While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
Arguably one of the most
interesting elements of the cyber-attack that affected Google and more than 30
other companies was the primary
attack vector-Internet Explorer 6.
The attack exploited an HTML
object memory corruption vulnerability in IE that Microsoft
was notified about in September. The exploit used in the attacks only affected
IE 6, which nine years after it was first released remains in use by 20
percent of Web surfers, according to statistics
from Net Applications for January.
That means many users
are not taking advantage
of the host of security features Microsoft added to IE 8-or Mozilla, Google
and others added to current versions of their browsers, for that matter.
While Microsoft is touting the fact that IE 8, the most current version of
the browser, leads with a market share of 22.37 percent (25 percent
when counting those running it in Compatibility Mode), the Net Applications
figures show the combined market share of IE 6 and 7 is greater.
Upgrading to more current
versions of the browser would have mitigated the cyber-attack on Google,
Forrester Research analyst Chenxi Wang said.
"I think even more than
the use of IE 6, [the cyber-attack on Google] highlights Google's poor desktop
management," she said. "This attack could have been prevented if Google
employees all use the latest version of the browser, IE 8, or Firefox, or [Google]
Chrome. Or if it's necessary for testing purposes to use IE 6, the test desktop
is well-insulated from the production environment and from access to critical
For its part, Google
announced last week it would phase out support for IE 6, starting with Google
Docs and Google Sites on March 1.Meanwhile, an online petition is
circulating that calls for the British government to scrap IE 6-something
officials in France and Germany advised their citizenry to do last month
before Microsoft issued a patch for the security vulnerability at the center of
the Google attack.
"For the browser,
Microsoft has consistently recommended that consumers upgrade to the latest
version of our browser. ... While we recommend Internet Explorer 8 to all
customers, we understand we have a number of corporate customers for whom broad
deployment of new technologies across their desktops requires more planning," a
Microsoft spokesperson said.
analyst Al Hilwa said
Microsoft needs to make the upgrade process easy and transparent, but must
also keep an eye toward the older versions.
"What they should also do
is keep fixing any security holes in the older releases because no matter how
idealistic they are, there are going to be people who are going to run the
older stuff," he said.