nCircle.com >> 360 Security

« Consistency = quality metric? | Main | SCADAGard SIG To Be Established »

Does anyone understand Firefox?

Analysts report that Firefox adoption is slowing.

They also mention that, "Late last month Firefox marked 50 million downloads of its browser since the Version 1.0 release in November."

50 M sounds like a large following – until you consider what a download is. All security updates count as 1 FULL download. As previously ranted, Firefox 'update' is actually a full reinstall. The current release is 1.0.4, for a total of 5 releases. So now we are talking about 10 M functioning installations – still a pretty big number.

Why else would Firefox adoption be slowing?
"The slackening of Firefox's growth could mean that the browser has converted a substantial proportion of its natural constituency, thought to be early adopters and the technically savvy."

Well if all of the early adopters and tech savvy elite have been running Firefox since November then the 10 M is actually 3.5 M – as all self respecting geeks own more than one computer.

Now here is the quote that justifies this entry on a Security Blog;
"It could also show that the browser's widely publicised security
flaws have begun to undermine the foundation's argument that people
should switch from IE to be safer."

Could it be? Could Mozilla have their shit together so tight that people are scared to run Firefox? Not possible! Just look at their awesome security advisory page. Not only is it organized in a really sensible way, but the colour coded severity labels are all pastel! When your most severe vulns are fuchsia, I know there is nothing to fear!

Maybe this whole security scare comes from the mixed messages surrounding Firefox security;

[May 7th]
2 Critical Vulns found in Firefox.

[May 10th]
"Two vulnerabilities in the popular Firefox browser have been rated "extremely critical" because exploit code is now available to take advantage of them."

[May 11th]
"Chris Hofmann, Mozilla's director of engineering, said: "We've had a few security updates, but they've been for potential vulnerabilities, for staying ahead of the curve of potential problems that might come down the road."

While the fact that you patched your software pretty quick reassures me, I just wish you would get your story straight ...

Now for some good news;
"One of the biggest difficulties that the Mozilla Foundation has encountered in the months following the Firefox 1.0 release has been managing the Software Update System for distributing updates to 1.0 users… Darin has figured out how to get binary patching working, and is working on a system for incremental background update download." -- Ben Goodger (lead engineer for Mozilla Firefox)

Now that is what I'm talking about! Mozilla, if you deliver on that comment then truly Firefox is the shit!

Firefox 1.1 (July 2005) will be downloaded by the current fan base of 3.5 M – and then never again. We can just expect our security updates to silently arrive and then prompt us to click OK.

Oh what will the Analysts think?

It’s a shame that getting security right will decrease your popularity in the eyes of analysts. Lets just keep that little secret between us and the User-Agent: strings - ok?

Analysts don’t get Firefox, which probably means you should.

Posted by graver on May 16, 2005 11:31 AM |

Search


About

This page contains a single entry from the blog posted on May 16, 2005 11:31 AM.

The previous post in this blog was Consistency = quality metric?.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]