Microsoft’s Head of Security and Privacy in the UK has told TechRadar that people who jump ship from Internet Explorer after the recent spate of bad headlines risk ending up on a less secure browser. With France and Germany both advising a move away from Internet Explorer, things are far from rosy for Microsoft’s browser […yet] Microsoft’s UK security chief Cliff Evans insists that a non-Microsoft browser is the worse option. “The net effect of switching [from IE] is that you will end up on less secure browser,” insisted Evans. “The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.
Let’s fight FUD with facts…
Vulnerability Report: Mozilla Firefox 3.5.x
Unpatched: 0
Vulnerability Report: Google Chrome 3.x
Unpatched: 0
Vulnerability Report: Opera 10.x
Unpatched: 0
Vulnerability Report: Apple Safari 4.x
Unpatched: 0
Vulnerability Report: Microsoft Internet Explorer 6.x
Unpatched: 24
Most Critical Unpatched: Extremely critical
Vulnerability Report: Microsoft Internet Explorer 7.x
Unpatched: 11
Most Critical Unpatched: Extremely critical
Vulnerability Report: Microsoft Internet Explorer 8.x
Unpatched: 4
Most Critical Unpatched: Extremely critical
My recommendation if you use Windows: make sure the version of IE that’s installed (because you can’t uninstall it!) is the latest/least vulnerable (IE8) and then install at least one of the non-IE browsers listed (personally I always recommend Firefox :) and then use THAT. Of course, you could always switch to a Mac or Linux…
Related: Internet Explorer – Endless Security Problems
Update Jan. 21:
Microsoft issued an emergency patch to plug the Aurora exploit which they apparently have known about since AUGUST. Here are Secunia’s updated IE numbers:
Vulnerability Report: Microsoft Internet Explorer 6.x
Unpatched: 23
Most Critical Unpatched: Moderately critical
Vulnerability Report: Microsoft Internet Explorer 7.x
Unpatched: 10
Most Critical Unpatched: Moderately critical
Vulnerability Report: Microsoft Internet Explorer 8.x
Unpatched: 3
Most Critical Unpatched: Less critical
Limulus 
January 20, 2010 at 7:56 PM |
Those stats look pretty bad. The large number of unpatched vulnerabilities in IE aren’t nearly as critical as the recent one, but would have to say that the other browsers patching the less critical issues demonstrates a better commitment to security. Microsoft just don’t seem to care.
January 21, 2010 at 6:06 AM |
MS tend to point to weaknesses in other browsers. Sure sometimes they do exist. But there are different reasons they will not be so easy to exploit.
But all that is not really important for people not involved in making browsers secure. For most people that are deciding which browser to use it is only the likelihood of an attack that matters. And that is best predicted by the relative numbers of attacks in the past and their impact, not by some philosophic approach about security and weaknesses.
January 21, 2010 at 9:05 AM |
Microsoft’s past actions have screamed so loudly I can no longer hear what Microsoft’s Head of Security and Privacy is saying. They have created a history of saying one thing and intentionally doing another.
January 21, 2010 at 10:33 AM |
[…] One of the many reasons why I don’t like Microsoft as a company. […]
January 21, 2010 at 12:25 PM |
Re Dirk above:
Concern about attacks against a secure browser: 0.0%
Concern about attacks against an insecure browser: 100.0%
Every machine connected to the internet gets attacked regularly.
If you are running insecure software, your machine is
probably already compromised.
January 21, 2010 at 5:40 PM |
Wow did you see that MS have admitted they knew of this exploit in Late August and had confirmed it in early September!
January 21, 2010 at 11:49 PM |
O_O no, I hadn’t until now…
January 21, 2010 at 6:59 PM |
Not surprised. Microsoft is far better at sales and FUD-spreading than it is at development.
January 22, 2010 at 10:19 AM |
Good Article. I saw Cliff Evans interview on the BBC website. Do you think he actually believes what he was saying?
http://news.bbc.co.uk/1/hi/technology/8465038.stm
I think Government not merely should warn about IE, they should also outlaw bundling. It is grossly unfair and unreasonable that computer buyers are forced to pay a what amounts to a tax to a foreign corporation, just in order to buy a pc. And it is iniquitous that one still has to pay Windows Tax regardless of whether or not one wants to use said corporation’s rotten products. I’m actually preparing a formal complaint to the OFT & the EU Commission. Still have lots of work to do but this is the progress so far:-
http://www.garfnet.org.uk/joomla/index.php?option=com_content&view=category&id=74&Itemid=331
On the bright side, I think I sussed out a really simple way of working out if your computer is at risk of infection from worms, trojans, viruses, keyloggers, WGA & other spyware, adware, nagware and all those other nasties.
Open your file manager and search for a folder called System32! If you have one then you probably already been infected. lol :-)
Seriously mate, thanks for the article. Keep up the good work and feel free to contact me if I can be of any assistance.
Best wishes, G.
January 22, 2010 at 4:57 PM |
“Do you think he actually believes what he was saying?”
He sounds like a marketing man who’s been rehearsing his talking points.
January 22, 2010 at 3:12 PM |
[…] Microsoft lies to your face about browser security Microsoft’s Head of Security and Privacy in the UK has told TechRadar that people who jump ship […]