The latest release of the open source Web browser Firefox has spurred millions of downloads and a groundswell of anti-Internet Explorer sentiment, but IT executives question the role Firefox will play in their enterprises.
There's a lot that has to happen before Firefox is enterprise-ready, users say. "It needs to be made compatible with the sites and applications I use every day," says Eric Beasley, senior network administrator at Baker Hill a service provider that administers online loan applications for banks. "That will require a lot of work for both the developers of Firefox and the developers of Web applications."
Beasley has tried Firefox and uses it daily to browse the Internet. But for the business, there's no switching. "We would not be able to throw (Internet Explorer) out at this time. We are an (application service provider), and our applications are written specifically for Internet Explorer," he says.
Likewise, Daniel Basse says he is concerned that if Internet Explorer were replaced, it could disrupt some Web-based applications that employees use. Basse is director of IS at Ridge Vineyards which runs Microsoft applications that rely on Internet Explorer tie-ins such as Microsoft CRM and SharePoint.
"These features and (operating system) tie-ins are at the heart of the argument," says Basse, who has a test machine running Firefox. Microsoft-centric business applications can benefit from the tie-ins Internet Explorer has to those applications and hooks to Microsoft's operating system software. However, hackers can take advantage of those same mechanisms, he says.
"It's a double-edged sword - the same (Internet Explorer) features that make some in-house business applications work smoothly are being exploited from the outside by attackers to do evil," Basse says.
To make Firefox enterprise-ready, it needs scalable deployment and management features, Basse says. Microsoft Internet Explorer's Internet Explorer Administration Kit, Active Directory support and registry editing give Internet Explorer "an edge in large-scale deployments and allow for broad configuration enforcement," Basse says. "We wouldn't even think about doing a large-scale deployment of Firefox without these features."
Rob Enderle, principal analyst at Enderle Group, says Firefox at this point is suited for use by individuals, not large companies. "The kinds of things that need to be wrapped around the product - providing multilayer security, making sure that the patch process is fully vetted, ensuring compatibility with the enterprise's existing application set - typically takes years, and it hasn't gone through that process yet."
Meanwhile, the danger in over-hyping an up-and-comer such as Firefox is that the publicity might force its developers to try to play the enterprise card before the technology has a chance to mature, Enderle says. "It's kind of a shame, in a way, when this happens before a product is ready. Because people will adopt it prematurely, they will have bad experiences and often that will kill the offering."
Enterprise-ready or not, Firefox is generating a lot of buzz. Its developer, Mozilla Foundation, says 5.6 million copies of Firefox 1.0 were downloaded in the two weeks after it became available on 9 November. So far, 8 million people are using the Web browser, Mozilla says.
Mozilla is gaining market share at the expense of Microsoft, says Web site analysis firm OneStat.com. According to figures OneStat.com released late last month, Mozilla's browsers - including Firefox - account for 7.35 percent of global usage, up from 2.1 percent at the end of May. Internet Explorer still clearly dominates the browser market with 88.9 percent, but it's down from 93.9 percent at the end of May.
One clear benefit of Firefox is the competition it brings, Enderle says. Microsoft has stalled development of Internet Explorer in the past, often to placate corporate customers fearful of browser modifications, he says.
"Microsoft does better if it has somebody to compete with," Enderle says. "Without any competition pushing Microsoft to develop the product, and with the customer base screaming at them not to change anything because they didn't want to break the application sets, Microsoft cut back on advancing the platform."
The appeal of Firefox is its features, smaller footprint and better performance, agrees Earl Baugh, senior systems architect at consumer credit and financial information provider Equifax. "You see Microsoft making very, very little improvement in (Internet Explorer) in general, whereas the alternative browsers seem to have a much more active development process."
Some of Firefox's key features include a built-in pop-up blocker and tabbed browsing, in which Web pages are loaded in "tabs" within the same browser window to make it easy to switch among Web pages. Firefox's new "live bookmarks" feature is designed to help users keep track of RSS feeds through the browser.
Baugh says he's tried Firefox on all the applications to which he has access. "I'm using it as my default browser to help determine if it's ready for a larger deployment," he says.
He says he would consider switching to Firefox, but only if it didn't raise compatibility problems. "If the browser allows for viewing all of the same content as (Internet Explorer), it has a chance," Baugh says. "However, to date, inevitably, some Active X control or display component doesn't display in the alternative browsers."
In his testing so far, Baugh has found problems that are not typically to do with the internal applications he manages, but with Web pages that are outside of his control. For example, pages from Equifax's external benefits providers might not function properly.
Baugh says moving from Internet Explorer to an alternative browser could reduce security risks because a non-Internet Explorer browser would be less of a target. "Part of the motivation for writing exploits against (Internet Explorer) is that you're going to find it on every machine that has Windows installed. Even if the end users utilize another browser, it's still there. But, if your default browser isn't (Internet Explorer) then you have a smaller chance of having these exploits work," he says.
Other users are more sceptical that deploying Firefox will be more secure. "I don't believe that open source software is more secure by default. As long as human beings create software, bugs and security risks will be in the software we use," Beasley says.
Moving to another browser might reduce security risks in the short term but not in the long term, Basse says. "Whoever has the largest market share for their product will become the target for hackers, and attackers will find holes in almost any product, given enough interest and time," Basse says. "Switching to Firefox might resolve the latest slew of problems but if everyone switched to Firefox, the hackers would simply begin work on breaking into it."
Enderle agrees. "The platforms that are going to be most used are going to be most exploited because that's how the professional attackers work," he says. As Firefox's popularity grows, it will become more of a target for hackers, he says. "We're going to see over the next 18 months if Firefox can take the kind of pressure that Microsoft has now been under for several years."