Thursday, December 11, 2008

IE8: 'Safe' but Scorned in Bug Battle Contest

Internet Explorer 8 -- Microsoft's latest release, currently at the Beta 2 stage -- was declared to be the safest but the least popular browser, according to a browser security survey.

On Wednesday, Utest, a social-networking and software testing company, announced the results of its Bug Battle browser contest. The event included participation from 1,330 security pros, hobbyists and tech enthusiasts, who found an alarming 672 bugs in the world's top three Web browsers.



Contest participants scavenged for bugs in IE8, Firefox 3.1 and the new Google Chrome browser, which just emerged from its beta stage.

A post-contest survey found that Internet Explorer was the only browser program not to receive a single "excellent" rating. Despite that result, IE8 was a relatively safer browser to use. Google Chrome clocked in with the most vulnerabilities (297 bugs). Open source counterpart Firefox had 207 bugs. Testers found just 169 bugs in IE8.

Apple's Safari and Opera were not rated. At the time of the contest, IE8, Chrome and Firefox 3.1 were all still in various beta releases.

Regardless of user preference, browsers generally represent a big attack vector and security concern.

"The browser is the most popular vehicle for getting exploits on client machines with the ultimate goal of controlling the machine for monetary purposes," said Wolfgang Kandek, chief technology officer for security firm Qualys. "Patching for browsers should be immediate and continuous and be removed from the OS level and included in the browser itself."

In other browser security news, Microsoft is continuing to investigate a remote code execution (RCE) vulnerability in IE7 that was publicized a day after the release of its December security patch. A security bulletin posted on Wednesday indicated that the company was "aware only of limited attacks."

On Thursday, Redmond described the RCE vulnerability as having originated from China. Microsoft's security bulletin suggested some possible workarounds for the problem.

The RCE vulnerability affects IE7 installed on the following operating systems: Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008.



First Look: Google Chrome
‘Twilight’ Event Turns Ugly When Thousands More Fans Show Up Than Expected
‘Punisher: War Zone’ Star Ray Stevenson Says Batman, Iron Man Wouldn’t Stand A Chance Against Frank Castle