It is being taken as approved that IE is insecure. So you should use firefox or any other browser which is secured and dump the IE. Is it really true? Is only IE insecure and not other browsers? Should we ban IE?
On 12 January, 2010, Google disclosed on its Official blog that the company had come under an attack and the source of attack is in China. but the Chinese government has denied the fact that it is involve in this attack.
According to the reports a backdoor Trojan called Hydraq was used in the attack which was a part of malicious code called Aurora. According to Microsoft's investigation exploit code has used javascript which copies, releases and references a Document Object Model element, when the attack code was placed in a location in free memory, it could be executed. The specific vulnerability that was exploited by hackers in the targeted attacks is an HTML Object Memory Corruption vulnerability, which can allow the attacker to remotely execute the arbitrary code by accessing a pointer that’s associated with a deleted object.
So in response to this attack Microsoft has released security updates for IE. this was emergency update that was unexceptionally quick response by Microsoft. For more info read this.
The effect of this attack has been felt in both technological as well as political worlds. Google announced that they will reconsider the relationship with China and has threaten to pull out of china. However, in technical world in U.S. as well outside of the U.S. outcry was not against China but against the Microsoft's IE. Everyone said Stop using IE, even US-CERT.
The headlines that came up everywhere sounded like abandoning IE completely. But looking beyond media, if we see the actually statement by advisory committee is this: "IE users switch to another browser until a fix for the Hydraq vulnerability was issued by Microsoft".Most of the reports has left the last part of the statement. Which has made it appear as government agencies are asking to abandon IE. For more info on this issue please read this and this.
I agree on the fact that various versions of IE are having vulnerabilities but are really other web browsers secured? Let us have a look at this.
If we look at all the news from the tech world we would get to know that everyof the browser is having some kind of venerability in it.
For example, Look at following web browser venerability news.
1. Mozilla Firefox: In September 2009, mozilla firefox has released critical security patches for firefox 3.5. again in November, 2009 firefox is found to be most venerable web browser.
2. Google Chrome: After its birth in the internet world, chrome was found to be having vulnerabilities in it just when it was one day old baby. In August again the chrome was found with vulnerabilities which were high risk vulnerabilities.
3. Apple's Safari: In Novemver, 2009, Apple's Safari was found with the multiple vulnerabilities into it which were allowing attackers to bypass the security.
4. Opera Web Browser: In November 2009, Opera was found with multiple vulnerabilities.
Out of all the internet users all across the world 60% of the users are using IE, 25% are using Firefox, 5% uses Google's Chrome, 5% users are using Apple's Safari, Opera users are just 2% and rest uses other browsers. So most of the surfers on the internet uses IE. So it becomes quite obvious for any attacker to make use of IE for exploitation, because it will cause maximum destruction as well as money related gains.
It is obvious that attacker will spend his time is developing exploits for the most commonly used browser, so that they can make maximum damage. Of course shifting to another web browser that is less popular will secure your browsing but upto what time? If everyone decides to go to less popular web browser then these attackers will definitely shift to them because at that time these will be mostly used browsers.
So because of the false news of the "IE is dangerous", and other web browsers are secure, will lead to a false sense of security. If everyone thinks all he have to do in order to be safe is use the “right” browser, he may ignore the necessity to install updates or configure settings properly, leaving himself more vulnerable than they were with IE.
I would recommend refer this for All the browser review.
No comments:
Post a Comment