Microsoft have launched a new website aimed at helping people identify how secure their web browser really is. www.YourBrowserMatters.org will tell visitors in a simple score from 0 to 4 just how secure they are when they go online.
In a blog post today, the company said that 24.4% of all web browsers are outdated and insecure. Of this 15.2% includes Internet Explorer 6 and 7 (it’s odd that Microsoft are suddenly now calling IE7 insecure) and 7.5% are older versions of Mozilla Firefox.
In their breakdown by country the USA appears to be the worst offender with just under 22 million computers using insecure browsers. Brazil is second with just over 7 million, France is third with 5 million, the UK has 4.2 million and China has just under 4 million. I’m not completely sure where this fits with Microsoft’s IE6 Countdown site which states that more than 25% of all browser usage in China is still IE6.
Microsoft’s stats say that this 24.4% equates to around 340 million PCs worldwide. In a statement they said…
With that in mind, we’ve partnered with the Anti-Phishing League, Identity Theft Council, and Online Trust Alliance to raise awareness of the critical role browsers play in online security and make it as easy as possible for people to protect themselves.
The new website itself does more than just give your browser a health rating. There is useful information there on what malware is, with a useful video for the uninitiated. There is also information on what modern browsers do to keep people safe when they’re online and also help and advice on how you can stay safer when you’re online.
Oddly, what the browser doesn’t do is bring the latest version of Internet Explorer front and centre, instead relegating it to a small download button hidden away on the website’s last page. This is probably a very good idea given the organisations that Microsoft has formed alliances with for this project.
It is very true that you should always make sure you have the latest and most up to date version of whatever browser you are using, be that Internet Explorer, Chrome, Firefox, Safari or Opera and that you have installed all the latest security and other patches.
It is always good to see when companies try and give the public additional advice too. People can become too reliant on the web browser protecting them from ‘everything’ and they can then feel they can click around random links with impunity. In fact this is the best way to get your computer infected with malware, or have your identity stolen, and it is the responsibility of every Internet user to remain cautious and vigilant when online.
The Online Trust Alliance say of the project…
“The mission of the Online Trust Alliance is to enhance online trust and confidence. When it comes to online security and privacy, the browser plays an important part in helping to make the internet safer for all users. Since our inception, OTA has been a proponent of improving browser security and getting people to move to more secure platforms… More must be done to help educate users on the need to move to more modern browsers and we applaud Microsoft’s leadership and collaboration in this important initiative.”
Martin’s take
Your Browser Matters is a new site by Microsoft and partners that aims to make Internet users aware of security in general, and the web browser they use in particular. Some users may decide to ignore the site completely considering that it is maintained by Microsoft, others might want to check it out to see what it is all about and if the points that it tries to make are valid.
When you open the homepage of the informational site in a supported web browser you get a score for that browser right away. The site unfortunately does not support beta versions of web browsers which means that I was only able to get a score for Internet Explorer 9. Neither Firefox Aurora, Google Chrome Dev nor the latest stable Opera version were compatible with the site.
Microsoft’s Internet Explorer 9 scores 4 out of 4 points, which obviously is the highest possible score. Ed Bott ran Chrome Stable and Firefox Stable through the test and noticed that the browsers scored 2.5 (Chrome) and 2 (Firefox) respectively.
It all boils down to the test criteria. When you look at all of them in the screenshot below you will notice that Microsoft analyses how the browser handles the following four attack forms: Dangerous downloads, Phishing websites, Attacks on your browser and Attacks on websites.
You will also notice that no browser scores perfectly in all tests. Microsoft’s Internet Explorer 9 for instance fails in three of the sixteen tests, Chrome in seven and Firefox even in nine tests.
When you look at the core differences you notice that Microsoft’s Internet Explorer is the only browser in the test that passes all dangerous download tests which the company attributes to its SmartScreen technology. Both Firefox and Chrome fail in the tests.
All browsers pass the phishing websites tests. The attacks on your browser group of tests is divided into securing extensions and effective sandbox. Internet Explorer is the only browser according to Microsoft with the ability to restrict extensions and plugins on a per-site basis. The browser also passes the “benefits from Windows operating system features that protect against structured exception handling overwrite attacks” test where the two others fail.
Chrome on the other hand is the only browser in the list that passes the sandbox test.
Internet Explorer passes four of five tests of the attacks on websites test. It is the only browser that can automatically block insecure content from https pages and to sanitize HTML to remove potentially problematic code.
The question at this point is obviously if the tests are biased towards Internet Explorer by leaving out tests that might not be as favorable.
I can list a few missing tests without really thinking much about it, for instance:
- Is the browser protecting the user from third party extension or plugin installations?
- Does the browser warn the user of outdated plugins?
- Can users disable security related features, like JavaScript on a per site basis.
- Does the browser support different user profiles?
What I like about the site in general is that it offers information that educate users. The prevention tab for instance lists basic but important security information on one page.
Security is obviously only one feature when users pick a favorite browser that they use most of the time. There are other features like speed, extensions support or general compatibility with web standards that can make a difference.
What’s your take on Your Browser Matters? Is Microsoft making a valid point here or is this just marketing mumbo-jumbo?
Before you answer note that that Internet Explorer 6 scores 0 of 4 points and Internet Explorer 7 1 out of 4.
© Mike Halsey (MVP) for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: browser, microsoft, Security
0 comments:
Post a Comment