Internet Explorer 10 for Windows 7 News

[robinbredin]

I have IE 10 preview running now, and find nothing wrong with it.

This is the version I have,

 

[Glaucus]

People still use I.E?

Why not ie10 is a superb browser.
People need to re-evaluate their choices. Just becuase a product us to suck, doesn't mean it still does.

I hadn't use ie for years, been using firefox for god noes how long. After installing w8 devloper preview. One of the first things I installed was Firefox. Now Firefox is no longer installed and its now the slow rubbish browser. I would even prefer chrome over Firefox now and I've never really got on with chrome.

 

[KIA]

Superb?

Does it block Java by default? Nope.
Does it block vulnerable plug-ins? Nope.
Does it support click-to-play plug-in mode? Nope.
Do users have to wait an average of 1 month for critical security updates? Yes.

I'll stick with FF & Chrome.

 

[deuse]

Windows 8

It took that long to do a GUI!!!!

 

[Glaucus]

Superb?

Does it block Java by default? Nope.
Does it block vulnerable plug-ins? Nope.
Does it support click-to-play plug-in mode? Nope.
Do users have to wait an average of 1 month for critical security updates? Yes.

I'll stick with FF & Chrome.

Lol, why would you want it off by default. Most people don't configure stuff and tons of websites use java.
Also chrome is one of the most unsecure webrowsers, especially since its popularity exploded. It doesn't do well n the ulnar abilities found vs vulnrabiitis fixed tables. Operas the best, ie is second best, chrome is worst.
And overal vulnerabilities, chrome is the worst again for both high and moderate.

So listing those reasons, shouldn't you be an opera person.

 

[theheyes]

It took that long to do a GUI!!!!

Don't start that again!!

 

[KIA]

Lol, why would you want it off by default. Most people don't configure stuff and tons of websites use java.

To provide some protection against unpatched Java exploits that are in the wild, right now.

Also chrome is one of the most unsecure webrowsers, especially since its popularity exploded. It doesn't do well n the ulnar abilities found vs vulnrabiitis fixed tables. Operas the best, ie is second best, chrome is worst.
And overal vulnerabilities, chrome is the worst again for both high and moderate.

Source?

I would expect Chrome to have a higher amount of vulnerabilities found, since Google pays people to find them!

At least Chrome users receive a constant stream of updates, thanks to the built-in seamless background update utility.

http://googlechromereleases.blogspot.co.uk/

 

[Glaucus]

What good is regular updates when they aren't fixing loads

It's all over the web

http://www.gfi.com/blog/research-web-browser-war-security-battle-in-2011/

Google Chrome: Security vulnerabilities reported is on a highly ascending path. Google Chrome is the application with highest number of security vulnerabilities reported for the second year in a row. 275 new security vulnerabilities were discovered last year and the number is really impressive. For example, Microsoft “only” had 244 vulnerabilities reported in 2011 in all their products!

Mozilla Firefox: Vulnerabilities reported is on a descending trend after it had a peak in 2009, when it was the application with highest number of vulnerabilities discovered for the year. 97 new security vulnerabilities were discovered last year. This is slightly lower than the 103 vulnerabilities reported in 2010.

Internet Explorer: Security improvements added in latest versions contributed to the constantly descending number of discovered vulnerabilities in the browser for the past years. 45 new security vulnerabilities were discovered last year in Microsoft Internet Explorer. This is less than the 59 vulnerabilities reported in 2010.

Apple Safari: After the peak it had in 2010, the number of vulnerabilities is lower in 2011. 45 new security vulnerabilities were discovered last year. This is good improvement compared with the 122 vulnerabilities reported in 2010.

Opera Browser: The number of vulnerabilities reported in 2011 is on an ascending path, but the trend started from low levels and the number of critical vulnerabilities is still way below other browsers. 53 new security vulnerabilities were discovered last year. This is more than the 36 vulnerabilities reported in 2010.

96% of all vulnerabilities in web browsers were disclosed to public only after a fix was available from the vendor. This indicates that keeping your systems fully patched is crucial to reduce the risks of a security breach caused by a vulnerability in the web browser.

So no, in no way is chrome better than ie for security reasons.
The increase can be related to its marketshare, but even with that being taken Into account ie has a huge marketshare and even in the earlier years did not have any where near as many exploits.

And number of vulnerabilities being found is rising massively.

Ie also has "forced" updates, biggish out cry about that as well, how dare MS force updates on people.
http://www.computerworld.com/s/arti...nt_upgrade_religion_will_push_IE_auto_updates

Computerworld - Microsoft today said it will silently upgrade Internet Explorer (IE) starting next month, arguing that taking the responsibility out of the hands of users will keep the Web safer.

The move is an acknowledgement by Microsoft that Google's model -- its Chrome browser has updated in the background without user involvement since it debuted more than three years ago -- is the right one.

Still trying to find the kowen vs fixed reserch.

 

[jbloggs]

IE 10 certainly is nippier than 9, so 'yes' do like it...

 

[bledd]

I believe there are Adblock TPLs for IE, is that what you mean?

I've been trying the Fanboy TPL

Whilst it does block ads, the placeholders are often still there, big empty white space on youtube.

Not as good as ABP

 

[Xinn]

What is this Google Chorme those graphs speak of?

 

[KIA]

So no, in no way is chrome better than ie for security reasons.
The increase can be related to its marketshare, but even with that being taken Into account ie has a huge marketshare and even in the earlier years did not have any where near as many exploits.

More vulnerabilities discovered doesn't make it a weaker platform. It means more people are searching for vulnerabilities because Google is paying a massive amount of money, up to 60k in some cases. Who wouldn't want a slice of the pie?

Let's have a look at the important graphs:

IE isn't "superb" after all.

One of the comments:

W*ix April 16, 201211:55 am
I wouldn’t worry about Chrome so much, the spike on the first graph is mostly vulnerabilities found by the staff and testers.
Implying a browser is more or less secure by the initial graph is ignorant, if the staff don’t find bugs in their own software then they could be equally as incompetent as those who introduce the bugs, it can also boil down to prototyping style and release frequency.
It’s the last two graphs people should be focusing on. These are the real issues we face every day when browsing.

Ie also has "forced" updates, biggish out cry about that as well, how dare MS force updates on people.

Wow, forced updates between major versions of the browser. Ground breaking stuff!

 

[LiE]

They've finally included a spellchecker with IE10 which is great.

 

[Glaucus]

Yeah as 2011 includes ie10 oh wait.you know browsers change.
There's a 2012 graph somewhere and chrome still repairing far more exploits than anyone else.
That zero day exploits graphs includes all versions. Of which ie has the largest oldest portion still out their. So that's by no means the be all of end all. In comparison due to chrome having silent updating from the start, have very few out of date chrome versions, so to still find so many zero day exploits is worrying.

No not jsut between majour updates, forced updates as well. Unless you opt out.

So care to change your mind, chrome is not secure. Like you originally said. Even if you take into account all versions of ie, ie is still equal to chrome on zero day.

 

[KIA]

Yeah as 2011 includes ie10 oh wait.you know browsers change.

Why bother using the pointless graphs in the first place if that's your attitude?

There's a 2012 graph somewhere and chrome still repairing far more exploits than anyone else.
That zero day exploits graphs includes all versions. Of which ie has the largest oldest portion still out their. So that's by no means the be all of end all. In comparison due to chrome having silent updating from the start, have very few out of date chrome versions, so to still find so many zero day exploits is worrying.

Like I said before, Google has paid and will continue to pay security researchers in return for privately reported vulnerabilities. It will probably always have the highest amount of privately reported vulnerabilities due to this. You need to learn the difference between a private reported vulnerability and a public in-the-wild exploit.

By the way, out of date versions and automatic update have nothing to do with the discovery of 0days.

One would expect Chrome to have a large amount of zero days, due to its ever increasing userbase.

No not jsut between majour updates, forced updates as well. Unless you opt out.

So care to change your mind, chrome is not secure. Like you originally said. Even if you take into account all versions of ie, ie is still equal to chrome on zero day.

Incremental IE updates have always been on by default in Windows. Nice to see you changing your tone after I pointed out the real graphs to you.

Chrome is one of the most secure browsers on the market, by design. You've completely failed to address my initial points regarding plug-in security, which is one of the main points of entry into a system. Hell, even the developers of Firefox have got their act together and beefed up the security of plug-ins.

https://blog.mozilla.org/addons/2012/10/05/prompting-our-users-to-update-their-plugins/
https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
http://news.slashdot.org/story/12/1...fox-17?utm_source=slashdot&utm_medium=twitter

 

[Glaucus]

They aren't pointless graphs, the first graphs I posted show a common trend, but due to not everyone being able to update to ie10 and it being 2011 the later graphs are erelevent, hence I didn't post them. And was trying to find the more upto date stuff I've seen. Unfortunately I don't bookmark everything I read.

All futur updates in ie are installed silently, not just new browser editions.

 

[Nymins]

CSS transitions are supported finally.

 

[KIA]

They aren't pointless graphs, the first graphs I posted show a common trend

The "trend" has been explained.

but due to not everyone being able to update to ie10 and it being 2011 the later graphs are erelevent

They're totally relevant as you chose to use the article as some sort of proof. IE10 isn't going to be exploit proof. MS will continue to support older versions of IE.

 

[Glaucus]

How is it relevent?
I posted the relevent bit.
The trend has been explained? By a random comment.
No the fact is chrome has the most exploits, just becuase they aren't public doesn't mean they aren't being used.

When it comes to zero day exploits and talking about ie10, you need figures for fully updated ie10 vs fully updated chrome, vs fully updated FF etc.
That graph does not show ha and as such is pointless.
Your original comment just doesn't hold any weight.

Of course ie10 isn't, no web browser will ever be exploit proof, I never said or suggested that. You are the one who said ie10 is massively insure. Yet the charts don't show that. Post some proof for you assertion if you want.
What I can prove is exploits in chrome are massive, way more than any other browser with the comparable marketshare. That's insecure. You think in house teams are the only ones who can find them? You think any expolit being used is always public?

 

[KIA]

How is it relevent?
I posted the relevent bit.
The trend has been explained? By a random comment.
No the fact is chrome has the most exploits, just becuase they aren't public doesn't mean they aren't being used.

You can't choose to ignore some of the article just because it doesn't fit your argument. You were trying to make out that Chrome was insecure because it had a high amount of vulnerabilities. You didn't know the difference between a privately reported vulnerability and a real world exploit (the information shown by the two graphs at the end of the article).

Chrome does not have the most exploits. You proved this point yourself by linking to the article in the first place. Vulnerability does not equal exploit.

The comment is far from random. You can look at the amount paid to security researchers by going to http://googlechromereleases.blogspot.co.uk/

When it comes to zero day exploits and talking about ie10, you need figures for fully updated ie10 vs fully updated chrome, vs fully updated FF etc.
That graph does not show ha and as such is pointless.
Your original comment just doesn't hold any weight.

Don't link to out of date information if you don't want it to be included in the discussion.

Of course ie10 isn't, no web browser will ever be exploit proof, I never said or suggested that. You are the one who said ie10 is massively insure. Yet the charts don't show that. Post some proof for you assertion if you want.
What I can prove is exploits in chrome are massive, way more than any other browser with the comparable marketshare. That's insecure. You think in house teams are the only ones who can find them? You think any expolit being used is always public?

My original point was regarding plug-in management. Nothing to do with the security of the browser itself.

You haven't proven anything. Again, vulnerability doesn't equal in the wild exploit. In the article you linked to, IE has more exploits and zero days than Chrome. It isn't just in-house security researchers who are finding the vulnerabilities. Private exploits are outside the scope of this discussion as they do not affect the average joe. They're often used in targeted attacks against corporations and governments.