Why you should not use IE!

by IGAU
-----------------------------------------------------------
--Browser Security Comparison------------------------------
-----------------------------------------------------------

This is a simple document, showing the results I obtained
from testing some browsers on a Win98 system for known
vulnerabilities. In Win2000 or WinXP, there may be more
potential security risks in addition to the ones I have
tested.

Browsers tested:

Microsoft Internet Explorer 5.5 (Win32)
Microsoft Internet Explorer 6 (Win32)
Mozilla Firebird 0.6.1 (Win32)

--Browsers:------------------------------------------------

IE5.5 IE6 FB0.6.1

--Good Things:---------------------------------------------

Reveals Browser Agent: YES YES YES
Reveals OS: YES YES YES
Reveals Time/Date: YES YES YES
Secure Browsing: YES YES YES
Strong Encryption: YES YES YES
Supports Certificates: YES YES YES

--Bad Things:----------------------------------------------

Allows Popups: YES YES ASKS
Accepts Initial Cookies: YES YES ASKS
Accepts More Cookies: YES YES ASKS
Modifies Cookies: YES YES ASKS
Can expose clipboard: NO YES NO
Reveals History: YES YES NO
Exposes Cookies: NO NO NO
Program Execution: NO NO NO
File Execution: VULNERABLE NO NO
Spoofing Hack: NO NO NO
Security Zone Spoofing: NO NO N/A
Hard Drive Access: VULNERABLE NO NO
Scanit Potential Threats: 10/30 0/30 0/30

--Notes:---------------------------------------------------

1) All browsers were patched to the max possible (IE5/6 via
WindowsUpdate, at the time of writing Mozilla Firebird does
not get patched, it is replaced with later versions.)

2) No further patches are available for IE5, with 10
security holes remaining, 6 of which were classed as
"high risk", 3 "medium risk" and 1 "low risk".

3) Security Zones only apply to IE-based browsers.

4) Scanit tests showed 1 medium-risk vulnerability for
Mozilla Firebird 0.6.1, however this is an incorrect
reading due to it being an Internet Explorer bug. I have
verified this by testing the bug at another source using
Mozilla Firebird, and the browser was not vulnerable.

5) If you wish to verify these tests or repeat them for
yourself (you may have unpatched versions or other
browsers outside the scope of my testing abilities) you
can use the following URLs:

Qualys Browser Checkup: http://browsercheck.qualys.com/
Browser Security Test: http://bcheck.scanit.be/bcheck/
Verisign: http://verisign.netscape.com/advisor/check.html

6) For the Scanit Browser Security Test, I performed all
30 tests on all browsers. However, performing only the
IE5 tests showed that at least half of it's known
vulnerabilities had not been addressed by Microsoft,
leaving it grossly insecure.

--Conclusion:----------------------------------------------

From a security point of view, you are better off using
Mozilla Firebird than IE5 or IE6. Mozilla Firebird contains
all the useful features of IE5/6, with added security,
improvements over IE's user interface and the ability to
customise the browser to your needs (specialist or basic).

Mozilla Firebird will also work on virtually every major
OS, and it's core componants can be used to develop
applications.

Lastly, Microsoft Internet Explorer will cease to be
supported as a standalone browser in the near future.
Microsoft have made it quite clear that their next version
of Internet Explorer will be a part of Windows Longhorn
and will not run on any other system. This means that
companies like AOL will be forced to develop their own
backend browser, or incorporate Mozilla's Gecko technology,
unless they intend to remain with their current IE backend
indefinately.

Windows Longhorn and thus, the next release of Internet
Explorer, will not be released until 2007. That's three
years before a full update, at the very minimum. While
security holes may be plugged occasionally, we are still
three years from the next release of Internet Explorer,
and that means no real development while alternatives push
onwards.

Netscape is a declining browser, and many users are
leaving it for Mozilla or Mozilla Firebird, which are
further developed versions. Both IE and Netscape are going
to fade into obscurity within the next few years, where
neither are properly supported (or supported at all).

With MSIE on the Mac being dropped now, and Win32 MSIE
support being limited and eventually phased out, the only
real way to be sure that you're using an up to date and
secure browser is to make the move to Mozilla Firebird,
the Mozilla Suite, Opera or another major "alternative"
browser.

--Resource Links:------------------------------------------

Links to useful pages, or pages that prove without a
doubt that forcing users to use Internet Explorer is
forcing them to expose themselves to security risks.

Mozilla Foundation:
http://www.mozilla.org/

Mozilla Firebird:
http://www.mozilla.org/products/firebird/

Mozilla Firebird Help:
http://texturizer.net/firebird/

Why You Should Use Mozilla:
http://www.xulplanet.com/ndeakin/arts/reasons.html

Internet Explorer Considered Harmful:
http://ashitaka-san.home.comcast.net/yayrant/ieharmful.html

Internet Explorer Vulnerabilities:
http://afongen.com/blog/archives/000528.php

Clipboard Exploit:
http://www.arstdesign.com/articles/clipboardexploit.html

Qualys Browser Checkup:
http://browsercheck.qualys.com/

Browser Security Test:
http://bcheck.scanit.be/bcheck/

Verisign Security Test:
http://verisign.netscape.com/advisor/check.html

 

JayK,
thats a great post you made... to say bout me and will just go on supporting wateva you said... i hav dual OS... just when i joined here.. i was having win2K and still have though... but ooh... this IE really sucks... i have been doin all type of tests and falacies... IE just is so chaotic and yes.. simply and undoubtedly... VULNERABLE...
i hav win2K as i said and LINUX ( oooh man... the best without debate ) I USE MOZILLA AND OPERA IN LINUX.... now i mostly use windows as for offline jobs and unless needed very much dun access net from there... and that also again mostly using Opera...
why the hell windows go on like this way with all the loopholes... we just need a good OS much like LINUX, ofcourse windows has advantages too... but sooner or later those seems so little... atleast in terms of security...
for me... you want internet... LIMIT USAGE OF ie.... you want to b safe... LIMIT USAGE OF ie

- removed unnecessary attachment.

 

BTW it wasn't my post as stated at the beginning.

I'm not IGAU

As for switching from windows to Linux, one step at a time.....

 

oh oops sorry... ya anyway (sorry to IGAU too) ...
about steps... ya you are right....
one small step for man, giant leap for mankind... armstrong...
but i think windows dun hav future unless getting more secured by anyway ....

 

You may not have started the article but I learned from it.
cookie for you







- removed unnecessary attachment.

 

You are already not using IE, so you did not learn anything. I'm preaching to the choir.

I doubt anyone of the IE shell diehards would convert because of this article. They much prefer to "leave the door open" and then hope to cover it up with other software...