Internet Explorer: The LEAST Secure Browser?

Category: Browsers

One website is reporting that a record number of security vulnerabilities were discovered in Internet Explorer during the first half of 2014, far more than in Google Chrome or Mozilla Firefox. Should alarms be sounded across the land? Should you tell Mom to switch browsers? Let's find out...

Is Internet Explorer Unsafe at Any Speed?

“We really recommend that you not use Internet Explorer,” I overheard a librarian telling a patron in the local Public Library recently. Chrome and Firefox are available on every terminal available at all library branches. I wonder why they don’t simply disable IE to make it disappear, but I understand why they discourage its use: the pundits that everyone heeds miss no opportunity to make IE look bad.

Most recently, Techworld trumpeted that a disturbing number of security vulnerabilities were discovered in Internet Explorer during the first half of 2014, far more than in any other popular program. That’s according to an analysis of U.S. National Vulnerability Database (NVD) figures. Researchers found 133 NVD records of IE vulnerabilities so far in 2014, compared to 130 for all of 2013. By contrast, the competing browsers Chrome and Firefox each logged about 75 vulnerabilities during the first six months of 2014.

IE Browser Vulnerabilities

But wait; Chrome had 175 vulnerabilities discovered during 2013 while Firefox achieved 150. So over a full year, IE actually had the least vulnerabilities of the three major browsers! Confused yet? What Techworld didn't mention is that those numbers don't take into account the severity of the software bugs. Severity is measured on a scale of 0 - 10, with a higher score indicating a more serious problem. Digging a bit deeper, I found that the average severity for vulnerabilities discovered in 2014 tell a story that's a bit more illuminating:

Internet Explorer: Average severity 9.8, with 93% in the 9-10 (most severe) range

Firefox: Average severity 8.0, with 49% in the 9-10 (most severe) range

Chrome: Average severity 7.5, with under 3% in the 9-10 (most severe) range

Okay, Internet Explorer seems to look worst when it comes to both raw numbers of vulnerabilities discovered, and the seriousness of those vulnerabilities. But keep in mind that a vulnerability means only that a security researcher found a software bug that COULD POSSIBLY be exploited by hackers, crackers and other cybervillians.

Nobody Expects the Spanish Inquisition!

And of course, nobody expects that they'll fall prey to a security flaw in their favored browser. So how many of those vulnerabilities were actually exploited? Firefox and Chrome have had ZERO exploits since 2010. For IE, there were only 3 in the past year. That's not so bad, considering that these exploits require the user to be tricked into viewing a specially crafted web page in order to be affected. And in each case, Microsoft responded to the flaws with timely fixes.

Personally, I found the NVD website rather heavily laden with acronyms and jargon, hard to search, and nearly incomprehensible. I discovered that the NVD is fed by another site called CVE Details that lets you search, browse and drill down into security vulnerability data in a much friendlier format.

Microsoft released version 11 of IE last October. Like all new major versions of any software, it contains numerous bugs. The company issued its first security patch for IE 11 just five days after the update hit the Web, compared to more than 80 days lag time back in 2007 to 2011.

So no, IE is not the runaway winner of the Most Dangerous Software of All Time. A deeper look at the details of the software flaws discovered, their relative severities, the number of actual exploits, and the difficulty of carrying out an exploit, reveals that IE, Firefox and Chrome are all very safe vehicles on the information superhighway. The latter two automatically update themselves, and IE will do likewise if Windows Update is run with the default (automatic) settings. And as in the physical world, the driver is the cause of more accidents than the car.

You Want Danger? I'll Show You Danger...

A lot of techies give the Most Dangerous Software title to Java, which is found in more places than IE and has a horrible history of security vulnerabilities and exploits. (See my article, Time to Boycott Java? Apparently, a lot of people have been boycotting Java of late, encouraging bad guys to seek other victims.

In related news, Firefox 31.0 was released in July with a new anti-malware feature. The browser will now check the Google Safe Browsing reputations of individual files as they are downloaded, as well as checking Web sites’ reputations to warn users away from known phishing and malware sites.

Mozilla announced that Firefox 32.0, due in September, will add a new and more efficient file-checking feature. Before contacting the Google Safe Browsing database, Firefox will check a file for a valid digital signature that confirms the author is known and safe. Only if no signature is found will Firefox refer to the Google Safe Browsing database. If the user has added a software publisher to his/her local list of “known good guys,” Firefox will skip these tests.

The bottom line is that vulnerabilities logged in the National Vulnerability Database are down this year overall. At least temporarily, the good guys seem to be winning. But the pendulum can swing at any time, so keep your local defenses and good computing sense on the alert.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 28 Jul 2014


For Fun: Buy Bob a Snickers.

Prev Article:
Amazon's Kindle Unlimited: Netflix for Books?

The Top Twenty
Next Article:
7 Cool Things You Can Do With Dropbox

Most recent comments on "Internet Explorer: The LEAST Secure Browser?"

Posted by:

Tom Van Dam
28 Jul 2014

It seems that everyone wants to do a kneejerk reaction to put down what they don't understand. I use IE at work and home with no problems (yes my AV software is up to date). I hate the UI in Chrome where they don't give any toolbars.

I would think that one would have to look at the browser usage (in numbers between IE, Google and Firefox) to so which is the most used and how many problems have been reported on each to get a valid picture.

In another light, we could eliminate all car accidents if we just didn't drive cars anymore and walked or used public transportation.


Posted by:

Charles Feinstein
28 Jul 2014

I am giving Opera a spin for the first time in awhile and I like it, except I cannot find the Find function to look for a word in the page or document I am reading.
Anyway, is this a safe alternative?
Thank you.


Posted by:

TKDundalk
28 Jul 2014

Blah, blah, blah. It seems that no matter what one uses, someone has a bone to pick with it. I've used IE for years in its many forms and iterations. I've tried the others. All of my favorites and quickie buttons are in IE. I'm tired of trying to use a "better" browser. They're all good. So, I'm staying with the "devil" I know. Thanks, again, for an informative and unbiased article.


Posted by:

virginia
28 Jul 2014

Great information, as always----i do enjoy reading your articles--down to earth explaining & timely.


Posted by:

RandiO
28 Jul 2014

Thank you for this article to alert all of your readers about IE security issues. I am assuming that the you and Techworld are primarily addressing IE11 and not the older versions of IE (IE9/IE10). There is a slew of InternetExplorer users who are having serious issues in attempting to upgrade to IE11 (from IE9/IE10). I have spent the past 8 months in attempting to shoehorn IE11 in a Toshiba laptop w/Win7x64, with no success. I have tried almost everything; including going to Microsoft forums seeking help and attempting EVERY possible recommendation for this upgrade that has been suggested (even from MS MVPs), but the laptop is still refusing to upgrade to IE11 and fails the install. I have all but given up and recommending to other forum posters to move to Chrome/Firefox, instead of wasting time with attempts at patches and many other techniques that are for advanced users.
For my computer usage, I have always been a FireFox fan, from the days when FireFox was still on version0.9.
The reference testing you are discussing appear to be the usage of all these 3 Internet Browsers in the non-modified and non-customized configuration of each one; in the “as installed” or out-of-the-box state.
It should be mentioned that two of the most important features of FireFox are its customizable interface and its Add-Ons that allow FireFox to become even more formidable with respect to enhanced security and reduced potential for vulnerabilities. An advanced FireFox (FF) user can actually prevent it from Java exploits, disable FF to run java-scripts (using the add-on NoScript), preventing pop-up ads (via adBlock and ABP), installing the latest add-on by EFF (using Privacy Badger), in addition to the FF built-in Privacy/Security features that block 3rd party cookies and redirects, also prevents Tracking, and additional “Security Modules and Devices”, etc.. There are even enhancements (in the form of Add-Ons) to the FF built-in MasterPassword regiment, which further protects user sensitive log-in credentials, in multi-user FF environments. Apologies for the length of my post.


Posted by:

Russ
28 Jul 2014

Thank you very much for your report. I am a senior computer professional and have used computers since 1964, so I've been there through the Personal Computer era, have used many operating systems, including all versions of Windows since 3.01. Thus I have used most browers from the early Netscape and the early Internet Explorers to present versions (now at IE 11.0.9600.17207), Chrome (now at version 36.0.1985.125m. While I have used many versions of Firefox, I have given up on it for reasons I will not go into at the present time. My favorite browser has been for many years IE and I use Chrome rarely, but do keep it up to date.

It has been my feeling for many years that the danger IE presents has always been overstated, and the safety given by Chrome and Firefox has also always been highly overstated.

In any event, even though I have done some "dangerous" browsing in the past, I have never had a SERIOUS infection, and have always been able to quickly solve any problem my "surfing" has caused using free tools found online such as Malwarebytes Antimalware and SUPERAntispyware.

I like IE and shall continue to use it as long as the best competitors are no better than Firefox and Chrome.


Posted by:

IanG
28 Jul 2014

Thanks for that, Bob. As usual a very thoughtful, well-researched and well-written, interesting and enlightening article.


Posted by:

ANTHONY SPORBORG
28 Jul 2014

In using IE I discovered that my virus program (BitDefender)gave ample warning when I tried to visit a no-no site. Keeping virus programs updated is a great way to keep IE safe to use.


Posted by:

Bill
28 Jul 2014

If I would have read any of those 'scary' articles about Internet Explorer, I would not have been alarmed. However, from your article (I'll check the sources later. ), it appears IE is clearly more of a risk when one accounts for overall #'s combined with severity. Sorry, I can't agree with your conclusion. I've lately found IE to seem to flow more quickly & personally I don't experience any issues with it's functioning if I set the security & privacy settings low enough but after reading the numbers here, part of smart browsing it appears would be not using IE.

I am impressed that lately IE has been using far less memory & processing so I may use it anyway for quick browsing but would possibly recommend to n00bs they should use an alternate browser until better numbers are obtained by IE. Thank you for the heads up.

I believe more in using Linux with very different browsers anyway but felt it my duty to point out there appears to be a significant difference when IE's overall # this year is higher and then within that # the average found was 9.8 with 93% in the most servere range. With all due respect, that contrasted with the results of the 2 mentioned competitors has to be statistically significant & therefore worthy of negative distinction.

I admire your articles and knowledge but this article makes me have to wonder if you are possibly being funded by Microsoft and a little partial in your conclusion.

With the paucity of dissention so far I fear my response will just be deleted but entering it anyway.

Thank you for your time and patience.


Posted by:

Duane
28 Jul 2014

Enjoyed the article. I've been a lifelong user of IE until XP support forced me to FireFox When my new computer arrives this week, I'll go back to IE 11 as my primary browser.

Has anyone done a comparative as to how intrusive Chrome, FireFox, and IE are relative to their users and host systems? Nothing technical to back it up, but I've heard "gossip" about the collection of personal info, etc. by at least one of the leading 3 browsers.


Posted by:

Adolf
29 Jul 2014

I had a problem installing IE11 because I was unable to install Service Pack 1. After I did it was a cinch. However MSFT sent me a link that had to be unpacked and I can't locate it right now. It took quite a while to unpack and run. Then it installed.


Posted by:

SirTinLee
29 Jul 2014

Nice article. I use all three mentioned browsers and really prefer ie in many cases; but, anywho, just a note about Firefox 32, I have it now.


Posted by:

Doug Sawyer
29 Jul 2014

Ive found the Denver librarians sometimes dont know what they are talking about although their learning curve has gone up.....


Posted by:

Rochelle
29 Jul 2014

Charles Feinstein--
Right click on any toolbar in Opera, and choose "Appearance." You can then choose toolbars, icons and commands that you want, and drag them to the toolbars.

IE should definitely NOT be used for those of us still on XP. The newer versions won't run on XP. But I've always used Firefox anyway.


Posted by:

Gary
29 Jul 2014

i have been using IE from day one. Tried Chrome and FF - didn't like 'em! I also use Opera and I love the way the history keeps track of EVERY page you've visited. This is extremely valuable when you've looked at dozens of pages and want to find that exact page again. You don't have to bookmark them individually - very handy! ymmv


Posted by:

Andrea Rimicci
29 Jul 2014

All browsers have its own vulnerability. IE shows to the public much more, because it is the preferred target of visus writers. When the virus criminality will acknowlegde about alternatives as Chrome and Firefox, I am sure IE will have nothing to envy to them about security issues. Then, you all have to remember that the only issues taken in statistics are the ones 'discovered'. Be sure any existing problem on Chrome or Firefox will never be disclosed by who wants take advantage of them.


Posted by:

DBAsteve
29 Jul 2014

From the article: "Firefox and Chrome have had ZERO exploits since 2010. For IE, there were only 3 in the past year."

Comparing a 3 1/2 year span with a 1 year span. ("since 2010" seems to imply starting in 2011)

How many IE exploits since 2010?


Posted by:

Harold Totten
29 Jul 2014

I am very much satisfied with IE as my browser. Maybe it is my geographical location, but if I use Firefox or Chrome, I pick up too many infections. I have taken them off my machine. I use AVG and SPYBOT for my protection and scan once a week with Malwarebytes.I think I will "keep on keeping on."


Posted by:

John
06 Aug 2014

I use IE 11 for work and am not any more concerned about security with IE then Firefox or Chrome. In fact probably the most secure would be the least used browser which is Opera. Like operating systems, the target will always be the one with the most users. Since Chrome is gaining users I suspect we will see more attacks focused on Chrome. The argument of any browser updating and fixing holes faster then another is kind of a mute point. Unless you can update in hours and not days, you are going to risk a user base. In most cases this is not a problem as not everyone is so exposed as to be such a target anyway. Personally, stop reading into hysteria over claims of any browser being more at risk then another. That mostly comes from haters of one browser or another. Fanboy's always cloud comparisons like this. Use the browser of choice and forget about which one is the flavor of the day.


Posted by:

Mario
15 May 2017

I've used IE few times back in 90's. Than I replaced PC for Mac as soon as I could. Safari is my browser of choice since it's release in 2003. The only reason I'm here is because our HR introduced new holiday booking system that works only in IE, and I wanted to check how safe it is.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.
[an error occurred while processing this directive]


Article information: AskBobRankin -- Internet Explorer: The LEAST Secure Browser? (Posted: 28 Jul 2014)
Source: http://askbobrankin.com/internet_explorer_the_least_secure_browser.html
Copyright © 2005 - Bob Rankin - All Rights Reserved