Microsoft issues new security warning – but is any browser safe?
At the end of last week, Microsoft issued a warning to anyone using its Internet Explorer browser – which is potentially around 900 million people around the world.
In what it called a ‘critical’ advisory, the company recommended that anyone who uses Internet Explorer should download a patch as a temporary fix for the security flaw – which otherwise could leave computers open to malicious attacks. The flaw actually turns out to be part of Microsoft’s operating system, Windows, rather than part of the browser itself, but IE seems to be the only browser which would allow hackers to exploit it.
The problem arises when part of the MHTML web protocol could allow hackers to inject a malicious client-side script which would then run on the users’ computer, enabling them to collect user information or create spoof content in the browser. However, although the proof-of-concept code exists, Microsoft notes in its blog post that so far there is no evidence of anyone actively exploiting the security hole.
So should we all stop using Internet Explorer? Or run away and stop using the internet altogether, for fear of cyber-attack? Well, that might be a bit premature. The first thing to remember is that the media likes to hype up the danger of malware, spyware and hackers. Hackers and ‘cyber-criminals’ make good faceless baddies, and the old ‘statistic’ about computers being subject to some kind of attack within fractions of a second of being connected to the internet makes for a suitably titillating quote.
That said, there are threats online, and any internet user with any sense will want to do whatever they can to avoid problems. So which browser should we choose? Well, last year, a report by NSS Labs revealed the results of testing designed to identify how well browsers protected users from known bad links which could allow the execution of malware. That report showed that Internet Explorer 8 was most secure, catching 85% of threats, while Safari and Firefox caught 29% and Google’s Chrome caught 17%. But that was last year, and a year is a long time in pol… erm, internet terms.
In reality, every browser has vulnerabilities; and even if they didn’t, browsers have to interact with an increasingly wide range of plug-ins which create additional areas where security flaws can hide. And even if the software were perfect (which is never going to happen), it’s important to remember that one of the biggest potential security weaknesses sits not in the computer, but in the chair in front of it. Whichever browser you choose to use, a little bit of knowledge, some research into best practice, and a little bit of common sense will keep you and your personal information safe online.