Microsoft's Explorer sets off alarm

Switch: Noting security concerns, the U.S. government urges computer users to avoid the popular Internet browser.

July 08, 2004|By Lou Dolinar | Lou Dolinar,NEWSDAY

NEW YORK - The federal government's cyberdefense experts, along with other computer gurus, are urging users to consider a switch away from Microsoft's widely used Internet Explorer because of new security problems.

The unusual, and for Microsoft, highly embarrassing, warning follows an exploit that has enabled hackers to surreptitiously install software on hundreds of Web sites that use Microsoft's Web server programs. That, in turn, downloads a spyware program to personal computers, including one that steals credit-card numbers and other forms of financial information.

"This is a wake-up call for us to advise users to switch to an alternative browser," said Johannes Ulrich of the SANS Internet Storm Center based in Bethesda, Md., which tracks immediate threats on the Internet. "With Internet Explorer, you're playing Russian roulette and hoping the sites you visit aren't compromised."

Most anti-virus software has been updated to block the specific program, the JS.Scob trojan, but Microsoft has not been able to inoculate Internet Explorer against the broad technique.

A spokesman for Microsoft would not comment further but directed reporters to a Microsoft statement that said, "Customers using Internet Explorer should be sure that they have installed the latest security updates by visiting Windows Update at http://windowsupdate."

Last month, in a related security breach, an adware toolbar was surreptitiously installed into Explorer on thousands of computers worldwide. The technique is expected to quickly become widespread.

"There are a number of significant vulnerabilities in technologies" relating to the Internet Explorer, according to US-CERT (U.S. Computer Emergency Readiness Team), based in Pittsburgh. "It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites."

Switching browsers is one of the options, CERT said. Other alternatives include disabling some special scripting capabilities of the browser or setting Internet Explorer's security settings to much higher levels.

None of the most prominent alternative browsers, Opera (, or Netscape (, are vulnerable to the flaw. Nor are computers running Linux or the Macintosh operating system. Linux has become increasingly popular for its relative freedom from security problems.

Ulrich and other experts say the new round of malware, or malicious software, deliberately assumes a less aggressive profile. It doesn't spread as quickly as traditional computer viruses and is more focused on stealing or making money for its authors. That creates a whole new round of problems for PC security firms, who spot new forms of malware by surveying hundreds of thousands of PCs. "If you steal a thousand bucks from a thousand people," he said, "you'll probably stay beneath the radar."

Newsday is a Tribune Publishing newspaper.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.