Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Internet Explorer aces security test as Google faces accusations

Internet Explorer aces security test as Google faces accusations

  • Comments 3
  • Likes

I mean, I obviously like this article: Internet Explorer aces security test as Google faces accusations as it has a nice quote to start with:

Internet Explorer 9 should be the go-to browser for organizations concerned about protecting machines from malicious downloads, according to a new study from NSS Labs: Microsoft's browser trounced rivals Chrome, Firefox, and Safari in the security company's more recent malware-blocking tests, a significant win considering that traditional malware remains among the most prevalent threats to users

However, I am realistic: I currently feel like it depends on the moon and the stars (and to be fair: the test methodology), which browser is declared the “most secure”. Last week there were reports in the press that Chrome is the best, now it is Internet Explorer. I remember a case about an year ago, where a government agency (because of a vulnerability in IE) recommended to move off IE immediately. Literally a week later, the same government agency (because of a vulnerability in Firefox) recommended to move off Firefox and about two weeks later the same agency (because of vulnerability in Chrome) told the world not to use Chrome anymore – in other words: Stop using the Internet Smile.

Seriously, I know that we invest a lot of work not only on the product itself to reduce the vulnerabilities in our software and make sure – if there is one – vulnerabilities have as little impact as possible. I think we came a long way and our code is much, much better than it was – and to me is better than most (all?) of our competitors. Additionally we know that the Internet Explorer is probably the most attacked piece of software we have as it is the window to the Internet. Therefore it needs additional focus and scrutiny and additional technology like the Smart Screen filter to filter malicious websites. Therefore I am convinced that it is the most secure browser out there but this is a risk management decision everybody has to make on their own.

The only thing I know for sure and which is not negotiable for me is:

Older versions of the browser have to disappear. If you are still Internet Explorer 6, get rid of it. If you are on older versions of Firefox, Chrome, etc. get rid of it. In this context, make sure that you are using a browser, which at least helps you to make this happen. I was recently starting my Firefox again (yes, I look at competitive products as well) and realized that I had to go to HelpAbout Firefox to find out that there are updates available. From a risk perspective this is not acceptable to me. Maybe I could change some options somewhere but this is just a standard installation… Again, a risk management decision.

Happy browsing

Roger

Comments
  • Firefox has had automatic security updates enabled by default since... forever. You just have to use Firefox for more than 2 minutes so you give it time to check the mozilla servers. Also, if you had been on top of things you'd know that Firefox 12 will even remove the need for an administrator account. Firefox 13 will then bring full silent updates without any user interaction at all. See wiki.mozilla.org/.../Silent_Update

    Stop spreading FUD. It smells.

  • Hi Richie,

    thank you for your comment. It is always impressive to me to see how much emotions come with the browser discussion.

    If you read my blog regularly, you see that I am defintiely not into spreading FUD, mistakes can happen and I appreciate your input. I do not want to open a debate about the idea that somebody (in this case mozilla) decides for me what to install and silently "fix" my PC. I do not like this but this is another problem I guess.

    Coming back to my original statement: I (obviously) do not use Firefox too often. However, I think I typically use it longer than 2 mintues. It is just my experience I described, not more not less.

    Roger

  • Thanks for posting this informative Blog Article. I think that you are absolutely right in saying that people should get rid of old browsers, especially people who are involved in the field of <a href="www.rpjtechnology.com/Media-Transcription">Media Transcription</a>.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment