Calls to ditch IE overstated: Experts
Days after warnings that internet users should ditch Microsoft’s Internet Explorer, other experts are saying the warnings are overreactions.
Germany’s Federal Office for Information Security, as well as France’s cyber threat agency, advised internet users to switch to ‘safer’ browsers such as the open source Firefox or Google Chrome.
It was revealed the recent attacks on Google as well as a host of other businesses were able to exploit a flaw in Internet Explorer (IE) – not the first time the browser, a popular piece of software like all of Microsoft’s products, has been targeted.
Before any succesful hack of a user’s system could be carried out, however, the user would first need to visit a website which had been compromised, as well as also running IE.
AusCERT, who operate the Australian government’s online security website, has now published details on how to deal with the issue, without the need for switching browsers.
Meanwhile, the British government was also reported in the Guardian newspaper as saying it didn’t feel its government and armed forces would be better off by using other browsers, and has not taken the advice of the German and French agencies.
Microsoft products vulnerable
Part of the problem stems from the fact that Internet Explorer 6, most vulnerable to the attacks, came packaged with Microsoft Windows XP. Despite the perceived extra-security of open source browsers – as well as operating systems – the majority of web users still use Internet Explorer. While other browsers may also contain security flaws, hackers have often been known to target Microsoft products due to the sheer numbers of users.
Microsoft has published a blog on the breaches, in which the company says they are “only seeing very limited number of targeted attacks against a small subset of corporations”, which have only been succesful against those using IE6.
Paul Ducklin of security firm Sophos, told the Sydney Morning Herald that although abandoning IE could provide extra security in the meantime it would simply be security “through obscurity”.
“Your chosen replacement browser might itself turn out to contain a vulnerability. Then what? Are you going to switch again?” he asked.