Internet Explorer – Issues and Repairs

A Description

Internet Explorer (IE) is a Microsoft proprietary web browser used to “surf” the net; that is it say, users traverse the web and view web pages containing text, images, and downloadable content.  It was first released in 1995 and since 1999 it has been the most used Internet browser.  There is considerable integration with the Windows operating system and as a result of IE architectural design, there have been numerous criticisms targeted at the most popular browser.  These criticisms are based on monopolization and security risks.  This article covers the latter.

Security Concerns

IE uses component architecture (COM: Component Object Model), permits third party applications to add functionality using Browser Helper Object (BHO) technology, and allows ActiveX content for web sites that wish to add rich content.  Creators of “malware” (malicious software including viruses, adware, and spyware), have taken advantage of these security flaws.  Users can receive malware unknowingly simply from viewing web sites.  This is referred to as a “drive-by download”.

Microsoft does release patches and updates and Internet Explorer includes a zone-based framework (to offer a means of controlling downloadable content and restricting access to sites).  However, there are remaining concerns and criticisms and there are many who sound the alarm and point to security loopholes.  For example:

Slate in an article entitled: “Are the Browser Wars Back?” (June 30, 2004) stated: “The company [Microsoft] now rolls out only an occasional fix as part of its Windows updates.”  “The problem is that hackers continue to find and exploit security holes in Explorer. Many of them take advantage of Explorer's ActiveX system, which lets Web sites download and install software onto visitors' computers, sometimes without users' knowledge.”

USA Today in an article: “Security Risk Swells for Microsoft’s Explorer” (July 1, 2004) stated: “Using Microsoft's Internet Explorer Web browser to surf the Internet has become a marked risk — even with the latest security patches installed.”

The Inquirer in the article: “US Government warns against Internet Explorer” (Aug 19, 2004): “The US Government has sent out a warning out to internet users through its Computer Emergency Readiness Team (US-CERT), pleading users to stop using Microsoft’s Internet Explorer.”

Windows Vista and IE7

The latest Microsoft operating system that is slated to be released at the end of 2006 is called Windows Vista.  It is to include the next version of Internet Explorer 7 which promises additional security features.    Most significantly, a "Protected Mode" is to be added where the browser runs in a “sandbox” – a tightly controlled environment where certain activities are not allowed including network access and inspection of the host system.  This means that while browsing, there can be no “drive-by” downloads.  Installing start-up programs is not permitted and configuration of the operating system is not possible without communicating through a broker process.  This is expected to increase the security of the system considerably.  Release Candidate 1 for IE7 has been released for download and evaluation.

Patches and Updates

To date, Microsoft does not have a good track record when it comes to responsive and effective fault counter-measures.  Compared to the competition, Microsoft has not fixed security flaws promptly and in some cases, not at all.  According to security reports by Secunia (www.secunia.com, Oct 05, 2006), there were 106 security advisories (vulnerabilities) for Internet Explorer.  Of these, 19 are identified as unpatched.  Mozilla Firefox was listed with 36 vulnerabilities with 3 unpatched.  In contrast Opera 9.x was reported to have one security vulnerability and a patch was available for this.

Best Practices

Exposure to malware attacks is a part of today’s online surfing experience.  Being prepared and well-equipped is fundamental.  We recommend the following best practices:

1. Firewall protection: to prevent malicious software from being downloaded to your system, you can set up firewall protection.  In this way you will be less vulnerable to attacks.
2. System updates: use the Windows update function (from the Start button) if your system supports this, or go to the Microsoft web site and make sure you have the latest service pack and patches.
3. Configure your web browser security and content settings: adjust your settings to determine the web content you are willing to accept when surfing.
4. Safe surfing: download items only from trusted sites.  This includes reviewing license agreements, privacy statements, and security warnings.
5. Anti-spyware protection: install and periodically run anti-spyware software to detect and remove malicious and unwanted items.

If you are using Internet Explorer it is strongly recommended that you are well informed as to how you can make your online experience both secure and private.  Microsoft offers a list of articles: