Defending The Kingdom

It’s been about six months since I last posted about browser security. I reported then that Internet Explorer 7 had overcome many of the security vulnerabilities that plagued IE6 for so many years. I even said that IE7 should be considered as secure as Firefox until more data became available. So, what does the data say now?
IE7 is still vastly better than IE6. For those who prefer Internet Explorer, but haven’t yet upgraded to the newest version, wait no longer.

Despite IE7’s advances over it’s predecessor, however, some differences between IE7 and Firefox are beginning obvious. IE7 seems consistently to have more unpatched vulnerabilities than does Firefox. As of today, Secunia, a security consultancy, is reporting that IE7 has 10 unpatched vulnerabilities, almost twice as many as Firefox.

Moreover, IE7’s worst flaw is rated “Highly critical”, while Firefox’s worst is rated “Less critical”. Unfortunately for Internet Explorer, its trouble with more and more severe vulnerabilities is more habit than fluke. Every time I have checked Secunia’s vulnerability reports on the two browsers over the last six months, the general trend has not changed. At this point, it is clear that Firefox typically has fewer security flaws, and the flaws it has are not as serious as those of Internet Explorer.

Interesting Wired News article on why people won’t pay for protection from privacy intrusions.

Privacy is fast becoming the trendy concept in online marketing. An increasing number of companies are flaunting the steps they’ve taken to protect the privacy of their customers. But studies suggest consumers won’t pay even 25 cents to protect their data.

Later, one of the people interviewed explains why he thinks this is the case:

The thing about consumer privacy is it’s really a death from a thousand cuts. With any given click or any given web page the loss of information is usually very subtle. The fact that you may get more spam or pay more for flowers because you live in a wealthy ZIP code are just single drops in a tsunami of privacy violations.

Too bad. I certainly sympathize sometimes with the sense of hopelessness about keeping my privacy that many people experience. And, for some, perhaps the costs of combating privacy concerns are higher than the costs from losing one’s privacy.