December 17th, 2008

Has Internet Explorer ever been safe?

Posted by Zack Whittaker @ 5:08 am

Categories: Breaking news, Microsoft, Open source, Security, Web 2.0

Tags: Mozilla Firefox, Microsoft Windows, Microsoft Internet Explorer, Web Browser, Jones, Matt Asay, Web Browsers, Internet, Zack Whittaker

Well yes, but not strictly for the reasons people think. It was once safe back in the day where there were little vulnerabilities to play havoc with the software; back in a time where Internet usage was innocent, and people wanted to create websites about interpreting the mindset of a cat called Jimbo.

I’ve written about the student browser war before, and let’s face it, I got some harsh criticism for it. I wasn’t wrong though. I’m well aware within recent findings; those reported on the ZDNet Zero Day blog, that Firefox is one of the most vulnerable applications for Windows, although it doesn’t say anywhere that the actual application is insecure. It may well be perfectly fine on other platforms, which would say more about the Windows platform than the browser itself.

This morning, I put forward the claim that Internet Explorer, in recent times (this decade) has not been secure, and shouldn’t be used unless absolutely necessary.

Back in the day when Internet Explorer was more of an experiment than a viable browser, the iexplore.exe application was heavily tied into Windows, the explorer.exe application. If one faltered, more likely to be the former, the other would almost automatically screw up too. This meant, you got a bug or fault with Internet Explorer, that same bug would be replicated in Windows Explorer. This caused serious issues, hence why Internet Explorer 7 was entirely separate from Windows and could be easily updateable and removable.

When a doctor of computing engineering tells the world not to watch or download porn through Internet Explorer, a world class and highly respected writer, that’s when you know a browser has a problem. This new-ish threat which came to light about a severe vulnerability in the browser, when reported by the BBC live on the BBC News channel, said:

“…people should stop using the Internet Explorer web browser, and revert to a rival browser. Internet Explorer, of course being known around the world, and having the dominant marketshare of browsers, should not be used because of a reported zero-day attack.” [Tuesday 16th, around 3pm GMT]

Rory Cellan-Jones, well known to those who watch the BBC News or follow the content on the BBC blogs/websites, explained this in lay-man terms. The current zero-day flaw (which means the exploit has been found before the security boffs, and has been used for bad things already) can have such an effect as to:

• exploit the computer in question, by giving the attacker the same access rights as the person currently using the computer;
• it is only spread via malicious websites, so providing you have an anti-virus and use Firefox (or another browser, but use Firefox), you should be relatively safe. Jones disagrees, as Firefox has vulnerabilities also, but…
• providing you’re not stupid and don’t visit porn, hacking, cracking, serials and key-gen websites, you should be alright.

Whilst the current threat only affects 0.02%, tens of millions of people are more than likely already infected, which just brings down Internet Explorer and Windows even more.

There are two galleries showing how to secure both Internet Explorer and Mozilla Firefox, courtesy of the Zero Day blog.

Internet Explorer continues to “flaunt the security rules” by not patching things quickly enough. Whilst an emergency patch will have been issued by 6pm London time (1pm New York, 10pm San Francisco) and will presumably be part of Windows Update once it is of a quality deemed properly suitable for installation.

But don’t just take my word for it; take the word of a world renown panel of security experts, Secunia. This is Firefox vs. Internet Explorer in the security arena, proving my point entirely.

Firefox, of course, hasn’t been free of problems over the years. Every browser will suffer a blow from time to time, maybe some more than others as I’ve shown. Matt Asay agrees that open source material enables us all to be better off, whilst other articles show Internet Explorer being more and more insecure, leaving it slowly behind in the browser war.

For a next generation experience on a next generation browser, I’d go for Firefox. But then again, it’s hardly free of its problems. Just avoid anything to do with Internet Explorer; I most certainly have and my anti-virus says “zero”.

Zack Whittaker, the youngest in the ZDNet network, is a British student at the University of Kent, Canterbury, where he studies BA (Hons) Criminology and Social Policy. His insight into the next-generation is unique and first-hand, sharing his knowledge of the here and now but more so what's next and how to get there.

You can read his public biography and his work disclosures of his current and past industry affiliations.

Fire off an email if you feel like sharing a story or insight, or leave a voicemail. You can also follow him on Twitter to keep up to date with his ramblings.

Subscribe to iGeneration via Email alerts or RSS.