Microsoft Magazine Recommends Mozilla Firefox Instead Of Internet Explorer


by Jeff Duntemann


The Answer to Microsoft's Security Problems:
It's Not the Bugs - It's the Monoculture!

Scottsdale AZ -/July 9, 2004 - Wi-Fi Technology News/- Microsoft's own "Slate" online magazine is now recommending that people abandon Microsoft Internet Explorer for Mozilla Firefox, a competing free Web browser. Never before in the history of Microsoft have I seen anything quite like this. In Slate's "Webhead" column for June 30, 2004, author Paul Boutin describes Firefox glowingly and tells readers how to install it for secure Web access.

It appears that Microsoft has thrown up its hands in the wake of recent diabolical browser exploits like Scob, which captures keystrokes sent to online banks. Preventing such exploits can't be done in an afternoon.

Microsoft will need months to fix IE, and the fixing may require a fundamental redesign. Microsoft can now only recommend that users turn IE's security level up to its maximum setting, which can prevent certain Web sites from working completely.

Many observers have commented that Microsoft does not care about the quality of its products, or at least the core code in Internet Explorer.
This simply isn't true; some of the best programmers in the world work at Microsoft. The real problem is that IE is too good, and it took over 90% of the browser business. This circumstance is called "software monoculture," a term borrowed from biology. It means that when a single software product is used almost everywhere, the "ecosystem" is seriously at risk from even minor flaws. A virus or worm written to attack IE can bring down big sections of the Internet, simply because the Internet depends almost completely on IE.

If Mozilla Firefox were on 90% of the world's PCs, the Internet and its users would be just as much at risk. Monoculture doesn't care which browser has a monopoly. It's the monopoly itself that creates the security risk. Telling people to move to another browser implies that the new browser is somehow more secure. But as the new software becomes more popular, the black hats will begin targeting it as well.

Firefox almost certainly has many of the same security weaknesses that Internet Explorer has. This is due to the way that these programs were originally written, using standard libraries designed as long as 20 years ago, before remote network exploits were ever imagined. Changing these libraries even in small ways would "break" almost every major application in common use, so programmers are very leery about any suggested fixes Rewriting common applications like Web browsers could also take years. Until then, software vendors will be fighting fires as the black hats light them.

Slate Article: http://slate.msn.com/id/2103152

Jeff Duntemann is a leading expert in the areas of email, spam, viruses, and identity theft. He is the co-author of bestseller "Degunking Windows" (Paraglyph Press, 2004) and author of "Jeff Duntemann's Wi-Fi Guide, 2nd Edition" (Paraglyph Press, 2004) and "Assembly Language Step-by-Step, 2nd Edition" (Wiley, 2000). He is currently writing the upcoming book, "Degunking Email, Spam, and Viruses." Jeff is available for interviews, articles, and other media events. He can be reached at jeff@duntemann.com.