Microsoft has released a notice about a new zero day attack against Internet Explorer.
And this is noteworthy why? How many Slashdotters use Internet Explorer for anything other than the occasional WindowsUpdate in XP? This may be News for Nerds, but it hardly matters. Everyone here knows very well that Internet Explorer is too dangerous for general Web use. That Microsoft is suffering yet another security failure doesn't really elicit much interest from me, I must say.
Weeellllll, that's the stereotype, sure, but the on-the-ground reality paints a different picture.
But the problem with Firefox is worse than that. On Windows and Mac OS X, users are prompted over and over again to install these point updates. It requires elevation to Administrator privileges, and it requires restarting the browser. I see people routinely ignoring these updates because it'd interrupt what they're doing..... and the web server logs I have access to are a mishmash of Firefox browser versions.
This is a browser with 25% of the worldwide marketshare -- more than any version of Internet Explorer save for version 8.
So.... how about Google Chrome, you say? Their patching setup is far superior (that's why I use it), but it's not like the browser is any better-written. Just this month there have already been eighteen disclosed security vulnerabilities. And that's only slightly worse than average for a month in Chrome land. There are actually a number of Google Chrome bugs which are marked as only affecting the Linux version, too. Look at CVE-2010-4041 for an example of what I mean.
What I'm trying to say here is this -- Internet Explorer's security profile isn't significantly different than the other major vendors. They all have poorly-coded browsers that focused on packing the features in, without taking due consideration to the safety of the code they're writing. If you want to single out Microsoft for criticism, let's talk about the fact that they take so long to get these fixes out, and that reboots are often required to get the patches in place. That's where Firefox and especially Chrome are ahead.