A series of highly publicised security vulnerabilities found in Microsoft's Internet Explorer web browser may be having an effect on the browser's market share, according to data compiled by WebSideStory, a web metrics company.
Over the past month, Internet Explorer's share of the browser market dropped by 1%, the first noticeable decline since WebSideStory began tracking the browser market in late 1999.
"It's the first time that we've seen a sustained downward trend for them," said Geoff Johnston, an analyst with WebSideStory. "We have a very steady trend. It's been about a month, and every day we have a steady incremental change."
Internet Explorer has held more than 95% of the browser market since June 2002, and until June had remained steady with about 95.7% of the browser market, according to WebSideStory's measurements. Over the past month, however, its market share has slowly dropped from 95.73% on 4 June to 94.73% on 6 July.
A loss of 1% percent of the market may not mean much to Microsoft, but it translates into a large growth, proportionately, in the number of users running Mozilla and Netscape-based browsers.
Mozilla and Netscape's combined market share has increased by 26%, rising from 3.21% of the market in June to 4.05% in July.
"It takes a lot to get someone to change their browser. It's been years since anyone has been willing to do this in significant numbers," he said.
WebSideStory's estimates are based on a daily survey of about 30 million browsers hitting thousands of different websites that use the company's web analytics software, Johnston said.
Downloads of the Mozilla Foundation's Firefox browser have been increasing since version 0.8 of Firefox was released in February, said Mozilla spokesman Bart Decrem, but the open-source project saw a major spike in downloads at the end of June, following reports of the so-called Download.Ject vulnerability in Explorer which could allow attackers to trick users into loading insecure content.
"What we noticed after the security stories broke on 28 June was that the daily download volume doubled," said Decrem, who said that the number of Mozilla downloads then hit 200,000 copies per day.
Because Mozilla browsers do not use the "Trusted Zones" security model employed by Microsoft, they are less vulnerable to attacks such as Download.Ject, he said.
Of course, Mozilla is not immune to security flaws. Earlier this week, Mozilla developers issued a patch for a browser vulnerability that could allow an attacker to execute existing applications on a Windows system.
Microsoft shares its users' concerns over security and encourages users to "examine all options", a company spokesman said. The company believed that factors such as functionality and manageability, "as well as security backed by the processes and engineering discipline employed by Microsoft", will convince users that Explorer is the best choice, he said.
Microsoft has yet to release a comprehensive fix for Download.Ject, but the company is providing customers with "prescriptive guidance to help mitigate these issues" on the Microsoft.com website, he said.
Robert McMillan writes for IDG News Service