rotas»sator

In the current issue of the Windows Secrets Newsletter, Brian Livingston highlights some startling statistics that show just how unsafe it was to use Microsoft Internet Explorer in 2004.

These statistics are so important to understanding the “attack surface” of the major browsers that we should break down this study into its individual findings:

• IE suffered from unpatched security holes for 359 days in 2004. According to Scanit, there were only 7 days out of 366 in 2004 during which IE had no unpatched security holes. This means IE had no official patch available against well-publicized vulnerabilities for 98% of the year.
• Attacks on IE weaknesses circulated “in the wild” for 200 of those days. Scanit records the first sighting of actual working hacker code on the Internet. In this way, the firm was able to determine how many days an IE user was exposed to possible harm. When Microsoft released a patch for an IE problem, Scanit “stopped the clock” on the period of vulnerability.
• Mozilla and Firefox patched all vulnerabilities before hacker code circulated. Scanit found that the Mozilla family of browsers, which share the same code base, went only 26 days in 2004 during which a Windows user was using a browser with a known security hole. Another 30 days involved a weakness that was only in the Mac OS version. Scanit reports that each vulnerability was patched before exploits were running on the Web. This resulted in zero days when a Mozilla or Firefox user could have been infected.

The Opera browser also experienced no days during which unpatched holes faced actual exploits, but Scanit began keeping statistics on Opera only since September 2004. Is Firefox still safer than IE? — Brian Livingston

Scary.

Be aware that there are safer, free alternatives available that will greatly reduce your exposure to internet parasites.

Blessings, Steve

[Listening to Third Day, Offerings: A Worship Album — Agnus Dei/Worthy]