German government warns EU companies over safety

Internet Explorer

To protect online security, the German and French governments have warned businesses to find an alternative browser to Internet Explorer (IE). The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google's systems where hackers in China had pried into e-mail accounts of human rights activists.

Microsoft rejected the warning, saying that the risk to users was low and that the browsers' increased security setting would prevent any serious risk, the BBC reports.

Despite Microsoft rejecting the warning, German authorities are adamant about their warning, stating that even the security settings would not make IE fully safe.

In France, Certa, a government agency that oversees cyber threats, has warned against using all versions of the web browser, the BBC state

Microsoft in Germany

Thomas Baumgaertner, a spokesman for Microsoft in Germany, said that while they were aware of the warning, they did not agree with it, saying that the attacks on Google were by "highly motivated people with a very specific agenda."

"These were not attacks against general users or consumers," said Baumgaertner.

Microsoft state that the security hole can be shut by setting the browser's security zone to "high", but doing this limits functionality and blocks many websites.

Graham Cluley of anti-virus firm Sophos, told BBC News that not only did the warning apply to 6, 7 and 8 of the browser, but the instructions on how to exploit the flaw had been posted on the internet.

"This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," he said.

"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."

Microsoft traditionally release a security update once a month - the next scheduled patch is the 9 February. Yet, a spokesman for Microsoft told BBC News that developers for the firm were trying to fix the problem.

Can they fix the loophole?

The firm have got to fix the loophole, but they have to ensure it does not create another one and - that changes they make work on all computers. This is a challenge compounded by the fact they have to fix three different versions of its browser.

Microsoft said that while all versions of Internet Explorer were affected, the risk was lower with more recent releases of its browser.

The other problem facing developers is that the possible risk might not be prevented by anti-virus software, even when recently updated.

"We've been working to analyse the malware that the Chinese are using. But new versions can always be created," said Cluley.

"We've been working with Microsoft to see if the damage can be mitigated and we are hoping that they will release an emergency patch.

"One thing that should be stressed is that every browser has its security issues, so switching may remove this current risk but could expose you to another."

IE, as of July 2009, may have the largest usage share on Windows, but this latest warning is going to be a scare for Microsoft who are very aware of the fact the MozillaFirefox is closing in as the second most used web browser.

Related News:

The Need for Proactive Web Security to Safeguard Your Business |Security for CXOs - Security & ID Management |CXO 2009 round-up |Under lock and key - Security & Business Continuity

Like this article? Get the RSS feed: