Browser Security News

Brian Krebs has gone beyond the normal finger pointing at Microsoft and actually gather the statistics to prove how insecure Internet Explorer 6 was in 2006. For 284 days of 2006 IE6 had substantial, unpatched flaws that were being exploited and probed. It sounds like there might be just a little bit of wiggle room in the statistics, so that number might be argued down to 250 or so, but that’s still about two thirds of the year that IE 6 was vulnerable. What I find disturbing is that this is just the amount of time the patches were unavailable; how long it was until the patches were actually applied to the average business or home user is an entirely different question. Probably a more important question, but one that would be nearly impossible to ascertain.

We all know that Internet Explorer 7 is out now (you have upgraded, haven’t you?), but there’s still a lot of users who continue to use IE6. IE7 only lasted a few days before the first vulnerabilities were found, and the attempts to break the browser are only intensifying, never decreasing. IE7 has more security measures in place than any version of the browser before, but if it’s going to take Microsoft a month or more to patch a vulnerability once it’s found, it’s still not secure enough. Statistics don’t lie, IE6 is insecure - Computerworld Blogs