Microsoft lies to your face about browser security

Microsoft’s Head of Security and Privacy in the UK has told TechRadar that people who jump ship from Internet Explorer after the recent spate of bad headlines risk ending up on a less secure browser. With France and Germany both advising a move away from Internet Explorer, things are far from rosy for Microsoft’s browser [...yet] Microsoft’s UK security chief Cliff Evans insists that a non-Microsoft browser is the worse option. “The net effect of switching [from IE] is that you will end up on less secure browser,” insisted Evans. “The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.

Let’s fight FUD with facts…

Vulnerability Report: Mozilla Firefox 3.5.x
Unpatched: 0

Vulnerability Report: Google Chrome 3.x
Unpatched: 0

Vulnerability Report: Opera 10.x
Unpatched: 0

Vulnerability Report: Apple Safari 4.x
Unpatched: 0

Vulnerability Report: Microsoft Internet Explorer 6.x
Unpatched: 24
Most Critical Unpatched: Extremely critical

Vulnerability Report: Microsoft Internet Explorer 7.x
Unpatched: 11
Most Critical Unpatched: Extremely critical

Vulnerability Report: Microsoft Internet Explorer 8.x
Unpatched: 4
Most Critical Unpatched: Extremely critical

My recommendation if you use Windows: make sure the version of IE that’s installed (because you can’t uninstall it!) is the latest/least vulnerable (IE8) and then install at least one of the non-IE browsers listed (personally I always recommend Firefox :) and then use THAT.  Of course, you could always switch to a Mac or Linux…

Related: Internet Explorer – Endless Security Problems

Update Jan. 21:

Firefox released version 3.6!

Microsoft issued an emergency patch to plug the Aurora exploit which they apparently have known about since AUGUST. Here are Secunia’s updated IE numbers:

Vulnerability Report: Microsoft Internet Explorer 6.x
Unpatched: 23
Most Critical Unpatched: Moderately critical

Vulnerability Report: Microsoft Internet Explorer 7.x
Unpatched: 10
Most Critical Unpatched: Moderately critical

Vulnerability Report: Microsoft Internet Explorer 8.x
Unpatched: 3
Most Critical Unpatched: Less critical

About these ads

11 Responses to “Microsoft lies to your face about browser security”

  1. Tim Says:

    Those stats look pretty bad. The large number of unpatched vulnerabilities in IE aren’t nearly as critical as the recent one, but would have to say that the other browsers patching the less critical issues demonstrates a better commitment to security. Microsoft just don’t seem to care.

  2. Dirk Says:

    MS tend to point to weaknesses in other browsers. Sure sometimes they do exist. But there are different reasons they will not be so easy to exploit.

    But all that is not really important for people not involved in making browsers secure. For most people that are deciding which browser to use it is only the likelihood of an attack that matters. And that is best predicted by the relative numbers of attacks in the past and their impact, not by some philosophic approach about security and weaknesses.

  3. Anonymous Says:

    Microsoft’s past actions have screamed so loudly I can no longer hear what Microsoft’s Head of Security and Privacy is saying. They have created a history of saying one thing and intentionally doing another.

  4. 365 Days of Design by Jarvis Addison - The Microsoft lies continue Says:

    [...] One of the many reasons why I don’t like Microsoft as a company. [...]

  5. John Says:

    Re Dirk above:
    Concern about attacks against a secure browser: 0.0%
    Concern about attacks against an insecure browser: 100.0%
    Every machine connected to the internet gets attacked regularly.
    If you are running insecure software, your machine is
    probably already compromised.

  6. SilverWave Says:

    Wow did you see that MS have admitted they knew of this exploit in Late August and had confirmed it in early September!

  7. Ein2015 Says:

    Not surprised. Microsoft is far better at sales and FUD-spreading than it is at development.

  8. Mr.Goose Says:

    Good Article. I saw Cliff Evans interview on the BBC website. Do you think he actually believes what he was saying?

    http://news.bbc.co.uk/1/hi/technology/8465038.stm

    I think Government not merely should warn about IE, they should also outlaw bundling. It is grossly unfair and unreasonable that computer buyers are forced to pay a what amounts to a tax to a foreign corporation, just in order to buy a pc. And it is iniquitous that one still has to pay Windows Tax regardless of whether or not one wants to use said corporation’s rotten products. I’m actually preparing a formal complaint to the OFT & the EU Commission. Still have lots of work to do but this is the progress so far:-

    http://www.garfnet.org.uk/joomla/index.php?option=com_content&view=category&id=74&Itemid=331

    On the bright side, I think I sussed out a really simple way of working out if your computer is at risk of infection from worms, trojans, viruses, keyloggers, WGA & other spyware, adware, nagware and all those other nasties.

    Open your file manager and search for a folder called System32! If you have one then you probably already been infected. lol :-)

    Seriously mate, thanks for the article. Keep up the good work and feel free to contact me if I can be of any assistance.

    Best wishes, G.

  9. Microsoft Security Negligence Confirmed: Critical Internet Explorer Flaw Known and Ignored for 4 Months | Boycott Novell Says:

    [...] Microsoft lies to your face about browser security Microsoft’s Head of Security and Privacy in the UK has told TechRadar that people who jump ship [...]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Follow

Get every new post delivered to your Inbox.

%d bloggers like this: