News

Opera Beats IE in Browser Web Security

Microsoft's efforts on combating server-side Web vulnerabilities, as well as patching its Internet Explorer client, may be paying off.

A report from application security firm Cenzic, announced this week, looked at various Web security issues in the first half of this year. Vulnerabilities in the top four browsers was one focus the study, "Web Application Security Trends Report: Q1-Q2, 2009" (PDF download).

The report found IE placing fairly well. It was second only to the Opera browser in protecting against Web vulnerabilities.

"Of the browser vulnerabilities, Firefox had 44 percent of the total, but perhaps the biggest surprise was Safari, which formed 35 percent of the browser vulnerabilities. Internet Explorer was third, with 15 percent, and Opera was at 6 percent," the report noted.

Mozilla's Firefox clocked in as the most vulnerable browser on the Web, according to Cenzic's report -- a disappointing showing for IE's closest rival. Firefox reportedly has an estimated 330 million users and recently passed its fifth anniversary, having been launched on November 9, 2004.

Internet Explorer is still the most used browser, followed by Firefox, Apple Safari, Google Chrome (which Cenzic didn't study) and Opera.

In addition to looking at browser security, the report pointed to other areas of concern. Cenzic found that 78 percent of the total vulnerabilities were due to Web components. Web component vulnerabilities have increased compared with such findings from last year's report.

Microsoft at least seems somewhat attuned to the issue. A large theme in Microsoft's September patch cycle had to do with plugging such Web component vulnerabilities.

Cenzic also found bugs in Web servers, browser plug-ins and Microsoft's ActiveX control. ActiveX has been another priority for Microsoft's security team, which issued a security advisory on the matter in July.

The most striking thing about the report's findings is the broad apathy shown on the part of enterprise pros to addressing emerging threats on the Web, according to Mandeep Khera, chief marketing officer at Cenzic.

"In spite of the fact that vulnerabilities are so easily identifiable and widely exploited by hackers -- and there are now low-cost, turnkey SaaS solutions available -- businesses are not focused on securing their Web applications," he said in an e-mail statement. "[The vulnerabilities] are a serious and potentially lethal blind spot for businesses."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Red Brick Graphic

    Microsoft To Pour Millions into Partner Incentives, Azure and Security in FY2025

    Microsoft's inaugural MCAPS Start for Partners event took place this week, marking the beginning of its fiscal 2025.

  • New Microsoft Security Releases Aim To Smooth the Road to Zero Trust

    IT teams often juggle multiple tools to monitor and maintain the security of their environments. Two new products released by Microsoft this week aim to consolidate their toolboxes and help organizations achieve zero trust faster.

  • Antitrust Worries Hound Microsoft Off OpenAI's Board: Report

    In a move likely meant to assuage antitrust regulators' concerns, Microsoft on Wednesday stepped down from its role as a non-voting OpenAI board member.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.