Browsers and bugs at war

You'd think with the outbreak of the latest Internet browser war, companies like Microsoft and Mozilla would be doing everything possible to make their products competitive.

In the past week though both companies looked like makers of software that couldn't be trusted any farther than you could throw the computer it was located on.

Microsoft announced that a flaw in Internet Explorer (IE) allowed hackers to redirected users to websites that would download malicious software designed to steal personal information such as user names and passwords onto users' home computers.

Not surprisingly, the error was listed as critical, which resulted in some security companies calling for a boycott of IE until Microsoft released a patch to fix the flaw.

I've never been a big fan of IE. In fact, I'll only use it when I'm forced to, so I smugly sat there and gloated, confident that as a Firefox user I didn't have to put up with the spreading panic.

Then karma turned around and bit me in the rear. Turns out earlier in the week Mozilla, the company that makes Firefox, issued a patch that fixed six critical flaws.

Then Bit9, a US-based company that monitors security flaws, released a report of what it considers the top ten most vulnerable programmes. Sitting at the top of the list was Firefox. IE didn't even appear on the list.

I was initially sceptical about Bit9's results, but they make a good point. They based their report on a number of factors, including the number of critical bugs in the software, its overall popularity, and - here are the kickers - how easily updatable and supported the software was.

Bottom line, IE is supported and patched by Micro-soft. That means it has the backing of a multi-billion company which wants the product to not only succeed, but continue to dominate. In the case of the latest bug, the company released a patch within a week. "Released" really doesn't cover it though. Thanks to Microsoft's auto-updating options - and provided you have those options turned on - the patch could be automatically downloaded and applied.

Slow reaction

Firefox was given the bad rating not just because it was found to have had six critical errors, but because Bit9 saw a popular piece of software that was less likely to be updated with security patched as quickly as it needed to be.

By the way, other products to get labelled as seriously buggy included security products by Symantec and TrendMicro, which has to be a bit of an embarrassment for them.

But for a few days last week, Internet users were in a bind as neither browser left them with a lot of confidence. Take the banks. Years ago banks introduced online services so we wouldn't have to go to the branch to handle basic transactions. Those banks then required people to use IE, because it was the most popular and best supported browser out there. Then last week they found out clients had two choices: use a piece of software with a bug that allows hackers to steal financial information or go back to the branch. Why? Because many banks won't allow people to use the other browsers to access their accounts for security reasons.

The only way this situation is going to fix itself is more competition, but with a few exceptions, Google, Apple and Opera have yet to really make the browser war anything more than a skirmish.

Bottom line, IE is supported and patched by Microsoft. In the case of the latest bug, the company released a patch within a week.