Security players have voiced their opposition to recommendations made by international governments to avoid Microsoft’s Internet Explorer (IE) following widespread attacks on the Web browser.
This month’s high-profile cyber attack on Google’s China headquarters was said to have been executed through a critical IE vulnerability. Last week, Microsoft admitted the zero-day vulnerability affects IE 6 and 7 and issued a patch. Since then, Australian, German and French officials have issued recommendations for Internet users in their respective regions to find an alternative Web browsers.
Advising people to dump the world’s most popular browser was too drastic a move, Symantec regional security product manager, Rob Pregnell, said. While this particular vulnerability ranked high on the danger meter, it was nothing new to the security industry.
“There is no need to panic – this is in many ways part-and-parcel of what we see every day of the week,” Pregnell said. “There is not a single thing that is new about this particular attack; the way it’s delivered and the things it can do.”
Internet Explorer is a major target of cyber attacks since it is integrated into every copy of Windows operating systems, making it the most popular Web browser available.
Mass exodus from IE was not a panacea for dodging security breaches, Pregnell said.
“If we’re not all using IE, then I guarantee whatever the alternative might be, the attackers will go after that,” he said. “It’s not because IE is IE that they are going after it. It’s because everyone is using it.”
General manager of security distributor SecureServ, Vic Whitely, agreed ditching IE was unnecessary and said users should instead consider ramping up overall security, such as installing fresh antivirus and endpoint security products to combat potential attacks.
“Dropping IE is a knee-jerk reaction,” he said. “If you rely on IE to be secure, that’s fair enough but you need other applications and whatever else to make it even more secure.”
But while IT service provider, CeTech, echoed this sentiment, it also gave some credit to international calls to abandon IE.
“If there is a known security flaw of this nature, then it’s not unreasonable to suggest another alternative at least until a patch is available,” CeTech technical director, John Lopes, said. “But ditching it altogether is excessive.”
Small business IT service firm, Calvert, labelled the advice to give up IE as “hysteria” and said practical security practices would be adequate to ward off cyber attack concerns.
“I think everyone needs to take a deep breath and settle down rather than join the hysteric horde,” Calvert said in a statement. “You’re in danger of throwing the baby with the bathwater if you ditch Microsoft’s browser from your computer just because of a glitch in older versions.
“The best idea is to keep your software version current and always apply the latest security patches.”
Microsoft has since pushed out a patch for the vulnerability and recommends IE 6 and 7 users to migrate to IE 8.