The safety of Internet Explorer vs. Firefox revisited
“Internet Explorer Sucks.” The foregoing is a quote from the latest Crypto-Gram Newsletter by the well-known security expert Bruce Schneier. In it, he points out a study done last August by researchers at a security firm in Belgium called Scanit. Unlike the phony “test” done by George Ou (discussed here earlier) that got so much notice at ZDNet, this study has some actual significance. Schneier describes the test
The researchers tracked three browsers (MSIE, Firefox, Opera) in 2004 and counted which days they were “known unsafe.” Their definition of “known unsafe”: a remotely exploitable security vulnerability had been publicly announced and no patch was yet available.
By this definition Internet Explorer was 98% unsafe. There were only 7 days in 2004 without an unpatched publicly disclosed security hole. In contrast, the figures for Windows Firefox were that it was 7% unsafe, corresponding to 26 days with an unpatched but publicly disclosed security hole. Opera was unsafe for 65 days or 17%.
While the percentages quoted for this test do not really define safety quantitatively (such a metric is probably impossible) it is a lot better than the numerology of some previous tests. It answers some of the questions that I raised on another page. The results for IE vs. Firefox and Opera are so disparate that they clearly indicate a real difference in practical safety.
If ZDNet wants to be fair, they should report on this study. It would only be right after their ballyhoo on the Ou non-test.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.