File under boggle: how safe is Internet Explorer your Lordship?

happygeek 1 Tallied Votes 269 Views Share

It doesn't take a search genius to go and find plenty of reports of how Internet Explorer is, how can I put this nicely, not exactly the safest bet if you are looking for the most secure browsing experience. Quite apart from anything else it has the biggest market share and so the bad guys will naturally focus their attention on trying to hit the product with the largest number of users. Just because Microsoft appears to not make this too hard for them to accomplish is by the by.

There really can be no denying, on common sense grounds, that using one of the alternative browsers with a smaller market share and better track record of both being hit by and quickly dealing with vulnerabilities is going to be a more secure option. Not 100% safe online, nowhere near it in fact, but safer than if you are using the browser client of choice for the bad guy attention. Indeed, depending upon the metrics used you might not opt for Firefox or Safari, but that still leaves Opera and Chrome looking like more secure bets.

Well, I say no denying but that, of course, does not apply to politicians who can deny pretty much anything. Including, it would seem, any hint of Internet Explorer insecurity. In a parliamentary question asked in the House of Lords by Lord Avebury on the 26th January 2010, Her Majesty's Government were asked about any discussions they had undertaken with French and German counterparts regarding the security risks of using Internet Explorer, and "whether they will encourage public sector users to use another web browser".

The answer from Parliamentary Under-Secretary of State, Home Office (Lord West of Spithead), as published in the Lords Hansard, comes with a bloody huge BOGGLE warning:

"Complex software will always have vulnerabilities and motivated adversaries will always work to discover and take advantage of them. We take internet security very seriously and we have worked with Microsoft and other suppliers over many years to understand the security of the products used by HMG, including Internet Explorer. There is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure. Regular software patching and updating will help defend against the latest threats."

OK, so the important bit of that was "no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure" which is where things start going pear-shaped, especially from the public sector use perspective.

Stand up if you work in the public sector, now sit down if your department is using a fully patched version of IE8. I suspect many, if not most, of you are still standing given the number of folk that I talk to who do work in such environments and are still using IE6 let alone IE7 and very few who tell me IE8 is the order of the day. The NHS has only just this month given the go ahead for those organisations using IE6 to move to IE7 on security grounds for goodness sake.