Security advisories and reports typically include preventive measures that computer users can take to avoid malicious Internet attacks, but one piece of advice is on the rise: Use a Web browser other than Microsoft’s Internet Explorer. Security experts themselves have indicated that their own use of Mozilla, Netscape or Opera — some of the most popular alternative Web browsers — suggests that non-Microsoft browsers are more safe than IE.
When questioned by TechNewsWorld, a Microsoft representative indicated the software giant does not give any credence to the idea that a different browser would solve anyone’s security problems.
The representative said that because Windows and Internet Explorer are the dominant software in use, they are the biggest targets for attackers. Nevertheless, after incidents such as last week’s Internet Information Services (IIS) attack scare, security advisories have been repeatedly cautioning users against the use of Internet Explorer.
“There’ve been at least four major incidents [this year] around Explorer and that browser being exploited,” iDefense director of malicious code intelligence Ken Dunham told TechNewsWorld. “There are a couple of main vectors of attack, but [attackers are] just hammering at them. If you are the low-hanging fruit, expect to be compromised.”
Other Browser Benefit
Advice to avoid the latest computer virus or hacker exploit increasingly involves steps to block infection from malicious Internet sites, such as those compromised last week.
Dunham said that while IE users could modify the Windows registry until a patch was available, home users could simply use an alternative browser temporarily while waiting for the patch.
In recent vulnerability notes, the Computer Emergency Readiness Team (CERT) also recommended use of alternate Web browsers as a solution to some of the IE-related security issues.
“It is possible to reduce exposure to these vulnerabilities by using a different Web browser,” said two different security advisories from CERT. CERT spokesperson Kelly Kimberland told TechNewsWorld that the group recommends several security steps be taken to secure systems against attack, but does not necessarily recommend any software product over another.
Tied Too Close
As attackers have increasingly relied on malicious Web sites to compromise computers, the typical basis for browser infection is Internet Explorer, a browser that is perhaps too closely tied to the operating system, according to Gartner research vice president Richard Stiennon.
Stiennon explained that while the close integration of browser and operating system — the root of the fight between the Microsoft and the federal antitrust officials — seemed to be a stroke of genius at the time, the close connection is now coming back to bite Microsoft.
“Now it’s turning out it’s too close to the operating system,” Stiennon told TechNewsWorld.
Ease of Use
Dunham said that Microsoft’s years of work on usability in the Internet Explorer browser had left it more vulnerable in today’s world of automated, repeatable attacks that proliferate quickly.
Dunham called attention to the potential for silent attacks on fully-patched systems — as evidenced by last week’s IIS exploit — and said that it is becoming increasingly difficult for users and administrators to know whether they’ve fallen victim to attack.
Dunham said that security measures such as firewalls and antivirus protection are critical for users to start to employ. He also pointed out that steps such as using alternative browsers, at least temporarily during an outbreak or attack, are also important.
“It’s a matter of lowering your risk, not removing it completely,” he said.