Saturday, March 26, 2005

Do u still use IE???

IE 'Unsafe' 98 Percent Of 2004, Says ScanIT
The image “http://photos8.flickr.com/7480089_b1c34795e9_o.jpg” cannot be displayed, because it contains errors.
As Mozilla and Microsoft executives argue about which browser -- Firefox or Internet Explorer -- is more secure, fans of the former have numbers on their side, a Belgian security consultancy said this week.

According to Brussels-based ScanIT, users of Microsoft's Internet Explorer (IE) were "unsafe" 98 percent of the time during 2004, while Mozilla users -- which would include those using Mozilla and Firefox -- were "unsafe" only 15 percent of last year.

ScanIT determined the unsafe periods by examining the life spans of vulnerabilities in IE, Mozilla, and Opera -- a Norwegian browser that has a nearly insignificant share of the U.S. market -- which could be exploited remotely by attackers. By documenting the time between the disclosure of the vulnerability and when a patch was issued, ScanIT calculated the total number of days each browser was vulnerable. It also matched those vulnerable dates against periods when out-in-the-wild exploits were making the rounds.

IE was vulnerable all but seven days of 2004, or 98 percent of the year. "There was only one period in 2004 when there were no publicly known remote code execution bugs," said ScanIT's report. "Between the 12th and the 19th of October. That means a fully patched Internet Explorer installation was known to be unsafe for 98 percent of 2004."

During 200 days (54 percent of the time), there was a worm or virus on the loose that exploited one of the unpatched IE vulnerabilities. (ScanIT's IE vulnerability timeline can be found here.)

In comparison, Firefox (and the other Mozilla browsers) was vulnerable only 56 days in 2004 (15 percent of the time) during off-and-on stretches starting in May. At no time in 2004 were worms or viruses circulating that exploited one of the unpatched Firefox vulnerabilities.

Click here for more

No comments: