Since the beginning of time as we know it… Well, maybe not that long ago, but for a while now, there have been Internet Browsers. And where there are browsers there are vulnerabilities, software security patches, new versions – rinse, lather, repeat. Internet Explorer is a good current example of this, as Microsoft makes the move to end an era.
For a long time, Microsoft’s Internet Explorer (IE) has maintained the market share with its browsers. Unfortunately, over the past 10 years IE has lost significantly to other performance-driven and feature-rich options, such as those in Google Chrome and Mozilla Firefox.
Microsoft’s most recent browser is an entirely new software package called “Edge”, which is what’s coming after they fully terminate their support for Internet Explorer 8, 9, and 10 as of Tuesday, January 12. This change will leave their supported browsers remaining, which include IE 11, Edge, and IE 10 (depending on the operating system).
A large population has, and still does, rely heavily on IE 8. This is specifically due to the fact that it will run Windows XP, Vista, and 7. While corporations struggle to move off of Windows XP (and some even older operating systems), the threats keep piling up and the technology forges on. Another reason making it that much harder for enterprise environments to make the switch is that many propriety software packages for different industries were specifically written for XP and Server 2003.
Another one of the challenges on the security-facing front, is that security takes a back seat as there isn’t much real communication to stakeholders. While businesses cling to old technology, their security risks go up and with that the possibility of profit loss. A lack of support means that you are no longer protected from any new exploits, will not receive fixes for software bugs, nor have the ability to take advantage of new features.
Migrating off of a platform that has been used for such a long period of time has its own costs. These costs may be in the form of many different software upgrades to the possibility of having to switch to new vendors. That cost is easily produced, where the inherent risk of the possibility of data loss, network outages, breaches, and/or fines are more difficult. Down almost a full 6% in the last year, XP users are holding on at almost 11% market share.
This means that unsupported browsers and operating systems aren’t going anywhere unless we do our part to change it.
While the industry strives to move all of the end devices to a stable and still supported operating system there are some points to keep in mind. Cvedetails.com lists all three leading browsers in the top 10 for all-time vulnerabilities. In the top 5 applications, Internet Explorer and Firefox are ahead by a margin with the percentage of remote execution vulnerabilities. We can all agree they have all lacked when it comes to security.
There are still many things that you can do to increase your browsing security on your own. From an enterprise perspective you can provide browser security at a higher level with:
- group policy settings
- automatic patching
You should also be offering education to your users on what NOT to do when browsing. It’s important users are aware of things such as navigating through sites that have warnings about self-signed certificates, or clicking on links in email or social media. Another step you can take is installing verified add-ons for browsers that can increase your safety, such as No-Script, AdBlock Plus, and Webutation.
Looking into the future, I predict that we will have many new browser exploits, patches for those exploits, and more revisions of the software. However, it’s still up to you to do your part to provide as secure of an environment as you can for your users and get onto supported platforms ASAP.
This is a Security Bloggers Network syndicated blog post authored by Amanda Berlin. Read the original post at: Hurricane Labs