Mozilla Gains on IE – Mozilla Gains on IE

A series of highly publicized security vulnerabilities found in Microsoft’s Internet Explorer Web browser may be having an effect on the browser’s market share, according to data compiled by WebSideStory, a San Diego Web metrics company. Over the last month, Internet Explorer’s share of the browser market dropped by 1 percent, the first noticeable decline since WebSideStory began tracking the browser market in late 1999. “It’s the first time that we’ve seen a sustained trend downward for them,” said Geoff Johnston, an analyst with WebSideStory. “We have a very steady trend. It’s been about a month, and every day we have a steady incremental change.”

Internet Explorer has held more than 95 percent of the browser market since June 2002, and until June had remained steady with about 95.7 percent of the browser market, according to WebSideStory’s measurements. Over the last month, however, its market share has slowly dropped from 95.73 percent on June 4 to 94.73 percent on July 6. A loss of 1 percent of the market may not mean much to Microsoft, but it translates into a large growth, proportionately, in the number of users running Mozilla and Netscape-based browsers. Mozilla and Netscape’s combined market share has increased by 26 percent, rising from 3.21 percent of the market in June to 4.05 percent in July, Johnston said. “It takes a lot to get someone to change their browser. It’s been years since anyone has been willing to do this in significant numbers,” he said.


Downloads of the Mozilla Foundation’s Firefox browser have been increasing since version 0.8 of Firefox was released in February, said Mozilla spokesman Bart Decrem, but the open source project saw a major spike in downloads at the end of June, following reports of the so-called Download.Ject vulnerability in Internet Explorer that could allow attackers to trick users into loading insecure content. “What we noticed after the security stories broke on June 28 was that the daily download volume doubled,” said Decrem, who said that the number of Mozilla downloads then hit 200,000 copies per day. A June United States Computer Emergency Readiness Team advisory recommending users stop using IE contributed to Mozilla’s momentum, as did a number of favorable reviews in mainstream publications such as USA Today and Slate, Decrem said.

Because Mozilla browsers do not use the “Trusted Zones” security model employed by Microsoft, they are less vulnerable to attacks like Download.Ject, he said. Of course, Mozilla isn’t immune to security flaws. Earlier this week, Mozilla developers issued a patch for a browser vulnerability that could allow an attacker to execute existing applications on a Windows system.

Security is a big plus, to be sure. I finally switched from IE, even though Firefox isn’t as fully featured, mostly because of faster page load times and the tabbed browsing feature. I’ve also switched to Mozilla’s Thunderbird e-mail software, which is virtually indistinguishable from Microsoft’s Outlook Express and seems to do a much better job of blocking out spam in addition to being radically less susceptible to worms and viruses.

FILED UNDER: Science & Technology, , ,
James Joyner
About James Joyner
James Joyner is Professor and Department Head of Security Studies at Marine Corps University's Command and Staff College. He's a former Army officer and Desert Storm veteran. Views expressed here are his own. Follow James on Twitter @DrJJoyner.


  1. Timmer says:

    I just updated my post on the security issue to include a link to this. Interesting stuff, but I think that a lot of folks had their IE go tango uniform when they did one of their updates…at least that’s what I hear around these parts.

  2. Shhhhhhhhhhhhh!

    If too many people start using it, the scumware writers WILL find a way to subvert it. Sure, Firefox MAY be inherently less insecure than IE, but that doesn’t mean it’s SECURE.

    Notice how few viruses, etc. attack Mosaic? Do you think that’s because it’s so secure?

  3. 42nd SSD says:

    Mozilla has a couple of huge advantages security-wise over IE. It’s open source, which means a lot of programmers look at the code–and some specifically looking for security issues. This is no guarantee of anything, of course (and many of the recent “security vulnerabilities” have more to do with user awareness of spoofed URLs than actual security issues with the software), but it makes it much less of an issue than a proprietary program.

    Open source also means that when security problems are found, fixes will be forthcoming pretty quickly, typically much faster than M$ can respond.

    The other benefit is that, indeed, it’s not “part of the operating system”… IE has a huge number of mystery dependencies on other DLLs and parts of Windows, and the more complex an implementation is, the more likely it will have problems.

    There’s a myth that Windows has a lot of viruses merely because it’s popular. While that’s true to a small extent, its lack of basic security features (in particular, most programs run with full privileges and memory protection is practically nonexistent) make even the tiniest flaws deadly. In contrast, most Unices are (slowly) heading in the right direction, with network-accessible programs running with just the privileges they need and no more–and Unix-like OSes have had memory protection and a reasonably secure user model for many, many years.

    One commercial browser alternative is Opera. I’m a big fan of it, but it’s not for everyone…