Quantcast
PCWorld.com is upgrading some back-end systems. Some site features, such as user registration, may be temporarily unavailable.
Subscribe to magazine

The New Web Challengers

Watch out, Internet Explorer and Google: A pack of powerful browsers and search engines are gunning for you. We rate 45 tools--and crown a new champion browser.

Scott Spanbauer and Steve Bass

  • 0 Yes
  • 0 No

Browser Wars II: Firefox's Grassroots Cure for Internet Insecurity

Brendan Eich of the Mozilla Foundation.

Photograph: Eric Millette
There's a new challenger for the browser crown, offering security the champ can't match.

Microsoft appeared to put a resounding end to the browser wars back in the late 1990s by integrating the free Internet Explorer with Windows. No browser has put a dent in IE's dominance since then, but the tide may be turning. And the browser king's Achilles' heel could be its close ties to Windows.

The nonprofit Mozilla Foundation, which hopes to address IE's inherent security flaws, oversees the development of the Mozilla browser. The group was founded in 2003 with financial support from AOL's Netscape division, but it relies on contributions of work and money from corporations and individuals. The group's project produced a faster, smaller browser: Firefox.

Mozilla Foundation chief technologist Brendan Eich says IE's security problems run deep down to its Windows roots. IE is "the target of choice, and it's overintegrated with Windows," says Eich, who wrote the JavaScript scripting language for the original Netscape browser in the mid-1990s. For example, by default IE allows sites on your "trusted" list to start downloads automatically, but spoofing (altering) this list is relatively easy. "There are so many holes in IE that giving it the power to do automatic downloads is a bad idea," Eich says.

Firefox benefits from the Mozilla Foundation's hundreds of volunteer programmers, testers, and contributors, who poke around the browser's program code to uncover and publicize flaws and possible breaches. The foundation even offers a bounty of $500 per bug, and it promises to have patches ready in one or two days in most cases, according to Eich. Compare that with the weekly or monthly IE security updates Microsoft posts on the Windows Update site.

But their contributions go far beyond security. "There are so many users and use cases, you don't want to leave anyone out," according to Eich. "You want to have this thriving developer community," Eich says, "to let their creativity go wild."

Dennis O'Reilly and Scott Spanbauer

  • Recommend this story?
  • 0 Yes
    0 No
  • Great year-end deals
    for small business!

  • Get 24/7 live remote AT&T Tech Support 360* service along with select Lenovo* PCs (with Intel® Core™ 2 Duo processors) and save up to 200!

    Learn more

  • HP EliteBook* 6930p Notebook with Intel® vPro™ technology and a free HP Basic Docking Station - $641 instant savings!

    Learn more

  • *Other names and brands may be claimed as the property of others. ©2009 Intel Corporation. Intel, the Intel logo, vPro and Core trademarks of Intel Corporation in the United States and other countries. All rights reserved.

People who read this also read:

  • 15 Minutes to a Secure Business Get the Secure in 15 toolkit starting with the "15 Minutes Month-at-a-Glance" calendar. McAfee will send you additional tools and tricks to stay protected around the clock.
  • A Buyer's Guide to Data Protection Implementing data protection products and processes can be daunting. Make the right decisions by exploring what is available and what makes sense for your organization. Use this simple guide to evaluate different vendor offerings.

Sponsored Links