Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE6 Was Unsafe 284 Days In 2006

Posted by kdawson on from the barn-door-of-vulnerability dept.

An anonymous reader sends us to the Washington Post's Security Fix blog, where Brian Krebs has toted up the total vulnerability days for IE6 users in 2006. From the article: "For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users... In contrast, Internet Explorer's closest competitor in terms of market share — Mozilla's Firefox browser — experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."

2 of 137 comments (clear)

  1. I hope stuff like this makes the paper by RiotXIX · · Score: 5, Insightful

    Then it might affect people who don't already know it.

    --
    "You know you don't act like a scientist, you're more like a game show host." Dana Barret
  2. Hazards of monoculture by Kelson · · Score: 4, Insightful

    Consider that this would be less of an issue if IE weren't used by 70-90% (depending on where you look) of web surfers. Most-used and least-secure is a disastrous combination. This is why alternatives are important. If the space broke down at, say, 30% IE, 30% Gecko, 15% Safari, 15% Opera and 10% random, malware authors would have to go to a lot more effort to exploit the majority.