14 DAY TRIAL // Internet Explorer has been under siege in the last half of 2006. This is by no means an overstatement. Due to its wide audience, Microsoft is the dominant presence on the browser market with a share of approximately 80%, Internet Explorer is the ideal and prevalent target for attacks over the Internet. The fact that IE has a bad reputation in terms of security has also contributed to making it the primary target for online attacks.
In its recently published Internet Security Threat Report - Trends for July- December 2006, security company Symantec revealed that Internet Explorer was targeted by over 77% of all the attacks designed to impact web browsers. In this regard, home users have been the most exposed audience, 93% of all web browser targeted attack being aimed at them.
"Over the last six months of 2006 we have been tracking the distribution of attacks targeting Web browsers. The results show that Microsoft's Internet Explorer leads with an extremely large margin in the number of attackers targeting it. The primary focus of attacks seems to target ActiveX controls; ActiveX controls are not strictly a part of the browser, but simply provide functionality that can be used by the browser," commented Joe Blackbird, Symantec Security Response Researcher.
According to Symantec, the various versions of Internet Explorer accounted for 54 vulnerabilities in the last six months of 2006, Mozilla Firefox was impacted by 40 flaws and Apple Safari and Opera each had four. Symantec went on to predict that Internet Explorer 7 will move to the center stage of web browser attacks.
"Internet Explorer 7 attempts to deal with these issues by disabling ActiveX controls by default. Unfortunately, I am not sure that this type of solution will work all that well in the Web browser environment. The problem is that disabling functionality reduces usability; things that people once did with their browser are no longer possible. Most people are frustrated by security features that restrict usability. As a consequence, people will probably simply enable ActiveX controls, and then their security will likely be compromised. In the end, it is possible that Microsoft's attempt to resolve the issue of browser security will ultimately fail," Blackbird forecasted.