Article (http://blogs.zdnet.com/security/?p=474&tag=nl.e622)

During the experiment, conducted in May 2007, the group compared three browsers — Internet Explorer 6 SP2, Firefox 1.5.0 and Opera 8.0.0 — to determine whether using an alternative browser would be an effective means to reduce the risk of malware attacks.

(Note: Firefox 1.5 is no longer supported and the latest version of Microsoft’s Web browser is IE 7.0. Opera’s newest iteration is 9.23)


How is using outdated browser versions in this test in any way useful?

How is using outdated browser versions in this test in any way useful?
I can think of a couple of reasons:

- Quite possible that, even if more up-to-date versions of each browser was available, the majority of people may be using older versions and they wanted their tests to reflect what people used rather than what was available. (For example, in May 2007 there were twice as many people using IE 6 as IE 7.)

- Even if 'older' browsers were used, the new browsers still share some commonality with their ancestors (some code may be shared, and things are still written by the same people) Companies do improve or get worse over time, and later product releases can contain substantial changes, but things may not change overnight...

Great site for getting stats on browser usage:

http://www.w3schools.com/browsers/browsers_stats.asp

Great site for getting stats on browser usage:

http://www.w3schools.com/browsers/browsers_stats.asp

Yeah that's where I got my stats from. (Although they don't break Firefox down by release.)

I find it amazing that firefox has taken such a large market share, given the way Microsoft and IE eliminated Netscape.

- Quite possible that, even if more up-to-date versions of each browser was available, the majority of people may be using older versions and they wanted their tests to reflect what people used rather than what was available. (For example, in May 2007 there were twice as many people using IE 6 as IE 7.)
Well, that's a very good point. I kinda forget that my avid version updating is atypical.

Many large corporations have designed their internal intranets around certain standards also, and are reluctant to upgrade the user's PC without testing that delays relaese of newer versions. Many companies also do not allow the user to install their own browser (however there are good tips on using a thumbdrive if they let you use usb devices.)

Updating the browsers often would need custom order pages internally (say, for companies that design their own custom order pages against their DB's for POS systems) to be revisited in development. Of course, they *should* be doing it in a web2.0 compliant manner, but that isn't always the case.

Therefore, knowing problems that company employees may run into when surfing in their off time is helpful to also know what to block, and/or filter at the web proxy in the business infrastructure.

Yeah that's where I got my stats from. (Although they don't break Firefox down by release.)

I find it amazing that firefox has taken such a large market share, given the way Microsoft and IE eliminated Netscape.
I also visit there quite frequently, but do take serious heed of their warning. That's a breakdown of browsers that look at the w3schools site, and is therefore not particularly meaningful in terms of judging market share.

a lot of the browser comparisons are done by amateurs. and i mean amateurs in a security sense, i don't care what magazine they work for. and yes there are a lot of dumbass CISSPs and GSEs.

the security problems of IE are well documented. many people say try x.y.z (something that was released 2 days ago). well, duh, it will take some time for people to poke holes in a new system.

IE was a complete joke until 2003 or so.

How is using outdated browser versions in this test in any way useful?

how many companies run bleeding edge stuff anyway?