Ezekiel wrote:
>
> "Enkidu" <enkidu@nogodhere.net> wrote in message
> news:20100116172902.3320.80961.XPN@nogodhere.net...
>> Kerry Brown wrote:
>>
>>> You'd have to be a couple years behind
>>> on updates or an idiot to be affected by this.
>>
>> Is there a shortage of computers a couple of years behind on updates or
>> of idiots?
>
> It's reported that the hacked computers were still running IE 6. They
> didn't even upgrade to IE7 let alone IE8 and they've only had over 3 years
> to upgrade.
>
> Internet Explorer 7 was released on October 18, 2006. How secure is a 3+
> year old install of Firefox????
I think that perhaps you are overlooking a couple of points.
I seem to recall that one of the reasons (the main reason) that there are so
many instances of I.E.6 around still is that I.E.6 is still used by a large
number of corporations. In fact, I.E.6 still accounts for 21% of ALL
browser use, and that is roughly one third of all MS Browser use.
http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2
I don't believe that the situation is likely to change soon, in that the
reason is "lock in". A lot of those companies have intranet applications
which *only* work on I.E.6, and they are stuck with it for a long time yet,
much as South Korea is stuck with I.E. for its banking.
In addition, we should perhaps remember that these attacks were very
specific and targetted. It is *corporations* that they were directed
against - and it is there that the greatest concentration of I.E.6 installs
lies.
One could (I suppose) argue that this could have happened via *any* browser,
had such a vulnerability been found there? It seems to me though that
there are two items coming into play, one being the vulnerability of the
browser (I.E.), and the other the ability to exploit the OS (Windows) into
executing the downloaded malware.
One thing I think is for sure - *diversity* of browsers and of OSs would
be/is a great help in these things.
Finally, this is the very thing which I understand the upcoming Google
Chrome OS is being designed to put a stop to!
From what I have read, I also suspect that you are placing a great deal of
faith in the newer versions (and patches to) I.E. The Bonn government (for
example) does not seem to share your conviction.