Saturday, April 15, 2006

Why Do You Use IE?

The Inside Microsoft blog has this article. It's a short article so I have quoted it below:
Most Firefox fans were able to cite specific things they liked about the browser, but those who used Explorer, for the most part, fell back on the “it’s all I know” argument, presenting what could be a huge marketing opportunity for Firefox.

Ummm, no it doesn't present a great marketing opportunity for Firefox. Here's why:

When you interview geeks and normal computer users about their browser preference, you will get two different answers. Geeks are aware of the security risks of surfing the web, particularly pernicious places like warez, hacking and porn sites. Consequently, geeks ought to understand that there was a significant difference between the security of Firefox and the security of IE. (I say was because Firefox has had a number of security weaknesses exposed as the browser has gained popularity. I won't rehash my arguments about inherent security claims here. Because geeks are aware of malware threats, they take seriously the notion of safe browsing. Firefox has made a (undeserved) reputation as the condom of the internet: if you want to surf safe, use Firefox. If you don't care if you catch a disease, surf IE.

Ordinary end users, in contrast to knowledgeable geeks, have little to no awareness of malware. They may be vaguely aware that it is "risky" to surf the net but they don't understand malware, how it gets into their systems and how it works. They only become aware of malware after their system has already been debilitated. End users simply don't understand the relationship of a browser to the threat of malicious software.

Consequently, there is little marketing opportunity because in order to get people to desire Firefox, they first must understand how malware works and why a browser might make a difference in securing a user's surfing experience. Users must have both an understanding of the risk and the desire to go through the process of downloading and installing Firefox. Yes, this is simple for the knowledgeable computer user and it is almost trivial in its difficulty. For the average home user, however, there is just not enough incentive for them to bother with Firefox when IE is already there.

I think there are three types of people who insist on Firefox:

1. People who still believe dogmatically that FF is inherently more secure than IE.

2. People who prefer the functionality of FF to IE, e.g. tabbed pages.

3. People who have geeks as friends who have insisted that FF is "better" than IE

I would admit that on a fresh build of Windows XP with no service packs nor IE updates installed, FF may be more secure than IE. However, with a current build of Windows XP SP2 and all current Windows updates, there is no appreciable security differential between IE and FF. The only security risk posed by IE is on a system that is not maintained.

Let me flip it the other way: If you had a box with Windows XP SP2 and all current patches for Windows and IE, that box's IE would be more secure (notice I didn't say inherently more secure) than an unpatched Windows machine running unpatched FF.

So, the issue is not whether a browser is safer than another. The issue is whether a user or administrator keeps their systems conscientiously updated. A well-maintained computer system has minimized its attack surface and is therefore more secure than an unpatched system. The browser is a negligibly relevant factor in overall system hardness when a system is conscientiously maintained.