Internet Explorer Was Vulnerable for Overwhelming Part of 2006
Brian Krebs, the Security analyst for The Washington Post, studied 2006 data and discovered that familiar security flaws in the browser could readily have been exploited for 284 days of the same year. Even more alarming is that on 98 out of those days, hackers were having no difficulty in undermining uncorrected browsers since no remedy was yet available from Microsoft!
A "critical" patch is the most vulnerable of all security flaws in terms of Microsoft's ratings. This can be exploited maliciously without any user intervention. Krebs went on to say that for some vulnerabilities Microsoft delayed so long in putting out solutions that security firms advised users to install repairs created by third parties. Krebs's conclusions were based on data made public by Microsoft and discussions with almost all the security analysts who had published reports of dangerous failings in Microsoft products.
The analysts say that the Firefox browser developed by Mozilla Foundation, which is IE's nearest rival in terms of market foothold, was prone to just one period of vulnerability that lasted nine days. During this time an exploit code for a critical security flaw was put up online and Mozilla came out with a patch to fix the hole. Globally, however, only 20 per cent of users have a browser other than Internet Explorer, hence the scope for targeting vulnerabilities is immense.
In his article Krebs says that in spite of its vaunted security enhancements, the issue of Microsoft's novel Internet Explorer 7 browser in November did not come in time. The unveiling of both IE7 and Windows Vista was followed at once by zero day attacks that kept a large number of Microsoft users in doubt about the safety of their ware. This is one of the reasons why customers are rapidly shifting from Internet Explorer to Firefox.
It may be countered that IE has its critical failings on account of its popularity. This argument is not without foundation. As Firefox becomes more widespread, it remains to be seen whether its popularity will grow or whether it will face increasing problems from exploit-driven incursions as in the case of IE.
Related article: Internet Threat Volumes Overwhelm Security Companies
» SPAMfighter News - 12-01-2007