If someone asked you to rate Internet Explorer on a list of the most secure and problem-free programs on the Windows platform, where would you place it? I think it is safe to say that most people would place Internet Explorer near the bottom of the pack, as it has a reputation for being very insecure, and Microsoft has a reputation for making the same mistakes over and over across versions.
According to well-known security research firm, Secunia, that is not the case – but before switching back to the browser with the big blue “e”, you might want to see how the results were obtained – Microsoft apparently did not have anything to do with the results.
Ask the average techie which browser has the most vulnerabilities, and odds are their answer will be “Internet Explorer, of course.” Indeed, Microsoft’s browser has endured plenty of slings and arrows — and not entirely without justification — but some of those projectiles should deservedly be aimed at Apple, Mozilla, and Google. According to a recent report from security company Secunia, IE suffered fewer CVEs (common vulnerabilities and exposures) than Safari, Firefox, or Chrome over the past year.
On the pages of this article, a couple of charts show that the vulnerabilities are only rated for the top 10, anything less is not spoken of. Opera appears nowhere in this article, once again giving rise to the idea that Opera is among the most secure of browsers.
The finding lends further credence to the notion put forward by InfoWorld’s Roger Grimes that a product’s popularity plays a significant role in how often it gets targeted. IE dominates the browser markets and is thus the major target among hackers. As competing browsers gain popularity, their respective creators will have to step up their security measures — and they all have work to do.
This is not even worth debating – of course it is true. But that still does not change the overall idea that Opera is very secure. When something is sound, and does the job, do you ask if everyone knows about it, or do you just make use of it?
Mozilla Firefox has the dubious distinction of boasting the most CVEs, 96 in all with 15 vulnerability events, among the top 20 most vulnerable software products ranked by Secunia. The data was recorded from June 2009 through June 2010. IT security admins at IBM should take particular note of that finding, given that Big Blue recently pledge allegiance to the open source browser in the name of its transition to cloud computing.
Number 2 on Secunia’s list: None other than Safari, the Web-browsing apple of Mac enthusiasts’ eyes, with with 84 CVEs and 9 events. Given that usage of Safari is on the rise, thanks to the soaring popularity of Apple’s mobile platforms, Steve Jobs may have to worry a bit less about the insecurity of Adobe’s Web technologies and more about the various vulnerabilities in Apple software.
Probably true, but Opera Mobile is secure (thus far), free, and popular beyond anyone’s dreams of a few months ago. It is a great replacement for the Apple browsers.
OK, perhaps Jobs should still keep an eye on Adobe’s wares. The company has four of its products clustered in spots five through eight in Secunia’s ranking. Reader and Acrobat tie with 69 CVEs and 7 events each while Flash Player and AIR tie with 51 CVEs and four events each.
Adobe is going to change the way it works on the PC, through a collaboration with Microsoft, but what about the mobile uses? I’d think that a Foxit, or other equivalent, for mobile use would be a great idea.
Moving on, up-and-comer Google Chrome was also tagged with more vulnerabilities than IE: 70 CVEs and 14 events (just below third-place Java JRE, with 70 CVEs and 5 events). Maybe that’s why the Google Chromium team, like Mozilla, has significantly upped the reward to security researchers who report security flaws.
That brings us to Internet Explorer, which is effectively ranked ninth on Secunia’s list of the 20 most vulnerable software products. IE, despite its significantly higher installation share, had just 49 CVEs and 12 events in over the past year.
Secunia’s report should be cause for vindication on Microsoft’s part — and cause for concern on the part of its competitors, particularly Apple. The company has successfully hidden its security flaws behind its relative obscurity, but now that Apple the darling of Wall Street and the creator of the most coveted mobile platforms, the blemishes on its skin are becoming all the more visible.
I’m not sure if this is a vindication of Internet Exploder or not. The largest reason that the other browsers mentioned are so targeted is because they are constantly changing. They are being made better, through additional features – something Internet Exploder does not do. Microsoft has nowhere near the amount of innovation, or customization that comes from these other players in the browser wars. Speaking of customization, there have been more than a few studies that show that it is through the add-ins and extensions of any of these other browsers that the easiest attacking occurs. Bare Chrome, Safari, or Firefox are most likely almost a level of magnitude more secure.
Once again, for the security conscious, I will remind you that nowhere in this article is Opera mentioned anywhere, except by me. Opera is more secure by its design, and (apparently) because of its level of usage, which is unexplainable. It is a great browser. Speed, flexibility, and the ability to customize are what make it great. (Where I think it loses market share is that is is not always easy to make custom – it takes more than a quick click of the mouse for many of the changes.)
equals this (for many that see hacking as great sport)
Getting back to Internet Exploder, the attacks are so many because it has become almost a sport to find the chinks in Internet Exploder’s armor. No other browser has the level of animosity leveled at it that IE does. It keeps the Microsoft engineers on their toes, but also makes one wonder why the same mistakes are repeated over versions, and also why the problems are not found by the Microsoft team before releases of the browser.
§
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••
New tagline for Internet Exploder – “Not as bad as you thought!”
®