![]() And as in the physical world, the driver is the cause of more accidents than the car. The latter two automatically update themselves, and IE will do likewise if Windows Update is run with the default (automatic) settings. A deeper look at the details of the software flaws discovered, their relative severities, the number of actual exploits, and the difficulty of carrying out an exploit, reveals that IE, Firefox and Chrome are all very safe vehicles on the information superhighway. So no, IE is not the runaway winner of the Most Dangerous Software of All Time. The company issued its first security patch for IE 11 just five days after the update hit the Web, compared to more than 80 days lag time back in 2007 to 2011. Like all new major versions of any software, it contains numerous bugs. Microsoft released version 11 of IE last October. I discovered that the NVD is fed by another site called CVE Details that lets you search, browse and drill down into security vulnerability data in a much friendlier format. Personally, I found the NVD website rather heavily laden with acronyms and jargon, hard to search, and nearly incomprehensible. And in each case, Microsoft responded to the flaws with timely fixes. That's not so bad, considering that these exploits require the user to be tricked into viewing a specially crafted web page in order to be affected. For IE, there were only 3 in the past year. So how many of those vulnerabilities were actually exploited? Firefox and Chrome have had ZERO exploits since 2010. Nobody Expects the Spanish Inquisition!Īnd of course, nobody expects that they'll fall prey to a security flaw in their favored browser. But keep in mind that a vulnerability means only that a security researcher found a software bug that COULD POSSIBLY be exploited by hackers, crackers and other cybervillians. Okay, Internet Explorer seems to look worst when it comes to both raw numbers of vulnerabilities discovered, and the seriousness of those vulnerabilities. Internet Explorer: Average severity 9.8, with 93% in the 9-10 (most severe) range Firefox: Average severity 8.0, with 49% in the 9-10 (most severe) range Chrome: Average severity 7.5, with under 3% in the 9-10 (most severe) range ![]() Digging a bit deeper, I found that the average severity for vulnerabilities discovered in 2014 tell a story that's a bit more illuminating: Severity is measured on a scale of 0 - 10, with a higher score indicating a more serious problem. So over a full year, IE actually had the least vulnerabilities of the three major browsers! Confused yet? What Techworld didn't mention is that those numbers don't take into account the severity of the software bugs. ![]() ![]() By contrast, the competing browsers Chrome and Firefox each logged about 75 vulnerabilities during the first six months of 2014.īut wait Chrome had 175 vulnerabilities discovered during 2013 while Firefox achieved 150. Researchers found 133 NVD records of IE vulnerabilities so far in 2014, compared to 130 for all of 2013. National Vulnerability Database (NVD) figures. Most recently, Techworld trumpeted that a disturbing number of security vulnerabilities were discovered in Internet Explorer during the first half of 2014, far more than in any other popular program. I wonder why they don’t simply disable IE to make it disappear, but I understand why they discourage its use: the pundits that everyone heeds miss no opportunity to make IE look bad. Chrome and Firefox are available on every terminal available at all library branches. “We really recommend that you not use Internet Explorer,” I overheard a librarian telling a patron in the local Public Library recently. Is Internet Explorer Unsafe at Any Speed?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |