With world governments advising citizens to switch from Internet Explorer to alternative browsers, and an unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in their browser. Easiest way to do it, apparently, is saying that other browsers are even worse than IE.
Microsoft’s UK security chief Cliff Evans told Techradar that “The net effect of switching [from IE] is that you will end up on less secure browser,” and that “the risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.”
Evans then downplays the seriousness of this problem. “The reality of the risk is minimal, even if you have IE6; you would have to go to a website running the exploit,” he says. Even if we disregard the fact that many very serious browser vulnerabilities work in that way – e.g. you have to visit a website running an exploit to be affected – there’s still the fact that this particular vulnerability isn’t just lab-tested, it’s been successfully used on unsuspecting victims in the real world. This alone makes it as serious as security holes go.
Evans continues to undermine the security record of other browsers. “There are broader risks and issues with other browsers,” he claims, at the same time admitting that the IE vulnerability that caused this entire mess probably isn’t present with other browsers. “I’m not aware that the vulnerability exists in other products, but those products may have other vulnerabilities,” he says.
While one can say that absolutely no piece of software is ever completely secure, this logic is flawed. Microsoft’s IE has a serious, unpatched security vulnerability, and pointing to possible holes that other browsers may or may not have won’t make it go away.