French Government calls on internet users to abandon Internet Explorer
* By staff writers and wires
* From: news.com.au
* January 19, 2010 8:44AM
European governments have advised against using Internet Explorer until it is secured by Microsoft. Source: The Daily Telegraph
* France, Germany dump Internet Explorer
* Based on Microsoft security advisory
* Current threat only targets IE6
* Google attack an "inside job"
WEB users have been warned against using Microsoft's Internet Explorer (IE) because of a security threat.
Two countries - France and Germany - have now issued warnings, while Microsoft has urged users to upgrade to IE8.
Germany warned users Friday after a malicious code - implicated in recent attacks on Google - was published online, and now Certa, a French Government agency that oversees cyber threats, has warned against using all recent versions of the web browser.
A translation of Certa's warning reads:
"Pending a patch from the publisher, Certa recommends using an alternative browser."
"Certa said it is also strongly advised to browse the internet with a user account with limited rights and the disabling of interpretation of dynamic code (JavaScript, ActiveX). Moreover, activation of the DEP (Data Execution Prevention) may limit the impact of this vulnerability."
While the Google attacks were designed to exploit Internet Explorer 6, Microsoft has released a security advisory for Internet Explorer 6, 7 and 8.
"At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6," Microsoft said in the advisory, issued last week.
"We have not seen attacks against other versions of Internet Explorer. We will continue to monitor the threat environment and update this advisory if the situation changes."
"On completion of this investigation, Microsoft will take appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update."
Microsoft told the BBC that people should upgrade to its Internet Explorer 8, which it said is the "most secure browser on the market."
Dr Mark Gregory, internet security expert at RMIT University, says any panic rush to another browser would not help protect users.
"Microsoft Internet Explorer is no worse than any other browser, they all have the same inherent flaws in them so a mass panic rush wouldn't do anything other than giving the hackers a new target," he said.
"Microsoft products are no more susceptible to hacking than other products, but because they are the largest they are often the target."
He said if an Australian warning was issued, most people wouldn't know what to do with their computers.
"The fact is most people wouldn't know what to do to stop using it (Internet Explorer).
"If people are concerned, they should consider using one of the other browsers available."
George Kurtz, worldwide chief technology officer of security firm McAfee, said on his blog last week that the Google attack, conducted via an IE6 flaw, was a fresh threat.
"Like an army of mules withdrawing funds from an ATM, this malware enabled the attackers to quietly suck the crown jewels out of many companies while people were off enjoying their December holidays," Mr Kurtz said.
"Without question this attack was perpetrated during a period of time that would minimize detection."
"All I can say is wow. The world has changed."
"Everyones threat model now needs to be adapted to the new reality of these advanced persistent threats."
"In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value."
What can you do?
- Download an alternate browser: Mozilla Firefox, Apple Safari, or Google Chrome are the main alternatives.
- Upgrade from IE6: Internet Explorer 8 is technically still vulnerable, but Microsoft has not advised of any exploits in the wild.
- Upgrade your browser's security: Tips from US security agency CERT.