Security experts are warning that Microsoft's Internet
Explorer (IE) browser is not safe to use.
Two and a half years after launching its Trustworthy Computing
initiative, Microsoft is finding its products the target of
escalating attacks.
The company is claiming that it is doing everything in its power
to defend itself, however users are looking for reassurance that
Trustworthy Computing will pay off, and quickly.
"They've launched this Trustworthy Computing campaign and they
are still issuing all these patches. They shouldn't make things so
complex. When is it going to get better?" asked software developer
Michael Kranawetter at last week's Tech Ed conference in
Amsterdam.
Microsoft has been working hard to streamline its patching
process, by releasing combined fixes when possible and delivering
them on a monthly release schedule.
The comany is also providing a free patching service and a
centralised place for users to find fixes.
Microsoft is also moving to bolster the security of its desktop
software, by turning off potential ports of attack and adding
security features such as a firewall enabled by default, to help
users protect their PCs.
Many new security improvements are due to be delivered with the
much anticipated Windows XP Service Pack 2 (SP2), an update to the
Windows XP operating system (OS), which is said to be like a
installing a whole new OS.
Microsoft executives have promised to deliver SP2 by "the end of
summer." However, Microsoft senior director of Trustworthy
Computing for Europe, EMEA, Detlef Eckert, said that "summer ends
in September this year".
"We have now realised, to some extent painfully, that the
security atmosphere has changed, which is why we are putting so
much effort into Service Pack 2," Eckert said.
"Most of these new features would have blocked against recent
attacks."
The company learned a great deal from threats such as the Sasser
internet worm, which wreaked havoc earlier this year by exploiting
a disclosed hole in a component in Windows.
"We know we need to move ahead of the attack cycle and mitigate
against specific attacks against applications," Eckert said.
But while the company has been working to address users'
security woes, it continues to come under attack from virus
writers.
One of the latest attacks used websites running Internet
Information Server (IIS) to launch malicious computer code, and
prompted the company to release updates to its Windows 2000, XP and
Windows Server 2003 software.
The company is also planning to release updates to improve the
security of IE.
Microsoft's IE browser has become the primary target for virus
writers. In one of the latest attacks, hackers took advantage of a
browser extension functionality to steal log-in information from
banking sites.
Numerous vulnerabilities in IE, which holds over 95% of the
browser market, have prompted some security experts to warn against
using the product altogether, suggesting alternatives such as
Opera, Netscape or Mozilla.
"It's safe to say that IE is not safe to use," said Mikko
Hyppönen, director of anti-virus research at anti-virus company
F-Secure. "I don't use it and I know of companies that have banned
it altogether."
"There are two nightmares a systems administrator can have,"
said Hyppönen. "One is having security vulnerabilities and the
other is having to support users who are all using different
applications."
Many internet applications are tied to IE, so switching may not
be a practical option.
Microsoft does not seem too concerned about a mass exodus from
its products. The company claims that if enough people moved to
another brand of browser, that would also come under attack.
Scarlet Pruittwrties for IDG