Explorer “unsafe” for 98 percent of 2004
Results 1 to 7 of 7

Thread: Explorer “unsafe” for 98 percent of 2004

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    510

    Explorer “unsafe” for 98 percent of 2004

    "This means fully patched IE was known to be unsafe for an incredible 98 per cent of 2004,” ScanIT's CEO David Michaux commented. “And for 200 days in 2004 there was a worm or virus exploiting one of those un-patched vulnerabilities."
    http://www.techworld.com/security/ne...fm?NewsID=3362

    Not very pleasant statistics. It would be interesting to hear MS take on this, flaws were minor?
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    The company gleaned this dramatic statistic from the 195,00 Internet users who tested their browsers for security holes using the company’s online security checker.
    So this is based on their own stats. I would be interested in seeing comparisions from TrendMicro and others with the online scanners. My personal feeling is that if you have enough monkey typing long enough aginst any browser, you'll poke holes in it, or end up with a copy of A mid-summers Night's Dream . MS is the biggest target at the moment.

    This isnt really all that hopeful for IE, but not that surprizing, if you stop to think about WHY people are going to a online scanning site...... Maybe because they think they MAY have been explioted...?

    There is to much info missing from behind the stats to reach any real conclusion.

    Cheers!
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  3. #3
    Senior Member
    Join Date
    Jul 2004
    Posts
    469
    Does this mean that there was 2% of the time when IE "was" safe, or just during that 2% of the time it was unknown whether it was safe or not.

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    No, but if you read what they are saying, there was online a week in Oct when it was not expliotable... I think..
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Does this mean that there was 2% of the time when IE "was" safe
    Yeah, I think that's what they meant.

    if you stop to think about WHY people are going to a online scanning site...... Maybe because they think they MAY have been explioted...?
    That's what I thought at first too but

    A browser version was considered “unsafe” on a particular day if a patch fix had not been made available for a known remote execution problem.
    This puts the focus on whether MS had a patch for the vulnerability not on whether the user applied it.

    "This means fully patched IE was known to be unsafe for an incredible 98 per cent of 2004,” ScanIT's CEO David Michaux commented. “And for 200 days in 2004 there was a worm or virus exploiting one of those un-patched vulnerabilities."
    I do agree that stats put out by only one company, especially one promoting and online scan, need to be taken with a grain of salt.

    That's why we're here to play devil's advocate.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  6. #6
    Banned
    Join Date
    May 2003
    Posts
    1,004
    If an exploit is made public after Dec 31 2004, that means the application was explotable 100% of the year, it just wasn't widely known.

    By this logic the 2% argument is flawed and moot... and furthermore this stands true for every application or software. Just because the exploit isn't widely known doesn't mean the product is secure. Thus Windows, Linux, BSD, IE, Firefox, etc are all insecure 100% of the time.

    This is why counting known exploits is such a terrible way of measuring security and by extension reports like this are terrible.

    cheers,

    catch

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    There are lies dambed Lies and there are statistics..


    While I dont think that IE was the most secure browser in 2004, and in its shipped state it is a whore looking for clients,, I find some of these statistical reports just crap..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •