A complaint of browser developer Opera that Microsoft has undermined competition by integrating its own Internet Explorer with the Windows operating system is currently being investigated by the European Union. If Microsoft is found guilty the company could face hefty fines and be forced to untie Internet Explorer from its next operating system installment Windows 7.
The latest build of the operating system Windows 7 (build 7048) which leaked to the Internet earlier this week apparently contains an option to uninstall Internet Explorer 8. While this uninstallation does not remove the ties of the web browser in the operating system it does remove the Internet Explorer executable from the computer system.
Users should keep in mind that the Internet Explorer rendering engine is being used for various integral parts of the operating system and that it most likely would require a rewrite to untie it completely. It is unclear if the option to uninstall Internet Explorer has been added because of the complaint. It certainly looks that way considering that the option to uninstall Internet Explorer was not available in the beta build of Windows 7.
The real question is if it will be enough to please the European Union. Most end users will probably never make use of this option as it does not make a huge difference for most users. Many experienced users will install an alternative web browser like Firefox or Opera immediately after finishing the installation of the operating system.
Removing only the executable will not have an impact on system performance at all. What’s your take on this? Should Microsoft offer an option to remove Internet Explorer from the Windows operating system?
вторник, 28 сентября 2010 г.
Govt issues IE security warning
The Federal Government has ramped up warnings about Microsoft's web browser Internet Explorer, which has come under attack from hackers.
The Government is warning that people risk having their computers infiltrated and passwords stolen unless they install temporary fixes from Microsoft or use alternative browsers.
The Government says Microsoft has acknowledged all recent versions of the program are vulnerable.
It also says people should remember to regularly update their security software and change passwords frequently.
The French and German governments have warned internet users in Europe to avoid Microsoft's popular web browser.
The concern follows revelations that hackers used a crack in Internet Explorer to mount an attack on Google and a number of other companies.
Senior lecturer in network engineering at Melbourne's RMIT University, Mark Gregory, says industry and governments are not prepared for the changing threats to cyberspace.
"The digital network is like the wild west. It is unregulated," he said.
"It is being used in ways that it wasn't meant to be used and we need to get organisations, companies and governments ... focused on taking action to make the digital network more secure for the general public."
Bill Caelli, from the Information Security Institute at the Queensland University of Technology, says the Government and regulators must step in to protect internet users.
"How many builders have put smoke detectors in the new homes and houses? How many people have put fences around their pools to protect children?" he said.
"So safety and security has never, ever been market-driven. It's always been driven by regulatory [sic], by society itself, and that's the role of government."
The Government says Microsoft has not solved the security glitch and Australians should use alternative browsers.
Dr Gregory says it is good advice.
"There are other browsers that are available that appear to be being targeted less by the hackers and by these organisations than what Internet Explorer is being targeted," he said.
"I don't think there was any inference in what they said that Internet Explorer was any more deficient in terms of security than any of the other browsers, just that it was being targeted more.
"On that basis you'd have to argue that if security was a principal concern then using another browser would be wise until the incidence is reduced."
Editor's note (19 January 2010): This story has been amended to reflect the fact that web users can install temporary fixes from Microsoft to reduce their risk.
The Government is warning that people risk having their computers infiltrated and passwords stolen unless they install temporary fixes from Microsoft or use alternative browsers.
The Government says Microsoft has acknowledged all recent versions of the program are vulnerable.
It also says people should remember to regularly update their security software and change passwords frequently.
The French and German governments have warned internet users in Europe to avoid Microsoft's popular web browser.
The concern follows revelations that hackers used a crack in Internet Explorer to mount an attack on Google and a number of other companies.
Senior lecturer in network engineering at Melbourne's RMIT University, Mark Gregory, says industry and governments are not prepared for the changing threats to cyberspace.
"The digital network is like the wild west. It is unregulated," he said.
"It is being used in ways that it wasn't meant to be used and we need to get organisations, companies and governments ... focused on taking action to make the digital network more secure for the general public."
Bill Caelli, from the Information Security Institute at the Queensland University of Technology, says the Government and regulators must step in to protect internet users.
"How many builders have put smoke detectors in the new homes and houses? How many people have put fences around their pools to protect children?" he said.
"So safety and security has never, ever been market-driven. It's always been driven by regulatory [sic], by society itself, and that's the role of government."
The Government says Microsoft has not solved the security glitch and Australians should use alternative browsers.
Dr Gregory says it is good advice.
"There are other browsers that are available that appear to be being targeted less by the hackers and by these organisations than what Internet Explorer is being targeted," he said.
"I don't think there was any inference in what they said that Internet Explorer was any more deficient in terms of security than any of the other browsers, just that it was being targeted more.
"On that basis you'd have to argue that if security was a principal concern then using another browser would be wise until the incidence is reduced."
Editor's note (19 January 2010): This story has been amended to reflect the fact that web users can install temporary fixes from Microsoft to reduce their risk.
понедельник, 13 сентября 2010 г.
Serious security flaw found in IE
Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
It's a shame Microsoft have not been able to fix this more quickly
Darien Graham-Smith
PC Pro magazine
Q&A: Stay safe online
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
It's a shame Microsoft have not been able to fix this more quickly
Darien Graham-Smith
PC Pro magazine
Q&A: Stay safe online
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
French Government calls on internet users to abandon Internet Explorer
* France, Germany dump Internet Explorer
* Australians 'should upgrade or switch'
* Microsoft says hackers only hit IE6
* Google attack an "inside job"
AUSTRALIANS have been advised against using Microsoft's Internet Explorer (IE) because of a security threat.
Local web users have been advised to install security patches or switch browsers, while two countries - France and Germany - have now issued warnings against all versions of Microsoft's browser.
Germany warned users Friday after a malicious code - implicated in recent attacks on Google - was published online, and now Certa, a French Government agency that oversees cyber threats, has warned against using all recent versions of the web browser.
While the Google attacks were designed to exploit Internet Explorer 6, Microsoft has released a security advisory for Internet Explorer 6, 7 and 8.
Microsoft said it has only seen a "very limited number of targeted attacks against a small subset of corporations".
"The attacks that we have seen to date are only effective against Internet Explorer 6."
"We are not seeing any widespread attacks and thus far we are not seeing attacks focused on consumers."
The company recommended users upgrade to Internet Explorer 8 - which is technically still vulnerable - and anyone using older versions of Windows XP to upgrade to Service Pack 3.
It is still working on a permanent solution.
Australian alerts
An alert from the Australian Government website staysmartonline.gov.au suggests users try Microsoft's temporary fixes or consider an alternate browser.
But Paul Ducklin, Asia Pacific head of technology at Sophos, says "all browsers have vulnerabilities".
"Even though it's true that IE is exploited more than any other browser, you don't achieve security simply by switching."
"That's security through obscurity, which is merely false security."
"Good security means defence in depth, and in a well-defended network a single unpatched vulnerability in your browser shouldn't really be enough for the bad guys to get in."
Dr Mark Gregory, internet security expert at RMIT University, says any panic rush to another browser would not help protect users.
"Microsoft Internet Explorer is no worse than any other browser, they all have the same inherent flaws in them so a mass panic rush wouldn't do anything other than giving the hackers a new target," he said.
"Microsoft products are no more susceptible to hacking than other products, but because they are the largest they are often the target."
George Kurtz, worldwide chief technology officer of security firm McAfee, said on his blog last week that the Google attack was a fresh threat.
"All I can say is wow. The world has changed," Mr Kurtz said.
"Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats."
"In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value."
What can you do?
- Download an alternate browser: Mozilla Firefox, Apple Safari, or Google Chrome are the main alternatives.
- Upgrade from IE6: Internet Explorer 8 is technically still vulnerable, but Microsoft has not advised of any exploits in the wild.
- Upgrade your browser's security: Tips from US security agency CERT.
- Follow Government advice: Online alerts from Stay Smart Online.
* Australians 'should upgrade or switch'
* Microsoft says hackers only hit IE6
* Google attack an "inside job"
AUSTRALIANS have been advised against using Microsoft's Internet Explorer (IE) because of a security threat.
Local web users have been advised to install security patches or switch browsers, while two countries - France and Germany - have now issued warnings against all versions of Microsoft's browser.
Germany warned users Friday after a malicious code - implicated in recent attacks on Google - was published online, and now Certa, a French Government agency that oversees cyber threats, has warned against using all recent versions of the web browser.
While the Google attacks were designed to exploit Internet Explorer 6, Microsoft has released a security advisory for Internet Explorer 6, 7 and 8.
Microsoft said it has only seen a "very limited number of targeted attacks against a small subset of corporations".
"The attacks that we have seen to date are only effective against Internet Explorer 6."
"We are not seeing any widespread attacks and thus far we are not seeing attacks focused on consumers."
The company recommended users upgrade to Internet Explorer 8 - which is technically still vulnerable - and anyone using older versions of Windows XP to upgrade to Service Pack 3.
It is still working on a permanent solution.
Australian alerts
An alert from the Australian Government website staysmartonline.gov.au suggests users try Microsoft's temporary fixes or consider an alternate browser.
But Paul Ducklin, Asia Pacific head of technology at Sophos, says "all browsers have vulnerabilities".
"Even though it's true that IE is exploited more than any other browser, you don't achieve security simply by switching."
"That's security through obscurity, which is merely false security."
"Good security means defence in depth, and in a well-defended network a single unpatched vulnerability in your browser shouldn't really be enough for the bad guys to get in."
Dr Mark Gregory, internet security expert at RMIT University, says any panic rush to another browser would not help protect users.
"Microsoft Internet Explorer is no worse than any other browser, they all have the same inherent flaws in them so a mass panic rush wouldn't do anything other than giving the hackers a new target," he said.
"Microsoft products are no more susceptible to hacking than other products, but because they are the largest they are often the target."
George Kurtz, worldwide chief technology officer of security firm McAfee, said on his blog last week that the Google attack was a fresh threat.
"All I can say is wow. The world has changed," Mr Kurtz said.
"Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats."
"In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value."
What can you do?
- Download an alternate browser: Mozilla Firefox, Apple Safari, or Google Chrome are the main alternatives.
- Upgrade from IE6: Internet Explorer 8 is technically still vulnerable, but Microsoft has not advised of any exploits in the wild.
- Upgrade your browser's security: Tips from US security agency CERT.
- Follow Government advice: Online alerts from Stay Smart Online.
Подписаться на:
Сообщения (Atom)