Browser Wars 2.0: Will security be the battleground?
Dave G. | October 11th, 2006 | Filed Under: Industry Punditry
While there is no doubt that IE is the dominant web browser, it saw its market share decrease to its lowest in two years. Meanwhile, Firefox and Safari both saw gains. Stats for the top 3:
- Internet Explorer (81.2%)
- Firefox (12.46%)
- Safari (3.53%)
Interesting note about Safari is that OSX market share is at 4.33%. Does this mean that Safari represents 81.5% of Mac OS X? Interesting parallel to IE!
With Firefox 2.0 and Internet Explorer 7.0 coming out in the near future, it is going to be tempting to call this the Browser War Rematch. What is interesting about this is that the battleground seems to pretty much be security. Some evidence to support this:
Microsoft’s IE 7 web page. It says: “We Heard You, you wanted it easier and more secure”
Back in 2004, Mozilla saw a significant increase in downloads after a series of security flaws were released in IE.
What we noticed after the security stories broke on June 28 was that the daily download volume doubled,” said Decrem, who said that the number of Mozilla downloads then hit 200,000 copies per day.
If security is the next battleground, I only see upside for the consumer. Both sides will invest heavily in adding security features and reducing vulnerabilities.
dre
October 12th, 2006 5:12 pmthe battleground is OS integration, popularity, and FUD if you look at those numbers again. Microsoft is fine with security being a priority feature for IE7 as long as they come out on top.
unfortunately, that’s just what the crime syndicates’ web application attack teams are preparing for. global domination through IE6/7 cross-exploits and gaping holes in websites that browsers don’t catch, regardless of their antiphishing features.
this stuff is so far under the radar. it’s so easy to launch an attack from a cloned mobile phone running bluetooth with a sniper rifle in NYC to a laptop in LA that’s running wifi that breaks into a corporate LAN and dns spoofs google and CNN.com to insert any given executable/rootkit.
maybe it’s not as easy - but certainly possible to access ebay.com from romania using a custom but highly advanced onion routing network and posting a few lines of persistent injected javascript code that can collect every user/pass/info for every active ebay/paypal account in a manner of hours.
expensive firewalls, WAF’s, IPSes, IDS’s, scanning tools, billions of dollars worth of programmers, and 25 years of industry standards don’t solve the basic attack platforms that are being used against us today. what makes you think IE7 or Firefox 2.0 will have any impact?
Chris_B
October 13th, 2006 12:51 amRecently I was doing some bog standard XSS testing against a few sites with various browsers. I noticed that Opera (on OSX) tossed out a warning page when attempting to click on a xss link or manually enter a xss test URL. Makes me wonder if there is any justifyable reason that other browsers dont implement this behavior.
dre
October 13th, 2006 1:14 pmChris_B: is this the same warning that RSnake and others were talking about in the sla.ckers forum and on the ha.ckers blog? I thought it was unintentional on opera’s part?
The Teklow Group » Blog Archive » Mozilla still looking into Firefox flaw claims
October 16th, 2006 10:35 am[…] Despite claims that the whole thing was a joke, security experts at the Mozilla are continueing to investigate Firefox’ JavaScript implementation for potential vulnerabilities. The bloggers at Matasano were recently wondering wether security will be the next battleground in the browser wars and, if so, this is the attitude that could make the difference for Firefox, altough IE 7 seems to be doing better than it’s predecessor as well. […]
torresburriel.com » Blog Archive » Firefox 2 está muy próximo
October 23rd, 2006 2:55 am[…] Pero ahora la actualidad es Firefox y su versión 2 que está a puntito de salir. De hecho ya hay quien está hablando de una browser war 2.0, muy en consonancia con los tiempos 2.0 que corren por la web. […]
Leave a reply