Sunday, January 15, 2006

Internet Explorer Unsafe

The Belgian company scanit has an interesting security study out. They wanted to compare the top three browsers, Internet Explorer, Mozilla, and Opera on their security vulnerabilities. In A Year Of Bugs their approach was to count how many days in 2004 a vulnerability was publicly known but did not have an available patch. That is, even if you kept the browser up-to-date, how often were you still vulnerable to publicly announced flaws.

Mozilla faired the best, there were 54 days, or 15% of the time where there was a known unpatched vulnerability. 30 of those days were for a MacOS-only flaw, so if you were a Windows user, only 24 days or 9% of the time were you vulnerable.

Opera is a lessor known but very capable browser. I used it for several years. It was vulnerable for 65 days or 17% of the time.

So the real question is Microsoft's Internet Explorer. IE was vulnerable all but 7 days of the year. That's 98% of the time it was vulnerable to known exploits. What's worse, 54% of the time there was a worm or virus in the wild, actively exploiting one of these flaws.

Stop using IE, it will make your computer sick. If your company forces you use to use it, convince them to change. I'd say try to convince MS to fix IE, but they've been trying for years (remember MS started a big security push in 2002) and can't manage to succeed.

2 comments:

Anonymous said...

Dunno if it's your mistake or if was in teh article, but Mozilla 1.0 was released in 2001 or 2002. Firefox 1.0 came out in '04 but that was basically just a new UI for Mozilla with the mail reader and chat client yanked out of it... all it's page-rendering and JavaScript-handling code were part of post-1.0 Mozilla.

--Fleshman

Howard said...

Yeah that's right, I removed the sentence. The article tested the Mozilla family of browsers (including Netscape, Firefox and Camino). They listed the date of Firefox's release on their chart but I choose to point it out. My mistake.