Internet Explorer is a graphical web browser made by Microsoft and comes integrated with Windows. Even though it's by far the most widely used browser, since 2004 it slowly began losing popularity to other browsers like Mozilla Firefox, its Open Source rival developed by the Mozilla Foundation.
Internal security architecture of IE and Firefox
Microsoft Internet Security Framework brings a wide variety of security features to IE, features like SSL, PCT (both public-key-based security protocols are implemented in Firefox), authentication using public keys from Certificate Authorities (Verisign's Digital IDs), CryptoAPI (used to incorporate cryptography into applications) and in the future, it will incorporate Microsoft Wallet into Internet Explorer.
IE6SP1 comes with pop-up blocking, a feature long expected which Firefox had since before its name (it was originally known as Phoenix and briefly as Firebird). They are both able to selectively block pop-ups or view blocked pop-ups later. IE6 also provides different levels of security zones thus dividing the Internet into 4 categories: Internet, Local Intranet, Trusted Sites, and Restricted Sites.
Other features it possesses are fault collection (more of a Windows feature, it allows users to upload crash information to Microsoft for analysis), content-restricted IFrames (enhances security of iFrames by disabling script for their content) and Content Advisor (objectionable content filtering). It also uses ActiveX scripts, a technology that allows a web designer to add music and animations to a page.
Due to high number of malicious designed websites in which small scripts automatically download malware to users computers, Microsoft added a warning prompt to IE in order for a user to choose blocking ActiveX on a page.
Firefox doesn't use ActiveX technology and even though this might appear that it restricts web features, use of ActiveX for important tasks in web pages seems most unlikely.
In addition to the features already mentioned (pop-up blocking, SSL and PCT public key authentication) Firefox strikes back with other cool additions like switching user agents (to pretend you are Googlebot or IE2SP8), referrer disabling while browsing, viewing http headers when clicking on links, disabling cookies, java and images in a 2 click step and others.
All in all, preserving security while surfing is a balancing act, the more open you are to downloads of software and to multimedia features, the greater your exposure to risk.
Large Flaws And Timeline In Which Fixes Were Released
Please note that the information was added at the time of writing of this article - March 17th 2005. Some of it may be incorrect now.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.