News

IE8: 'Safe' but Scorned in Bug Battle Contest

Internet Explorer 8 -- Microsoft's latest release, currently at the Beta 2 stage -- was declared to be the safest but the least popular browser, according to a browser security survey.

On Wednesday, Utest, a social-networking and software testing company, announced the results of its Bug Battle browser contest. The event included participation from 1,330 security pros, hobbyists and tech enthusiasts, who found an alarming 672 bugs in the world's top three Web browsers.

Contest participants scavenged for bugs in IE8, Firefox 3.1 and the new Google Chrome browser, which just emerged from its beta stage.

A post-contest survey found that Internet Explorer was the only browser program not to receive a single "excellent" rating. Despite that result, IE8 was a relatively safer browser to use. Google Chrome clocked in with the most vulnerabilities (297 bugs). Open source counterpart Firefox had 207 bugs. Testers found just 169 bugs in IE8.

Apple's Safari and Opera were not rated. At the time of the contest, IE8, Chrome and Firefox 3.1 were all still in various beta releases.

Regardless of user preference, browsers generally represent a big attack vector and security concern.

"The browser is the most popular vehicle for getting exploits on client machines with the ultimate goal of controlling the machine for monetary purposes," said Wolfgang Kandek, chief technology officer for security firm Qualys. "Patching for browsers should be immediate and continuous and be removed from the OS level and included in the browser itself."

In other browser security news, Microsoft is continuing to investigate a remote code execution (RCE) vulnerability in IE7 that was publicized a day after the release of its December security patch. A security bulletin posted on Wednesday indicated that the company was "aware only of limited attacks."

On Thursday, Redmond described the RCE vulnerability as having originated from China. Microsoft's security bulletin suggested some possible workarounds for the problem.

The RCE vulnerability affects IE7 installed on the following operating systems: Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Compare New GitHub Copilot Free Plan for Visual Studio/VS Code to Paid Plans

    The free plan restricts the number of completions, chat requests and access to AI models, being suitable for occasional users and small projects.

  • Diving Deep into .NET MAUI

    Ever since someone figured out that fiddling bits results in source code, developers have sought one codebase for all types of apps on all platforms, with Microsoft's latest attempt to further that effort being .NET MAUI.

  • Copilot AI Boosts Abound in New VS Code v1.96

    Microsoft improved on its new "Copilot Edit" functionality in the latest release of Visual Studio Code, v1.96, its open-source based code editor that has become the most popular in the world according to many surveys.

  • AdaBoost Regression Using C#

    Dr. James McCaffrey from Microsoft Research presents a complete end-to-end demonstration of the AdaBoost.R2 algorithm for regression problems (where the goal is to predict a single numeric value). The implementation follows the original source research paper closely, so you can use it as a guide for customization for specific scenarios.

  • Versioning and Documenting ASP.NET Core Services

    Building an API with ASP.NET Core is only half the job. If your API is going to live more than one release cycle, you're going to need to version it. If you have other people building clients for it, you're going to need to document it.

Most   Popular

Subscribe on YouTube