Microsoft's latest browser, Internet Explorer 8, has gotten mixed reviews from MaximumPC.com readers (see comments here and here), but one question that's hard for any individual user to answer about any browser is "how secure is it?"
To find out, Microsoft asked NSS Labs to pit IE8 RC1 against its predecessor, IE7, as well as the following third-party browsers: Firefox 3.0.7, Safari 3.2, Chrome 1.0.154, and Opera 9.64. The objective: find out which browser did the best job at handling so-called social-engineering malware sites - the ones that try to con you into downloading malware disguised as something else ("Adobe Flash update," anyone?).
ComputerWorldreports that IE8 did the best job of fending off attacks from 492 malware-distributing websites, blocking 69% of attacks (details here [PDF link]). If you're not using IE8, join us after the jump to learn how your favorite browser fared.
It was a year ago that security researcher Charlie Miller walked away with $10,000 for hacking into a MacBook Air with Safari in just two minutes during the annual Pwn2Own competition, and earlier this month Miller predicted Safari would be the first to fall at this year's event. Miller made good on that promise this week by using a prepared exploit to gain full control of the device in about 10 seconds.
"It's not easy, but this worked with one click [from the Safari browser]", Miller said.
Miller had discovered the exploit last year, which allows a remote attacker to take over a machine if a user clicks on a malicious URL. Details of the exploit, which Miller isn't allowed to divulge, will be shared with Apple from contest sponsor TippingPoint so that Apple can develop a patch.
On the same day, a 25-year-old computer science student at the University of Oldenburg in Germany demonstrated exploits in IE8, Safari, and Firefox, earning him a cool $15,000 ($5,000 per exploit), along with getting to keep the Sony Vaio P series notebook he used (Miller pocketed $5,000 and a MacBook Air).
While three major browsers succumbed to hacking attempts on day one, no mobile exploits have yet been successful. Mobile exploits carry the biggest reward for contest participants, with TippingPoint offering $10,000 for each successful exploit in the major smartphones.
After a week on hiatus (no podcaster’s strike, we promise you), the gang is back to report and share their thoughts on this week’s big tech happenings. Will and Gordon drop their two cents on the Intel-Nvidia feud, and the team lays out the benefits on Vista SP2. Will also shares his experience debating MacLife’s Robbie Baldwin on the ABC News Now cable show. Along with listener questions, Gordon’s rant of the week also returns, filled with more rage than ever. This week’s targets: Shakespeare, Microsoft Outlook and office thievery.
Do you have a tech question? A comment? A tale of technological triumph? Just need to get something off your chest? A secret to share? Email us at firstname.lastname@example.org or call our 24-hour No BS Podcast hotline at 877.404.1337 x1337--operators are standing by.
Anyone who may have thought the death of Netscape would signal the end of the browser wars, boy were they mistaken. In fact, it could be argued that it was at that point it all began. It didn't take long for Mozilla's Firefox to emerge from Netscape Navigator's ashes, and over time, Firefox would win over enthusiasts with a potent combination of speed, security, and an unprecedented level of customization.
But what started as a two-man battle is quickly growing into all-out warfare. Prepare to be overwhelmed by an onslaught of new browser releases in the coming months as Microsoft, Mozilla, Apple, Opera Software, and Google all vie to provide your vehicle for navigating the web. Each one brings something new to the table, whether it be blazing fast performance or a unique feature-set. Don't worry if you haven't been paying attention - we jump in the trenches with whole lot of them and get to know each one on a personal basis.
Hit the jump to find out everything there is to know about the browsers of today and tomorrow!
Upon the release of the Safari 4 Beta, Apple was boasting some mighty impressive speeds. Now, thanks to some extensive testing, it looks like the boys down in Cupertino deserve a pat on the back, with their browser clocking in at a staggering 42 times faster than Internet Explorer 7.
Most surprising, is that Apple’s latest addition was able to beat out Google’s Chrome (the proclaimed “Speed King”) in testing, along with Firefox 3, Opera 9.6 and Mozilla’s developmental Minefield. The tests were conducted on both a PC running XP SP2, and a Mac running OS X 10.6 with all of the latest updates applied.
If you’re looking to check out the full results of the speed testing, check them out here.
For a while, the Google Earth plug-in was only available for Internet Explorer, Firefox and Safari. Now, it looks like Google has allowed their very own browser to get in on the fun, making it available as of this week.
“As of ~4 p.m. PST today, Google Chrome 1.0+ on Windows is an officially supported browser,” wrote a Google Employee in an Email sent out to a mailing list yesterday. “That means Chrome users will no longer get the unsupported browser message, and the plugin and API should work just as they would in other supported browsers.”
As it turns out, those of us responsible enough to have a computer generally aren’t responsible enough to keep ourselves safe online. Sure, we might get Norton or McAfee at checkout, but that’s generally the easiest step to take. When it comes to surfing the net, if the browser doesn’t update automatically, we probably won’t take the time to update it on our own.
At least, that’s what a study by a pair of Swiss academics and a Google employee revealed. The study, which ran Google results from January 2007 to April 2008, revealed that as a general whole PC users are reluctant to swap software. The swap from IE6 to 7 came gradually, with a primary boost from sales of new PCs with Windows Vista (and IE7) preinstalled. Mac users “seemed more willing to live on the cutting edge, as the Safari 3 beta release was accompanied by a major jump.”
To security conscious users Mozilla’s Firefox came out on top. Its self-updating nature made it a favorite, opposed to others like Opera, which have an update that basically functions as a manual download followed by a new install.
The analysis suggests that most users of web browsers aren’t filled with thoughts of Internet security, but rather with thoughts of convenience. If you’re interested in checking out the study for yourself, you can be sure to check it out in its entirety, here.
According to papers filed in a U.S District Court in Arizona, the patent pertains to "methods and systems for accessing one or more computer files via a graphical icon, wherein the graphical icon includes an image of a selected portion or portions of one or more computer files." The patent was awarded to the company as recently as March, 2008.
If it is able to make its case successfully, a windfall awaits Cygnus as it has two of the leading operating systems, three of the major web browsers and the insanely popular iPhone in its crosshairs.
Outside of mobile Safari, and perhaps to a lesser extent Opera Mini, the mobile browser experience can be somewhat unsatisfying. Poor page rendering, or completely unusable interfaces seem to plague the mobile experience. That’s where Mozilla has seen an opportunity to expand its browser platform, and a market that is still relatively untapped. With the launch of Fennec Alpha 2, Mozilla is one step closer to its goal of a mobile Firefox. Alpha 2 seems to address many of the performance issues that hindered the previous version, and these complaints were clearly acknowledged in a blog posting by Mozilla’s Mark Finkle.
“While we focused much of the previous alpha on getting the user experience how we wanted, we’ve spent much of the time since focused on improving performance. We’ve made major strides improving startup performance, panning and zooming performance, and responsiveness while pages are loading.”
My somewhat unscientific testing seems to backup these claims and performance has defiantly improved. Currently support is limited to Nokia's Maemo based N800 and N810, but compatibility with Windows Mobile and Symbian is apparently well underway. These platforms could defiantly use a bit more choice when it comes to browsers, and many are hoping it will finally give the power enjoyed by mobile Safari users to those who prefer non Apple hardware.
Once again, Internet Explorer (aka "Internet Exploder") has been attacked through a "zero-day" remote code execution vulnerability. That might not seem like MaximumPC.com-worthy news, except for two factors: the flaw is affecting thousands of websites, and this time, it isn't just Firefox fans who are saying "time to switch browsers, already!" - security experts at Trend Micro, the Spamhaus Project, and the UK's PC Pro magazine are all recommending making a switch, according to the BBC. And here's why:
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Switching Browsers? Choices Abound!
Attacks against IE7 have been verified, but all versions of IE (including IE 8 Beta 2) have the same underlying vulnerability; a vulnerability not present in IE's competitors (Firefox, Opera, Chrome, and Safari). Switching browsers makes sense for most web surfing, but, alas, some websites and (of course) Windows Update and Microsoft Update for Windows XP won't work with anything but IE.
Redmond Readies Security Update
Since the vulnerability was detected on December 10th, Microsoft code jockeys have been working hard to patch the flaw (Redmond doesn't want you to switch, naturally, and given the way that IE and Windows work together, a broken IE isn't good for anybody), and a patch will be available tomorrow (December 17th) for all versions of IE from 5.01 up, applying to all versions of Windows and Windows Server from Windows 2000 on up. It's rare for Microsoft to perform a security update between Patch Tuesdays, but when a "Critical" vulnerability (the most dangerous category of vulnerability) is discovered, there's no time to waste.
If you must use IE and you're looking for workarounds until you can get the update, join us after the jump for details.