Avoid Using Internet Explorer as Your Primary Browser

Paul Mah

I came across this very interesting interview with a former adware programmer. In his early days, Matt Knox designed and wrote adware for a company called Direct Revenue, which would later be sued for allegedly installing adware on millions of computers. The irony came from the fact that Knox was recruited while working on spam filtering software. Initially tasked with troubleshooting their ad distribution chain, he eventually graduated to direct work on the adware. When quizzed about the strategies used to maintain the persistency of the adware he worked on, Knox answered: "Most adware targets Internet Explorer (IE) users because obviously they're the biggest share of the market. In addition, they tend to be the less-savvy chunk of the market. If you're using IE, then either you don't care or you don't know about all the vulnerabilities that IE has."

 

Knox went on to elaborate on a common strategy - tapping IE's Browser Helper Object (BHO) for nefarious purposes.

 

So if you are ever looking for a reason not to use Internet Browser, this would be it: Microsoft's Internet Explorer is the preferred attack vector for adware - and presumably other forms of malware. Of course, Internet Explorer has made tremendous improvements over the years, with Internet Explorer 8 touted as one of the most secure yet.

 

However, one can also argue that Beta 2 of Internet Explorer 8 scores a dismal 21 percent on the grueling ACID3 browser compliance test, compared against the much higher scores from Mozilla's Firefox, Opera and Safari, to name a few.

 

Of course, a non-Microsoft browser is certainly no guarantee of immunity against malware of any form. However, given a chance to pre-emptively nip a swath of security problems with IE in the bud, would you take it? Or rather, can you afford not to?



Add Comment      Leave a comment on this blog post

Jan 20, 2009 7:07 AM Francis Carden Francis Carden  says:
Once in the firewall, most applications are open to attack. This is a myth to think IE is the only (major) culprit in the enterprise. Machines are locked down and virus scanners are enterprise ready and robust. They WORK.To take this thread literally, ANY application open to attack should not be used. That'll leave enterprise users with very little to do!I get updates for my desktop machine weekly/monthly and I'm on a MAC - eek.. Adobe Security patches, Safari patches, even ITUNES... It's a moving target and IE is attacked because it's on more desktops than any other browser and has to support more legacy apps than any other too. Reply
Jan 5, 2010 5:29 AM Dave M Dave M  says:

I agree that any application can be the source of an attack.  The fact that most target IE is definitely reason enough not to use it.  The fact that IE causes page faults to happen to the point that you end up with a 25-50% degradation (300 page faults per second is all it takes) of performance on advanced websites compared to any other browser is enough for me not to use it unless I absolutely have to.  I'll let that less-savvy chunk of the market deal with it.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data