Firefox making inroads to the enterprise

Consumers and small businesses represent most of the upstart browser's user base, but the Internet Explorer challenger is gaining traction among larger companies.

There's a browser war brewing, the likes of which hasn't been seen since the mid-90s clash between Internet Explorer and Netscape Navigator. This time, it's the Mozilla Foundation's Firefox in the role of David against Microsoft's IE Goliath. So far, corporations seem to be siding with the big guy--but David is finding followers.

Ever since Firefox 1.0 debuted last November, an estimated 27 million users have adopted--or at least downloaded--the open-source Web browser. Most analysts agree that consumers and small businesses represent the bulk of the user base, but Firefox is also gaining traction among enterprises.

At Komatsu Canada, for instance, all computer-using employees--upwards of 700 in all--have switched to Firefox, according to CIO William Bayer. The machine manufacturer made the move in response to problems resulting from spyware.

"Security was really the primary concern," said Bayer. "We found Internet Explorer was infecting machines left, right, and center with spyware." The company began to deploy Firefox even before the critical 1.0 release, but eventually migrated employees to the final version. Bayer is unequivocally pleased with the results. "The amount of spyware we're seeing is dramatically reduced since implementing Firefox."

Security also motivated the IT department at Saturn Electronics & Engineering, a Detroit-based provider of manufacturing outsourcing services, to take a hard look at Mozilla's browser.

"We are evaluating Firefox primarily because of the security problems in Internet Explorer," said IT Manager Dave Higgins. "The idea that just browsing the Web or viewing an e-mail can automatically install a virus, steal data, or otherwise maliciously affect a PC scared me enough to look at our options."

Higgins isn't alone is his trepidation. In a recent WatchGuard Technologies poll of IT professionals, 67 percent of the respondents cited spyware as the greatest threat to their networks in 2005. Because Firefox eschews the ActiveX technology integrated into Internet Explorer, it offers greater resistance to spyware--much of which sneaks into systems by way of ActiveX components.

On the other hand, many analysts and professionals think at least some of Firefox's security advantages could be fleeting. In January, just two months after the release of version 1.0, security company Secunia discovered a domain-spoofing vulnerability that had the potential to expose users to phishing scams. (The Mozilla Foundation released a patch six weeks later that fixed the problem. No actual phishing attacks were reported.) But it's also widely believed that as Firefox's market share increases, hackers will be more likely to exploit heretofore unknown security holes, as they've done with Internet Explorer.

Earlier this week, Mozilla rushed out a security patch for a previously unknown flaw and advised all Firefox users to update.

In February, a Gartner report on Firefox usage summed up the situation: "In practice, Firefox is more secure than IE, although much of this is due to 'security through obscurity'--that is, hackers have not yet discovered latent vulnerabilities in Firefox."

Microsoft fires back
According to Microsoft, that's something corporations should consider as they ponder their browser options. "Customers are now really starting to evaluate the browser based on what the vendors can deliver in terms of ongoing support, maintenance and updates," said Gary Schare, director of product management for Windows. "We've had this infrastructure in place for years, and we have a proven track record [of maintaining Internet Explorer]."

Nevertheless, Microsoft now appears to be taking a more proactive approach to its own browser development. Internet Explorer 7, originally slated to debut inside the new Longhorn operating system, is scheduled for a 2006 release. But at last month's RSA Conference 2005, Bill Gates announced plans to ship an IE7 beta as early as this summer. Although the company denies that Firefox was the catalyst for this decision, Schare admits it played a role.

"The honeymoon is over," said Schare. "The fact that there's someone else offering a choice [of browsers] has caused more customers to ask for certain features. We said, 'we've really got to go back and get our house in order.'" And now that IE7 is on track for an earlier release, "we're feeling better today than we were a few months ago."

Details of IE7's features have been scant thus far, but Gates promised security enhancements designed to protect customers from malware, phishing, and other threats. "Security is a primary focus," confirmed Schare. "We believe we're going to have things that will excite consumers and businesses. Businesses will find the compatibility and manageability they've come to expect, along with new capabilities."

Whatever features IE7 brings to the table, cross-platform compatibility isn't likely to be among them. For some Firefox users, that's the whole ballgame. At RABA Technologies, a solutions engineering company, users work in Windows, Macintosh, and Linux environments. "It's simpler to deal with one browser's set of features," said Nathan Carpenter, principal consultant. "No other browser is available on all platforms, and [Firefox's] feature set is just better--tabbed browsing, mouse gestures, huge plug-in base, and so forth."

Firefox also factors heavily in the growing open-source movement, and for organizations that have embraced Linux Web servers and other open-source deployments, the browser would seem to be the next logical step in moving away from Microsoft-based operations.

"We are looking at an open source-based computing infrastructure," said Michael Gorrell, CIO for EBSCO Publishing, "and the Firefox browser fits that perfectly." Gorrell said that around 10 percent of the company's nearly 1,000 employees have adopted Firefox.

Sometimes it works the other way around. "[Firefox] really kind of brought open-source to our attention," said Komatsu's Bayer, adding that the company's success with Firefox led to another open-source migration--from Outlook and Netscape mail clients to Mozilla's Thunderbird.

Will it outfox Firefox?
Whether or not IE7 will lure users back to the Microsoft camp or stem the tide of Firefox adopters remains to be seen. For now, Mozilla's browser continues to enjoy unprecedented popularity, especially among universities and small businesses.

Barry Eggert, chief technology officer for a Washington-based HVAC company, switched all 95 employees to Firefox and hasn't looked back. "Because of the many security holes with IE, it's just not a good choice when conducting business over the Internet," he said. "Firefox is very secure and highly customizable."

At American University, hundreds of students and staff members have made the move to Firefox, according to Carl Whitman, executive director, Office of Information Technology. "AU is recommending Firefox as our browser of choice," he said. "The decision was taken because it offers improved security by not loading ActiveX controls, and it offers automatic pop-up blocking and resistance to spyware. Future AU-purchased computers will be delivered to end users with a software image that features Firefox."

As for larger companies, those with users numbering in the thousands, Firefox's penetration remains largely unknown. However, Mozilla Director of Engineering Chris Hofmann said plenty of major corporations are evaluating the browser--it just takes longer for them to make a change.

"We've seen pretty quick adoption from a lot of small companies that don't have a lot of infrastructure," he said, "but many larger enterprises have a more formal process for certifying and evaluating any software."

Hofmann said Mozilla is working with companies that have upwards of 40,000 employees, but declined to name names. "They generally don't like to talk about any applications they have deployed internally," he said. "But most of these enterprises are pretty enthusiastic about Firefox, much in the same way we've seen in the consumer space."

Bug bites
At least one user thinks Firefox may not be ready for large-scale deployments, largely due to a long-standing bug. Trevor Fuson, a systems analyst at the University of Northern British Columbia, said that when user profiles are redirected to network drives--a common practice among IT managers--the Firefox cache ends up there too. As a result, "it generates a great deal of network traffic, decreases browser performance, and utilizes a great deal of expensive disk space."

The Mozilla Foundation's Bugzilla forum, which dates back to 2001 for this particular issue, describes a few workarounds for the problem, including one from Fuson, "but it is a real pain to get it working right, and it makes doing routine upgrades more difficult," he said.

Indeed, the forum includes entries from a number of IT administrators who cite the "cache bug" as a stumbling block to corporate deployment. "This is a complete show stopper for a rollout on most company networks," wrote Ken Blackler in February. "Even one user has a terrible experience logging on and off. One hundred users would be a nightmare; 1,000, a disaster."

Administrators may find at least some relief in the next version of Firefox. "There are some improvements we are working on that will provide IT managers some better mechanisms to manage [cache] setup in the next Firefox release scheduled for later this summer," said Hofmann.

The cache issue aside, Firefox poses some compatibility problems that may be harder for IE-invested businesses to reconcile--at least until modifications are made. "There are a few IE-specific elements that do not work in Firefox, which prevents some of our internally developed Web applications from working," said Saturn's Higgins.

At RABA Technologies, the online payroll system requires Internet Explorer and ActiveX, according to Carpenter. But savvy administrators can usually find ways around such problems, he said. "Usually, if a site is pedantic about checking for the browser, you can just use the User Agent Switcher plug-in to fool it into thinking Firefox is a different browser, and everything comes up fine."

"We are modifying our applications…so they will work in either browser," said Higgins. "And I think more sites will adopt the more recent HTML specifications that both browsers support, so the situation will improve over time."

Not all the compatibility onus is on end users; some third-party hardware and software vendors now cater to the Firefox crowd. Last November, S2 Security Corporation announced support for the browser in its S2 NetBox network appliance. And in February, SalesJunction.com, a provider of hosted CRM services, added Firefox support to its Web-based CRM/SFA system.

Although the latest WebSideStory statistics peg Firefox usage at close to six percent (and growing), and Gartner research shows that Firefox has the edge in both features and security, few observers think Microsoft has any real cause for concern. Concluded the recent Gartner report: "Organizations should not embark on a wholesale switch to Firefox in the near term, but should consider ways to manage browser coexistence because that is the most likely long-term outcome."