Internet Explorer more secure than Chrome and Firefox

Microsoft’s Internet Explorer for a long time has been looked at as being very unsecure. Many tech savvy people moved to alternative web browsers for better security and overall, better features.

For many years, there were three alternatives to IE; Firefox, Safari and Opera. In 2008 Google announced a new web browser, Google Chrome which today is growing a user base at an astonishing speed. They quickly went to battle with Opera for the title of speed king but at what cost?

A list, named the “Dirty Dozen” has been put together the security company Bit9, based on information from the National Institute of Standards and Technology's public National Vulnerability Database.

The list, places Google Chrome at No.1 for the most vulnerabilities with 76 being discovered. Apple’s Safari comes in second with 60 vulnerabilities followed by Microsoft Office in third with 57.

Harry Sverdlove, CTO of Bit9 said “A variety of vulnerability types - including buffer-overflow and cross-site scripting vulnerabilities - impacted these applications” He later says “some exploits of vulnerabilities could allow attacks to compromise the user's desktop entirely and perhaps pose a risk for the entire organization. A list like the annual "Dirty Dozen" highlights trends and the need to make sure software is kept updated”

This year the company found 3,268 vulnerabilities which built the list. The most secure appears to be the Opera web browser which had 6 vulnerabilities.

Many may claim Google Chrome, being only two years old has a reason for the new “vulnerability title” whereas others may disagree.

Last year’s list was built on slightly different criteria, as it excluded the Apple Mac platform with Mozilla Firefox taking last year’s title.

The full results can be seen below:

  1. Google Chrome – 76
  2. Apple Safari – 60
  3. Microsoft Office – 57
  4. Adobe Acrobat – 54
  5. Mozilla Firefox – 51
  6. Sun JDK – 36
  7. Adobe Shockwave Player – 35
  8. Microsoft Internet Explorer – 32
  9. RealNetworks RealPlayer – 14
  10. Apple Webkit – 9
  11. Adobe Flash Player – 8
  12. Apple Quicktime and Opera Web browser (tied) – 6
Report a problem with article
Previous Story

Office 2010 SP1 sent out to beta testers

Next Story

Windows Phone 7 to work with Third-Party IE based browsers

95 Comments

Commenting is disabled on this article.

All software is hackable. What makes software more secure is, less issues found plus fast response time to hotfix them

Trust Internet Explorer??? Not a chance in hell. But those fools that trust IE. You go right ahead and keep using it. Since I work in IT and inhome repair. I get to fix your pcs when they start crashing. So keep using IE, I call it job security...

Seen this coming for a while now.. About time.

I used to love Firefox back in the day until it became the new target for spyware and such. Since I switched back to IE8 I was much happier with performance and security.

Sigmatic.Minor said,
Seen this coming for a while now.. About time.

I used to love Firefox back in the day until it became the new target for spyware and such. Since I switched back to IE8 I was much happier with performance and security.


IE8 isn't bad, but it's nothing rad either. IE9 is looking very slick though, minus the address bar + tabs wtf nonsense.

I would be really curious to see a "days spent with an unpatched critical vulnerability" chart. I know Adobe Reader would be up top, but who would be next up?

random_n said,
I would be really curious to see a "days spent with an unpatched critical vulnerability" chart. I know Adobe Reader would be up top, but who would be next up?

IE of course

Sigh. Open source software has more discovered vulnerabilities because it's open source. This is a good thing. It's infinitely worse to have undiscovered ones. Some people don't seem to realise this. This is why IE has more many more zero day exploits than open source browsers. However, they also have the fastest fixes. I'd rather use OSS which has more people finding holes in it and updating it faster, than proprietary software which has many more unfixed (undiscovered by microsoft/security companies) vulnerabilities, and a slower response time.

Even microsoft itself has recommended in the past that users switch to alternate browsers because of yet another zero day IE exploit. You can write all the propaganda pieces you want, but I'll never use IE. I know many people who have been infected with viruses, malware, and rootkits just by using IE on windows systems. And I'm not just talking about XP. I recently fixed a friend's PC whose system was infected with the Tdss rootkit. He got it from using IE on vista. So no matter how much you try and fearmonger us, we know that IE is not, and never will be the most secure browser. I'm sorry to say.

Flawed said,
Sigh. Open source software has more discovered vulnerabilities because it's open source.

wrong
hackers don't rely on the source code to find flaws. they use tools that analyse code at run time to find defects like unchecked buffers access or uninitialized memory.

You can write all the propaganda pieces you want, but I'll never use IE. I know many people who have been infected with viruses, malware, and rootkits just by using IE on windows systems. And I'm not just talking about XP. I recently fixed a friend's PC whose system was infected with the Tdss rootkit. He got it from using IE on vista. So no matter how much you try and fearmonger us, we know that IE is not, and never will be the most secure browser. I'm sorry to say.

lol
how could you know that your friend has been infected through a flaw in IE, and not by downloading an executable file from an unknown source?

because he uses IE and that you're a IE hate boy, you think that it's IE's fault if your friend got infected?
what about the sandbox? IE's sandbox has never been broken! even at the Pwn2Own contest hackers have been able to run code inside the sandbox (and win the contest), but unable to run the code outside the sandbox (and thus, unable to infect the computer, or even the user profile)!

so it's impossible that you're friend got infected through IE. Unless he has disabled UAC, in which case the IE's sandbox has been disabled too.

link8506 said,

so it's impossible that you're friend got infected through IE. Unless he has disabled UAC, in which case the IE's sandbox has been disabled too.

That's likely what happened.

link8506 said,
hackers don't rely on the source code to find flaws. they use tools that analyse code at run time to find defects like unchecked buffers access or uninitialized memory.

This.

Reading source code for this kind of activity is largely a waste of time and effort.

I don't care any of this so-called security report, whether it's about no. of vulnerabilities or how fast they are patched.
I only know one fact. I've introduced or installed Firefox/Chrome for at least 20+ non-geek friends. All of them said it's much faster and more secure than IE (some of them didn't even know it's called IE; they just knew it's the thing they used to browse). No more hijacking or spam or whatever. They never looked back.

ALUOp said,
I don't care any of this so-called security report, whether it's about no. of vulnerabilities or how fast they are patched.
I only know one fact. I've introduced or installed Firefox/Chrome for at least 20+ non-geek friends. All of them said it's much faster and more secure than IE (some of them didn't even know it's called IE; they just knew it's the thing they used to browse). No more hijacking or spam or whatever. They never looked back.

I once worked as a tech and installed Opera / Firefox on every new computer that went out. Chrome wasn't out by then. Totally agree on "some of them didn't even know it's called IE".

ALUOp said,
I don't care any of this so-called security report, whether it's about no. of vulnerabilities or how fast they are patched.
I only know one fact. I've introduced or installed Firefox/Chrome for at least 20+ non-geek friends. All of them said it's much faster and more secure than IE (some of them didn't even know it's called IE; they just knew it's the thing they used to browse). No more hijacking or spam or whatever. They never looked back.

Funny.. Most of the customers with spyware and virus issues that come and see me ALWAYS use firefox or safari.. only a few use IE with issues and its usually people still stuck with IE6..

Don't get me wrong, I'm no IE fangirl, I used to TOTALLY love firefox, swear by it, make everyone get it etc, but then it just became the new target for people and became crappy and overrun with issues.. I stick to IE8 now and soon IE9 - for me its faster and (now proved to be) more secure.

ALUOp said,
... I only know one fact. I've introduced or installed Firefox/Chrome for at least 20+ non-geek friends. All of them said it's much faster and more secure than IE ...

Because the 20 non-geeks totally know the definition of secure.

I find this so funny and yet there will still be those that cite IE as a REALLY unsecure browser. All the minor detail aside, you are no better off using Chrome, FireFox or whatever else over IE.

If the vulnerability is major and the user base is large enough to make it worth exploiting, then you are in trouble. This is why IE typically gets so much stick (because being the most targetted, it appears the worst).

woi said,
I find this so funny and yet there will still be those that cite IE as a REALLY unsecure browser. All the minor detail aside, you are no better off using Chrome, FireFox or whatever else over IE.

You are much better off using Opera than IE.

This is why IE typically gets so much stick (because being the most targetted, it appears the worst).

The number of security holes does not depend on how much it is targeted.

PreKe said,

You are much better off using Opera than IE.


The number of security holes does not depend on how much it is targeted.

In theory, except unforeseen holes in Opera can affect the OS, unlike IE and Chrome that use security sandboxing.

True it doesn't depend on how much it is targeted. If you look at the numbers for the last version of OS X, it is several times the security holes that Vista and Win7 have combined.

PreKe said,

You are much better off using Opera than IE.

Not in the business world. Most sites are being pushed to accept Firefox, and some are beginning to take Chrome into account as well.

Opera isn't even on the list... You can go on about standards and everything all you want, but the bottom line is that people need a browser that will work with what they want to do currently, not somewhere down the road in 2016 (being optimistic here too).

Meanwhile, I've already begun to see requests (at work) of having our web product available in a form that would be usable on the iPad. Never going to happen, but it's funny to see...

thenetavenger said,
In theory, except unforeseen holes in Opera can affect the OS, unlike IE and Chrome that use security sandboxing.

Again, theoretical security (sandboxing) doesn't help when you have all these security holes.

dead.cell said,
Not in the business world. Most sites are being pushed to accept Firefox, and some are beginning to take Chrome into account as well.

This is about security.

Opera isn't even on the list... You can go on about standards and everything all you want, but the bottom line is that people need a browser that will work with what they want to do currently, not somewhere down the road in 2016 (being optimistic here too).

What on earth are you talking about? Firefox and Chrome have lots of problems with sites, and Opera was actually designed from the ground up to be compatible.

You are extremely ignorant if you think Opera only accepts standards compliant code. It's a blatant lie.

Also, most compatibility problems are due to browser sniffing, not a lack of abilities on Opera's part.

PreKe said,

Again, theoretical security (sandboxing) doesn't help when you have all these security holes.

Sandboxing works well in practice too!

I've made a point of reading each advisory about it, and I cannot remember a single case where the protected mode component of IE's security had been compromised.

Mozilla Firefox 3.6.x
http://secunia.com/advisories/product/28698/
Affected By
10 Secunia advisories
72 Vulnerabilities
Firefox v.3.6, was released January 21st, 2010


Internet Explorer 8
http://secunia.com/advisories/product/21625/
Affected By
17 Secunia advisories
67 Vulnerabilities
Internet Explorer 8 was released March 19, 2009


Google Chrome 7.x
http://secunia.com/advisories/product/32718/
Affected By
2 Secunia advisories
12 Vulnerabilities
Google Chrome 7.x was released October 21, 2010


Opera 10.x
http://secunia.com/advisories/product/26745/
Affected By
11 Secunia advisories
21 Vulnerabilities
Opera 10 was released September 2009


Apple Safari 5.x
http://secunia.com/advisories/product/30282/
Affected By
3 Secunia advisories
19 Vulnerabilities
Apple Safari 5 was released June 7, 2010

A Geek Of All said,
Mozilla Firefox 3................

I'm not sure how that added any value. Its 1 source, a different one to that given in the article.

A Geek Of All said,
Mozilla Firefox 3.6.x
http://secunia.com/advisories/product/28698/
Affected By
10 Secunia advisories
72 Vulnerabilities
Firefox v.3.6, was released January 21st, 2010


Internet Explorer 8
http://secunia.com/advisories/product/21625/
Affected By
17 Secunia advisories
67 Vulnerabilities
Internet Explorer 8 was released March 19, 2009


Google Chrome 7.x
http://secunia.com/advisories/product/32718/
Affected By
2 Secunia advisories
12 Vulnerabilities
Google Chrome 7.x was released October 21, 2010


Opera 10.x
http://secunia.com/advisories/product/26745/
Affected By
11 Secunia advisories
21 Vulnerabilities
Opera 10 was released September 2009


Apple Safari 5.x
http://secunia.com/advisories/product/30282/
Affected By
3 Secunia advisories
19 Vulnerabilities
Apple Safari 5 was released June 7, 2010

Um, you need to go read the Disclaimer on their site, it specifically states why these numbers include vulnerabilities that are used by a product but are not a vulnerability in the product.

metallithrax said,
Surely the title should be "Opera more secure than all"

Theres enough people here that do. Just because you don't and are an MS fanboy doesn't mean no one else does.

metallithrax said,
Surely the title should be "Opera more secure than all"

Taking that as sarcasm, as that title is equally absurd as the current one.

I swear, some people seem to be utterly retarded when they look at statistics. They seem to go around and blindly spout the winner or loser at the top of their lungs without taking into context what the data actually means. Oh well, whatever gets people riled up will generate hits. Sad but true.

TCLN Ryster said,
If anybody cared about Opera, then yes.

You clearly do, since you are commenting on it. And there are always lots of discussions about Opera for articles like this. So it looks like you just proved yourself wrong.

dead.cell said,
Taking that as sarcasm, as that title is equally absurd as the current one.

Nope. While it is not exactly a 100% accurate summary, it is certainly less absurd than the current title.

PreKe said,

Nope. While it is not exactly a 100% accurate summary, it is certainly less absurd than the current title.

No, you just favor Opera, thus will accept any statistics that favor them, despite what the data actually means. You're no better than the rest.

dead.cell said,
No, you just favor Opera, thus will accept any statistics that favor them, despite what the data actually means. You're no better than the rest.

You are wrong. This list shows that Opera has fewer security holes than the other browsers. Thus, that summary would be more accurate even if it isn't 100% accurate.

Nice personal attacks to get away from the fact that you were busted lying again, though.

To be fair, both IE8 and Chrome are more secure than the others because of the process sand boxing.

With that said, it does not surprise me that Chrome is doing worse because they are so focused on putting new features into Chrome rather than testing them. This is why Chrome still occasionally crashes and takes every single subprocess with it, which makes no sense since each window is its own process.

pickypg said,
To be fair, both IE8 and Chrome are more secure than the others because of the process sand boxing.

How can they be "more secure" when they have more security holes? Theoretical security doesn't help when there are always holes around to exploit them.

Nice opera is the last one on the list, and in this situation thats VERY good haha. Im glad I use opera mainly.

Sikh said,
Nice opera is the last one on the list, and in this situation thats VERY good haha. Im glad I use opera mainly.

1% of people use Opera => Security is not a focus for the Opera team.
If you actually look at the anti-exploit mitigations, IE8 and Chrome are far better.

Eastwind said,
Let's not forget noone cares to exploit Opera since not worth working on to exploit 1% rather than rest...
Aethec said,
1% of people use Opera => Security is not a focus for the Opera team.

This is nonsense. Opera has more than 140 million users globally, which translates to a total market share around 7%. I wish people would stop spreading these lies about Opera's supposed 1% market share, because it continues to be a lie.

Also, Opera has always focused a lot on security, so it's no wonder it's always the best at that.

And remember, it's the #1 mobile browser, so hackers are actively looking for ways to exploit it.

PreKe said,

This is nonsense. Opera has more than 140 million users globally, which translates to a total market share around 7%. I wish people would stop spreading these lies about Opera's supposed 1% market share, because it continues to be a lie.

Also, Opera has always focused a lot on security, so it's no wonder it's always the best at that.

And remember, it's the #1 mobile browser, so hackers are actively looking for ways to exploit it.

sucks on the desktop imo- i just cant like it no matter how hard i try. I use IE9 and chrome the most

Aethec said,

1% of people use Opera => Security is not a focus for the Opera team.
If you actually look at the anti-exploit mitigations, IE8 and Chrome are far better.

I'm Calling B.S on that >>>>> " Security is not a focus for the Opera team."

Sikh said,
Nice opera is the last one on the list, and in this situation thats VERY good haha. Im glad I use opera mainly.

agree while i prefer firefox because of extension and compatibility, i prefer opera over chrome. opera its so underrated and suffer so much hate somehow.

Sikh said,
Nice opera is the last one on the list, and in this situation thats VERY good haha. Im glad I use opera mainly.

+1 Opera owns them all. Been using it for over 5 years now, on both windows and linux.

PreKe said,

This is nonsense. Opera has more than 140 million users globally, which translates to a total market share around 7%. I wish people would stop spreading these lies about Opera's supposed 1% market share, because it continues to be a lie.

Also, Opera has always focused a lot on security, so it's no wonder it's always the best at that.

And remember, it's the #1 mobile browser, so hackers are actively looking for ways to exploit it.


I thought mobile versions were quite different? As in comparing apples to oranges?

Won't argue the number of users they have, but I highly doubt that's specifically for desktop users. Decent mobile browser of course, but kind of behind in the desktop arena (hence why they appear to be playing catch up with addons).

dead.cell said,
I thought mobile versions were quite different? As in comparing apples to oranges?

Opera for mobiles uses the exact same engine as the desktop version.

Won't argue the number of users they have, but I highly doubt that's specifically for desktop users. Decent mobile browser of course, but kind of behind in the desktop arena (hence why they appear to be playing catch up with addons).

They have about 50/50 desktop and mobile users. So Opera does indeed have more than 50 million desktop users, and then some.

Opera "behind" on desktop? That's obviously wrong. They have basically defined the modern desktop browser, and everyone else is constantly stealing features from them. They may not have the US market share that other browsers have gained by being promoted by monopolies (including Firefox), but they are doing very well as an actually independent browser (Firefox got massive resources and promotion through Google's online ad monopoly, remember).

Also, Opera is the #1 or #2 desktop browser in some parts of the world, like Eastern Europe.

PreKe said,

Opera "behind" on desktop? That's obviously wrong. They have basically defined the modern desktop browser, and everyone else is constantly stealing features from them. They may not have the US market share that other browsers have gained by being promoted by monopolies (including Firefox), but they are doing very well as an actually independent browser (Firefox got massive resources and promotion through Google's online ad monopoly, remember).

Also, Opera is the #1 or #2 desktop browser in some parts of the world, like Eastern Europe.


You're argument falls apart as Opera is copying other's just like everyone else.

I don't even care for this argument either, since I'm a consumer first and foremost. Having products with similar features competing with one another is a good thing. Good ideas will become the standard, and people will flock to the product that executes them best.

dead.cell said,
You're argument falls apart as Opera is copying other's just like everyone else.

No, not just like everyone else. While they have copied things, they have innovated far more. Address bar searches, popup blocking, speed dial, etc. All the stuff you take for granted in modern browsers was invented by Opera.

I don't even care for this argument either, since I'm a consumer first and foremost. Having products with similar features competing with one another is a good thing. Good ideas will become the standard, and people will flock to the product that executes them best.

My point was that claiming that Opera is "behind on the desktop" is pure insanity. I'm not really too concerned about who did what first either. But when someone makes a stupid claim like that, it needs to be corrected.

So please stop making the stupid claim that Opera is "behind on desktop."

Number of vulnerabilities != security

How about patching speed, number of attacks, security measures and more.

Ashmir said,
Number of vulnerabilities != security

How about patching speed, number of attacks, security measures and more.


In terms of security measures, IE8+ is up there with Google Chrome because of its sandboxing and ASLR.

Julius Caro said,
I thought that at this point it was kind of common knowledge that both IE8 and Chrome were the most secure
Goes to show you the value of common knowledge...

Julius Caro said,
I thought that at this point it was kind of common knowledge that both IE8 and Chrome were the most secure

Under Windows 7 when considering the Sandboxing abilities of the OS, that those browsers make use of, and that this rating might not look at

Julius Caro said,
I thought that at this point it was kind of common knowledge that both IE8 and Chrome were the most secure

I thought firefox was secure?

Dinggus said,
I thought firefox was secure?

No ASLR, no DEP, no plugin sandboxing until recently, no tabs separation, no "Protected Mode", ...
Firefox is less secure than IE and Chrome.

Aethec said,

No ASLR, no DEP, no plugin sandboxing until recently, no tabs separation, no "Protected Mode", ...
Firefox is less secure than IE and Chrome.

I don't even know what ASLR, DEP is.

So what is a good recommended browser?

Dinggus said,

I don't even know what ASLR, DEP is.

So what is a good recommended browser?


Internet Explorer 9 or Google Chrome.

(Address Space Layout Randomization and Data Execution Prevention)

rfirth said,
Internet Explorer 9 or Google Chrome.

(Address Space Layout Randomization and Data Execution Prevention)


Won't help much when there are actual security flaws. Theoretical protection only works when there are no holes.

Drunken Beard said,
Except this shows that Chrome is actually the least secure. But I don't see any reference to the product versions used ?

This test doesn't discuss security. It's about how many bugs a company have fixed. The two are pretty unrelated. If I build a browser and fix no bugs, do I win?

Drunken Beard said,
Except this shows that Chrome is actually the least secure. But I don't see any reference to the product versions used ?

2 years 8 versions... That will be hard I guess. Funny how Chrome moved up 8 versions but not much has changed ever since.

Northgrove said,
This test doesn't discuss security. It's about how many bugs a company have fixed. The two are pretty unrelated. If I build a browser and fix no bugs, do I win?

No, the test doesn't discuss mere bugs. It discusses security flaws, and Chrome is the worst there.

Buttus said,
these are current vulnerabilities, or ones that have been fixed? or both?

Ye it's funny. Less found vulnerabilities does not equate to being more secure. It's a false supposition that has been disproved ad nauseum. But I guess it makes for sensationalist journalism for the MS fan boys, even though it's completely meaningless.

Lets do a quick poll in here shall we? Who has seen a system infected with viruses, malware, and other nasties from just browsing the web use IE? And who has seen the same from using Firefox etc? I think that will clear up any misconceptions of IE being more secure than other browsers.

Flawed said,

Ye it's funny. Less found vulnerabilities does not equate to being more secure. It's a false supposition that has been disproved ad nauseum. But I guess it makes for sensationalist journalism for the MS fan boys, even though it's completely meaningless.

Lets do a quick poll in here shall we? Who has seen a system infected with viruses, malware, and other nasties from just browsing the web use IE? And who has seen the same from using Firefox etc? I think that will clear up any misconceptions of IE being more secure than other browsers.

+1

Flawed said,

Ye it's funny. Less found vulnerabilities does not equate to being more secure. It's a false supposition that has been disproved ad nauseum. But I guess it makes for sensationalist journalism for the MS fan boys, even though it's completely meaningless.
Lets do a quick poll in here shall we? Who has seen a system infected with viruses, malware, and other nasties from just browsing the web use IE? And who has seen the same from using Firefox etc? I think that will clear up any misconceptions of IE being more secure than other browsers.

No wonder Mac is more secure than Windows. Oh, wait.

Flawed said,

Ye it's funny. Less found vulnerabilities does not equate to being more secure. It's a false supposition that has been disproved ad nauseum. But I guess it makes for sensationalist journalism for the MS fan boys, even though it's completely meaningless.

Lets do a quick poll in here shall we? Who has seen a system infected with viruses, malware, and other nasties from just browsing the web use IE? And who has seen the same from using Firefox etc? I think that will clear up any misconceptions of IE being more secure than other browsers.

did you ever see a windows vista/7 Internet Explorer user getting infected by a 0day flaw in Internet Explorer or Flash player?

IE7/8 and plugins like flash player run inside a sandbox (protected mode), which prevents malware from getting write access on the hard disk, which makes impossible for malware to install even on the user profile if a 0day flaw was to be exploited!

firefox does not have such a protection, which makes it vulnerable to 0day flaws, like a few weeks ago : http://news.softpedia.com/news...tribute-Trojan-163065.shtml


so, it's a misconception to think that firefox is more secure than IE. Facts prove it is not.
Even prominent hackers say that firefox is the least secure browser, along with safari:
http://www.neowin.net/news/cha...safest-computing-experience

it is also a misconception to think that mozilla patches flaws very fast, since most flaws are patched several months or years after they have been reported privately to mozilla.

even the last 0day flaw that was exploited last month has been discovered on october 5:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3765
and patched 22 days after being reported to mozilla, but in the meantime the flaw has been exploited in the wild for 2 days.

several others critital flaws discovered in august this year have been patched at mid october. Take a look at the CVE bulletins if you want to check by yourself!

Flawed said,

Ye it's funny. Less found vulnerabilities does not equate to being more secure. It's a false supposition that has been disproved ad nauseum. But I guess it makes for sensationalist journalism for the MS fan boys, even though it's completely meaningless.

Lets do a quick poll in here shall we? Who has seen a system infected with viruses, malware, and other nasties from just browsing the web use IE? And who has seen the same from using Firefox etc? I think that will clear up any misconceptions of IE being more secure than other browsers.


Thanks for saying this, so I didn't have to.

IE is only winning on the security tests where it's fixing less bugs.
Not saying much about security...

It could actually be seen as something pretty bad.

Flawed said,

Ye it's funny. Less found vulnerabilities does not equate to being more secure. It's a false supposition that has been disproved ad nauseum. But I guess it makes for sensationalist journalism for the MS fan boys, even though it's completely meaningless.

Lets do a quick poll in here shall we? Who has seen a system infected with viruses, malware, and other nasties from just browsing the web use IE? And who has seen the same from using Firefox etc? I think that will clear up any misconceptions of IE being more secure than other browsers.

+1

link8506 said,

IE7/8 and plugins like flash player run inside a sandbox (protected mode), which prevents malware from getting write access on the hard disk, which makes impossible for malware to install even on the user profile if a 0day flaw was to be exploited!

firefox does not have such a protection, which makes it vulnerable to 0day flaws, like a few weeks ago : http://news.softpedia.com/news...tribute-Trojan-163065.shtml


so, it's a misconception to think that firefox is more secure than IE. Facts prove it is not.
Even prominent hackers say that firefox is the least secure browser, along with safari:
http://www.neowin.net/news/cha...safest-computing-experience

Firefox does have protection similar to sandboxing, OOPP.

Chrome has sandboxing.

You're flat out wrong that implementing sandboxing therefore means you're not susceptible to getting malware. Try using the internet more. As mentioned above, a general poll would show IE still has more issues than other browsers. A large number of people didn't move away from IE and stay away from it for nothing.

link8506 said,

did you ever see a windows vista/7 Internet Explorer user getting infected by a 0day flaw in Internet Explorer or Flash player?

IE 7/8 can infect a computer by just visiting a web site. You don't even need to click anything just visiting the web site automatically infect you if your AV doesn't catch the virus. And i'm not talking about some obscure illegal web site here but fake web site you can get in the first 10 pages of a google search result about a legal subject.

So imo you can't really be more insecure than that.

Dunno about IE 9 looks like it will be more secure.

Edited by LaP, Nov 18 2010, 2:39pm :

Tarrant64 said,

Firefox does have protection similar to sandboxing, OOPP.

that's wrong
firefox isolates plugins in a separate process, but it's not a security sandbox. Neither the plugin nor firefox are isolated from the user session using a security sandbox like IE or chrome does.

You're flat out wrong that implementing sandboxing therefore means you're not susceptible to getting malware.

so, you are thinking that the winners of the Pwn2Own browser security contest are idiots that do not know about security, and that you are smarter than them by telling that sandboxing is useless?

aren't you a mozilla fanboy? XD

LaP said,

IE 7/8 can infect a computer by just visiting a web site. You don't even need to click anything just visiting the web site automatically infect you if your AV doesn't catch the virus.

like firefox users got infected two weeks ago because of a 0day flaw being exploited after it has been reported to mozilla 20 days ago!

IE on XP can get attacked by hackers, because there is no ASLR and sandbox on XP.
But I'm speaking of Windows Vista/7

hackers have NEVER managed to run malicious code outside the security sandbox (even the winner of the Pwn2Own contest only managed to run code inside the sandbox, but he wasn't able to gain write access to the hard drive to install a malware thanks to the sandbox)


And i'm not talking about some obscure illegal web site here but fake web site you can get in the first 10 pages of a google search result about a legal subject.

since you're trying to spread FUD, please send us a link supposed to infect a IE8 user running vista or 7, and I will be more than happy to browse the malicious site even with an unpatched IE8 to prove you that no malware have been able to break the sandbox protection.

^^



So imo you can't really be more insecure than that.

some famous hackers say the opposite!
who should be believed? you (who doesn't expose any fact), or these hackers (who won the browser hacking security contest several times)?

Dunno about IE 9 looks like it will be more secure.

IE9 has the same security features as IE8 (DEP, full ASLR, and sandboxing)
you see, you're just supposing, you're not using facts.

link8506 said,

since you're trying to spread FUD, please send us a link supposed to infect a IE8 user running vista or 7, and I will be more than happy to browse the malicious site even with an unpatched IE8 to prove you that no malware have been able to break the sandbox protection.

You do realize those kind of web sites don't stay up for a long period of time?

Of course the web site is down today. And i don't care enough to find a new one. And i really don't care if you don't believe me.

link8506 said,

you see, you're just supposing, you're not using facts.

I love the fact the you are supposing i got infected using Vista/Windows 7 ...

We are talking about browser security here not OS security. If it's not secure under Windows XP then it's not secure.

Edited by LaP, Nov 18 2010, 5:42pm :

LaP said,

I love the fact the you are supposing i got infected using Vista/Windows 7 ...

We are talking about browser security here not OS security. If it's not secure under Windows XP then it's not secure.

One could also flipp it around, one talks about browser security, so if it's secure under 7 but not xp then it's the OS that's the problem and not the browser, so the browser is secure.

link8506 said,

that's wrong
firefox isolates plugins in a separate process, but it's not a security sandbox. Neither the plugin nor firefox are isolated from the user session using a security sandbox like IE or chrome does.

so, you are thinking that the winners of the Pwn2Own browser security contest are idiots that do not know about security, and that you are smarter than them by telling that sandboxing is useless?

aren't you a mozilla fanboy? XD

My mistake on "sandboxing". They use OOPP to protect the browser, not the OS in terms of security. I get it. Just wanted to get across they do utilize the same "idea" you could say with the browser.

To say what I'm thinking and making an assumption on that is stupid. I made no reference to what I think of pwn2own - and I made no reference to even indicate I'm smarter than these guys and they don't know what they're doing. I'm not saying sandboxing is useless, but you're comment on saying that it makes IE the most secure, and impenetrable is false. Here's what I think - a lot of these contests prove security strengths from a certain standpoint. I think any popular browser has it's strongpoints when it comes to security, but there is not 1 that is hands down the best when it comes to security.

And labeling me as a fanboy is inmature. I made one statement about Firefox and mentioned OOPP, and that makes me a fanboy?

You're arrogance there actually ****es me off.

sCrAtCh420th said,
its secure thats why its so slow
It's fast on my main desktop and laptop that I use it on ... Weird.

sCrAtCh420th said,
its secure thats why its so slow
IE 9 will be the fastest browser ever so far when it comes out, check before you post.

sCrAtCh420th said,
its secure thats why its so slow

Long documents sometimes cause IE9 to be slow. Neowin never triggers this behavior, but certain forums do.

But if *every* site is slow, then you probably have a bad add-on. Disable all add-ons and then see if it solves the problem. Tools --> Manage add-ons.

tanjiajun_34 said,

It is NOT the fastest. Check before you post.

Actually the latest IE9PP is the now the quickest browser on the useless sunspider test.

But this can't be true.. IE as the fastest and most secure webbrowser? It's not 2012 already is it?

Oh, and "check before you post".

Edited by zicoz, Nov 18 2010, 11:44pm :

zicoz said,

Actually the latest IE9PP is the now the quickest browser on the useless sunspider test.

But this can't be true.. IE as the fastest and most secure webbrowser? It's not 2012 already is it?

Oh, and "check before you post".


They only compared with Chrome 8? You knows Chrome is 9 already and if I remembmer they will become 10 in Chromium very soon these days. And also, win in Sunspider does not makes them the fastest browser too. What about Peacekeeper? Also I thought a few months ago, Microsoft fans are saying Sunpsider benchmark don't make a different? Hmmmm I wonder why the tone changed. Anyway, check before you post =D