With Windows 8.1, Microsoft introduced the latest build of its web browser, Internet Explorer 11. The company has also brought the new browser to Windows 7, though curiously not Windows 8. Now the company is telling everyone why they should want this version, claiming it makes the web a whopping 40-percent more secure.
“Internet Explorer 11 is the first browser to make Internet connections more secure and reliable by reducing the use of vulnerable ciphersuites, such as RC4 and by using the latest security standards, TLS 1.2, by default”, the IE team claims. Research has shown that RC4, used on TLS servers, has known exploits that can recover encrypted data. Microsoft also promises that it has “proposed changes to the TLS standard, so that other browsers and industry players can follow our lead in securing the Web”.
In the meantime, the software giant claims it has built IE 11 to avoid these exploits. The new browser does not offer RC4-based cipher suites during the initial TLS/SSL handshake, designing it use connections on non-RC4 cipher suites. “We studied 5 million Internet sites and found that over 96-percent of sites can negotiate ciphers other than RC4. Notably, nearly 39% of these sites support non-RC4 even though they prefer RC4 – and for these, sites, IE11 substantially increases the security of the Web”, the company states.
The browser also turns on TLS 1.2 by default, protecting sites like Facebook and Outlook.com, claiming this automatically increases the security level with nearly 16-percent of Web servers. Microsoft concludes that “IE11 makes 39-percent of Web sites more secure by discouraging the use of vulnerable RC4 based cipher suites and increases security on 16-percent of Web sites by negotiating TLS 1.2, the most secure version of TLS”. Will any of this make a real difference for web surfers? We shall see.Further reading: Internet Explorer, Microsoft