Is Your Choice of Browser Putting You at Risk?

France and Germany have warned web users against using ALL versions of Microsoft's Internet Explorer in the wake of the recent attacks against Google and other sites where vulnerabilities in the browser have been implicated. One of the attacks allowed hackers in China to gain access to email accounts of human rights activists. Although Microsoft admitted that its browser was the weak link in the attacks, it rejected the warning as too strong saying that the security threat was low. It has since urged users to upgrade their browser to Internet Explorer version 8. Microsoft also recommends users set their browser security zone to "high".

In order to change settings for Internet Explorer, select Tools then Internet Options...

Select the Security tab. On this tab you will find a section at the top that lists the various security zones that Internet Explorer uses. For each of these zones, you can select a Custom Level of protection. By clicking the Custom Level button, you will see a second window open that permits you to select various security settings for that zone. The Internet zone is where all sites initially start out. The security settings for this zone apply to all the web sites that are not listed in the other security zones. I recommend the High security setting be applied for this zone. By selecting the High security setting, several features including ActiveX, Active scripting, and Java will be disabled. With these features disabled, the browser will be more secure. Click the Default Level button and then drag the slider control up to High.

It is also imperative to be very diligent in keeping your browsers fully patched. Most internet attacks via the browser are preventable as these attacks target vulnerabilities for which patches are already available. The victims simply have not installed them. If you use Internet Explorer, Microsoft puts out patches once a month. Your system should be set up to automatically download these patches and notify you or install them.

As to abandoning Internet Explorer, will this call be echoed my other countries ( including the US), I doubt it. Most non-technical users aren't following this story. Those on whom this may have a effect have most likely grown to prefer Mozilla's Firefox or Apple's Safari browser anyway. Maybe this will increase their market share, but for now Microsoft is still King of the Hill.

William McBorrough is an Information Security Practitioner, Researcher, Consultant and Educator with over 10 years of Experience Managing, Designing, and Implementing Physical and Information Technology Security Solutions. He currently works as an IT and Security Consultant with SecurNetworks Consulting, LLC focusing on IT integration and Security Architecture and Implementation. He is also a Network Security Engineer responsible for design, implementation, improvement, and maintenance network security solutions in a fast paced, multi-campus environment with over 30,000 users. He is also an IT/Security Consultant and an Adjunct College Professor teaching System Architecture, Networking, Network Attacks and Defense, and Security Program Development courses. He is a Certified Information System Security Professional, Certified Information Systems Auditor, and Certified Ethical Hacker. He blogs about information security at InfoSec Tools, Tips & Thoughts. http://www.securnetworks.com/blog