Click here to receive your FREE subscription to Campus Technology
News
IE Is Least-Patched Browser, Report Says
7/8/2008
|
|
According to a report released last Tuesday, more than 40 percent of Internet surfers don't use browsers with up-to-date security patches--and Internet Explorer users are the biggest culprits.
The report, "Understanding the Web Browser Threat," was conducted by researchers at ETH Zurich, Google Inc. and IBM Internet Security Services. Its main assertion is that Web browsers -- such as IE, Firefox and Safari -- are often the weakest link in the security configuration of a given workstation.
IE took hits throughout the report, which claimed that the gestation time between Microsoft patch releases is too long compared to similar programs from Apple and others. In fact, according to the report, IE came in dead last in terms of security, with only 47.6 percent of its users having the latest security patches.
The report's authors wrote: "Considering that Microsoft offers Internet Explorer 7 as an auto-upgrade from Internet Explorer 6 as part of the monthly Windows updates and that it requires a manual patch to prevent upgrading to version 7, it is rather surprising to see how slow the migration to the most secure version has been."
Firefox came in first place, with 83.3 percent of its users having the latest version. Apple's Safari and the open source Opera came in second and third, with 65.3 and 56.1 percent of its users, respectively, running the latest versions.
But, as with many such reports, there are those who were quick to question the findings and defend Microsoft's position in the security space. In particular, Microsoft Software Security Software Engineer Robert Hensing took issue with the way the data on IE was gathered, arguing that the method could not have produced the results stated in the report.
"I can appreciate what [the report's authors] are trying to do -- and I believe they were probably trying to be as un-biased and scientific as they possibly could given the nebulous goal of the study, but it was, unfortunately, full of fail," he wrote in his blog on Tuesday, soon after the report's release. "What they seem to have done is combed the Google logs looking at the user-agent strings...The only problem? IE doesn't send minor version information, so there's no way to determine IE patch levels from the user-agent string. Oops."
Recommended Reading
- Digital Arts Alliance Adds Fordham U
The Digital Arts Alliance, a consortium led by the Pearson Foundation that promotes digital arts in K-12 education, is expanding its membership with the addition of Fordham University. This follows on the heels of three other organizations joining the group back in July--the National Education Association (NEA) Foundation, the Foundation for Investor Education, and Employers For Education Excellence (E3).
- Payment Card Security Toughens with DSS 1.2 Release
Opinions are mixed on what the new Payment Card Industry (PCI) DSS 1.2 standard will mean for security pros going forward. However, the mandate is clear: protect data.
- 6 Universities Join NASA Astrobiology Institute
Research teams from six universities have been selected by NASA to become members of its Astrobiology Institute with the aim of exploring the "origins, evolution, distribution, and future of life in the universe." Teams were each awarded five-year grants, averaging $7 million each, according to NASA.
- Amazon To Host Microsoft Solutions in the Cloud
Amazon announced Wednesday that it is conducting a private beta test of Microsoft's server products running on Amazon's hosted computing platform, which is called Amazon Elastic Compute Cloud (EC2). Amazon expects to offer companies the ability to run their applications on EC2 using Microsoft Windows Server or Microsoft SQL Server sometime in the fall, according to an announcement issued by the company.
- CRM Pushing into New Areas of Higher Ed
Implementing a customer relationship management (CRM) solution can require "difficult or even painful behavioral challenges" for administrators in higher education, according to Nicole Engelbert, a lead analyst with research and analysis firm Datamonitor. "It means re-orienting yourself to your students. That can be tough, so you need to be ready for that."
- Integrated Collaborative Environment Leverages Web 2.0
Here's a bit of trivia for your next high-tech happy hour: A "nog" (in addition to being a Christmas favorite) is a wooden block built into a masonry wall so that joinery structure can be nailed to it. For the founders of Piscataway, N.J.-based startup Bluenog this obscure bit of carpentry nomenclature was the perfect metaphor for an integrated software suite that includes a content management system (CMS), rich portal features and business intelligence (BI) capabilities.
