Mozilla’s Lilly should chill

Matthew JC. Powell
26 March, 2008
View more articles fromthe author

Last week Apple released Safari 3.1, an updated version of its standards-compliant web browser for both Mac and Windows. Mac users were notified of this by the usual method, of a bouncing "Software Update" icon in the Dock. Click on "Show Details" and you’re informed there’s a new version of Safari if you’d like it. Fine. Windows users were notified through a similar method, namely the Apple Software Update application which normally informs them of updates to iTunes or QuickTime. This was the first time it informed them that they could download and install a new version on Safari, and it did so whether or not they already had Safari installed.

Windows users are not unaccustomed to this sort of thing. While it was the first time they’d been told about a new version of Safari, it’s a fact of everyday life on that platform that you start up your computer and are promptly informed of any number of software updates and patches you need to install. From my conversations with Windows users ("some of my best friends …") I gather that if you go more than two days running Windows without installing any updates, you start to wonder if something’s wrong.

In short, the vast majority of Windows users either installed Safari 3.1 or they didn’t. hardly any were unduly bothered by it.

One who was bothered was the recently-appointed CEO of Mozilla, John Lilly. Lilly claimed that Apple was wrong to use its Software Update system to install "ride-along software that they didn’t ask for and maybe didn’t want". He compared Apple’s Software Update to the distribution systems employed by malware authors.

Seriously. He wrote that. Read his blog if you don’t believe me.

Reality check. When Apple Software Update informs Windows users that there is a new version of QuickTime or iTunes or even Safari available for them to install, it does so with a dialog box eerily similar to the one on the Mac. The names of the available updates appear with a tick-box next to them and buttons down the bottom enabling the user to decide whether or not they want to install the updates. If you want the updates, you click on the button that says install them. If you don’t want them, you click on the button that says don’t. if you want some of them and not others, you untick the boxes next to the bits you don’t want and install the rest. It’s pretty straightforward, and it’s the way Apple’s Software Update has always worked, with nary a complaint from John Lilly before.

His problem seems to boil down to the fact that, by default, the tick-box is selected. So if you click the button to install updates to iTunes, you might install Safari without really intending to. There might be something to that, but here’s the thing: If you care so little about what software you install on your machine that you’ll tick a button that quite clearly says "Install" without making note of what it is you’re installing, you probably don’t mind of it means you end up with another standards-compliant web browser. No-one says you ever have to run it. Lilly seems to think people are prety goofy.

He also alleges, fairly vaguely, that this opens the door to malware authors to sneak software onto people’s machines by exploiting Apple’s Software Update system with its ticked-by-default boxes. This is ridiculous, and he offers absolutely no evidence that this is likely, or even possible. There is no indication that Apple’s Software Update could be exploited in this way (though hackers have compromised Microsoft’s Windows Update in the past).

And here’s the real clincher: when updates are available for Firefox — Lilly’s product — they just install. Users have precisely zero option or opportunity to say no, or ignore the update, or install it later, or anything. Should Mozilla’s updating system be compromised by hackers the way Lily insinuates Apple’s might be, Firefox users would be up the proverbial without propulsion. For that matter, should some developer in the Mozilla project (and there are a lot of them) make a crucial error, bad code will be distributed before anyone can do anything about it.

Before Lilly starts criticising anyone else’s updating systems, he should have a careful look at his own.

So what’s this really about? Far be it from me to ascribe avaricious motivations to anyone, but the fact is John Lilly is a CEO and CEOs tend to be somewhat avaricious. When you consider that the majority of Lilly’s products are given away gratis, you have to wonder by what means his company’s profit motivation is sated.

I’ll tell you. Advertising. You know that Google Search gadget in the upper-right corner of your Firefox browser? Google pays Mozilla for that. Advertisers pay Google, and Google pays Mozilla for the privilege of being the default search engine within the browser. Google also pays Apple for the same thing in Safari. The more market share Mozilla has, the more money Google gives it. As Firefox is currently around 30 percent of the browser market, that means a fair chunk of revenue. In fact, it’s the vast bulk of the money Mozilla — and therefore John Lilly — makes. Money is unlikely to be Lilly’s sole motivation for his criticism, but I think if he’s honest with himself he would have to recognise it’s part of it.

Lilly has in the past been supportive of Safari because, quite rightly, he understands that having more standards-compliant browsers around is good for Mozilla. More people using standards-compliant browsers means more web designers supporting standards instead of just developing sites "optimised" for Microsoft Internet Explorer. More standards-compliant sites means more customers who can use standards-compliant browsers, and that means more market share and more money from Google. It’s quite simple really.

The problem now is that Safari is starting to make serious inroads into the Windows world, and Apple using the significant market penetration of iTunes and QuickTime as a foot in the door is a trick Mozilla can’t match. If Lilly were being honest, he’d say as much. Unfortunately a CEO complaining about a competitor taking market share away can’t help but sound like sour grapes. Even the somewhat more legitimate argument that Apple is using its strong position in one market (digital music) to improve its position in another (web browsers) doesn’t really hold because iTunes isn’t a monopoly, installing Safari doesn’t preclude using Firefox or anything else, and as previously mentioned it’s all optional anyway.

So Lilly is left with vague scaremongering about undermining the "trust relationship" in the software industry. More accurately, he’s exploiting the fact that there isn’t really any such trust. Most customers are actually pretty paranoid about what nasties their computers might foist upon them. All you have to do is mention the words "security" and "malware" and people start to worry — especially Windows users, the main ones Lilly wants to persuade.

A better option. Mozilla is about to release Firefox 3, which promises significant performance improvements over the current version. It also promises a number of security enhancements. Not to mention the extensible plug-in architecture that has made it a darling of developers and users alike. Safari for Windows, on the other hand, is relatively new and relatively closed. Its reputation on that platform is mixed at best (and there is a not insignificant element of "Anything But Apple" users who regard iTunes and QuickTime as quite enough Cupertino evil on their machines thank you Steve).

If Lilly wants to maintain his marketshare and his juicy revenue stream from Google, he must make sure that Firefox remains a superior product. Both Firefox and Safari are free, both are easily obtainable, and either continues to work well on a system where the other is also installed. In short, the only consideration that makes a difference is the quality of the product. Imagine that — a fair competition.

If Lilly really is concerned about security, and users having to install software they don’t necessarily want without having a choice in the matter, he should fix that rather major flaw in his own product.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us