Critical Flaws in MSIE

For anyone still aflutter about the recent news of a critical flaw found in FireFox -- a flaw that was subsequently fixed 5 days after its announcement -- and thinking of switching back to IE simply because it doesn't matter, here's some recent information about flaws in IE.

According to eEye, a security firm that assesses software for security, recently discovered flaws in IE and Outlook have the potential to allow remote code execution on a user's computer with little or no interaction on the part of that user. (This means a person can run a program on your computer without your knowledge. No one does this for anything but malicious purposes.) This is nothing new, of course, but what is interesting, is the timing.

Information about FireFox's security flaw was "leaked" on May 7th and announced by Mozilla the following day. It was patched on May 12.

The most recent IE (and Outlook) security flaw was found by eEye on May 5th, and almost no one reported it. Microsoft itself has scheduled releases of information of this sort and rarely breaks their cycle. With that in mind, the company itself will not inform its users of the problem until June 14th, possibly as early as June 9th in a preview of the official security update. Whether the flaws will be patched at that time is currently unknown.

Further, this flaw announced by an outside firm on May 5th is not the only flaw. According to THIS LIST four distinct vulnerabilities have been discovered in IE and/or Outlook that could allow remote code execution that have not been addressed by Microsoft nor managed in any way. The knowledge of one of these flaws is over 60 days old. (BTW, don't let the "Velunerability is Over" note at the bottom confuse you. That's the company's motto. Similarly "Days Overdue" refers to expected action, not what should be expected.)

Now, ask yourself, how is it a security flaw in FireFox gets announced far and wide as though it were the beginning of the end, yet an even more critical flaw in IE found two days earlier along with similar flaws found earlier than that get almost no press?

As anyone can tell, I like FireFox quite a bit. However, I really don't care what browser you use, but I strongly urge you to consider these sorts of factors in making your decision. Many browsers exist now -- Opera, Avant, Safari, FireFox, etc. -- that are published by companies and organizations who have not, like Microsoft, essentially ignored the development of the program since its most stable release. The same holds true for Outlook, a sometimes ignored, but at least an equal opportunity point of risk in the security of any system.

Put some effort into securing your system. You'll do yourself and everyone else a favor.

Similar to how the * administration does business. Maybe I should buy a Mac!

popularity is a curse in this business. And remember that Macs often run Microsoft software.

A totally secure system is a phantom, some fairy tale told in the wee hours of the morning.

What people need to seek is software that is supported well by those who develop it. Microsoft does not support its products in any meaningful sense. It is absurd that an exploitable flaw has been known to exist for two months without Microsoft even acknowledging it, much less doing anything anyone knows about to correct the problem.