Internet Explorer 10 for Windows 7 News

Glaucus · 14 Nov 2012 at 21:49

Don't tell me what I do and don't know.
And yes I can exclude certain information, as the information. Is not relevent.
We are discussing. Ie10 not 7,8,9 etc.

Vulnerability can and does equal in the wild.
It can be in the wild before its detected in house. It doesn't suddenly become in the wild when its been exploited for two months, but its only just been discovered by security experts.

ANY exploit is a potential vulnerability that can be exploited, just becuase its found in house does not stop it being an exploitable vulnerability. The only difference is its, LESS likely to be used at it isn't documented everywhere, it doesn't stop anyone discovering it and exploiting it.

It's why we get worms/virus that exploit unkowen vulnerabilities. This vulnerabilities still exist.

I didn't link to the out of date part. You di, it's clear why that isn't included its 2011 report. We are talking ie10. Which was only released ~12 months ago.
Sis you not see or understand the I'm still searching for the recent article.

KIA · 14 Nov 2012 at 22:03

If IE10 is so super, why would you compare it to an old version of Chrome? Hardly a fair comparison. Sadly, you still don't understand the meaning of the world vulnerability.

However, both my own investigation and the public record show that of the three browsers, Internet Explorer was the only one that had critical, unpatched vulnerabilities that were demonstrably exploited by attackers before patches were made available. According to Microsoft’s own account, there were at least six zero-days actively exploited in the past 18 months in IE. All but one of them earned Microsoft’s most dire “critical” rating, leaving IE users under zero-day attack for at least 152 days since the beginning of 2011.

If we count just the critical zero-days, there were at least 89 non-overlapping days (about three months) between the beginning of 2011 and Sept. 2012 in which IE zero-day vulnerabilities were actively being exploited. That number is almost certainly conservative, because I could find no data on the window of vulnerability for CVE-2011-0094, a critical zero-day flaw fixed in MS11-018 that Microsoft said was being attacked prior to releasing a patch for it. This analysis also does not include CVE-2011-1345, a vulnerability demonstrated at the Pwn2Pwn contest in 2011.

For that same time period, I couldn’t find any evidence that malicious hackers had exploited publicly-disclosed vulnerabilities in Chrome or Firefox before those flaws were fixed. Nevertheless, I put the question to both companies. A Google spokesperson said that the company has never observed a Chrome zero-day in the wild against any of its stable versions since it first released Chrome. The company noted that while there have been Flash zero-days — and that it ships Flash with Chrome, none of these Flash flaws have been unique to Chrome. What’s more, Google said, most attacks on Flash explicitly did not target Chrome because the attackers didn’t have a sandbox bypass to pair with the Flash exploit.

A Mozilla spokesperson said the last true zero-day that was used by attackers to install malware via a vulnerability in Firefox came in October 2010, from miscreants who’d stitched an exploit for an unpatched Firefox flaw into the Nobel Peace Prize Web site.

http://krebsonsecurity.com/2012/10/in-a-zero-day-world-its-active-attacks-that-matter/

Glaucus · 14 Nov 2012 at 22:23

I'm not and never have compared it to an old version of chrome.

KIA · 15 Nov 2012 at 10:13

You used old information in your argument as to why IE is so superior to Chrome. I'm still waiting for the magical graphs.

Glaucus said:
What I can prove is exploits in chrome are massive, way more than any other browser with the comparable marketshare. That's insecure.

A Google spokesperson said that the company has never observed a Chrome zero-day in the wild against any of its stable versions since it first released Chrome.

Comedy gold.

markweatherill · 15 Nov 2012 at 11:08

What would be really funny is if Microsoft announced that Windows 7 was going to get Internet Explorer 10, and it turned out to be the Metro version.

Metrolled!

Glaucus · 15 Nov 2012 at 12:47

KIA said:
You used old information in your argument as to why IE is so superior to Chrome. I'm still waiting for the magical graphs.

No, I showed a trend of expolits,I never once compared old to new, and even specifically said you need to compare data for fully upto date, chrome/ie10/firefox, so try again.

Antowns · 15 Nov 2012 at 14:34

Nexus18 · 15 Nov 2012 at 15:38

KIA · 15 Nov 2012 at 17:54

Glaucus said:
No, I showed a trend of expolits,I never once compared old to new, and even specifically said you need to compare data for fully upto date, chrome/ie10/firefox, so try again.

Vulnerabilities. You're getting confused again.

You used old data in an attempt to bash Chrome and moaned when I used the same data to bash your superb browser.

No comment regarding the Krebs article?