Microsoft lauds IE as 'the most secure browser'

Microsoft lauds IE as 'the most secure browser'

Summary: Internet Explorer is now just about the most secure browser available, says Microsoft - because so many security holes have been filled

TOPICS: Security

Last week's Internet Explorer patch has made the browser at least as secure, if not more secure, than any other browser, according to Microsoft UK's chief security officer.

Microsoft released a security patch for Internet Explorer last Monday that fixed three critical vulnerabilities; unfortunately the patch altered the way in which the browser handles certain URLs and forced many companies to reprogram their systems in order to accommodate the change. However, Microsoft has said the update means that Internet Explorer is now safer than any of the other browsers on the market, which users may find ironic due to the sheer number of vulnerabilities discovered in the browser over the past year.

Stuart Okin, chief security officer at Microsoft UK, told ZDNet UK that he knew "a proportion" of customers would have problems after the change, but because of the high risks involved, the company decided not to wait any longer and released the patch: "We don't actually know how many users or systems or Web administrators have been affected by this, but we knew there was going to be some with only a week's notice," he said.

Okin said that the longer the vulnerability was around, the more chance it would be exploited, which may have caused even more damage, so a week's notice was a compromise: "There are always going to be people that are caught out and surprised because they haven't been working with us or didn't know there was a problem. If we had given people more notice, then the risk would have been higher that someone would have used that exploit. If we had given them no notice, then they would have had more of a problem trying to fix their systems," he said.

Now the vulnerability has been fixed, Okin said Internet Explorer is at least as secure as other browsers such as Opera and Mozilla, but in some ways it is more secure: "I don't think we have got any less security than any of the other browsers and we have added a layer of protection that could make it a little bit more obvious to users if a phishing attack is occurring. If you look at today's technology, absolutely the (IE) browser is as secure as the others," he said.

But Okin warned that the fight against attackers and virus writers is far from over: "Don't get me wrong, vulnerabilities will come out and we will patch them; vulnerabilities will come out for our competitors and they will patch them as well. That is not going to change. I keep telling people that phishing attacks will continue in the future and they will catch people out," he said.

Two years after launching its Trustworthy Computing Initiative, in which Microsoft made security its first priority, the company still has a lot of work to do; not just for Internet Explorer, but for most of its software portfolio, Okin said. "We feel we need to do a lot more in terms of the browser, Windows and basically the entire technology base. It requires us to move onto the next level of security as an industry," he said.

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • how can anyone believe this
  • Separating IE from Windows could make Windows a bit safer.
  • shh.... Microsoft has spoken
  • And I'll let a fox guard my henhouse!
  • I would like to quote Mr. Okin on this one, for future claims of IE users all over the world, :)
    "Don't get me wrong, vulnerabilities will come out and we will patch them ..."
    Coming form the chief security officer at Microsoft UK, some would think that's actually their policy ...

    Y0u c4n f00l s0m3 p30pl3 s0m3t1m3s,
    bu7 y0u c4n'7 f00l 4ll th3 p30pl3 4ll th3 t1m3 ...
  • come on people maybe this is now True...... OK it maybe but only when your computer is not connected to the net.. or maybe it is secure when you don't run it ?

    roll on the next flaw in IE..
  • errrrr...
  • WOW, great joke of this year

    *Can't contain the hyterical laughter*

    Oh thankyou Micro$oft, I needed a laugh!
  • Ovcourse , thiz is ze biggest cumpanie in ze worreld, thzey know how to f'k around. Okee pels, keep ze gud worrek on trak.
  • Put up or shut up. Show me the evidence that IE is more secure than Mozilla, FireFox, Opera, Safari (and its cousin, Konquerer), Lynx, and the myriad of other browsers out there.

    IMHO anything that supports scripting, plug-ins, Java, ActiveX, or anything similar is inherently LESS SECURE than an html-only browser. It's up to the browser's defenders to SHOW that THEIR BROWSER's implimentation of scripting, etc. is rock-solid and exploit-proof.

    If I'm concerned about security, I'll trust a properly patched version of the now-discontinued www browser before I'll trust anything with modern features.

    Having said that, MAYBE IE is the most secure MODERN browser, but just saying so doesn't make it so. Microsoft - show me an independent analysis comparing IE to modern browsers in common use, or keep your claims to yourself.
  • I would expect MS to plump their own browser. Actually, the fact that such a statement requires the admission that there are other brwosers shows how threatened MS feels by browsers such as Mozilla, Safari and Opera, and how far down the 'trusted' list they know they are.
  • you know, you might want to consider the source ;)
  • Maybe they should check out this:
  • A browser's security cannot be measured just by the fact that it's preventing phishing. In fact, there are dozens of other criteria that I consider critical for a browser's security like not allowing to execute arbitrary code on my computer or not divulging my cache to the outer world (privacy anyone?).

    Besides, the "feature" added by Microsoft, due to which it's touting to have the most secure browser, is in fact a regression, preventing you from using a feature. I suggest Microsoft to disable the "connection to the internet" feature of the Internet Explorer and only allow it for local file browsing and management. Then I will believe them to have the most secure piece of software. But then again, I wouldn't call it a browser, but just a file manager.

    This news is an obvious attempt to clean their image with some PR-junk. I doubt they will reach their goal.
  • LOL Bill Gates have you tried Opera browser ?
  • Got 2 words for ya Microsoft:

    Yeah Right.
  • What a joke. IE's track record shows the exact opposite.
  • If IE is "the most secure browser" then I usesr ZXspectum or Comodore to browsing Internet and play new games - this software is big, unuses, slowly and buggy I prefer Mozilla Fire BIrd or standard wersion.
  • I guess you could say that, if your definition of "security" is based entirely on the number of patched security holes.

    I wonder if this method of classification will make it's way into other industries. For instance, a car manufacturer could claim that a certain model is the safest and most reliable ever, by virtue of having the highest number of recalls in the industry.