Internet Explorer

We’ve all heard of graphics card makers optimizing their drivers for various benchmarks—some of you might recall the Quack story as one of the earlier examples. I think this might be the first time I’ve heard about the same thing happening in the world of web browsers, though. Believe it or not, Digitizor says a Mozilla engineer has found evidence that Internet Explorer 9 is “cheating” in the popular SunSpider JavaScript benchmark. ...

SANS.edu: We received a couple of reports about Microsoft’s “Smart Screen” flagging harmless sites as malicious. Initially, we considered the possibility of an infected ad service. But it may be a bug in Smartfilter as well. Some reports on twitter show that the problem has been resolved. Please let us know if you have sample URLs that are still affected. To disable smart screen: Select “Internet Options” from the “Tools” menu. Select the “Advanced” tab and find the “Enable SmartScreen Filter” setting (about the 10th item from the bottom. Scroll all the way down). Needless to say: This will also remove the smart screen protection from real-evil sites, not just from appear-to-be-evil-to-smartscreen-today sites. The setting should only be changed if you can’t wait for the problem to be fixed. ...

Microsoft has released a security advisory concerning a vulnerability affecting Internet Explorer versions 6, 7 and 8. This vulnerability may allow an attacker to execute arbitrary code. Full details here. Visit Microsoft’s page here to get full instructions. You can find the workarounds under the “Suggested Actions” twisty. The workarounds include overriding the Web site CSS with a user-defined style sheet, deploying the Enhanced Mitigation Experience Toolkit, enabling Data Execution Prevention (DEP) for Internet Explorer 7 and setting Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones. ...

Browser Total Market Share Microsoft Internet Explorer 59.26% Firefox 22.82% Chrome 8.47% Safari 5.33% Opera 2.28% Opera Mini 0.95% Netscape 0.63% Konqueror 0.06% Flock 0.05% ACCESS NetFront 0.05% Playstation 0.03% Mozilla 0.03% Obigo 0.01% Danger Web Browser 0.00% Microsoft Pocket Internet Explorer 0.00% Blazer 0.00% WebTV 0.00% BlackBerry 0.00% ANT Galio 0.00% Lotus Notes 0.00% iCab 0.00% MaxThon 0.00%

There has been an “unprecedented wave” of exploits against vulnerabilities in Oracle’s Java during the third quarter of this year, according to data from the Microsoft Malware Protection Center. The software giant provided the following data to back its claims, outlining three specific vulnerabilities (all of which have patches available) that are being exploited en masse: CVE Attacks Computers Description 2008-5353 3,560,669 1,196,480 A deserialization issue in vulnerable versions of JRE (Java Runtime Environment) allows remote code execution through Java-enabled browsers on multiple platforms, such as Microsoft Windows, Linux, and Apple Mac OS X. 2009-3867 2,638,311 1,119,191 Another remote code execution, multi-platform issue caused by improper parsing of long file:// URL arguments. 2010-0094 213,502 173,123 Another deserialization issue, very similar to CVE-2008-5353. As you can see, the first two are particularly worrying: they’ve gone from hundreds of thousands per quarter to millions. The third one is the newest, so it’s possible that it will also do the same. ...

Xmarks will be shutting down free browser synchronization services on January 10, 2011. For details on how to transition to recommended alternatives, consult this page. For the full story behind the Xmarks shutdown, please read their blog post. It’s a sad story to me! Here I found a good article to read: http://www.zdnet.com/blog/networking/no-more-xmarks-no/192

Microsoft’s web browser Internet Explorer was launched 15 years ago. While it had its ups and downs over the years – version 6 was plagued by countless security issues, which made it one of the most hated browsers around – it’s still the most popular browser in the world, with the last couple of versions improving dramatically on their troubled predecessor. The first version of the browser, Internet Explorer 1, debuted on August 16, 1995. It was based on Mosaic, a web browser Microsoft had licensed from a company called Spyglass Inc. Starting with version 3.0, Microsoft started bundling Internet Explorer with Windows, increasing its market share dramatically and ultimately squeezing once dominant browser Netscape Navigator out of the market completely. ...

For the first time, Microsoft’s share of the browser marked has slipped below 60 percent, according to figures from Net Applications, a Aliso Viejo, Calif., web app and metrics firm . Browser market share: Microsoft — 59.95 percent Mozilla’s Firefox — 24.59 percent Google Chrome — 6.73 percent Apple’s Safari — 4.72 percent Opera — 2.30 percent. Story Here.

Virus Bulletin is reporting that a recent survey it conducted found that about one out of five people are still using the dangerously-out-of-date version six of Microsoft’s Internet Explorer. There are probably a number of reasons for this: — They are using IE6 at work with legacy systems that require IE6 (or IT never got around to updating the company’s browsers.) — They are using IE6 at home and don’t know that IE6 is frighteningly insecure. — They are using IE6 at home and don’t know that there is such a thing as an update to browser software. — They are using IE6 at home and don’t know there is such a thing as computer security. ...

MS10–018 If you’re using Internet Explorer versions 6 or 7 it wouldn’t be a good idea to miss this one. “Actively exploited” for drive by down loads from malicious web sites sums it up. There’s something in it for IE8 as well. See our post yesterday: “Microsoft out-of-band patch tomorrow”