Why you should not use IE!

Discussion in 'other software & services' started by JayK, Nov 22, 2003.

Thread Status:
Not open for further replies.
  1. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    by IGAU
    -----------------------------------------------------------
    --Browser Security Comparison------------------------------
    -----------------------------------------------------------

    This is a simple document, showing the results I obtained
    from testing some browsers on a Win98 system for known
    vulnerabilities. In Win2000 or WinXP, there may be more
    potential security risks in addition to the ones I have
    tested.

    Browsers tested:

    Microsoft Internet Explorer 5.5 (Win32)
    Microsoft Internet Explorer 6 (Win32)
    Mozilla Firebird 0.6.1 (Win32)

    --Browsers:------------------------------------------------

    IE5.5 IE6 FB0.6.1

    --Good Things:---------------------------------------------

    Reveals Browser Agent: YES YES YES
    Reveals OS: YES YES YES
    Reveals Time/Date: YES YES YES
    Secure Browsing: YES YES YES
    Strong Encryption: YES YES YES
    Supports Certificates: YES YES YES

    --Bad Things:----------------------------------------------

    Allows Popups: YES YES ASKS
    Accepts Initial Cookies: YES YES ASKS
    Accepts More Cookies: YES YES ASKS
    Modifies Cookies: YES YES ASKS
    Can expose clipboard: NO YES NO
    Reveals History: YES YES NO
    Exposes Cookies: NO NO NO
    Program Execution: NO NO NO
    File Execution: VULNERABLE NO NO
    Spoofing Hack: NO NO NO
    Security Zone Spoofing: NO NO N/A
    Hard Drive Access: VULNERABLE NO NO
    Scanit Potential Threats: 10/30 0/30 0/30

    --Notes:---------------------------------------------------

    1) All browsers were patched to the max possible (IE5/6 via
    WindowsUpdate, at the time of writing Mozilla Firebird does
    not get patched, it is replaced with later versions.)

    2) No further patches are available for IE5, with 10
    security holes remaining, 6 of which were classed as
    "high risk", 3 "medium risk" and 1 "low risk".

    3) Security Zones only apply to IE-based browsers.

    4) Scanit tests showed 1 medium-risk vulnerability for
    Mozilla Firebird 0.6.1, however this is an incorrect
    reading due to it being an Internet Explorer bug. I have
    verified this by testing the bug at another source using
    Mozilla Firebird, and the browser was not vulnerable.

    5) If you wish to verify these tests or repeat them for
    yourself (you may have unpatched versions or other
    browsers outside the scope of my testing abilities) you
    can use the following URLs:

    Qualys Browser Checkup: http://browsercheck.qualys.com/
    Browser Security Test: http://bcheck.scanit.be/bcheck/
    Verisign: http://verisign.netscape.com/advisor/check.html

    6) For the Scanit Browser Security Test, I performed all
    30 tests on all browsers. However, performing only the
    IE5 tests showed that at least half of it's known
    vulnerabilities had not been addressed by Microsoft,
    leaving it grossly insecure.

    --Conclusion:----------------------------------------------

    From a security point of view, you are better off using
    Mozilla Firebird than IE5 or IE6. Mozilla Firebird contains
    all the useful features of IE5/6, with added security,
    improvements over IE's user interface and the ability to
    customise the browser to your needs (specialist or basic).

    Mozilla Firebird will also work on virtually every major
    OS, and it's core componants can be used to develop
    applications.

    Lastly, Microsoft Internet Explorer will cease to be
    supported as a standalone browser in the near future.
    Microsoft have made it quite clear that their next version
    of Internet Explorer will be a part of Windows Longhorn
    and will not run on any other system. This means that
    companies like AOL will be forced to develop their own
    backend browser, or incorporate Mozilla's Gecko technology,
    unless they intend to remain with their current IE backend
    indefinately.

    Windows Longhorn and thus, the next release of Internet
    Explorer, will not be released until 2007. That's three
    years before a full update, at the very minimum. While
    security holes may be plugged occasionally, we are still
    three years from the next release of Internet Explorer,
    and that means no real development while alternatives push
    onwards.

    Netscape is a declining browser, and many users are
    leaving it for Mozilla or Mozilla Firebird, which are
    further developed versions. Both IE and Netscape are going
    to fade into obscurity within the next few years, where
    neither are properly supported (or supported at all).

    With MSIE on the Mac being dropped now, and Win32 MSIE
    support being limited and eventually phased out, the only
    real way to be sure that you're using an up to date and
    secure browser is to make the move to Mozilla Firebird,
    the Mozilla Suite, Opera or another major "alternative"
    browser.

    --Resource Links:------------------------------------------

    Links to useful pages, or pages that prove without a
    doubt that forcing users to use Internet Explorer is
    forcing them to expose themselves to security risks.

    Mozilla Foundation:
    http://www.mozilla.org/

    Mozilla Firebird:
    http://www.mozilla.org/products/firebird/

    Mozilla Firebird Help:
    http://texturizer.net/firebird/

    Why You Should Use Mozilla:
    http://www.xulplanet.com/ndeakin/arts/reasons.html

    Internet Explorer Considered Harmful:
    http://ashitaka-san.home.comcast.net/yayrant/ieharmful.html

    Internet Explorer Vulnerabilities:
    http://afongen.com/blog/archives/000528.php

    Clipboard Exploit:
    http://www.arstdesign.com/articles/clipboardexploit.html

    Qualys Browser Checkup:
    http://browsercheck.qualys.com/

    Browser Security Test:
    http://bcheck.scanit.be/bcheck/

    Verisign Security Test:
    http://verisign.netscape.com/advisor/check.html
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    JayK,
    thats a great post you made... to say bout me and will just go on supporting wateva you said... i hav dual OS... just when i joined here.. i was having win2K and still have though... but ooh... this IE really sucks... i have been doin all type of tests and falacies... IE just is so chaotic and yes.. simply and undoubtedly... VULNERABLE...
    i hav win2K as i said and LINUX ( oooh man... the best without debate ) I USE MOZILLA AND OPERA IN LINUX.... now i mostly use windows as for offline jobs and unless needed very much dun access net from there... and that also again mostly using Opera...
    why the hell windows go on like this way with all the loopholes... we just need a good OS much like LINUX, ofcourse windows has advantages too... but sooner or later those seems so little... atleast in terms of security...
    for me... you want internet... LIMIT USAGE OF ie.... you want to b safe... LIMIT USAGE OF ie

    - removed unnecessary attachment.
     
  3. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    BTW it wasn't my post as stated at the beginning.

    I'm not IGAU

    As for switching from windows to Linux, one step at a time.....
     
  4. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    oh oops sorry... ya anyway (sorry to IGAU too) ...
    about steps... ya you are right....
    one small step for man, giant leap for mankind... armstrong...
    but i think windows dun hav future unless getting more secured by anyway ....
     
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    You may not have started the article but I learned from it.
    :D :D :Dcookie for you :D :D :D







    - removed unnecessary attachment.
     
  6. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    You are already not using IE, so you did not learn anything. I'm preaching to the choir.

    I doubt anyone of the IE shell diehards would convert because of this article. They much prefer to "leave the door open" and then hope to cover it up with other software...
     
Loading...
Thread Status:
Not open for further replies.