IE 'Unsafe' 98 Percent Of 2004, says ScanIT

As Mozilla and Microsoft executives argue about which browser -- Firefox or Internet Explorer -- is more secure, fans of the former have numbers on their side, a Belgian security consultancy said this week.

According to Brussels-based ScanIT, users of Microsoft's Internet Explorer (IE) were "unsafe" 98 percent of the time during 2004, while Mozilla users -- which would include those using Mozilla and Firefox -- were "unsafe" only 15 percent of last year.

ScanIT determined the unsafe periods by examining the life spans of vulnerabilities in IE, Mozilla, and Opera -- a Norwegian browser that has a nearly insignificant share of the U.S. market -- which could be exploited remotely by attackers. By documenting the time between the disclosure of the vulnerability and when a patch was issued, ScanIT calculated the total number of days each browser was vulnerable. It also matched those vulnerable dates against periods when out-in-the-wild exploits were making the rounds.

From further on in the article comes this from IE product manager Dave Massy...

"The security of any browser is irrelevant if it is part of the operating system. If we are to debate security of browsers then let's bring in relevant arguments and accurate details about different possible attacks rather than rely on the irrational fear that because IE is part of the operating system it must be exposing OS functionality to the Web."

This is one of the dumbest things I've ever read. Of course it's important when part of the OS is exposed to the outside world. That's IE's worst flaw. Something that hooks directly into the guts of the OS is, by design, being manipulated by someone other than the machine's user. Worse yet, that something usually has administrative privileges.

I switched to firefox a few months age. I used to use Adaware all the time to keep things clean. I was talking to a friend yesterday about all the problems he is having with popups and it suddenly occurred to me: I haven't used Adaware since I switched, I haven't had ANY popups since I switched and my computers have all run trouble free ever since. I've gotten to where I just take it for granted...

Adaware does not scan Firefox cache. It can't.
The fine folks at Mozilla don't want you or a program to scan or view the 'temporary files'.

Why?
I don't know.

About two weeks ago, I highlighted some text, right clicked on it and selected "Search web for" which took me to Google. Google refused to do a search claiming I had spyware or a virus [in Firefox].

After doing a scan for a virus: nothing.
Firefox was acting goofy though.

I cleared the cache and I was able to search again.

To this day, I don't know if there is spyware in Firefox. Based on some of the new registry entries I didn't install [but deleted], I'd guess it was spyware.

Firefox is OK for surfing forums and simple html as such, but anything more 'interactive' and it's a real slug if not a dud. It's not OK for doing any secure transactions because you really have no way of knowing what's going on with it [spyware, etc].

Disable active-x in IE and go over the security options real well, like everyone should, and I'd be willing to bet IE is more functional and more secure than Firefox could ever dream to be.

The worst I've ever had with IE was tracking cookies and I have that handled now. Firefox continues to ignore almost half of it's settings in options and allows all cookies, and I've noticed it likes to open files I have listed to not open but only save.

That list of problems go on almost endlessly, but most people don't put their browsers through the tests like I do. Firefox usually fails at everything, then gives me no access to the cache to see what's really in there. (there's a little trick with IE's cache to view ALL files the same as any other regular folder, giving me complete access).

Don't be fooled by Firefox, they seem to have something to hide and they rarely fix their bugs, let alone recognize them.
After ignoring their shortcomings and downfalls, they don't say they have problems and people believe there must not be any.

Did you ever really think about that?

What does that percentage mean - "98% of the time in 2004"?

Does that mean that 358.68 days of the year saw virus attacks? Can't be. Every day saw a virus attack of some sort or another, AOL users being what they are.

Does it mean that 98% of my online time, I'm under attack? Don't think so, because no one asked me.

What the hell do these numbers mean? I just need to know.

What they mean is that during 98% of 2004, there were known, unpatched vulnerabilities in IE. This is being somewhat charitable. The flaws in question were there in 2003, 2002, 2001... and so on. (And, there are flaws that were not patched at all simply because they've yet to be discovered.) They report that there was only one, brief period when there were no known, unpatched flaws. Again, this is being charitable. They are assuming that since the IT community at large did not know about the flaws, no hackers did either.

We need to find that 2% and see what they did right... but I have a sinking feeling that it was the cumulative 7.3 days (365 x 2%) after all the security updates and before the hackers found the next hole in IE!

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.