Internet Explorer Scare: Should You Switch?

Discussion in 'Windows Desktop Systems' started by wadada, Jul 20, 2004.

  1. wadada

    wadada Moderator

    Messages:
    707
    Location:
    netherlands
    The U.S. government's Computer Emergency Readiness Team (CERT) made headlines in June when they issued a statement urging computer users to switch from Internet Explorer to "any other browser." We've reported on several IE exploits in recent issues, including the download.ject virus that allows a Trojan to be downloaded when you visit an infected Web site.

    Let's put aside the irony of the government condemning someone else's security level (Let's see - how many storage devices containing sensitive data were discovered missing from the Los Alamos nuclear research lab last week? http://www.theregister.co.uk/2004/07/16/los_alamos_flap/). The plain fact is that IE is not the only Web browser that's subject to vulnerabilities. Last week security forums reported a hole in the Mozilla browser that makes it possible for attackers to launch unauthorized applications or crash computers (http://secunia.com/advisories/12027/). If you're using Mozilla, we recommend that you visit Mozilla.org to download a patch for this). A flaw in the Opera Web browser was also discovered, which can fool users into believing they're on a trusted Web site when they aren't (http://secunia.com/advisories/12028/).

    There are, indisputably, far more exploits discovered for IE than for alternate browsers. But then, according to data reported last week in InfoWorld (http://www.infoworld.com/article/04/07/12/HNielosesshare_1.html), IE has had over 95% of the browser market share since 2002. Following the string of reported exploits and CERT's public condemnation, IE's market share dropped about 1 percentage point last month. That still left IE with a 94.74 percent market share on July 6.

    It's only logical that hackers and virus writers focus on IE, just as they focus on the Windows operating systems, because it gives them the largest target for their malicious wares. But if computer users take CERT's recommendations to heart and switch to another browser, it's likely that attackers will also switch targets and start digging out exploits for those browsers. After all, back in the 90s when Netscape had a large share of the browser market, we were always reading about exploits affecting it.

    What do you think? Is IE inherently dangerous, or getting a bum rap? Have you switched to another browser? If so, which one? Did you switch because of security concerns or other issues? If you're using IE, will CERT's warning cause you to switch? Or do you use multiple browsers? (For instance, because of the increase in "phishing" scams that use browser vulnerabilities to capture usernames and passwords entered on banking Web sites, I've taken to using Safari on my iMac for online financial transactions - not because I think it's inherently safer, but because it has such a tiny market share that I don't think it's of much interest to attackers).

    < Source : WinXPnews™ E-Zine >
     
  2. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    Just last week, I attended a meeting with our IT department at work.
    with no more than 5 minutes we all agreed on switching to Firefox as the corporate web browser. The president made it so. We blocked privledges
    to all networked PC's and Workstations of the Internet Explorer .exe file
    we added a seperate server to monitor and bypass any leaked .exe file to re-route as denied.

    My friend who works at the local community college, who also works in the IT dept. are in the process in doing the same.

    M$ is a joke on security. Billy Gates talks the talk but does not walk the walk :p
     
  3. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    M$ has always sacrificed security for features, this has paid off in the past, but with more and more people on high speed connections, this is becoming a losing wager. I just want to throw in that the latest security patch for Mozilla/Firefox's "shell:" vulnerability is actually a vulnerability in Windows, that Windows knows about, that Windows did not fix, yet had purported to do so, months ago. The fix never made it into Mozilla because MicroShaft was supposedly going to fix it, once it was made public, the patch was issues in less than 24 hours. IE still has those 3 vulnerabilities that their patch did not patch.
     
  4. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    If only my work had the sense to do that, I swear every computer and server in the entire building runs some Windows variant. Our web-site doesn't, but that's only because it's managed by IBM :rolleyes:
     
  5. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    The US government is telling me not to use IE?
    /me falls over.
     
  6. wadada

    wadada Moderator

    Messages:
    707
    Location:
    netherlands
  7. dave holbon

    dave holbon Moderator

    Messages:
    1,014
    Location:
    London England
    I have always thought that any electrical connection to the outside world could be described as a “security risk”. Telephones (voice) for example connected to modern digital exchanges are inherently insecure by design requirements imposed by various government agencies. For instance its possible using some simple equipment to telephone any UK number, they of course pick up the phone only to hear the dial tone so replace the receiver. I can now hear all conversations within the range of the handset. This is just one of many “features” built into the system.

    There will never be a secure means of transmitting data over the Internet, only that some systems will be a bit more secure than others. The more mature the means of transmission (and hence the likelihood of trapping security issues) times the number of users, minus the number of interested parties attempting to crack the system provides the answer. Just because a means of transmission has a low user base and hence does not attract large hacker exposure does not mean that it’s not going to be more secure than any other system and probably a lot less.

    What is inexcusable is for an issue to be identified and then deliberately not fixed as in three months time the next service pack that addresses the problem is released or whatever. If large software corporate entities continue to take this view, the end result will be that no one will use their product.

    :)
     
  8. wadada

    wadada Moderator

    Messages:
    707
    Location:
    netherlands