A series of highly publicized security vulnerabilities found in Microsoft's Internet Explorer Web browser may be having an effect on the browser's market share, according to data compiled by WebSideStory, a San Diego Web metrics company. Over the last month, Internet Explorer's share of the browser market dropped by 1 percent, the first noticeable decline since WebSideStory began tracking the browser market in late 1999.
"It's the first time that we've seen a sustained trend downward for them," said Geoff Johnston, an analyst with WebSideStory. "We have a very steady trend. It's been about a month, and every day we have a steady incremental change."
Small Step, Giant Leap
Internet Explorer has held more than 95 percent of the browser market since June 2002, and until June had remained steady with about 95.7 percent of the browser market, according to WebSideStory's measurements. Over the last month, however, its market share has slowly dropped from 95.73 percent on June 4 to 94.73 percent on July 6.
A loss of 1 percent of the market may not mean much to Microsoft, but it translates into a large growth, proportionately, in the number of users running Mozilla and Netscape-based browsers. Mozilla and Netscape's combined market share has increased by 26 percent, rising from 3.21 percent of the market in June to 4.05 percent in July, Johnston said.
"It takes a lot to get someone to change their browser. It's been years since anyone has been willing to do this in significant numbers," he said.
WebSideStory's estimates are based on a daily survey of about 30 million browsers hitting thousands of different Web sites that use the company's Web analytics software, Johnston said.
Searching for Security
Downloads of the Mozilla Foundation's Firefox browser have been increasing since version 0.8 of Firefox was released in February, said Mozilla spokesman Bart Decrem, but the open source project saw a major spike in downloads at the end of June, following reports of the so-called Download.Ject vulnerability in Internet Explorer that could allow attackers to trick users into loading insecure content.
"What we noticed after the security stories broke on June 28 was that the daily download volume doubled," said Decrem, who said that the number of Mozilla downloads then hit 200,000 copies per day.
A June United States Computer Emergency Readiness Team advisory recommending users stop using IE contributed to Mozilla's momentum, as did a number of favorable reviews in mainstream publications such as USA Today and Slate, Decrem said.
Because Mozilla browsers do not use the "Trusted Zones" security model employed by Microsoft, they are less vulnerable to attacks like Download.Ject, he said.
Of course, Mozilla isn't immune to security flaws. Earlier this week, Mozilla developers issued a patch for a browser vulnerability that could allow an attacker to execute existing applications on a Windows system.
Microsoft shares its users' concerns over security and encourages users to "examine all options," a company spokesman said in an e-mail statement. The company believes that factors such as functionality and manageability, "as well as security backed by the processes and engineering discipline employed by Microsoft," will convince users that IE is the best choice, he said.
Microsoft has yet to release a comprehensive fix for Download.Ject, but the company is providing customers with "prescriptive guidance to help mitigate these issues" on the Microsoft.com Web site, he said.
Put to the Test
Robert Duncan III, a technologist at Bacone College, in Muskogee, Oklahoma, switched to Firefox recently, attracted by the software's wide variety of plug-ins and new features, as well as the fact that Mozilla is less integrated with the computer's operating system than is Internet Explorer.
"Since Mozilla is completely isolated from the operating system, I know that if the browser gets completely hijacked and obliterated that the program is not going to completely destroy everything I've got on disk," he said.
About 20 percent of the computers Duncan administers at the college now use Mozilla-based browsers, Duncan said, and the main impediment to more widespread adoption is user perception, he said. "They have this perception that open source software can't be worth anything because it's free."
"Once people start examining the features of Mozilla versus Internet Explorer instead of looking at a brand name . . . I think they'll see there's a lot more value," he said.