Online users now have to grapple with a growing number of security vulnerabilities found not only in Microsoft Internet Explorer, but also in other Web browsers including Opera and open-source Firefox. However, industry experts say surfing the Web can still be a secure activity.
Microsoft Internet Explorer (IE) users plagued by security woes initially saw Mozilla's Firefox browser as the more secure alternative. But the open-source browser is now facing security issues, which have culminated into a diagnosis from security vendor Symantec that decreed it has double the vulnerabilities found in IE.
Now past its 100 millionth download, Firefox has come under fire in recent months for its security flaws. In its Internet Security Threat Report (ISTR), released in September this year, Symantec noted that the popular Mozilla browser had 25 vendor-confirmed bugs in the first six months of the year, as opposed to IE's 13.
Of the 25, 72 percent of Firefox's flaws were rated as "high severity", an increase from the 14 "most severe" flaws discovered over the same period in 2004. In contrast, IE's total of 13 bugs, eight of which were flagged "high severity", marks a decrease from the 31 that were discovered last year.
McAfee's AVERT research fellow
Even Opera, one of the smaller players in the browser space, has not been spared. In June this year, two months after the release of Opera 8, the Norwegian company updated its browser to fix a handful of security flaws which could have been exploited by phishers and other attackers to create spoof sites.
Can browsing be safe?
With the proliferation of loopholes found in Web browsers, has the phrase "secure browser" all but disappeared from the lexicon?
Jimmy Kuo, research fellow with McAfee's Anti-Virus Emergency Response Team (AVERT), said it would be a mistake to equate security with the number of vulnerabilities discovered.
"Safeness doesn't have to do with the number of vulnerabilities," he said. "It only takes the 'right' one to make it worthwhile to attack. Many announced vulnerabilities probably won't make malware writers excited."
Dean Turner, executive editor of Symantec's Internet Security Threat Report One, reasoned that vulnerabilities in Web browsers are frequently highlighted these days because browsers are seen as an "attractive entry point into the host system".
"Increasingly, attackers are shifting their focus away from network perimeters as a way into the network and toward individual client side applications such as Web browsers," Turned explained. "Due to widespread deployment and the fact that most networks allow HTTP (Web) traffic into their networks, attackers are searching for the path of least resistance."
Charles Cousins, Asia managing director of Sophos Anti-Virus, noted that as software applications go, no one software can ever be perfect. Given that Web browsers are used by virtually every computer user, it is inevitable that hackers would zero in on them, he said.
"All software have flaws, and hackers will exploit security holes in commonly used applications," Cousins added. "Browsers are an obvious application to target as they read data from third-party Web sites which can be constructed to include malicious code."
Microsoft has also acknowledged that hackers target widely-used software, and is facing problems resolving it.
In its most recent Form 10K filing to the U.S. Securities and Exchange Commission, the software giant stated that hackers have tended to "focus their efforts" on
Play video
There are currently no comments for this post.