Fall 2004
Recently, the U.S. Computer Emergency Readiness Team (CERT) issued an advisory on major vulnerabilities in Microsoft's Internet Explorer (IE). In addition to other known flaws, CERT reported, IE has "significant vulnerabilities" to so-called "unstructured sites," sites that redirect a user from one webserver to another.
In some ways, this is not noteworthy. Vulnerabilities pop up in IE like, well, like the pop-ups you get when using IE. However, the advisory is noteworthy because it suggests that we stop using IE altogether. The effect of this announcement was less than dramatic; IE's market share fell a mere 1 percent (from about 95 percent to about 94 percent).
Let's put this into perspective. CERT, a partnering agency with the U.S. Department of Homeland Security, has advised us to stop using IE because it is too vulnerable to hackers and malicious programs. Granted, Homeland Security once advised us to stock up on duct tape and plastic wrap to protect against terror attacks. However, if Homeland Security said that Twinkies might be laced with anthrax, thousands of truckloads of Twinkies would be immediately incinerated. Yet, when CERT says stop using IE, IE users hardly blinked.
Surprised? A lot of people are. Many are asking, "Why does anyone use IE?" Industry experts cite several reasons:
Meanwhile, IE users are practically begging hackers to hijack their computers or bomb them with porno pop-ups. Here's what they (and everyone else) should know.
First, IE is not the Internet. There are three parts in an Internet visit: 1) the Internet, 2) the user's computer, and 3) the browser, software that displays websites. IE is but one of several browsers that can explore the Internet. When you use IE, it's increasingly likely that there will be 4) a malicious program or hacker ready to exploit IE and take control of your computer.
Second, replacing IE with another browser isn't simple, but neither is reclaiming a hijacked computer or stolen credit card. Yes, you'll have to find and download an installation file and re-establish your bookmarks, but this is no longer just a good idea, it's imperative.
Finally, yes, it can happen to you. The Federal Trade Commission estimates that one in three Americans will fall victim to identity theft in the next 10 years. Translation: you are not safely anonymous, and IE makes you into a target. Whether you're a novice with just a foggy notion of the Internet, or a system administrator with 50 users, this is your chance. Unless a Russian mafia hacker is already using your computer to send millions of child-porn spam messages, it is not too late to pay attention to CERT.
The most viable replacement for IE is Mozilla (http://www.mozilla.org). Mozilla is a fully functional browser with virtually all the features of IE, and some IE doesn't have. Mozilla is free and installs easily. Will it take long to re-establish your bookmarks? Maybe. But will your personal information and your computer be more secure? Definitely.
A word of warning: Mozilla is not without critics. Some say IE has more vulnerabilities only because more people use IE, and so hackers work harder on it than other browsers. Fair enough. Some day, when 95 percent of Internet users use Mozilla, hackers might give up on IE and CERT might issue an advisory to discontinue use of Mozilla. Until then, even if Mozilla is safer only because of its smaller market share, it's still safer.
A second word of warning: Using Mozilla or some other browser is not a panacea for the risks of browsing the Internet. Hackers, viruses, and spyware have many ways to get at your computer and data. All users, no matter how savvy, unimportant, or anonymous, should take these steps to protect against computer attack:
It should be noted that Microsoft Internet products, including Outlook and Windows Media Player, have similar failings that expose users to unnecessary security risks. However, by following a few simple steps (including not using IE) you'll increase your own personal homeland security.