Hyper-V: The Killer Feature in Windows Server 2008 It's fair to say that while many of the other new features are evolutionary, Hyper-V, by contrast, is revolutionary. Paul Rubens explores Microsoft's big step into virtualization. »   Download the Windows Server 2008 Trial With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »   Reduce Complexity and Costs with Microsoft Identity and Access Solutions Your organization depends on making digital information accessible to a broad spectrum of users over range of devices and networks. Register now for free Identity and Access Solutions from Microsoft. »   Virtualization from the Data Center to the Desktop Integrated virtualization solutions from Microsoft can help you meet evolving demands more effectively as you transform your IT infrastructure from a cost center to a strategic business asset. »

Related Articles •Microsoft Takes its Time with Backup Patch •Banks Say, 'Phishing Season Is Over' •Immunize Your Servers Against Attack •Whitelists Battle for Market Share

- ITSMWatch Newsletter -

Tech Focus: Security Cybersecurity: Laws Only Go So Far Mozilla Firefox vs. Internet Explorer: Which is Safer? Is Your Blog Leaking Trade Secrets? The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip? Stopping Spammers at The Point of Sale

Product Watch •IOGEAR KVM - Includes Audio/Peripheral Sharing •Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities •USSD Series - SDRAM-Based Solid State Drives to 256 GB •UltraSMS - Send SMS From Your PC •Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage more products >>

Datamation Definitions data mining ERP extranet grid computing intranet network appliance outsourcing storage VPN virus

FREE Tech Newsletters Instant Messaging Planet HTML CIO Update CodeGuru Update Practically Networked HTML Enterprise Storage Forum HTML Optically Networked HTML Intranet Journal Update Datamation IT Management Careers Datamation IT Management Update Executive Tech HTML Developer.com Update Gamelan Java Update Goodies to Go Javascript Weekly HTML JARS Java Update OpenSource Update SysOpt Tech Notes Grid Computing Planet HTML E-Security Planet HTML Virtual Dr. Text

Video: Sustainable IT--Good for Business. Learn more about trends in sustainable IT and how Sun is committed to building energy-efficient products that are smarter and more environmentally responsible.

Run, Don't Walk, from Internet Explorer
July 12, 2004
By Brian Livingston

I'm afraid it's time this week for me to speak the unspeakable — you have to stop using Internet Explorer. You have to stop using it now.

Usually in this space, I write about some secret or little-known technology that I can reveal to my readers. This time, I'm forced to cover a topic that many computer security experts have been talking about for months or years: we need to drive a stake through Internet Explorer's heart.

From Healthy Competition to a Monolithic Shell

The latest and greatest security threat, in which Russian hackers were able to infect hundreds if not thousands of corporate Web sites and use them to install Trojan horse programs on visitors' PCs, marked a turning point. Even US-CERT, a respected nonprofit security clearinghouse, recommended in June that Windows users "use a different Web browser" than Microsoft's free IE program.

It wasn't always like this. Now that IE is used by 95% of Web surfers worldwide, it's hard to remember the day when many browsers bloomed. Back at the dawn of the World Wide Web — in 1996, before Microsoft started bundling IE into every copy of Windows — there were actually 10 or more browsers competing for users' dollars. For example:

• IBM's Internet Connection was a serious contender back then. It was an especially strategic product for the giant corporation because it worked well with the IBM Global Network, an early Internet access method.

• Symantec's CyberJack was another choice, this one from a company that would later become well-known as a computer security powerhouse. The browser could even decompress Zip files for you — something IE can't do to this day (without relying on built-in features of Windows XP).

• Netscape Navigator, of course, was still tops in market share at this early crest of the Web wave. Selling for a street price of $35, Netscape had the incentive and the means to innovate, with extensive support for novelties of the day, such as HTML tables, frames, and a wide array of "plug-ins" provided by third parties.

Other names were players then, too — Attachmate, Quarterdeck, Spry and several others offered retail products that evolved almost weekly. IE 2.0 at that time had no support for frames and commanded only a limited market share (even though Microsoft allowed all comers to download it for free).

You may think that those days of Windows 95 and 28.8 Kbps modems are irrelevant to us now. But with numerous security analysts coming to the conclusion that IE's reliance on flawed extensions such as ActiveX make the browser impossible to permanently secure, your company may find itself longing for the good old days when software competition was seen as a plus.

As The World Turns

Whether today's competitors to IE are really engineered more securely — or are merely attacked by worms less often — is beside the point. If the marketplace supported 10 browsers today, hackers would have much less incentive to generate remote threats, which would require the development of specialized code for each alternative.

I sense that enterprises across America and around the world are just now beginning to entertain the idea of abandoning IE and investing in other browsers instead. It's remarkable to think that a software company as successful as Microsoft might actually blow a 95% penetration rate due to a user backlash over bad engineering. But that's what we're starting to see.

In my view, the Firefox browser is coming on as a strong threat to IE. Emerging from the Mozilla team, Firefox is still at a beta level of development. But it's well into the 0.9x stage and should "go gold" with its slick tabbed interface as early as September.

The older Mozilla browser itself is currently the most widely used of all the IE alternatives. But that number of users merely represents low single digits of market share and the product may soon be eclipsed by Firefox.

Opera, developed by a Norwegian company, has had some success providing Web access in advanced cell phones, but it's still stuck at only about 1% of desktop PC users. Even so, with major IE users desperate to get off the treadmill of constant updates and patches, any alternative — even a little-used browser — starts to look good.

Conclusion

Moving your company away from IE, unfortunately, doesn't eliminate hacker threats against Windows. Microsoft's browser technology has been integrated into its operating system since Windows 98, and merely avoiding the browser doesn't remove from a PC all of IE's vulnerable components.

Additionally, you may be forced to fire up IE to visit sites that require ActiveX to function. The worst offender is Microsoft's own Windows Update, which won't work at all if you merely turn IE's security setting to "High."

In a nutshell, that setting may offer the best roadmap we can currently get. By cranking IE up to its highest security setting to make its components less vulnerable, lowering that setting to Medium only to access Windows Update and its ilk, and using Firefox or Mozilla for everything else, you may just be able to sleep easier at night.

Tools:

Add itmanagement.earthweb.com to your favorites Add itmanagement.earthweb.com to your browser search box IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS feed