News

IE8: 'Safe' but Scorned in Bug Battle Contest

Internet Explorer 8 -- Microsoft's latest release, currently at the Beta 2 stage -- was declared to be the safest but the least popular browser, according to a browser security survey.

On Wednesday, Utest, a social-networking and software testing company, announced the results of its Bug Battle browser contest. The event included participation from 1,330 security pros, hobbyists and tech enthusiasts, who found an alarming 672 bugs in the world's top three Web browsers.

Contest participants scavenged for bugs in IE8, Firefox 3.1 and the new Google Chrome browser, which just emerged from its beta stage.

A post-contest survey found that Internet Explorer was the only browser program not to receive a single "excellent" rating. Despite that result, IE8 was a relatively safer browser to use. Google Chrome clocked in with the most vulnerabilities (297 bugs). Open source counterpart Firefox had 207 bugs. Testers found just 169 bugs in IE8.

Apple's Safari and Opera were not rated. At the time of the contest, IE8, Chrome and Firefox 3.1 were all still in various beta releases.

Regardless of user preference, browsers generally represent a big attack vector and security concern.

"The browser is the most popular vehicle for getting exploits on client machines with the ultimate goal of controlling the machine for monetary purposes," said Wolfgang Kandek, chief technology officer for security firm Qualys. "Patching for browsers should be immediate and continuous and be removed from the OS level and included in the browser itself."

In other browser security news, Microsoft is continuing to investigate a remote code execution (RCE) vulnerability in IE7 that was publicized a day after the release of its December security patch. A security bulletin posted on Wednesday indicated that the company was "aware only of limited attacks."

On Thursday, Redmond described the RCE vulnerability as having originated from China. Microsoft's security bulletin suggested some possible workarounds for the problem.

The RCE vulnerability affects IE7 installed on the following operating systems: Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Report: Microsoft Power Apps a 'Leader' in Low-Code Movement

    Research firm Forrester has identified Microsoft Power Apps to be one of four leaders in the fast-growing low-code/no-code application development market.

  • Microsoft Opens Azure Sentinel Marketplace for Partner Solutions

    Microsoft recently announced preview releases of several Azure Sentinel improvements, including connectors for partner solutions within Azure Sentinel.

  • 2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.