* Firefox adoption seems to work best in organizations where there is a strong emphasis on employee productivity and where employees can influence the technology that they use. It tends to be adopted in organizations that consider it a priority to stay on the leading edge of technology adoption and security updates. This article explains the different kinds of organizations in Australia and their adoption patterns. http://delimiter.com.au/2010/09/30/desktop-dictatorship-corporate-australia-still-prefers-ie/
== Security ==
<br>Independent Security Research teams such as US-CERT (US Dept. of Homeland Security) have for several years suggested supporting and using Firefox and other browsers as protection measure and response to critical problems with Internet Explorer. Here are a variety of references:
<br>June 2004 https://www.kb.cert.org/vuls/id/713878
Here is an excerpt from that article:
''Use a different web browser''
''There are a number of significant vulnerabilities in technologies related to the IE domain/zone security model, trust in and access to the local file system (Local Machine Zone), the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented as operating system components that are used by IE and many other programs to provide web browser functionality. These components are integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.''
<br>http://www.cert.org/tech_tips/securing_browser/
<br>http://www.cbsnews.com/stories/2004/07/05/scitech/pcanswer/main627500.shtml
<br>http://news.zdnet.com/2100-1009_22-5250697.html
<br>http://www.washingtonpost.com/wp-dyn/articles/A6746-2004Jun25.html
<br>http://www.sans.org/top20/?portal=1563ee22b1a8bd138f0f420caec8d02c -- "...Exploit code for many of the critical Internet Explorer flaws are publicly available. In addition, Internet Explorer has been leveraged to exploit vulnerabilities in other core Windows components such as HTML Help and Graphics Rendering Engine. Vulnerabilities in ActiveX controls installed by Microsoft or other vendor software are also being exploited via Internet Explorer... "How to Protect against These Vulnerabilities?... Consider using other browsers such as Mozilla Firefox that do not support ActiveX technology...."
<br>November 6, 2006 - Attackers dig into [IE] zero-day flaw
<br>http://news.com.com/Attackers+dig+into+zero-day+flaw/2100-1002_3-6133028.html
03 Jan 2006 Open source's speed, Firefox's security wows Fidelity
http://searchopensource.techtarget.com/originalContent/0,289142,sid39_gci1155599,00.html
<br> "The Mozilla Firefox browser was an eye-opener, added Mike Askew, who also works in the technology center. A head-to-head comparison of Firefox and Internet Explorer showed that both had about the same level of security vulnerability, but ''the time needed to fix vulnerabilities in Firefox was much less,'' Askew said. That experience led Fidelity to look at open source more intently."
--also prediction of Open Source used in 25% of business software investments by 2010
<b>Evaluating days of Vulnerability as the best metric for assessing risk in browsers.</b>
Several independent studies have shown that Firefox keeps users at risk of serious browser exploits a smaller amount of time than with Internet Explorer. For more than 3 years Mozilla and Firefox have a consistent track record for delivering security fixes faster than other browser vendors and reducing the risk to users.
2006
Internet Explorer Unsafe for 284 Days in 2006 v. 9 days for Firefox, or 98 of actual exposure days where known exploits were running to zero for Firefox
"...For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users."
In contrast, Internet Explorer's closest competitor in terms of market share -- Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."
http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
http://www.washingtonpost.com/wp-srv/technology/daily/graphics/index20070104.html
Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.
2005
Mozilla averaged about 21 days before it issued fixes for flaws in Firefox, compared with the 135 days it took for Microsoft to address problems in Internet Explorer.
Web Browser Vulnerabilities Calendar
Click the image for a look at the length of time Firefox and IE were vulnerable to known flaws in 2005.
For at least 38 days in 2005, IE was vulnerable to unpatched critical security flaws that were being exploited actively by viruses, worms and spyware. For at least 256 days last year, Internet Explorer contained unpatched vulnerabilities where the exploit method had been publicly disclosed but was not necessarily being used.
http://blog.washingtonpost.com/securityfix/2006/02/2005_patch_times_for_firefox_a.html
http://www.washingtonpost.com/wp-srv/technology/interactives/browsers/
2004
A Year Of Bugs http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=1
Executive Summary
http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=5
004 was pretty hard for Internet Explorer users. The domination of Internet Explorer made it a preferred target for both malware writers and security researchers, creating a steady stream of vulnerabilities. Windows XP Service Pack 2 released on August 9, 2004 did not seem to alter this trend.
In 2004 Mozilla had the shortest "exposure period" of the three browsers compared. The growing popularity of Mozilla and Firefox was at least to some extent due to better security it currently provides to its users. However as Mozilla browsers become more common they are bound to attract attention of malware writers. It would be interesting to see how well Mozilla will do security-wise when its user base approaches that of Internet Explorer.
http://bcheck.scanit.be/bcheck/page.php?name=stats2004
http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=3
http://bcheck.scanit.be/bcheck/page.php?name=STATS2004&page=4
<b>Security Features</b>
Datamation’s readers have taken notice, choosing Firefox – narrowly – to win its Product of the Year award in the Anti-Spam category.
http://itmanagement.earthweb.com/article.php/3662741
There is also a good summary of specific features in Firefox that help to make browsing safter at http://en.flossmanuals.net/Firefox/FirefoxSecurityFeatures
== Extending and Customizing Firefox for Enhanced Productivity ==
