IE 'the most secure browser'

[Julio Franco]

Internet Explorer is now just about the most secure browser available, says Microsoft - because so many security holes have been filled. Last week's Internet Explorer patch has made the browser at least as secure, if not more secure, than any other browser, according to Microsoft UK's chief security officer.

Microsoft released a security patch for Internet Explorer last Monday that fixed three critical vulnerabilities; unfortunately the patch altered the way in which the browser handles certain URLs and forced many companies to reprogram their systems in order to accommodate the change. However, Microsoft has said the update means that Internet Explorer is now safer than any of the other browsers on the market, which users may find ironic due to the sheer number of vulnerabilities discovered in the browser over the past year.

Read more: ZDNet.

 

[Per Hansson]

LOL!!!

I found the above statment extremley funny!

It's just a shame it isn't irony (like my latest post)

 

[Per Hansson]

I just find this lie he say here to be so hillarious!

Not only has Opera never been affected by these vulnerabilities, it have all along made you very aware that you are going to another site than what the link shows you...

Now the vulnerability has been fixed, Okin said Internet Explorer is at least as secure as other browsers such as Opera and Mozilla, but in some ways it is more secure: "I don't think we have got any less security than any of the other browsers and we have added a layer of protection that could make it a little bit more obvious to users if a phishing attack is occurring. If you look at today's technology, absolutely the (IE) browser is as secure as the others," he said.

Please just test this for yourself in my previous post right here after installing all security updates for Explorer

With explorer you get a new Window saying "Invalid Syntax Error", hovering your mose over the link it shows up wrong and right-clicking it and selecting properties it shows up wrong...

Compare this with Opera that gives you a big warning and a No/Yes option if you want to continue to go to another site, plus hovering your mouse over the link reveals it's full contents...

 

[NewSparrow]

lol.. thats a good laugh for today. I think i'll save this everytime I need to brighten my day.

 

[Spike]

Please correvt my logic if incorrect.

IE (any version) is simply a shell extension of Explorer. IE has had rediculous numbers of bugs and holes in the past, and they've been discovered almost every other day since it's creation.

More people use IE than any other browser.

The sum of the above tells me that there are more serious holes to be plugged, and Crackers WILL find and exploit them, simply because thats the browser used on the most computers. By nature of the fact that 90% of users use IE as their main browser, it must follow that it is also the most attacked browser, with the best known programming?

 

[Masque]

Originally posted by Spike
Please correvt my logic if incorrect.

IE (any version) is simply a shell extension of Explorer. IE has had rediculous numbers of bugs and holes in the past, and they've been discovered almost every other day since it's creation.

More people use IE than any other browser.

The sum of the above tells me that there are more serious holes to be plugged, and Crackers WILL find and exploit them, simply because thats the browser used on the most computers. By nature of the fact that 90% of users use IE as their main browser, it must follow that it is also the most attacked browser, with the best known programming?

All correct. It's the browser for the masses....hence the crackers want to crack it. I'm sure the same could be done to Opera as well as the others without a problem if somebody actually took an interest in them.

 

[Nodsu]

90% of ppl use IE. That would mean that there would have to be 1 critical update for Mozilla/Opera per every 9 critical IE updates?
A search on cert.org gives 337 results for IE, 3 for Mozilla+Opera.. 2 of those are from 1996. We have at least a 200/1 ratio given that some IE vulns are really old or trivial. IE surely beats the hell out of the competition.

BTW the Mozilla and Opera vulnerabilities were corrected in a matter of days while it took MS months to fix the URL parsing thing.

Buffer overrun vulnerabilities exist because of poor programming. Do you think there would be as many unchecked buffers in Mozilla source that is read daily by hundreds of fanatical geeks as there are in the murky depths of MS style code that noone bothers to read unless another gaping hole is found in the "most secure browser"?

 

[Per Hansson]

OMG, that gave me a bigger laugh than reading the actual news itself, thank you so much Nodsu!!!

That's just hillarious!

 

[TS | Thomas]

They might claim to be to the most secure now, but they're still the most exploited regardless.

 

[acidosmosis]

The more used software is, obviously the more 'unsecure' it is. This is because more people obviously want to exploit flaws in IE because it used more than any other browser in existance.

The same with Windows. More people want to exploit it's flaws because it is used more. What is the fun in "hacking" Linux when only a small percentage of people use it.

Because of this you would be led to the opinion that one peice of software is more secure when it in fact is not.

I stay with my opinion that all software is just as "unsecure". Some software is just "attacked" more often due to its higher use.

If your using Linux or Mozilla because it is more secure then you are fooling yourself. Use it because you like it better for a legitimate reason. The same goes with Linux. If you use software (or an OS) because you think it is more secure than, no offence, but your just a wuss.

Browsers other than IE are also over-rated very much so and I'll stick with that opinion till death.

 

[Spike]

errr, linux IS more secure than windows in a way! in a pretty big way acctually.

Logged in as a user, the only damage that can be done in linux without seriously hard work is within the user account. The core of the system is protected.

Anyways, this probably isn't the place, so I'll leave it at that. feel free to post a thread in one of the other forums though if you want to discuss it though. It might be an interesting discussion. I'd join in.

 

[Nodsu]

What would be more effective in finding security holes: 10 experienced hackers trying to get into a Linux based corporate database server or 10 000 script kiddies trying to trash the computer of someone who in their opinion sUxx0rz? And if you wanted to hack something don't you think that having the source code of the target software would help the effort just a little bit?

Furthermore. OSS is written by enthousiasts who devote their own free time and energy to the project to improve it for no or little reward. MS software is written by programmers working 9-5 and getting paid by the hour or by the amount of code they generate. There is more love and devotion in bash shell than in all the Windows versions together.

Those who claim that Windows has more known flaws only because it is more used than *x obviously know nothing about either of the OSs or their security models.

 

[acidosmosis]

Originally posted by Nodsu
Those who claim that Windows has more known flaws only because it is more used than *x obviously know nothing about either of the OSs or their security models.

You know better.

I stick with my statement and I always will, and I didn't mean that there are more flaws just because it is more used. I mean Windows is exploited more because it us USED more so obviously it is the OS that is going to be attacked more. Linux could be unsecure as a bank without walls but still would hardly ever be attacked. Besides most people that use it are just enthusiasts. How many people other than script kiddies want to attack some regular joe's computer? And script kiddies are not threat obviously.

And I realize that Windows programmers are just doing their 9-5 jobs as compared to 1000's of Linux programmers doing something they like doing, but guess what? Who's OS is on top? There is a reason for it. And you people complain about MS not doing their job and their being bug's in MS software but you forget the fact that these are only programmers working their 9-5 jobs and MS can't hire all the programmers as Linux has. With that many programmers it would be a cluster****.

You have to admit it is very sad though that with 10,000+ programmers like you said working on Linux the OS isn't any better than it is. And with Windows programmers numbers being vey very small compared to Linux it is the one on top. If you look at it like that (or in any fashion) Windows isn't so bad. If you know what your doing, then with a very small amount of effort the OS works just fine. I can run XP for over a year with no problem and I know many people who do. It never crashes, I experience no performance decrease, etc.

 

[Spike]

As it Goes, Linux would be attacked all the time if it wasn't so darn secure. It does get attacked from time to time, and a few attacks are succesfull. It's worth remembering that any credible black hat out there would rather hit a server of a big business than your average Joe's PC, both being equally secure.

The enterprise standard for large servers is Red Hat 9.0

Home users are usually hacked for credit card information or to use the resources of that computer. I'd rather a big network of Linux boxes doing my bidding in an ideal world. They would be more powerful (albeit more technical).

It's not an ideal world though. Windows is far easier to get into. That's why I wouldn't waste my time hacking linux boxes, when I could use windows boxes with a great deal less effort.

There are many reasons for this.

This link, posted recently in another news thread by Per Hansen, adds weight to this concept by means of explaing part of the reason for it...

http://www.eeye.com/html/Research/Upcoming/index.html

"Everyone is entitled to their views, but the best ones are based on the facts."

 

[Nodsu]

Linux could be unsecure as a bank without walls but still would hardly ever be attacked. Besides most people that use it are just enthusiasts.

So you actually think that the OS that powers at least a quarter of all servers in the world happened to be insecure noone would notice? Ah sorry.. The OS that powers over 90% of the computers is as secure as an igloo in a volcano and noone notices. You are absolutely right here..

And I realize that Windows programmers are just doing their 9-5 jobs as compared to 1000's of Linux programmers doing something they like doing, but guess what? Who's OS is on top? There is a reason for it.

And your claim is that Windows is so popular because it has prevailed in a fair competition with absolutely no monopolistic merciless stomping out of any initiatives of offering the people anything but the software coming out of the Company?

And you people complain about MS not doing their job and their being bug's in MS software but you forget the fact that these are only programmers working their 9-5 jobs and MS can't hire all the programmers as Linux has. With that many programmers it would be a cluster****.

Leaving open source OSs aside, do you think that Apple or Sun or IBM or HP are employing more programmers than MS and that is the only reason that their proprietary closed source operating systems are less flawed than Windows?

You have to admit it is very sad though that with 10,000+ programmers like you said working on Linux the OS isn't any better than it is.

Someone hasn't had many experience with anything but Windows I presume..

And with Windows programmers numbers being vey very small compared to Linux it is the one on top.

Being on the top is not a measure of goodness. I mean Hitler got on top. That must mean that he was absolutely the best german person alive for those years he maintained his position..

If you look at it like that (or in any fashion) Windows isn't so bad. If you know what your doing, then with a very small amount of effort the OS works just fine. I can run XP for over a year with no problem and I know many people who do. It never crashes, I experience no performance decrease, etc.

Acid forgot to mention this little problem even though he knows so well what he is doing with his Windows XP otherwise..

If I know what I am doing then I can run my computer just perfectly by using nothing than a hex editor to feed CPU instructions into memory.