Internet Browser Security Grade Card

Posted By on September 27, 2006

Browser SecurityInformation Week offered a report card review on several of the most popular Internet browsers like: Internet Explorer, Firefox, Safari and Opera. I’ve used several popular browsers and have adopted Firefox as my personal favorite. (I’m also fond of the fact it runs the same on Windows, Mac and Linux operating systems) Nevertheless, the latest version running on my notebook — 1.5.0.7 — seems a little less stable than previous versions. (am I alone?) I’ve also been playing with the new ‘tab’ browsing capable Internet Explorer 7.0.5 and its impressive but incorrectly displays many pages or as Microsoft might say … the pages were incorrectly designed. As for the Mac based Safari browser running on an Intel based Mac, its the fastest of the bunch in my ‘seat of the pants’ testing but suffers from incompatibilities that I’ve yet to over come. (some news websites video, etc) Opera seems fine, but I’ve not given it a fair trial. I suspect that it would see more success if the competition for ‘free’ Internet browsing software wasn’t as prevalent? Oh … let’s not forget Netscape, its still alive and kicking. As so far as I know, there is still a loyal user base,
MDB Statsbut I’m not running it so can’t really comment. The same goes for the Linux based Konqueror browser … although I did play with it a bit and found it a great browser. For regular use, I still prefer Firefox running on Linux, Mac or Windows.

As for the actual ‘security’ review, the article I mentioned indicated that over the last six months “that 7 out of every 10 new vulnerabilities uncovered from January through June were bugs in Web applications.” The total number of vulnerabilities found in the six-month period hit 2,249, an 18 percent jump over the second half of 2005. Of these web vulnerabilities, the most significant numbers are with browsers themselves.

The Numbers:

Internet Explorer led the pack with 38 new issues which was a 52 percent jump over the previous 25 flaws. Apple doubled their previous 6 problems with Safari in 2005 to 12 this year. Unfortunately the open-source Mozilla Firefox took top honors for ‘numbers’ … they had 47 vulnerabilities according to Symantec, a company specializing in PC and software security. Mozilla was quick to point out that the numbers don’t tell the full story since attacks aimed at browsers happen twice as often to Internet Explorer users than to Firefox users.

Another number is the “How quick to fix a problem” number or as Symantec calls it: “time-to-patch.” Here is where the open-source browsers have an advantage. Mozilla was able to patch their browser in 1 day, Opera took only 2, Apple’s Safari 5 days and the behemoth Microsoft took 9 days to patch their product, Internet Explorer. My plans are to stick with Firefox, how about you?

EDIT: A rather ‘timely’ update for this post:

SEP. 26 6:23 P.M. ET

Microsoft Corp. rushed out a fix Tuesday for a security flaw in its Internet Explorer Web browser after attackers had begun exploiting the vulnerability to take control of computers.

The Redmond-based software maker said it was putting out the fix ahead of the next scheduled security fix release date on Oct. 10 because of the severity of the problem. The flaw carries Microsoft’s highest “critical” rating.

The vulnerability in Microsoft’s browser is particularly worrisome to security experts because computer users could come under attack just by visiting a Web site that had been manipulated to take advantage of the flaw. That, in turn, would give an attacker complete control of a user’s computer, including access to e-mails, personal information and other data.

Comments

Desultory - des-uhl-tawr-ee, -tohr-ee

  1. lacking in consistency, constancy, or visible order, disconnected; fitful: desultory conversation.
  2. digressing from or unconnected with the main subject; random: a desultory remark.
My Desultory Blog