Browser Wars 2.0: Will security be the battleground?

Dave G. | October 11th, 2006 | Filed Under: Industry Punditry

While there is no doubt that IE is the dominant web browser, it saw its market share decrease to its lowest in two years. Meanwhile, Firefox and Safari both saw gains. Stats for the top 3:

  1. Internet Explorer (81.2%)
  2. Firefox (12.46%)
  3. Safari (3.53%)

Interesting note about Safari is that OSX market share is at 4.33%. Does this mean that Safari represents 81.5% of Mac OS X? Interesting parallel to IE!

With Firefox 2.0 and Internet Explorer 7.0 coming out in the near future, it is going to be tempting to call this the Browser War Rematch. What is interesting about this is that the battleground seems to pretty much be security. Some evidence to support this:

  1. Microsoft’s IE 7 web page. It says: “We Heard You, you wanted it easier and more secure”

  2. Back in 2004, Mozilla saw a significant increase in downloads after a series of security flaws were released in IE.

What we noticed after the security stories broke on June 28 was that the daily download volume doubled,” said Decrem, who said that the number of Mozilla downloads then hit 200,000 copies per day.

If security is the next battleground, I only see upside for the consumer. Both sides will invest heavily in adding security features and reducing vulnerabilities.

Viewing 3 Comments

    • ^
    • v
    the battleground is OS integration, popularity, and FUD if you look at those numbers again. Microsoft is fine with security being a priority feature for IE7 as long as they come out on top.

    unfortunately, that's just what the crime syndicates' web application attack teams are preparing for. global domination through IE6/7 cross-exploits and gaping holes in websites that browsers don't catch, regardless of their antiphishing features.

    this stuff is so far under the radar. it's so easy to launch an attack from a cloned mobile phone running bluetooth with a sniper rifle in NYC to a laptop in LA that's running wifi that breaks into a corporate LAN and dns spoofs google and CNN.com to insert any given executable/rootkit.

    maybe it's not as easy - but certainly possible to access ebay.com from romania using a custom but highly advanced onion routing network and posting a few lines of persistent injected javascript code that can collect every user/pass/info for every active ebay/paypal account in a manner of hours.

    expensive firewalls, WAF's, IPSes, IDS's, scanning tools, billions of dollars worth of programmers, and 25 years of industry standards don't solve the basic attack platforms that are being used against us today. what makes you think IE7 or Firefox 2.0 will have any impact?
    • ^
    • v
    Recently I was doing some bog standard XSS testing against a few sites with various browsers. I noticed that Opera (on OSX) tossed out a warning page when attempting to click on a xss link or manually enter a xss test URL. Makes me wonder if there is any justifyable reason that other browsers dont implement this behavior.
    • ^
    • v
    Chris_B: is this the same warning that RSnake and others were talking about in the sla.ckers forum and on the ha.ckers blog? I thought it was unintentional on opera's part?

Trackbacks

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus