In association with heise online

02 October 2012, 11:34

Internet Explorer security examined

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Internet Explorer icon

Security expert Brian Krebs has illustrated how different statistical approaches can provide differing perspectives on browser security. For example, if you simply count vulnerabilities, Internet Explorer compares well with its competitors. If, on the other hand, you look only at vulnerabilities which are actually exploited, Internet Explorer fares comparatively poorly, says Krebs.

Krebs calculates that 275 vulnerabilities were reported for Google Chrome in 2011, 97 for Mozilla Firefox, and only 45 for Internet Explorer. Using this method, Internet Explorer appears to be have a solid security story. However, looking at the statistics for zero day exploits actually spread by malicious web sites, Internet Explorer ranks far behind other browsers.

Between January 2011 and September 2012, Krebs counted 89 days on which Internet Explorer users were exposed to actively exploited security vulnerabilities, compared to none at all for either Google Chrome or Mozilla Firefox. Krebs argues that, "Active exploitation is the most important qualifier of a true zero-day." He believes that this is what matters from a user perspective.

Krebs gives short shrift to the widespread tendency to use counts of browser security problems as a way of comparing the relative security of browsers. He says that there are better ways of measuring browser security which can provide a reasonable basis for decisions, at least temporarily, to switch to another browser.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit