Seems that all versions of IE are affected, including: 6, 7, 8, & 9.
This is sure to have a negative impact on those who embrace IE as a secure browser.
Of course, Firefox, Chrome, & Opera are still available.... So I'm not too worried.
I'm not worried either.
It's a pity that that site doesn't date its blog as you would have seen that this story is months old.
See here for a more realistic time...... April last year
http://www.pcadvisor.co.uk/news/security/3273555/ie9-exploit-puts-windows-7-sp1-at-risk/
http://alemrantareq....SP1%20at%20risk Seems that all versions of IE are affected, including: 6, 7, 8, & 9. This is sure to have a negative impact on those who embrace IE as a secure browser. Of course, Firefox, Chrome, & Opera are still available.... So I'm not too worried.
Also, as we've pointed to numerous times, not using IE does not mean the exploit cannot happen, IE/Trident is integrated into the machine.
Current IE9 Unpatched Flaws http://secunia.com/advisories/product/34591/?task=advisories_2012
Current Firefox 9 unpatched Flaws http://secunia.com/advisories/product/39200/
Current Safari 5 Unpatched Flaws http://secunia.com/advisories/product/30282/
Current Opera 11 Unpatched Flaws http://secunia.com/advisories/product/33328/?task=advisories_2012
Current Chrome has no Unpatched Flaws http://secunia.com/advisories/product/39109/ (last one was fixed in 16.0.912.75 but they release a new "version" every five seconds )
Notice that none of these are all that worrisome
True...
IE 9 only has 31 vulnerabilities, non-critical, while Firefox 9 has 1...
Not that 31 times as many is really that much more.
I believe I heard someone state that security experts considered the auto-update function of Firefox to be a security risk, due to the fact that someone could hijack the update server & link the updater to malicious content.
I have Firefox auto-update turned off, so if that's the only vulnerability, I can live with that!
um super fast?? Read what I just linked. IE has 6 advisories with only 1 unpatched, & The Firefox 1 has nothing to do with the auto-update http://secunia.com/advisories/47400/ That said I'm disinterested in a "my browser's better than your browser" flame war, so unless you post security & risk firm data (as I did) your post, & this thread, are misleading & prejudicial
It pretty much comes down to preference, I think.
Sorry if I got carried away, Nergal.
But here are things to consider, as well. Firefox is much more extensible than IE, making the attack surface substantially larger due to all manner of plugins people have available that Internet Explorer just doesn't (to my knowledge) have. If you do not install tons of plugins, this mitigates that threat, somewhat.
Internet Explorer 8 on XP years ago also crashed on 20 + tabs, while I was able to load 1,611 tabs on Firefox. If a browser crashes on loading tabs, this represents a great attack area for people who know how to invoke this instability. I will get around to testing IE8 & IE9 on Windows 7 soon, I hope, to see if it does better. I have tested Firefox 9 with 500 + tabs, so I know it can.
Internet Explorer is known for drive by downloads, & it has been my personal experience that machines running IE with default settings don't take long to run into drive by downloads that automatically infect a machine, depending on the websites a user visits. It has also been my personal experience that Firefox doesn't use Active-X, & is immune to that type attack.
You can't turn off Active-X scripting in Internet Explorer without also disabling the ability of people to do other things, say their favorite facebook games.
Internet Explorer has popup blocking, but it doesn't block ads. Firefox has adblock plus, so it helps mitigate that security risk. No need to tell you that people take advantage of scripting any way they can, & this includes via malicious ads on the web. Not only from social engineering & deceiving people into installing, but drive by malware. No need to tell you that every ad blocked is bandwidth saved. And if an ad never gets to execute, it can't do any damage.
Internet Explorer has a huge disadvantage as opposed to every other browser out there. You can't totally remove it without breaking HTML dependencies in Windows, as well as other problems. Sure, you can fix it, sometimes. But I have seen occasions that trying to reset permissions/securities/IE web settings turn into an unwinnable nightmare. For what it's worth, you can totally remove Firefox/Chrome/Opera/Other browsers & reinstall them from scratch. If you have to.
It's a security risk when you can't totally remove a program like Internet Explorer. Because this is the backbone of the web, & the web is where the majority of threats infiltrate computers. When Internet Explorer goes down, it can cause problems with other programs that rely on the HTML components of it, requiring a total re-install. Have seen machines that no amount of disk repair utilities could repair or fix IE, even file replacement off CD/DVD media unless they did a total re-install.
You have to be certain that you have the right version of disk, & the right home/pro/enterprise/whatever as well of it. Using the wrong disk can cause problems. And you can be certain that most people do have a disk, but a lot of them have disks that are different versions from what originally came up there, so you can't use it because that would install different versions of files, which would lead to .dll dependencies being broken & programs crashing or not running properly.
I tested FF9 VS IE8 on Windows 7, & I was using 8 at first... I thought, not so bad. I could maybe use this... Then, I tried Firefox, & it was so much faster, I was like, no way!
I tested FF9 VS IE9 & the results were closer, but FF9 doesn't always properly render Facebook or other sites I use, particularly if the website is script heavy or has a lot of content. I don't seem to recall that happening on Firefox.
Security wise, Internet Explorer might be able to be locked down. I say might, because the default out of the box settings are far less secure as opposed to other web browser's default out of the box settings. You might be tempted to say, oh, but Internet Explorer has whitelisting for the active-X controls, but a McAfee Security researcher in China discovered that a website using a specially crafted XML website could get around the whitelisting & cause IE to import the older dangerous controls, which would break security. This was for 7, 8, 9 of IE. To my knowledge, this is not possible on Firefox, although it may have other vulnerabilities.
I am told that Chrome is more secure out of all the browsers, & that the sandbox feature of it is very hard to break. But Chrome & Opera both have shrinking tabs that go razor thin, as well as other problems. Chrome did have an ad-block that doesn't block ads, I think, just cover them up. Which signifies other problems in security. If you don't allow users to block possibly malicious content, just cover it up, what good is it?
That said, I feel certain that Chrome just may be the most secure browser at the moment, but I also feel certain that given the bugs & security risks of Internet Explorer listed above, it is not secure. You can change security settings on Internet Explorer, but the average user probably isn't going to change the default settings. Even with security on, unless users take steps to turn off Active-X, it still isn't secure. And even with Active-X turned off, it still crashes if you load too many tabs, so it still isn't (as) secure as other browsers.
Internet Explorer 9 may do better with the tabs than prior versions, but it still doesn't block ads, so it isn't as secure as other browsers that do. And even if you do get it to block ads, it still doesn't properly render on many popular sites. Truth be told, I would have to say that IE8 renders websites better than IE9, but IE9 is faster & can open more tabs & crashes less. But it still has Active-X & Ads & other problems!
And even if the above is mitigated, it is still the most popular browser, so it has the biggest attack vector, so it is most likely to be targeted, so it is still insecure.
And even if users want to use Internet Explorer, Microsoft doesn't provide IE9 for XP. So newer browsers eclipse it for security for XP, because IE8 is becoming very dated & old & full of holes & easy to attack.
And even if that isn't enough, certain parts of IE are always hooked into the OS, making it very hard to eliminate/update/eradicate/change/modify/delete certain controls without breaking something else on your OS.
I would have to say that if IE could be completely uninstalled, then re-installed, it would conceivably be more secure because it could then be totally taken off a system & added back. But that isn't possible because IE writes to so many areas that have to be updated. IE8 & 9 also have a prerequisite that must be installed separately before updating to those browsers.
Internet Explorer is also very slow to release updates. Years, compared to weeks or months compared to other browsers.
Up till version 9, Internet Explorer didn't even adhere to world standards for the web, & scored so low on acid tests, it was almost better to take a 0 since it wasn't even a 50.
Other browsers have done better for a looooooong time now, & IE has fallen behind... Again.
Not complying with standards is a security risk. Not to mention people who won't know why their website isn't functioning properly, so they try all manner of code to get it correct, further complicating what shouldn't be in the first place.
Using old, out-of-date web browsers is risky.
Are you willing to take the leap of faith?
Here is an article that is very good:
http://betanews.com/2010/01/17/should-you-dump-internet-explorer-now/
Another good one:
http://thenextweb.com/2008/12/16/dump-internet-explorer-at-least-for-now/
And, another similar, just to show that the password problem in Internet Explorer is still valid nearly 3 years later:
http://www.howtogeek.com/68231/how-secure-are-your-saved-internet-explorer-passwords/
I would post a few more, but I do have to go to sleep soon.
Thank you, thank you, thank you!
Your original post contained outdated info.
This is not turning into a browser thread full of 'your browser needs more patches than mine' thread.
This thread is now closed.