Stay Calm Over Internet Explorer Security

The attacks on Google Mail which led to its threat to pull out of China have turned into one of the most rapidly changing stories I can remember, taking in world politics, government censorship and freedom, while a discussion about the underlying risks has bounced between flaws in Adobe and Microsoft products. But are people over-reacting?

It all started when someone attempted to hack Google Mail accounts, apparently in a bid to expose human rights activists in China. That prompted Google to threaten to pull out of a controversial deal whereby it has provided censored search results to the approval of the Chinese government.

Security vendor McAfee said the hacks had taken place through a previously-unknown zero-day vulnerability in Microsoft Internet Explorer, which allows an attacker to download malware to the victim’s system.

But Google has said the attack probably happened through its Chinese office, where one would not expect IE to be the browser of choice, and Google is apparently investigating whether the whole thing might involve Google insiders.

Microsoft has played down the problem, of course. While such a denial should be received sceptically, as just the kind of thing Microsoft would say, we find ourselves thinking that the reaction against IE has been rather swift.

There have been zero-day vulnerabilities in IE before, and they will come up again. Is this one different simply because a major government has – allegedly – been exploiting it?

Germany has advised users to leave IE, and France followed quickly. The UK has failed to join in the moves to boycott IE

So does the UK have some sort of misplaced loyalty to Microsoft? Certainly the UK government gives the company too easy a ride in public sector procurement and promotion – for instance, last week Microsoft was advertised on a UK Government page promoting a course in online basics course, which really should be vendor neutral.

But in this instance, I think that it would be wrong to give users advice that will make them think online security is ever as simple as switching form one browser to another. Any browser can be a source of insecurity if it is not used carefullly.

It is much more important to have the right security settings than the right Internet browser. Internet Explorer may be subject to more attacks than other browsers,  but version 8 does a better job of helping users use the right levels of security, and has been rated highly in tests.

We applaud the UK government’s decision to avoid the knee-jerk reaction, and hope that the media attention to this issue will encourage all users to behave more securely – whatever browser they use.

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

15 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

15 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

16 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

16 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

17 hours ago