Microsoft Corp.'s Internet Explorer was vulnerable to known security issues for an astonishing 358 days of 2004, security consultancy ScanIT has claimed.
The only period when it could have been considered "secure" was the week of October 12 to October 19, when patches were available for all its known problems. This contrasts embarrassingly with rival Mozilla's browser, Firefox, which managed to remain secure from equivalent holes for all but 56 days of the year.
The company gleaned this dramatic statistic from the 195,000 Internet users who tested their browsers for security holes using the company's online security checker. A browser version was considered "unsafe" on a particular day if a patch fix had not been made available for a known remote execution problem.
"This means fully patched IE was known to be unsafe for an incredible 98 per cent of 2004," ScanIT's CEO David Michaux commented. "And for 200 days in 2004 there was a worm or virus exploiting one of those unpatched vulnerabilities."
According to Michaux, Mozilla has a better record of spotting and securing security holes in its browser thanks to its offering a US$500 reward to anyone who reports a serious issue.
Other reasons can be added to this. As the leading browser in terms of market share, there is more to be gained by attempting to exploit holes in Explorer, so more of them tend to be discovered. At the same time, Microsoft has not always appeared motivated to patch the issues quickly. Add the two together and it is not surprising that unpatched holes have rapidly multiplied.