A security consultant called ScanIT announced that Microsoft’s Internet Explorer browser (Windows) was the least secure browser for 2004. Surprised? No.
What’s surprising about ScanIT’s announcement was that Internet Explorer (MSIE) was unsafe for 98-percent of 2004. MSIE was safe for use only seven days for the whole year.
ScanIT has this nifty browser security check which tests your browser against 37 different potential vulnerabilities.
Assuming you don’t have much to do today (obviously, I didn’t), here’s what you’re likely to find when checking your browser.
First, if you’re using Windows and running Internet Explorer, you have plenty to be worried about.
Second, if you’re using the latest versions of every update recommended by Microsoft, scan your PC regularly for viruses, spyware, malware, and whatever else seems to attack PCs these days, you might get off lucky.
What if you’re a Mac user? Don’t worry so much. Yet.
We have a Sony Vaio running Windows XP with the latest Service Pack. It also has McAfee’s latest virus scans, a virus utility from AOL, Spyware from AOL and Microsoft, and two or three other goodies that we regularly run to keep the PC “free” of malware.
Actually, this PC’s only function is to be started up once a week just to run all the virus software. Really.
ScanIT’s Browser Security Test has 37 different “tests” to run. Most of them are Microsoft Internet Explorer vulnerabilities. A few are Mozilla-based, some for the browser Opera. Nothing notable for Mac browsers. So, you’re safe? So you might think.
These vulnerabilities are things like these:
Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (bid11467).
Microsoft Internet Explorer MIME Header “Content-Type: audio-x-wav” Attachment Execution Vulnerability (bid2524).
And so on.
So, I gave ScanIT’s browser test a test of my own. Click, and Safari was on the line. 37 steps and one “gotcha” later, Safari was given the All Clear. The “gotcha” was a page that Safari wouldn’t load.
Then, on to the Mac’s version of Microsoft’s Internet Explorer (good thing no one uses that anymore). It tried. And tried. MSIE for Mac simply couldn’t finish the tests.
Either it would hang or crash or just stop. MSIE never made it past test #7. One can only wonder about the security of vulnerabilities #8 through #37.
OK, let’s try the same thing on our squeeky clean Windows XP machine with an updated Internet Explorer (the same PC that only gets started up once a week to run virus software).
Guess what? Internet Explorer passed all 37 tests with flying colors (whatever that means). Really. It passed.
Firefox on Windows was not so lucky and came away with a single High Risk Vulnerability (something to do a Java plugin—does Java even work on Windows?).
Back on the Mac, Firefox was perfect and sailed through the 37 steps. Tera’s fav browser, OmniWeb, wasn’t so lucky. It coughed up a hairball on the Microsoft Internet Explorer Search Fram Fake Caller Vulnerability. Not to worry. It was a medium risk vulnerability.
It could happen to anyone.
There you have it. 4 Mac browsers tested. Two fully secure, two not. That’s 50-50. On the Windows side of the world, it was also 50-50. Two tested, on not fully secure.
Your mileage may vary.
Of course, we hold and bear no responsibility of any kind for the tests, the results, the mental anguish, or havoc said tests may inflict on you, your browser, your Mac or PC, or neighbors, or pets.
It was fun, though.