Click here to receive your FREE subscription to Campus Technology
News
IE Is Least-Patched Browser, Report Says
7/8/2008
|
|
According to a report released last Tuesday, more than 40 percent of Internet surfers don't use browsers with up-to-date security patches--and Internet Explorer users are the biggest culprits.
The report, "Understanding the Web Browser Threat," was conducted by researchers at ETH Zurich, Google Inc. and IBM Internet Security Services. Its main assertion is that Web browsers -- such as IE, Firefox and Safari -- are often the weakest link in the security configuration of a given workstation.
IE took hits throughout the report, which claimed that the gestation time between Microsoft patch releases is too long compared to similar programs from Apple and others. In fact, according to the report, IE came in dead last in terms of security, with only 47.6 percent of its users having the latest security patches.
The report's authors wrote: "Considering that Microsoft offers Internet Explorer 7 as an auto-upgrade from Internet Explorer 6 as part of the monthly Windows updates and that it requires a manual patch to prevent upgrading to version 7, it is rather surprising to see how slow the migration to the most secure version has been."
Firefox came in first place, with 83.3 percent of its users having the latest version. Apple's Safari and the open source Opera came in second and third, with 65.3 and 56.1 percent of its users, respectively, running the latest versions.
But, as with many such reports, there are those who were quick to question the findings and defend Microsoft's position in the security space. In particular, Microsoft Software Security Software Engineer Robert Hensing took issue with the way the data on IE was gathered, arguing that the method could not have produced the results stated in the report.
"I can appreciate what [the report's authors] are trying to do -- and I believe they were probably trying to be as un-biased and scientific as they possibly could given the nebulous goal of the study, but it was, unfortunately, full of fail," he wrote in his blog on Tuesday, soon after the report's release. "What they seem to have done is combed the Google logs looking at the user-agent strings...The only problem? IE doesn't send minor version information, so there's no way to determine IE patch levels from the user-agent string. Oops."
Recommended Reading
- Moodle Gets SCORM Improvements, Security Fixes
New versions of Moodle have been released, bringing the most recent stable build to 1.9.3. The latest round of updates includes a number of bug fixes and security enhancements, as well as improvements to the SCORM module.
- Free 'Morro' Antivirus To Replace Microsoft OneCare
Microsoft is rolling out a free antivirus software program for consumers that will compete with products made by Symantec and McAfee. Code-named "Morro," the AV app is expected to be available by the end of 2009.
- Microsoft Demos New SQL Server Features at PASS
Microsoft Wednesday previewed the ability to centrally manage applications and resources in the planned upgrade of SQL Server, code-named "Kilimanjaro."
- Microsoft Unveils Exchange and SharePoint as Services
Microsoft exec Stephen Elop on Monday announced two hosted solutions from Microsoft--Exchange Online and SharePoint Online--which are now available to organizations of all sizes in the United States. The software, paid for by annual subscriptions, is hosted on Microsoft's servers and supported by Microsoft's channel partners.
- 6 Ways Not To Become Rote Using Instructional Technology
There are, in my experience, six strategies to consider with any use of technology that will guard against rote use of technology and facilitate critical analysis of teaching and learning effectiveness. In this article, I'll share with you the checklist I work with and encourage others to work with in learning about and using new technology.
- Bringing Student Web "Stuff" to Campus Enterprise Systems
How can an institution incorporate Web 2.0 learning opportunities for students, and evidence of learning from those opportunities, into existing campus technologies and processes? PlugJam is providing part of the answer.
