The last post was something of a rant, however, it was serious. I do believe that Internet Explorer, as a web browser, is inherently unsafe to use on a day-to-day basis. There are two main recent bugs that have led me to this belief:
Both of these bugs allow an attacker to steal sensitive details from you without you knowingly visiting a site that looks suspicious from a user’s point of view.
Take the phishing scams. Banks repeatedly tell you they will never ask for all your information in this way, so it should look suspicious to a user that the information is requested at all. However, if you do visit the sites, from a user’s view the sites in question look pretty legitimate.
However, the real risk lies in the second exploit mentioned. If a user downloads some software by choice, they a knowingly choosing to install the piece of software on their PC, warts and all. However, if a security exploit allows programs to be installed without the user’s permission, I view it as very serious indeed. This is because a locally-installed program can bypass many security provisions that are designed into a browser to stop malicious activity. Once an attacker has a program of their choosing installed on your computer they might as well be looking over your shoulder copying down your private details.
This sort of bug scares me into not using a browser. Prior to this bug, I would be happy to use IE for a short while, as long as I trusted the computer it was run on. With the demonstrated exploit of this bug, you could be tripped up whilst visiting sites you visit everyday and you believe to be safe. When you can be broken into even whilst carefully avoiding any known source of viruses and so on, you know something is wrong.