Monday, February 8, 2010

And may the safest browser win!

Deepa Kurup

- After Google pointed an accusing finger, Microsoft released a patch to plug the hole in 6-IE6
- After three nations issued advisories against using IE, Firefox, Opera downloads surged
- Firefox’s open architecture enables third-party developers to build plug-ins such as NoScript

BANGALORE: The now famous tussle between Google and the Chinese government over censorship has brought to the fore another issue that poses an equal, if not greater, threat to Internet freedom.

The bug, often referred to as ‘vulnerability’ in the system, reared its ugly head and got the attention it deserved when Google pointed the finger at Microsoft’s Internet Explorer (version 6-IE6) as a point of entry for hackers.

Quick to respond, Microsoft released a patch to plug the security hole. In no time, the international media were awash with reports of France, and then Germany and Australia, issuing advisories against using IE, and recommending shifting “temporarily” to other browsers.

Now, Microsoft has reported another vulnerability that affects Windows XP users. According to its February 3 advisory, this allows hackers to host a website and (or) access your data.

Browser wars may appear pitched around better performance or speed. However, given the number of software creepy-crawlies on the prowl, perhaps the most secure browser wins. Predictably, within days of the advisories, browsers Firefox and Opera (which carry the legacy of the Free Software or Open Source world) recorded a massive surge in downloads: Mozilla recorded 3,00,000 extra downloads, while Opera downloads doubled over the weekend.

Meanwhile, Microsoft has reiterated that the vulnerabilities are restricted to IE6. It insists that the old browser, which came free with its hugely popular Windows XP operating system that powers a large portion of home and office PCs, is long due for retirement. In an email response to The Hindu, Microsoft has said its latest release, Internet Explorer 8 (IE8), is safe and recommends “immediate” upgrade, adding IE8 has a smart screen filter, private browsing (so browsing history is, indeed, a secret) and accelerators for better speed. January reports by NetApplications even saw IE8 overtaking IE6 in market share. However, its latest advisory points to a flaw in Windows XP, irrespective of the IE version you are on.

So is upgrading really the answer? Free Software advocates will point out that GNU/Linux-based operating systems (Ubuntu, Fedora and Debian, to name a few) are the most secure options owing to their inherent architecture. But for those who may not wish to migrate to a different OS altogether, the best option is to check the entry point: your browser.

Internet users today are spoilt for choice. Browsers, most of them OS-independent unlike IE that is married faithfully to Windows, are available for free download, a dime a dozen. So users may not be interested in patches, updates or Internet-dependent upgrades. A big reason for Firefox’s popularity is its open architecture that enables third-party developers to build plug-ins such as NoScript, which prevents ActiveX and JavaScript from running, says Abhinav Karnwal, product marketing manager, APEC Trend Micro, a security firm. This option does not exist in IE. “Businesses may also want to consider running host-based intrusion prevention, which allows IT managers to protect vulnerable PCs without having to roll out patches.”

Alternatively, Mr Karnwal says, enable Data Execution Prevention, maybe, use IE in protected mode (only in Vista and Windows 7, or even disable JavaScript and ActiveX (usually damp squib as it ruins browsing experience). “It’s not that IE8 isn’t secure. Microsoft is the biggest target. Criminals spend a disproportionate amount of time targeting it.”

0 Comment :