Filed under Technology
Let’s be clear I like Internet Explorer.
I use IE8 and I have to hear jokes and all kind of comments because of it. Before I joined Microsoft I was arguing for a while until get tired of the conversation, moment where I ended always with a “yeah … it is”. Things like “but IE is not compatible with CSS standards” were very common to hear. No, please don’t go again into that, it’s clear there is still lot of improvements that can be done for standard compliance. In any case, IE8 is 100% compliant with CSS Level 2 Revision 1.
But after I joined Microsoft the comments were getting worse and stimulating for the conversation, ridiculous things like “but you use it because Microsoft does not allow other browsers to be installed”, not worthy to say that is far away from reality.
Now that there has been the famous attack to Google using an exploit of IE some comments have reached insanity levels.
If you want full information about the exploit and the solution go to The Microsoft Security Response Center (MSRC). I just want to stand up that “to date, the only successful attacks reported have been against Internet Explorer 6” (which is a 9 years old browser). Users with XP (more than 8 years old OS) were more prone to suffer this exploit because XP does not take profit of Address Space Layout Randomization (ASLR), Vista and other later versions are more effective blocking the exploit because they take profit of the improved security protection offered by ASLR.
So, we have that people using a 9 years old browser on an 8 years old OS were the biggest victims. I’m not going to comment about this, just take a look to this video and think about it yourself … security, hacking attacks, technology … all evolves and, don’t be fool, ALL of us are also responsible for our self-protection.
Whether you like it or not Internet Explorer is one the safest browsers of the market. You can do the comparison by:
1. Technologies applied: DEP, ASLR, Virtual Store, Mandatory Integrity Control, Today IE8 is the only one making use of all these technologies. I have to mention too the Cross Site Scripting filter and the Private Browsing, also known as porn mode but pretty useful and recommended when you browse from airports, Internet points and any other kind of shared computer.
2. Phishing protection: “The average phishing URL catch rate for browsers”
3. Average time to block phishing: “how long on average must a user wait until a requested phishing URL is added to the block list?”
Worthy to mention that “phishing sites have an average life expectancy of only 52 hours” mmm…sigh… Thanks Safari 4 to protect me against phishing sites that no longer exist.
Source: NSS Labs Browser Security – Phishing Q3 2009
“but Everybody recognizes a phishing site”. According to Gartner Group “theft through phishing activities costs U.S. banks and credit card issuers an estimated $2.8 billion annually”
4. Vulnerabilities:
“but regardless phishing Firefox is the safest browser”
Source: http://secunia.com/gfx/Secunia2008Report.pdf
I couldn’t find the 2009 report so I went manually product per product drilling by version in the Secunia site to get overall vulnerabilities.
| Browser |
Vulnerabilities |
Release Date |
Market Share |
| IE 6.x |
184 |
8/27/2001 |
20.99% |
| FireFox 3.0.x |
144 |
6/17/2008 |
6.91% |
| IE 7.x |
106 |
10/18/2006 |
15.53% |
| FireFox 3.5.x |
48 |
6/30/2009 |
16.32% |
| IE 8.x |
30 |
3/19/2009 |
20.86% |
| Safari 4.0 |
16 |
6/2/2008 |
3.45% |
| Chrome 3.x |
5 |
10/12/2009 |
3.75% |
As you can see Firefox 3.0.x has had more vulnerabilities in 19 months than IE 7.x in more than 3 years and almost the same than IE6 in more than 8 years. I’m not going to comment about Firefox 1.0.x, which had 209 known vulnerabilities since 11/9/2004 and has a current share of 0.03%.
Vulnerabilities Source: http://secunia.com/advisories
Release date Source: http://www.wikipedia.org
Market Share Source: Market Share Browsers.
“but …” Before you mention that Safari and Chrome have less vulnerabilities, please review again the Market Share and Release Date and remember that massive attacks are like business: You always try to maximize benefits, if with one product (exploit) you can reach 60% of market you don’t put all your efforts trying to get 5%.
I’m not going to enter into specific features of IE8 that facilitates the administrator’s work in corporations like: the possibility to manage and configure nearly 1.500 built-in group policies, the IEAK for customization, distribution of updates and patches via Window Server Update Services…
So, yes I’m very proud to say I’m a IE8 user … “but browser %replace with your browser% it’s faster” … Yeah…it is
If you like the article, please share it