Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE6 Was Unsafe 284 Days In 2006

Posted by kdawson on from the barn-door-of-vulnerability dept.

An anonymous reader sends us to the Washington Post's Security Fix blog, where Brian Krebs has toted up the total vulnerability days for IE6 users in 2006. From the article: "For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users... In contrast, Internet Explorer's closest competitor in terms of market share — Mozilla's Firefox browser — experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."

5 of 137 comments (clear)

  1. I hope stuff like this makes the paper by RiotXIX · · Score: 5, Insightful

    Then it might affect people who don't already know it.

    --
    "You know you don't act like a scientist, you're more like a game show host." Dana Barret
  2. Hazards of monoculture by Kelson · · Score: 4, Insightful

    Consider that this would be less of an issue if IE weren't used by 70-90% (depending on where you look) of web surfers. Most-used and least-secure is a disastrous combination. This is why alternatives are important. If the space broke down at, say, 30% IE, 30% Gecko, 15% Safari, 15% Opera and 10% random, malware authors would have to go to a lot more effort to exploit the majority.

  3. Nothing to see here... by Thansal · · Score: 4, Interesting

    you know the drill.

    My bet is that the number that COUNTS is probably larger (also larger for FF), the number of days where there was a vulnerability that was known by malicious groups, just not publicly posted.

    --
    Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
  4. all a matter of perspective by macadamia_harold · · Score: 5, Funny

    IE6 Was Unsafe 284 Days In 2006

    Of course the flip side of this story is that IE6 was safe for 81 days in 2006.

    Obviously, the solution is to shorten the year to 81 days.

    --
    Push Button, Receive Bacon
  5. There are three main factors for this by Toreo+asesino · · Score: 5, Interesting

    1. IE != OpenSource - many eyes are better than few for finding & fixing defects.

    2. Desktop integration - across Windows 98, ME, 2000, XP and to a lesser extent Vista.

    3. Application integration - there are tonnes of apps writen either embedded in IE, or using IE as a view-port to data, screens, etc.

    All of the above (and more) make IE6 a bitch to keep updated quickly and easily. Breaking not just a browser, but OS shell, and tied-apps with a dodgy patch isn't an option for Microsoft and they know it (despite the odd rogue update that slips through the net).

    --
    throw new NoSignatureException();