Global security consultancy ScanIT shows Microsoft’s Internet Explorer was "unsafe" for 98% of 2004, while rival browser Mozilla was "unsafe" for only 15%…
The figures come from 195,000 internet users who checked their systems for vulnerabilities using ScanIT’s free online Browser Security Checker in 2004.
The checker’s findings showed surfers using Mozilla’s Firefox browser enjoyed the shortest "exposure period" where a patch for known vulnerabilities in the browser was unavailable.
By comparison, the scanner showed Microsoft’s IE enjoyed only seven days without being subject to any known vulnerabilities, between 12 and 19 October.
"This means fully patched IE was known to be unsafe for an incredible 98 per cent of 2004," ScanIT’s CEO David Michaux says.
"And for 200 days in 2004 – that’s some 54 per cent of the time – there was a worm or virus exploiting one of those un-patched vulnerabilities," he added.
The Mozilla Firefox, Netscape Navigator and Camino browsers combined left a smaller window for prospective attack than the more widely-used IE.
There were only 56 days in 2004 (15 per cent of the year) where there was a publicly-known vulnerability – a remote code execution – in Mozilla’s browser and no patch to fix it.
Users of the Opera browser experienced 65 days (17 per cent of the year) exposed to un-patched remote code execution vulnerabilities, according to ScanIT’s browser checker results.
The new results show a huge rise in the number of surfers using Mozilla’s Firefox browser over IE since ScanIT’s previous browser checker report for 2003.
Alla Bezroutchko, ScanIT’s Senior Security Engineer, suggests the upsurge in popularity for Mozilla is partly due to the advantages it enjoys over IE, including better public disclosure of vulnerabilities.
"Security researchers seem to be more inclined to report Firefox vulnerabilities to the Mozilla development team than IE flaws to Microsoft because of a better general attitude towards them.
“Mozilla’s Bug Bounty Program, which pays users $500 for reporting critical security bugs, is also a major incentive," Bezroutchko adds.
Internet browser security is a growing concern both for home and business users, who are equally at risk from spyware, adware and malicious attack while online.
Un-patched vulnerabilities in web browsers gained commercial value in 2004 as hackers and virus writers found ever more efficient ways of capitalising on the loopholes bad browser security provides.
These include stealing users’ personal information, including bank details, and sending spam emails via their private address books.
ScanIT is continuing to develop its free Browser Security Test as part of a wider security package to protect broadband business and personal users from such attacks.