootkits. For the record, a few computers where I work for infected that way about a year ago, and again last week. Same bug. Over 12 months later. You get the point.