Advertisement
Promo

Security threats Toolkit

Web browser 'windows of exposure' shrink

Tom Espiner ZDNet.co.uk

Published: 25 Sep 2006 18:00 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Web browser makers are getting quicker at patching vulnerabilities, according to antivirus vendor Symantec's latest global security report.

The average time between the release of malicious code that targets Web browsers and patches, dubbed the "window of exposure", was smaller for most vendors during the first half of 2006 compared with the last half of 2005, Symantec reported on Monday.

During the window of exposure, hackers can attack a system through the Web browser. System administrators and individuals instead have to use workarounds and best practices to reduce the risk of a successful hack.

Microsoft's Internet Explorer (IE) has the longest average window of exposure at nine days, according to Symantec. This is a big drop from an average of 25 days in the last half of 2005.

IE has been beset by numerous problems over the years, including its most recent flaw in the way IE 6 handles graphics. An official patch is still not available for this problem.

Compared with its own performance last year, Apple Safari has got worse. The average window of exposure increased from 0 days from July to December 2005, to 5 days in the first six months of this year. This statistic may have been affected by the spate of vulnerabilities disclosed in OS X early this year, which included Safari flaws.

Mozilla Firefox has also performed worse, dropping from an average window of exposure of minus two days to plus one day.

Opera has been particularly successful in shrinking its window of exposure, dropping from 18 days last year to 2 days this year.

"Exploit code for enterprise-vendor vulnerabilities is still being released quickly, forcing administrators to respond rapidly despite a lack of vendor-supplied remediation," said the Symantec report.

"However, the decreasing patch development time indicates that enterprise vendors are responding more quickly to vulnerabilities. Despite this, it is critical that organizations follow up with installation of patches."

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
241 out of 381 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Security Solutions Specialist

Patch Management Analyst - SMS / SCCM, WSUS

Technical Web Manager

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters