Microsoft's Head of Security and Privacy in the UK has told TechRadar that people who jump ship from Internet Explorer after the recent spate of bad headlines risk ending up on a less secure browser.
With France and Germany both advising a move away from Internet Explorer, things are far from rosy for Microsoft's browser, and although the vulnerability has only been used against IE6, the company has not ruled out that something similar could be used against the later versions.
With Microsoft not prepared to give details of how soon a fix will be released, and advising people to leave the appalling IE6 and its successor for the latest version – IE8 – Microsoft's UK security chief Cliff Evans insists that a non-Microsoft browser is the worse option.
Less secure
"The net effect of switching [from IE] is that you will end up on less secure browser," insisted Evans.
"The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.
"There are broader risks and issues with other browsers."
Not representing
Evans believes that the coverage attached to the problem – which was namechecked by Google as it changed its China policy – is "not representing the situation".
"If you were to ask me 'what's the most secure browser?' I would say Internet Explorer 8 – we're talking about a single vulnerability," he added.
"The reality of the risk is minimal, even if you have IE6; you would have to go to a website running the exploit."
PR disaster
The whole Google IE flaw issue is clearly a PR disaster for Microsoft, with Evans conceding that this particular problem is not likely to afflict IE's rivals.
"I'm not aware that the vulnerability exists in other products," says Evans, "But those products may have other vulnerabilities."
Asked directly when a fix would be ready, Evans states that the rollout might or might not be before the normal upgrade cycle, but has no further details.
"We are working to provide an update to the vulnerability. We are not seeing any attacks on IE8."
In the meantime, the company will be hoping that the knee-jerk reaction of France and Germany is not mirrored elsewhere.
Your comments (14) Click to add a new comment
tech89
January 24th
14. Also, Internet Explorer exhibits the same sandbox approach as chrome does and utilises separate processes for each tab.
IE8 is pretty secure, all other versions of IE are not though.
Plug-ins such as flash which are not standardized are what cause problems for browser security. They can be caused to create buffer overflows which can allow executable code to be executed from the memory by hackers. Flash unfortunately needs read/write permissions and poses a serious problem. To counteract this problem chrome makes each plug-in a process which only interacts with the renderer which only has low level permissions (i.e. only compute, not read/write).
I would be more worried about the exploitation of popular and insecure plug-ins such as Flash than a vector in IE.
The majority of hackers like an easy way in and Flash is easier to exploit than a vector in IE.
Alert a moderator
tech89
January 24th
13. For people who are genuinely interested in how google chrome is made to be very secure, then I 100% recommend this web page article:
http://arstechnica.com/security/news/2008/09/chrome-antics-did-google-reverse-engineer.ars
An insight in to the software and how it is very secure partly because google has managed to reverse engineer a bit of windows, excellent for users of chrome.
Read the web page article link before any response to this comment. It makes you think.
For those who want a summarised version read Chrome article on wikipedia (it's all referenced with links to prove it correct).
Sandboxing, separate processes, data execution prevention, mandatory and discretionary access control.
Chrome is secure because google have gone to great lengths to reverse engineer bits of windows to make the browser as secure as possible.
There are still a few flaws, but they are discovered quickly and kept quiet until a fix is issued and users are protected. This denies any hacker the public knowledge of the flaw until the flaw is fixed, which is good for the user.
Passwords stored by the password manager are kept very secure. Read this article:
http://www.switchonthecode.com/tutorials/how-google-chrome-stores-passwords
I hope anyone with an ounce of interest in software and browser security will visit the links mentioned in this comment.
Alert a moderator
1fastbullet
January 19th
12. @gavmeister:
Go on foolishly believing that Chrome is so much more secure than other web browsers while Goofle follows you around with its nose up your butt.
If Goffle Chrome is so damn trustworthy, why do you suppsoe SRWare found it prudent to create the Iron browser you are apparently unaware of? The Iron browser is exactly a clone of Chrome, but with one major exception: It has removed Goofle's ability to shadow and record your every move.
Anything remotely connected to Goofle is going to track you. Tracking you and using your personal information is how Goffle survives. (Have you failed to notice its "targeted advertising" when you use it?) This is why people who value personal privacy and do not appreciate Goofle's invasion of same use the Iron browser and the Scroogle.org search engine (in place of Goffle search). Scrooogle uses the same search function as Goofle, but, once again, has removed Goffle's ability to collect your browsing and search habits.
Gee, I wonder how the name "Scroogle" was decided upon.
Alert a moderator
dave007
January 19th
11. Speaking as a web developer I can safely say it's the worst program ever made, if theres ever an issue in developing a site its with internet explorer. Just think about this, this browser never keeps up with new features in display of CSS and the implementations they do make are never the best, this is where we can see how the browser works and its terrible when compared to any other, what does this mean for networking and security?
It also relies on Windows update for fixes.. what if this is turned off as it is for many users?
IMHO Microsoft should just ditch Internet Explorer, it wants to be part of the "browser wars" but doesn't seem to want to build the best browser as can be seen from display technology.
Alert a moderator
serendipity
January 19th
10. @gavmeister
Nobody who was computer literate would ever claim that one browser was a million times better than another. It's completely meaningless and frankly its just troll speak...
Alert a moderator
tech89
January 19th
9. Flash is the big problem. More and more incidents of malware trying to install itself from legitimate adverts on legitimate websites. We should be worried about adobe flash and pdf before we get panicky about IE.
Alert a moderator
Tell us what you think
You need to Log in or register to post comments