Recent IE security flaw is one flaw too many: Time to jump ship?

Recent IE security flaw is one flaw too many: Time to jump ship?

Summary: If Internet Explorer had better fix and flaw updating features like its Chrome and Firefox rivals, perhaps the 900 million vulnerable to one recent security hole could be far lower.

SHARE:
25

A new critical security vulnerability in Internet Explorer has been exposed, allowing attackers to obtain personal information by running malicious scripts on websites.

As Adrian Kingsley-Hughes reports, this affects all users of Windows. In total, its estimated to affect 900 million people worldwide.

Nearly one billion people. That's nearly one in six of all people on the planet. Enough is enough. I think it's time to jump ship, don't you?

For me, this is too much, and one step too far. There is near no doubt that Internet Explorer 9, the latest incarnation of the browser, soon to be out in release candidate stage, is the most secure, dynamic and powerful yet.

But without effective systems in place to prevent lax security and quality assurance, to the actual fixes themselves, millions of users, in particular pirate copy users of Windows will go about unpatched.

The simplicity factor in being able to patch the browser is another problem users of Internet Explorer have.

Both Google Chrome and Mozilla Firefox update on a regular basis with fixes, tweaks and community submitted reports. Firefox reports on these changes and asks for permission to update - seemingly out of respect and courtesy, whereas Chrome updates constantly through a running background service.

But when Internet Explorer is found to suffer from such wide scale vulnerabilities, the general public have to resort to being told by the technology media, rather than the browser itself.

And in my experience, the Windows Update service is too slow. Nearly a full day after this was discovered, the only update I have on my machines is a definition update for Microsoft's anti-virus program. It's not good enough.

With this particular flaw exploiting scripts and attaining information held on the computer, combined with the fact that so many enterprise workplaces and universities run the browser on their Windows machines, huge quanitites of data could be harvested.

Is it time for an Internet Explorer mass exodus?

Topics: Security, Browser, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments
Log in or register to join the discussion
  • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

    Do you still use ie? I mean slow and...
    tatiGmail
    • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

      @tatiGmail

      This is just click bait. IE is the most used and most secure browser. All of them will have bugs and exploits and I'll trust the software development company that makes the global OS rather than an open source garage or an advertising company to fix any problems that occur.

      I'm beginning to think Gen Y is ADD as well.
      tonymcs@...
      • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

        @tonymcs@...

        Sorry Tony, given that a good % of people are still on Windows XP, I would say Chrome is the most secure browser. No, counting flaws won't be the bar here. The plain and simple fact is that Chrome under XP removes administrative rights with the various .EXEs that are spawned associated with each tab. They're using security APIs that Microsoft never bothered leveraging in securing its own browser (for reasons I never understood in light of the fact that the one specific API call that makes this magic possible was introduced with Windows 2000). However there is a tool to get the same effect on IE or Firefox:

        http://download.cnet.com/RemoveAdmin/3000-2381_4-10824971.html?tag=mncol;1

        The fact that Google actually bothered to leverage Windows' security APIs blew me away. I knew what they did, I just never expected it. This blog post goes into detail what Chrome does under the hood:

        http://mastercobbler.blogspot.com/2008/09/its-shiny.html

        It is a bigger deal on Windows XP where 99.99% of home users operate under the ignorance of running with administrative rights.
        betelgeuse68
  • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

    are there really 900 million ie users? that many users still live in the 90's when it comes to browsers? or that number was pulled out of how many websites are being visited by ie users, cause i can imagine all those pc infected by viruses and you have 50 new websites opened by the virus every time you click on something.
    d.marcu
    • Speaking of malware.

      @d.marcu
      I guess your posts are just that?

      And here I thought the stupid branch of people like you died off years ago. :)
      AllKnowingAllSeeing
  • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

    Do you jump from ship to ship every time there is a problem? You may run out of ships soon :)
    paul2011
    • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

      @pauliusp

      +1
      The one and only, Cylon Centurion
  • You should stay away from the web

    Every browser has flaws.
    Michael Alan Goff
  • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

    Zack, AKH's article is completely wrong and there is absolutely no need for anyone to jump ship or worry about this. AKH's article clearly states its only proof of concept with no active exploitation of the vulnerability. So despite his click-baiting title 900millions are not affected since there are no exploits for it. Also if you are that concerned there is a workaround in place to protect you so you can continue using IE. On top of all that, you'd have to go to a malicious site as well which most people would never do since they go the same 5 or 6 sites they always go to.

    You claim Chrome and FF are constantly updated but IE is not. This is false, IE gets updated as much as any other browser. They do it on the monthly patch cycle, where you will also find a description of the patch.

    AKH's article was clearly click-baiting, trying to create a storm in a tea cup but the problem is there was no storm. So whats left in the cup? A bunch of air.
    Loverock Davidson
    • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

      @Loverock Davidson

      Right on. I don't trust these bloggers.
      FADS_z
      • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

        @FADS_z Then why read?
        zwhittaker
    • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

      @Loverock Davidson ... Took the words right out of my mouth! It was just something to write about, IMO.
      tom@...
  • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

    "Is it time for an Internet Explorer mass exodus?"

    Yes, Zack! It was time long ago to shuck IE. Chrome is a much better browser and more secure.

    Remember all those years when there was no serious browser competition and Microsoft, despite yammering in court that it wanted "freedom to innovate," did absolutely bloomin' nothing to its browser? It was evident then -- and with Vista -- that Microsoft does not place a high priority on serving average consumers.
    ShowMeGrrl
    • ShowMeGrtl, are you serious?

      <i>It was evident then -- and with Vista -- that Microsoft does not place a high priority on serving average consumers</i>
      Easy to say, hard to back up.<br><br>But then I can pickout something whith Chrome, use the same words, and be just as accurate.
      AllKnowingAllSeeing
    • Timecheck.....

      @ShowMeGrrl

      Was that the same "years" as when Netscape (the only other major browser at the time) was "innovating" and released three versions of their browser in a row (V3.5 - 4.0, as I recall) that couldn't go 15 minutes without needing to be restarted from all the crashes and memory leaks? That must be innovation you're talking about.....?! I mean, how can people forget every single publication, every review outright stating that Netscape sucked?? Instead, we're sitting here in front of our PC, whining about IE.6 which was released what... 1999? 2001?? How can you compare that to browsers that weren't even around until 2005?
      rock06r
  • Ugh, really Zack?

    I thought you were smarter than this... Microsoft actually has to maintain compatability, so they can't just willy nilly upgrade their browser every time they want. Imagine if they had background IE updating and suddenly your corporate internet site just stopped working on afternoon because IE went out and updated without any notice...

    There is a reason they patch differently than the other browsers. And no one has been affected by this yet...
    LiquidLearner
    • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

      @LiquidLearner ... Well, actually people have been affected by "that"; a LOT of them. I can recall at least two bad updates where the upate needed updating and it botched quite a few people's systems meanwhile. Then there is still the practice of adding new or upgraded full programs during the update, like IE7, then IE8, SilverLight and others. If you weren't watching, you'd never know it happened (e.g they were done covertly unless you used the Custom Install and reviewed each item of the update). Silverlight had me chasing my tail for a couple hours because it stole (has the same TLD) the file associaton from another program without notifyiing me! People useing IE suddenly found their screens changed in IE because, without saying so, a new version of the browser had been downloaded, which did NOT at first, install correctly!
      tom@...
  • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

    Chrome/FF/Opera/[insert name of browser here] has a vulnerability. Crap, gotta jump ship.
    statuskwo5
  • RE: Recent IE security flaw is one flaw too many: Time to jump ship?

    Well, I "jumped ship" a long time ago - I don't use IE much at all. I'm using Firefox and Chrome.

    That being said - it's not as if IE is the only browser out there with issues. Every browser has to keep on top of security issues. I'm not certain how this is different.

    And their process of updating isn't really all that different from Firefox or Chrome - updates can be totally automatic like Chrome, or manual like Firefox. Ever paid attention to your Tuesday updates?

    "And in my experience, the Windows Update service is too slow. Nearly a full day after this was discovered . . . "

    Neither Firefox nor Chrome give me updates every single day for every single security issue - why hold IE to a different standard? An update a day after a flaw is discovered is pretty rare for any browser.
    CobraA1
  • In other news

    Zack Whittaker savors big fat paycheck from the Mozilla foundation - and their benefactors from Palo Alto, CA.
    Stormbringer_57th