Why switch from Internet Explorer?
Unsafe
Internet Explorer is the single most actively exploited piece of software on most computers. A majority of computer spyware and adware makes its way onto your computer through Internet Explorer's security holes. In an October 2004 study, 80% of home computers were found to be infected with spyware or adware, even though 85% had antivirus software installed. Studies have shown that these percentages are much higher among people who use Internet Explorer than with any other major web browser. This is largely because Internet Explorer was designed to grant websites control over the user's computer, and malicious websites can easily abuse this power, automatically installing programs and viruses onto your computer without your knowledge and performing dangerous system operations behind your back. Once your computer is hit with a spyware or adware attack, Microsoft says the only solution may be to dump your system and start from scratch.
These security holes are due to fundamental flaws in the design of Internet Explorer, as well as Microsoft's slow and ineffective security response process. Microsoft's chief technical officer Craig Mundie stated, “Many of the products we designed in the past have been less secure than they could have been because we were designing with features in mind rather than security. [...] In the past we sold new applications on the strength of new features, most of which people didn't use.” Although Microsoft issues monthly security updates, vulnerabilities have continued to be found at a much faster rate than they have been fixed. According to a Security Fix study, a fully-updated Internet Explorer was found to be “unsafe” (unprotected against serious known vulnerability exploits) for 78% of the year 2006, while its main competitor, Firefox, was “unsafe” for only 2% of the year. Through Internet Explorer, you could have your identity stolen and your bank account wiped clean, or your system could be destroyed and all of your important files deleted. The situation has gotten to where even the U.S. Department of Homeland Security is suggesting that consumers switch away from Internet Explorer. In May 2006, PC World named Internet Explorer the 8th worst tech product of all time, stating that it “might be the least secure software on the planet”.
The following is a brief summary of the vulnerability levels in the three most popular web browsers. The information was collected from Secunia, a leading computer software security monitoring company. These statistics cover all reported vulnerabilities in Windows versions of Internet Explorer, Firefox, and Opera. Historical cumulative values are provided in three forms: for all vulnerabilities in the entire of life of these products, for all vulnerabilities that were present during an equal length of time since the first reported vulnerability in the product, and for all vulnerabilities that were present during the same length of time before and including the present. That length of time is equal to half the number of days since the first reported vulnerability in the newest browser covered (Firefox, 2004-02-09). Note that some vulnerabilities may have been present during both time periods, so the sum of both values may be greater than the total number. “High severity” values include vulnerability reports that were marked as “highly critical” and above. Relative danger levels are calculated by adding up the square of the criticality levels for each vulnerability report (not critical=1, extremely critical=5). The vulnerability information was last updated February 10, 2009. For more details, see the Web browser security summary resource.
| Aspect | Internet Explorer | Firefox | Safari | Opera |
|---|---|---|---|---|
| Historical cumulative values (Product life) | ||||
| Vulnerability reports | 140 | 77 | 7 | 70 |
| High severity vulnerability reports | 66 | 31 | 5 | 21 |
| Vulnerability issues | 274 | 271 | 22 | 98 |
| Relative danger | 1564 | 739 | 88 | 614 |
| Historical cumulative values (from first 365 days) | ||||
| Vulnerability reports | 31 | 20 | 7 | 18 |
| High severity vulnerability reports | 13 | 2 | 5 | 4 |
| Vulnerability issues | 69 | 39 | 22 | 23 |
| Relative danger | 331 | 156 | 88 | 138 |
| Historical cumulative values (from last 365 days) | ||||
| Vulnerability reports | 38 | 5 | 2 | 1 |
| High severity vulnerability reports | 1 | 0 | 0 | 0 |
| Vulnerability issues | 40 | 6 | 3 | 1 |
| Relative danger | 161 | 19 | 8 | 1 |
| Highest values at one time | ||||
| Vulnerability reports | 39 | 9 | 2 | 4 |
| High severity vulnerability reports | 5 | 2 | 1 | 1 |
| Vulnerability issues | 41 | 13 | 3 | 8 |
| Relative danger | 204 | 44 | 20 | 27 |
| Mean average per day (from last 365 days) | ||||
| Vulnerability reports | 38 | 5 | 2 | 1 |
| High severity vulnerability reports | 1 | 0 | 0 | 0 |
| Vulnerability issues | 40 | 6 | 3 | 1 |
| Relative danger | 161 | 19 | 8 | 1 |
| Median average per day (from last 365 days) | ||||
| Vulnerability reports | 38 | 5 | 2 | 1 |
| High severity vulnerability reports | 1 | 0 | 0 | 0 |
| Vulnerability issues | 40 | 6 | 3 | 1 |
| Relative danger | 161 | 19 | 8 | 1 |
| Present values | ||||
| Vulnerability reports | 38 | 5 | 2 | 1 |
| High severity vulnerability reports | 1 | 0 | 0 | 0 |
| Vulnerability issues | 40 | 6 | 3 | 1 |
| Relative danger | 161 | 19 | 8 | 1 |
Internet Explorer has had 140 vulnerability reports. 25 were marked as moderately critical, 50 were marked as highly critical, and 16 were marked as extremely critical. There are still 38 remaining, including 9 that were marked as moderately critical and 1 that was marked as highly critical.
Firefox has had 77 vulnerability reports. 19 were marked as moderately critical, 31 were marked as highly critical, and 0 were marked as extremely critical. There are still 5 remaining, including 1 that was marked as moderately critical.
Safari has had 7 vulnerability reports. 0 were marked as moderately critical, 5 were marked as highly critical, and 0 were marked as extremely critical. There are still 2 remaining, both of which were marked as less critical or not critical.
Opera has had 70 vulnerability reports. 20 were marked as moderately critical, 20 were marked as highly critical, and 1 was marked as extremely critical. There is still 1 remaining, which was marked as not critical.
It is also important to consider how quickly each web browser fixes its vulnerabilities. The following table lists the average time taken between Secunia's vulnerability reports and the release dates of their respective patches, if all aging unfixed vulnerabilities (vulnerabilities at least as old as the mean of all fixed vulnerabilities for that browser) were to be fixed today. Data does not include unfixed vulnerabilities less than that age, vulnerabilities with unknown fix dates, or vulnerabilities that were only publicly known after the patch release. Values listed are in days.
| Average | Internet Explorer | Firefox | Safari | Opera |
|---|---|---|---|---|
| Per vulnerability report | ||||
| Overall mean | 3589 | 944 | 2907 | 298 |
| Overall median | 5819 | 42 | 2886 | 35 |
| High severity mean | 400 | 13 | 21 | 8 |
| High severity median | 53 | 10 | 21 | 8 |
| Per vulnerability issue | ||||
| Overall mean | 3016 | 861 | 2915 | 302 |
| Overall median | 210 | 27 | 2886 | 44 |
| High severity mean | 301 | 17 | 21 | 8 |
| High severity median | 61 | 23 | 23 | 8 |
| Weighted by relative danger | ||||
| Overall mean | 2508 | 781 | 1945 | 159 |
| Overall median | 121 | 23 | 23 | 23 |
| High severity mean | 363 | 13 | 21 | 7 |
| High severity median | 52 | 10 | 21 | 1 |
| Per fully-disclosed vulnerability report | ||||
| Overall mean | 2638 | 986 | 2907 | 694 |
| Overall median | 119 | 23 | 2886 | 12 |
| High severity mean | 57 | 5 | 21 | 1 |
| High severity median | 48 | 5 | 21 | 1 |
The Washington Post Security Fix column conducted a similar study comparing patch delay between Microsoft products and Mozilla products in 2003 through 2005, using different sources than the above information. Note that, unlike the above information, the Security Fix study ignores unfixed vulnerabilities.
The following graphs illustrate present security figures in each browser over time. Higher levels mean greater danger. The graphs span from February 9, 2004 to today.
Primitive
In today's fast growing Internet world, we are seeing a greater demand for web applications that are both powerful and versatile. This calls for new technologies to be developed, and quickly. In order to create and organize these new technologies, a standards body called the World Wide Web Consortium (W3C) formed. Their members include people from many of the world's largest technology companies, all working together to develop technology standards that will take the Internet to the next level and beyond.
Unfortunately, in the last several years, one of the most significant members of the W3C has failed to adopt the very standards that it helped to create. Microsoft, feeling confident with Internet Explorer holding over 90% of the market, stopped adding the new technological developments to its web browser. Microsoft employee Dare Obasanjo explained, “In an almost text book example of how monopolies work, Microsoft abandoned innovation in IE in a move that showed that at this point IE was considered a cost center not a revenue generator.” The W3C has continued to develop technologies that would give websites new levels of functionality, break down barriers for the disabled, and aid software and search engines in actually understanding the information that's presented on the Web. Many of these technologies exist, but with Microsoft's incredible weight in the market and unwillingness to develop their browser, they've been unable to see the light of day.
By 2006, Internet Explorer had fallen nearly a decade behind in Internet technology. Practically all of the standards that it supports are met and exceeded by other competing browsers, who are now diving deep into a new world of Internet technology that Internet Explorer has yet to touch. While Internet Explorer is in high use, web developers are forced to either stay with outdated technology, often costing them double or triple the time and money, or turn away a majority of their potential visitors. As time goes on, an increasing number of personal websites, development journals, and online tools are being made using technology not supported by Internet Explorer.
Since their market dominance began to slip following the release of the Firefox web browser, Microsoft finally decided to develop Internet Explorer again. However, web standards experts who have reviewed the new additions in Internet Explorer 7 see the situation as too little too late. Overall, IE7 only made about as much progress over IE6 as Firefox 1.5 and Opera 9 did over their immediate predecessors.
The following table is a summary of web technology support among the three most popular web browsers, including the new version of Internet Explorer (IE 7). The three technologies listed are fundamental in modern web design. For more information, see the extended Web browser standards support page.
| Technology | IE 6 | IE 7 | Firefox 2 | Firefox 3 | Opera 9 |
|---|---|---|---|---|---|
| HTML / XHTML | 73% | 73% | 90% | 90% | 85% |
| CSS 2.1 | 51% | 57% | 92% | 93% | 94% |
| DOM | 50% | 51% | 79% | ? | 84% |