Still using Internet Explorer 6? Washington Post’s Security writer, Brian Krebs, analyzed the data for 2006 and found that for 284 days of that year, known security vulnerabilities could have easily been taken advantage of if you hadn’t patched your IE browser. Worse still, for 98 of those days, hackers were easily compromising unpatched browsers because no patch yet existed from Microsoft!

It’s interesting to read Brian’s article for the full details, but on his site, he explains his methodology: “First, a note on the methodology behind this blog post: The data presented here builds on a project I began in late 2005 looking back on three years of efforts by Microsoft to address only the most severe security holes in its software”.

Krebs continues that: “I conducted that same research again last month, individually contacting nearly all of the security researchers who submitted reports of critical flaws in Microsoft products to learn from them not only the dates that they had submitted their findings to the company, but also any other security trends or anomalies they observed in working with the world's largest software maker”.

No doubt this is not the most scientific survey ever, but it’s still very, very telling. He also explains that he contact Microsoft before writing the article, with their response being that: “The officials I dealt with helpfully concurred or quibbled slightly with some of my findings, but the company raised no objections that would materially affect the results presented in this particular study of IE flaws."

Naturally, Krebs had the good sense to look at Firefox as well. He discovered that it performed far better than IE 6, with only nine days in 2006 where there was known exploit code on the Internet that could be used to attack an unpatched version of Firefox. Of course, as Firefox continues growing in popularity, it will become more of a hacker target, as Internet Explorer is today.

After all, for all the publicity and number of new users that Firefox has gained in 2006, Internet Explorer still rules the roost with an 80%+ market share. While Microsoft has been offering users of Windows XP SP2 the ability to upgrade to Internet Explorer 7, IE6 and older versions are still being used on millions of Windows XP, 2000 and older computers.

With older versions likely having security vulnerabilities all their own that Microsoft is no longer patching, if you’re still using an older computer with an older browser, you need to upgrade to the latest version of Firefox at the very least, and also consider upgrading your computer when appropriate to a brand new one running the latest versions of XP SP2, Vista, Mac OS X or Linux.

Even then, there’s no guarantee you’ll be 100% safe. But you can minimize the risks by taking advantage of Firefox, and upgrading when the time is right.

Security? We’ve heard of it. In 2007, we can no longer ignore it, for the hackers are not ignoring us, but are redoubling the efforts!
{moscomment}