In both the films and the comics, Spiderman's alter-ego Peter Parker was given some advice from his uncle: "With...
great power comes great responsibility."
With more than 8 million downloads recorded for its preview version alone, an irrefutable trend exists with the Web browser Firefox, Mozilla Foundation's most popular creation: it's on fire.
The open source browser, coupled with the success of other Mozilla and Netscape-based browsers, now holds 6% of the Web browser space, which on its surface is diminutive compared to Microsoft's 90% share with Internet Explorer, but between the lines represents the first time in a long while that something other than IE has made gains in that arena.
Members of the Mozilla Foundation are on record saying they expect to reach a 10% market share by the end of 2005.
So, while great power comes with great responsibility, it also opens one up for attack – just ask Spiderman.
If the demand for the open source anti-Explorer browser increases, so too does the potential of a malicious attack. To modify the words of Parker's late uncle, "with more users also comes more responsibility to keep them protected."
On Tuesday, one day after the official release, security holes were discovered and plugged by Mozilla in the beta version of Firefox, and users were urged to make the upgrade to version 1.0, where the vulnerabilities had already been addressed.
As the market leader in Web browsers, IE has had a sizeable target on its back thanks to a report of vulnerabilities like June's Download.Ject that allowed attackers to trick a user into downloading malicious content.
Mozilla browsers like Firefox are not susceptible to this form of attack, but as time has shown vulnerabilities like the one in the beta version have popped up to threaten the perception of stronger security in an open source browser.
John Lal, president of Winferno Software, makers of an IE security add-on called Secure IE 2004, said browsers like Firefox were not designed with security in mind, but also noted that nothing in their design invites malicious attacks.
An email from Winferno stated that because of some issues with DirectX capability, Mozilla browsers are sometimes prevented from displaying certain types of content in the browser window. That content can range from flash animations, Adobe Acrobat and streaming video, Lal said.
Too early to tell, but signs are optimistic
Tony Iams, principal analyst with Port Chester, N.Y.-based D.H. Brown and Associates, said it is too early to gauge Firefox's security potential and if its popularity will continue. He said the next year will offer a good test as to whether analysts, experts and the public will accept the browser as a true competitor to IE.
"It's also a question of compatibility and support," Iams explained, referring to how corporations view new technology. "In corporate environments it can be very, very difficult to introduce a new piece of software because the policies of IT departments are to standardize on as few pieces of technology as possible."
Still, the fact that Firefox is open source may bode well for the browser. Iams contends that the more people contributing code means more people are finding possible vulnerabilities before they can wreak havoc.
"The more eyeballs looking at the code the more shallow the bugs get," Iams said.
Iams added that problems in IE, like buffer overruns, are not found in an open source environment.
However, he once again cautioned that it is far too early in the game to be predicting huge market gains for Firefox, and that hypotheses are all anyone should be offering at this point in time.
"Alternatives are always good, customers like choice and even if they decide not to embrace this [technology] it is very encouraging to see [Mozilla] has received this visibility," Iams said. "It's like an election; you throw your candidate out there and see if people actually go for it."
Iams echoed statements from Lal when he said that Firefox was designed to work with most Web sites out on the Net, but it "only takes a few disappointments to be turned off by this."