Over the last year, IE6 marketshare has fallen by 6% in the US, from 11.47% to 4.74%. Back in March, we reported that a funeral was held for IE6 where Microsoft even sent flowers when official support for the browser was dropped.
Unlike Firefox, Internet Explorer shows a steady decline in older browsers and a steady adoption rate with new versions. Firefox on the other hand, shows a vast leap when a new version is release, with Firefox 3.6 gaining 19.85% marketshare in as little as five months.
Microsoft is attempting to push businesses and users to upgrade from IE6 and IE7 to IE8, which contains all the latest security patches. IE7 still holds 16.64% market share, just below Firefox 3.6 with 19.85%, while IE8 takes the top spot with 30.49%.
Microsoft plans to release the next version of the browser, Internet Explorer 9, and it will only be available for Windows Vista SP2 and Windows 7, cutting support for Windows XP. Windows XP still holds strong on the top spot with 42.32% market share in the US, Windows Vista and 7 both come in second and third place with 26.44% and 16.87%.
Day 1 of Pwn2Own has just wrapped up and the results so far mimic those of last year. Hackers have claimed victory over all browsers and operating systems except Google’s Chrome browser, which no one attempted to hack.
Safari 4 on 10.6 Snow Leopard was the first to fall to a very familiar face, Charlie Miller. This is Miller’s third year in a row hacking Safari at Pwn2Own. For this year, Miller set up a remote exploit at a web site through which a conference organizer’s Macbook was taken control after surfing to it.
Up next was Internet Explorer 8, which was successfully breached by Peter Vreugdenhil, a Dutch security researcher. Vreugdenhil used a four layer attack to bypass DEP and ASLR on Windows 7 after an organizer surfed to the website that contained the exploit code. He claimed that it took him less than a week to code the exploit.
Nils from MWR InfoSecurity then successfully targeted and hacked Firefox 3 on 64-bit Windows 7 using calc.exe, though he claimed that “could have started any process” to demonstrate the exploit. Though a memory corruption vulnerability was used for the attack, he also had to bypass DEP and ASLR as Peter did with IE8. He claims it only took a few days to code the exploit. Nils is a German CS student at the University of Oldenburg who had also successfully hacked IE8, Safari, and Firefox at last years Pwn2Own.
Google Chrome was the only one left standing because no one even attempted a go at it. Charlie Miller’s comments from last year’s Pwn2Own might shed some more light as to why Chrome was left unscathed: ”There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.”
All successful competitors receive $10,000 USD and their hacked laptop as reward. The following laptops are available as prizes: Apple Macbook Pro 15″, HP Envy Beats 15″, Sony Vaio 13″, and Alienware M11x. They also receive 20,000 ZDI points which qualifies them for a $5,000 USD payment, 25% reward points on 2011 ZDI entries, 15% monetary bonus on 2011 ZDI entries, and a paid trip and registration to DEFCON in Las Vegas.
All systems and browsers were updated to the latest versions and left in their default state for the contest. Details of the successful exploits will remain withheld from public until the respective software vendor issues a patch.
Microsoft will ship a mobile version of Internet Explorer 7 inside Windows Phone 7 when devices ship later this year.
The mobile version, yet to be named, is a version between Internet Explorer 7 and 8 according to Microsoft corporate vice president Joe Belfiore. Speaking at MIX 2010 today Belfiore explained that the mobile browser takes HTML rendering code from Internet Explorer 7 which is optimized for low memory situations. Belfiore explained that some features have been back ported from Internet Explorer 8 and joked Microsoft could end up naming it Internet Explorer 7.5.
At present the browser within Windows Phone 7 identifies itself with the following user agent string: Mozilla/4.0 (compatible; MSIE 7.0; Windows Phone OS 7.0; Trident/3.1; IEMobile/7.0). Microsoft’s Zune HD device on the other hand runs on IE6: Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 6.12; Microsoft ZuneHD 4.3).
Microsoft is expected to announce its plans for Internet Explorer 9 on Tuesday at MIX 2010. According to sources familiar with the situation, Microsoft will release a developer preview of Internet Explorer 9.
Microsoft has begun airing several Internet Explorer 8 TV adverts in the UK just in time for the browser “ballot” choice screen.
European copies of Windows began receiving a Windows Update for the controversial browser choice screen this week. The choice screen offers Internet Explorer users a selection of other browsers such as Mozilla Firefox and Google’s Chrome browser. The browser ballot screen software update is offered as an automatic download through Windows Update for Windows XP, Windows Vista and Windows 7 users. Users who currently have Internet Explorer selected as the default browser will see an introductory screen providing them with information about the update before being prompted to make a browser choice.
Microsoft has kick started an advertising blitz on UK TV stations to raise awareness of Internet Explorer 8 through what it calls “8 second demos”. The demos show the new features of Internet Explorer 8 and feature the big blue E logo of Internet Explorer. Google recently started an advertising campaign across various parts of the UK with tube, billboard and newspaper advertising. The reason both parties are advertising free software is to gain the mind share of users in time for the browser choice ballot screen. The update will affect as many as 195 million people in 32 European countries so it’s well worth both Microsoft’s and Google’s advertising revenue.
