Firefox downloads bumped up by its security patches?


An interesting quote from ZDNet concerning its 50 million downloads mark:



Firefox late last month marked 50 million downloads of its browser since the Version 1.0 release in November. Downloads do not equal users, because a single user often downloads multiple copies for different computers or to replace the browser with patched versions, of which Firefox has had three.


Interesting. So, the more insecure it is, the more downloads will report! Hmm…. 🙂


[update: a note from the comments section – autoupdates (the main way people upgrade) are NOT counted against the download figure.]


 

Comments (5)

  1. Mr Blobby says:

    In the interests of accuracy, you/ZDNet should point out that there have been four patched versions, not three.

    In the interests of fairness, you should point out that autoupdates (the main way people upgrade) are NOT counted against the download figure.

    Also not counted in that figure are versions packaged by *nix distributions, institutional deployments, the 3.5 million recently distributed by an Indian state government, etc.

    Going by gut instinct the number of downloads is still probably greater than the number of users by about a factor of 2. Usage statistics show Firefox at just under 10% penetration globally. If I recall correctly (and this could be way off) there are an estimated 700 million internet users, many of whom use net cafes or shared connections to get online. This would put the figure of Firefox users at about 70 million. I suspect it’s actually closer to 50 million simply because those who use Firefox are far more likely to be greater web consumers. These figures are just intended to be demonstrative, to show that the download counter may not be all that bad a metric overall.

    What is very worrying about Firefox 1.0 is its awful update mechanism. As a result of not being insistent enough I suspect there are many millions of unpatched Firefox installs out there. This is a priority feature for 1.1 but it still counts as a big failure of security policy.

    Firefox’s record for number of security holes is getting pretty bad. Firefox’s record for time to patch is generally excellent (with some obligatory exceptions). To compare, eEye are listing three remote exploits for Internet Explorer, one of which hasn’t been patched for two months. IE also has far more outstanding Secunia advisories, but I’m guessing all these have an IE7 milestone.

  2. Mr Blobby says:

    Oops. That should read

    Going by gut instinct the number of downloads is still probably greater than the number of INSTALLS by about a factor of 2. (Not USERS).

  3. AC says:

    In the interests of fairness, it might be interesting to note that I haven’t been able to let Firefox self-update on my machines (two Windows XP pro and one Windows Server 2003), so I downloaded newer versions manually every time. That makes 5 downloads. The download/user ratio might be anywhere between 2 and 5.

  4. urias says:

    This was discussed for quite some time on the spreadfirefox.com website when the first patch came out (1.0.1) — and they even disabled the counter for a while so they could determine the right way to handle this.

    They supposedly do not count auto-updates (and yes, this feature does work on my windows XP and windows 2000 machines)

    The download count is pretty useless — it’s just a marketing gimmick – what prevents someone from downloading 100 copies a day to bump the counter? — I download every version and store it on my hard drive anyway, and in many cases, I don’t download it when I install a new machine, I just run the previously downloaded setup to save time and bandwidth.

    So it all pans out – however you want to read it. It’s just as reliable as the download counts on cnet’s download.com or tucows…

    Browser stats from reputable websites are more valuable.