- The Washington Times - Friday, July 2, 2004

NEW YORK (AP) — It’s been a bad week for many users of Microsoft Corp.’s nearly ubiquitous Internet Explorer browser.

A pair of virus attacks exploiting its vulnerabilities has led security experts to recommend that Web surfers consider such alternatives as Mozilla and Opera.

Continuing to use Internet Explorer (IE) is “like playing the lottery,” said Johannes B. Ullrich, chief technology officer of the nonprofit SANS Internet Security Center.

The respected research center is among security groups recommending other browsers as long as a key vulnerability in IE remains unfixed, leaving it capable of running malicious code that’s been hidden at a number of popular Web sites.

Switching browsers may cause problems, but less so than following Microsoft’s temporary prescription of cranking up security settings, which may cripple the ability to access multimedia content or fill out Web forms, Mr. Ullrich said.

Last week, a computer virus designed to steal valuable information as Web users typed it into their computers — passwords and the like — spread through a new technique that converted popular Web sites into virus transmitters.

And this week, researchers discovered another password-stealing program hidden behind pop-up ads.

Microsoft was still working to fix a lingering vulnerability from last week’s virus, and while a repair for the flaw enabling this week’s Trojan horse infection was issued in April, many users had yet to patch their systems.

IE is a frequent target for hacking because of its popularity; WebSideStory Inc. says 95 percent of surfers use it globally. The browser is closely integrated with Microsoft’s Windows operating system and Outlook e-mail program, creating more room for programming error and making solutions more difficult.

Though many of IE’s functions are not unique, IE tends to be more permissive in running code — flexibility that helps Web developers create fancy features but allows hackers to more easily find weaknesses.

A major Windows XP upgrade, known as a service pack, is expected this summer to plug some holes in IE. Last week’s outbreak would not have occurred had those software plugs been installed, said Gary Schare, a Microsoft security director.

Microsoft also is developing a specific fix for the new vulnerability, but Mr. Schare said testing takes time. He called it premature for independent security experts to recommend that people explore alternatives.

Even if those recommendations were heeded, it’s highly unlikely Microsoft could be unseated as top dog in the browser business. After all, IE comes with Windows computers. The Justice Department, after initially suing to force Microsoft to uncouple the browser from its operating systems, later backed down.

Many users don’t care enough or know how to find other browsers, most of which are free or ad-supported. Opera Software ASA, which offers the No. 3 browser for Windows, saw no significant change in downloads this week.

“It’s not that consumers are so loyal to Microsoft, but more they are apathetic,” said Geoff Johnston, an analyst with WebSideStory, which tracks browser usage. “With it, there really is a cost to switching.”

LOAD COMMENTS ()

 

Click to Read More

Click to Hide