It seems that every time Microsoft releases an update to its Internet Explorer browser, there’s a zero-day exploit waiting to be taken advantage of by hackers and identity thieves the world over.
If you think I’m exaggerating, I have a little something to share with you.
An article in the Washington Post confirms the suspicions that many throughout the blogosphere have had for some time now. Data shows that IE was vulnerable to malicious attacks for over three quarters of the 2006 calendar year. Brian Krebs elaborates:
For all its touted security improvements, the release of Microsoft’s new Internet Explorer 7 browser in November came too late in the year to improve the lot of IE users, who make up roughly 80 percent of the world’s online community.
For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.
Click for Full Size ImageHere’s a detailed chart outlining the specific vulnerabilities that were manifest in the browser throughout last year. As you can see from the data, many of these security holes overlapped, providing the enterprising malware enthusiast a variety of methods in which to attack an unsuspecting IE user’s personal data.
Krebs continues with a comparative look at Firefox:
In contrast, Internet Explorer’s closest competitor in terms of market share — Mozilla’s Firefox browser — experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem.
The releases of both IE7 and Windows Vista were met with immediate, zero day exploits that left many Microsoft users uncertain concerning the security of their products and data.
For this reason, among others, users are beginning to make the switch from Internet Explorer to Firefox at an increasing rate.
One could argue the case that IE sees more security risks because it is the most utilized web browser, and there would be validity to that viewpoint. As Firefox increases in popularity, it will be interesting to see if this trend continues, or of Mozilla finds itself dealing with more headaches associated with exploit-driven attacks geared toward their browser as well.
Add to Del.icio.us | Digg | Reddit | Furl
Joe is a staff writer for murdok. Visit murdok for the latest ebusiness news.