Internaut: Browser woes could prompt user switch

Shawn P. McCarthy

Until Microsoft Corp. gets serious about fixing the security flaws in its Internet Explorer browser, some government users are considering less-vulnerable alternatives for the Web.

Explorer currently represents about 90 percent of browsers in use worldwide. But its most recently publicized flaw could trigger a migration. The flaw lets text and links be inserted into a Web page while it is being viewed. Two Explorer windows must be open for this to happen.

Hackers who exploit this so-called frame injection vulnerability could insert their own content and links into agency Web pages as they load, without the managers of those pages even knowing their information is being altered.

Hackers could use the flaw to direct people to other sites, solicit personal or financial information on fake forms, and even insert links that look trutworthy but secretly download malicious software.

In some circumstances, non-Microsoft browsers permit frame injection. But the latest versions of Opera and Mozilla browsers are supposedly unaffected.

Securia Networks Inc. of San Jose, Calif., tracks 54 Explorer 6 security advisories, 42 percent of them considered highly or extremely critical. In contrast, Opera has 26 advisories of which 17 percent are deemed highly or extremely critical, and Mozilla has five advisories, none critical.

Banks targeted

Another ongoing browser security headache is pop-up windows that can automatically install small programs. One recent pop-up exploited a flaw in Explorer's helper server to automatically install itself on visitors' PCs. The code can read keystrokes and record passwords when victims visit any of about 50 banking sites targeted by the program.

In theory, a similar tactic could hijack government Web traffic. The temporary fix: Set Explorer's security level higher by going to Tools, Internet options.

No browser is immune to creative security breaches, but Explorer is the target of choice. Microsoft's response occasionally lags, and Explorer itself is far more complex software than, say, Opera, which is not tightly integrated with a specific operating system.

To switch to Mozilla 1.7 or higher versions, visit www.mozilla.org. Or take a look at Firefox, a preview of the next Mozilla browser.

To switch to Opera 7.5 or higher, go to www.opera.com. Both Opera and Firefox block pop-up ads and have other advanced security features.

Shawn P. McCarthy is senior analyst and program manager for government IT opportunities at IDC of Framingham, Mass. E-mail him at smccarthy@idc.com.

About the Author

Shawn McCarthy, a former writer for GCN, is senior analyst and program manager for government IT opportunities at IDC.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above