Monday, January 02, 2006

From Bruce Schneier

This study is from August, but I missed it. The researchers tracked three browsers (MSIE, Firefox, Opera) in 2004 and counted which days they were "known unsafe." Their definition of "known unsafe": a remotely exploitable security vulnerability had been publicly announced and no patch was yet available.

MSIE was 98% unsafe. There were only 7 days in 2004 without an unpatched publicly disclosed security hole.

Firefox was 15% unsafe. There were 56 days with an unpatched publicly disclosed security hole. 30 of those days were a Mac hole that only affected Mac users. Windows Firefox was 7% unsafe.

Opera was 17% unsafe: 65 days. That number is accidentally a little better than it should be, as two of the upatched periods happened to overlap.

This underestimates the risk, because it doesn't count vulnerabilities known to the bad guys but not publicly disclosed (and it's foolish to think that such things don't exist). So the "98% unsafe" figure for MSIE is generous, and the situation might be even worse.

I usually don't post too much technical nerd stuff on this blog, mainly because I don't know jack squat and am afraid people will call me on some unsubstantiated claim I make. As they should.

But I am forced to call attention to the fact that Microsoft's Internet Explorer web browser is not only unsafe, it also displays web pages (like this one, as I recently discovered) rather poorly. Like the Glorious Mr. T suggests, you should go and download Firefox and use it as your web browser instead. It should be easy to do and all your favorites/links/etc will carry over.

That's all I know, don't send me any questions. But thank me, by all means, thank me.

You're welcome.

A sovereign thought, delivered to your door at 8:31 PM ~~ 0 bonsai trees

shout out out out out out

========================================================================