By Munir Kotadia, 11 February 2004 09:00
NEWS Last week's Internet Explorer patch has made the browser at least as secure, if not more secure, than any other browser, according to Microsoft UK's chief security officer.
Microsoft released a security patch for Internet Explorer last Monday that fixed three critical vulnerabilities; unfortunately the patch altered the way in which the browser handles certain URLs and forced many companies to reprogram their systems in order to accommodate the change. However, Microsoft has said the update means that Internet Explorer is now safer than any of the other browsers on the market, which users may find ironic due to the sheer number of vulnerabilities discovered in the browser over the past year.
Stuart Okin, chief security officer at Microsoft UK, said that he knew "a proportion" of customers would have problems after the change, but because of the high risks involved, the company decided not to wait any longer and released the patch: "We don't actually know how many users or systems or web administrators have been affected by this, but we knew there was going to be some with only a week's notice," he said.
Okin said that the longer the vulnerability was around, the more chance it would be exploited, which may have caused even more damage, so a week's notice was a compromise: "There are always going to be people that are caught out and surprised because they haven't been working with us or didn't know there was a problem. If we had given people more notice, then the risk would have been higher that someone would have used that exploit. If we had given them no notice, then they would have had more of a problem trying to fix their systems," he said.
Now the vulnerability has been fixed, Okin said Internet Explorer is at least as secure as other browsers such as Opera and Mozilla, but in some ways it is more secure: "I don't think we have got any less security than any of the other browsers and we have added a layer of protection that could make it a little bit more obvious to users if a phishing attack is occurring. If you look at today's technology, absolutely the (IE) browser is as secure as the others," he said.
But Okin warned that the fight against attackers and virus writers is far from over: "Don't get me wrong, vulnerabilities will come out and we will patch them; vulnerabilities will come out for our competitors and they will patch them as well. That is not going to change. I keep telling people that phishing attacks will continue in the future and they will catch people out," he said.
Two years after launching its Trustworthy Computing Initiative, in which Microsoft made security its first priority, the company still has a lot of work to do; not just for Internet Explorer, but for most of its software portfolio, Okin said. "We feel we need to do a lot more in terms of the browser, Windows and basically the entire technology base. It requires us to move onto the next level of security as an industry," he said.
Munir Kotadia writes for ZDNet UK
Comments
There are 2 comments. Join the discussion
1. anonymous
A oneee
A two-e
a threee uhh
HAHAHAHAHAHHAHAHAHAHA ! ! ! ! ! !
2. anonymous
IE More secure - are you kidding....!
What about the DSO exploits then or don't they matter and the 77Mb + of HDD space required (and rising).
Its high time Xp was left alone and a REASONABLE system designed what don't need updates after updates, reducing HDD space,.
Can anyone say when the upgrades will be stopped, more secure eh, like patches to repair patches, not to mention Longhorn that's been leaked.
For the price ofan Xp OS one ain't buyimg quality but an OS thats been desiged on a Friday Night an hour before clocking off!