wadada
OSNN Senior Addict
- Joined
- 5 Nov 2002
- Messages
- 707
The U.S. government's Computer Emergency Readiness Team (CERT) made headlines in June when they issued a statement urging computer users to switch from Internet Explorer to "any other browser." We've reported on several IE exploits in recent issues, including the download.ject virus that allows a Trojan to be downloaded when you visit an infected Web site.
Let's put aside the irony of the government condemning someone else's security level (Let's see - how many storage devices containing sensitive data were discovered missing from the Los Alamos nuclear research lab last week? http://www.theregister.co.uk/2004/07/16/los_alamos_flap/). The plain fact is that IE is not the only Web browser that's subject to vulnerabilities. Last week security forums reported a hole in the Mozilla browser that makes it possible for attackers to launch unauthorized applications or crash computers (http://secunia.com/advisories/12027/). If you're using Mozilla, we recommend that you visit Mozilla.org to download a patch for this). A flaw in the Opera Web browser was also discovered, which can fool users into believing they're on a trusted Web site when they aren't (http://secunia.com/advisories/12028/).
There are, indisputably, far more exploits discovered for IE than for alternate browsers. But then, according to data reported last week in InfoWorld (http://www.infoworld.com/article/04/07/12/HNielosesshare_1.html), IE has had over 95% of the browser market share since 2002. Following the string of reported exploits and CERT's public condemnation, IE's market share dropped about 1 percentage point last month. That still left IE with a 94.74 percent market share on July 6.
It's only logical that hackers and virus writers focus on IE, just as they focus on the Windows operating systems, because it gives them the largest target for their malicious wares. But if computer users take CERT's recommendations to heart and switch to another browser, it's likely that attackers will also switch targets and start digging out exploits for those browsers. After all, back in the 90s when Netscape had a large share of the browser market, we were always reading about exploits affecting it.
What do you think? Is IE inherently dangerous, or getting a bum rap? Have you switched to another browser? If so, which one? Did you switch because of security concerns or other issues? If you're using IE, will CERT's warning cause you to switch? Or do you use multiple browsers? (For instance, because of the increase in "phishing" scams that use browser vulnerabilities to capture usernames and passwords entered on banking Web sites, I've taken to using Safari on my iMac for online financial transactions - not because I think it's inherently safer, but because it has such a tiny market share that I don't think it's of much interest to attackers).
< Source : WinXPnews™ E-Zine >
Let's put aside the irony of the government condemning someone else's security level (Let's see - how many storage devices containing sensitive data were discovered missing from the Los Alamos nuclear research lab last week? http://www.theregister.co.uk/2004/07/16/los_alamos_flap/). The plain fact is that IE is not the only Web browser that's subject to vulnerabilities. Last week security forums reported a hole in the Mozilla browser that makes it possible for attackers to launch unauthorized applications or crash computers (http://secunia.com/advisories/12027/). If you're using Mozilla, we recommend that you visit Mozilla.org to download a patch for this). A flaw in the Opera Web browser was also discovered, which can fool users into believing they're on a trusted Web site when they aren't (http://secunia.com/advisories/12028/).
There are, indisputably, far more exploits discovered for IE than for alternate browsers. But then, according to data reported last week in InfoWorld (http://www.infoworld.com/article/04/07/12/HNielosesshare_1.html), IE has had over 95% of the browser market share since 2002. Following the string of reported exploits and CERT's public condemnation, IE's market share dropped about 1 percentage point last month. That still left IE with a 94.74 percent market share on July 6.
It's only logical that hackers and virus writers focus on IE, just as they focus on the Windows operating systems, because it gives them the largest target for their malicious wares. But if computer users take CERT's recommendations to heart and switch to another browser, it's likely that attackers will also switch targets and start digging out exploits for those browsers. After all, back in the 90s when Netscape had a large share of the browser market, we were always reading about exploits affecting it.
What do you think? Is IE inherently dangerous, or getting a bum rap? Have you switched to another browser? If so, which one? Did you switch because of security concerns or other issues? If you're using IE, will CERT's warning cause you to switch? Or do you use multiple browsers? (For instance, because of the increase in "phishing" scams that use browser vulnerabilities to capture usernames and passwords entered on banking Web sites, I've taken to using Safari on my iMac for online financial transactions - not because I think it's inherently safer, but because it has such a tiny market share that I don't think it's of much interest to attackers).
< Source : WinXPnews™ E-Zine >