Viper1 said:
vivster said:
As network security administrator I say to you that the risk lies entirely with the user and the implemented security policies. 99.999% of all attacks through the browser are not via the browser's backdoors but irresponisble user behavior and weak security policies. Another browser doesn't make you automatically safer.
In fact, I found the IE be even more stringent in keeping the user in check than let's say Chrome, regarding active elements on websites and downloads.
I'm not endorsing IE because it's a pain to work with but it certainly has an undeserved bad rep when in comes to security. When those security concerns come from users using older versions. I can assure you that using an older version of Chrome and Firefox carry their own security risks. A person using a new version of IE is not less safe than any other up to date browser. In fact, in some companies it's even preferably thanks to the windows integration.
|
Fully agreed about users being the bigger issue. But time to patch is one that a user doesn't control and is the reason IE is still less secure.
|
Patches are always too late. It doesn't matter if they're a day or a week too late. If you are a target then no timely patch will help you. If you're not a target, timely patches are irrelevant. It seems like an irresponsible thing to say by a security administrator but it's the sad truth.