Microsoft's IE Is the Most Targeted Application By Security Researchers

darthcamaro writes "Though Microsoft hasn't yet patched its Internet Explorer web browser in 2014, it did patch IE at least once every month in 2013. According to HP's 2013 Cyber Risk Report, more researchers tried to sell IE vulnerabilities than any other product vulnerability. 'IE is the most prevalent browser on the systems that attackers want to compromise' said Jacob West, CTO of HP's Enterprise Security Group."

Bear in mind

[Big Hairy Ian]

IE is such a piece of crap to start with and that most users use it because it's there by default and they don't know any better (Which is a security issue in itself). Of course most Hac**** sorry I mean security researchers are targeting MS & IE. Just wait for MS to die off then we'll see them targeting Apple, Android and whoever the next big thing is.

Re:But, we just said no one use IE?

[Opportunist]

You needn't use IE for it to be useful to attackers. It is the one thing present on EVERY SINGLE system running an OS from MS, and it is the one single thing on every MS OS operated PC that is not only well suited to making connections via internet but also the one that the MS firewall routinely allows to in the default setting.

The good old "we send the user a bogus EXE in mail" isn't really good anymore because of the MS firewall and UAC. Works like a charm, though, with a bogus script abusing an IE vulnerability since IE is considered a "trusted" application by default.

Give credit where its due

[Viol8]

The low level coders on the ie team did a good job with graphics performance in IE9. Don't tar them with the same brush as the idiot management/marketing layer who think fancy features and bloat are more important than building a secure product from the ground up to start with (and I'm talking about the browser and OS)

"Security researchers"

[jones_supa]

Ha. I always cringe when black hat crackers are called "security researchers". That's not research, it's malicious destroying of other people's systems and data.

Re:Bear in mind

[RabidReindeer]

IE is - so Microsoft alleged in the anti-trust trials - "An Integral Part of Microsoft Windows".

There is absolutely no (technical) reason why this should be, based on the success of competing browsers, but the mere act of close-coupling it with the OS means that there are more ways that exploits to the browser can be converted into exploits for the OS.

And, since it does come bundled directly with Windows, you can depend on people who either aren't technically-savvy enough or are simply too lazy to take the extra effort needed to secure their systems as IE users.

So in many ways, IE is the ideal target.

Sell Xbox unit???

[Viol8]

Yeah , great idea - sell one of the units making a profit!

Typical short term hedgefund approach to companies - earn us some money now by selling off collateral then we'll dump your shares before they tank. Fucking parasites.

Re:Bear in mind

[gigne]

Hey, thanks. what you did there is the browser equivilant of leaving a bag of burning dogshit on my doorstep.

Opera took a serious wrong turn recently

Re:Give credit where its due

[ibwolf]

Atleast from IE9 onwards (OK and IE8 a bit) they started to notice that standards are a good thing

No, they just stopped being able to ignore standards due to their shrinking market share.