IE Still Massively Flawed

Microsoft investigates another IE flaw report | CNET “A new, unpatched flaw in Internet Explorer could let miscreants surreptitiously run malicious code on Windows PCs, according to the discoverer of the bug. The problem affects Internet Explorer 6 — the latest version of Microsoft’s Web browser — on computers running Windows XP with Service Pack 2 and all security patches installed.”

Here’s another one:

A security flaw has been found in the default installation process for Microsoft’s Internet Explorer, Outlook and Outlook Express, according to eEye Digital Security (see eEye: Flaw found in IE, Outlook installation by CNET A common thread with these applications is the potential for a buffer overflow, which in turn could allow an attacker to gain access to users’ systems remotely. Systems at risk with this flaw include those running Windows XP with Service Pack 0 or 1 and Windows 2000. (Check eEye’s vulnerability assessment report for details.)

Lo and behold, eEye found more flaws involving Internet Explorer and Windows XP with SP2 that could enable a remote attack on systems: IE flaw puts Windows XP SP2 at risk (CNET The flaw can be found in default installations of IE, according to eEye’s advisory.

These discoveries come just over a month after the jolly green software giant issued a cumulative patch addressing three vulnerabilities for IE. If you still use IE, you had better get this patch. One particularly nasty flaw is the way IE handles JPEG images — an attacker could commandeer a PC by crafting a malicious image and tricking the victim to look at it on a Web site or in an HTML e-mail.


Why Get Off Microsoft

You may not think that Microsoft code is so dangerous, but there’s plenty of evidence to support that assertion. According to a report by the Computer and Communications Industry Association (CCIA), experts in security, technology, and economic policy agree that the reliance on a single technology, such as the Microsoft Windows operating system, by such an overwhelming majority of computer systems threatens the security of the U.S. economy and critical infrastructure.

The lack of variety makes Microsoft software a consistent target. Reliance on Microsoft software affects everyone, not just on a business or professional level, but also on a personal level. It may scare you to know that, in August 2003, the Department of Homeland Security announced that Microsoft would supply the software for the agency’s 140,000 desktops. The CCIA sent an open letter asking the department to reconsider.

While almost any company in America could be put under a microscope and made to look extremely hairy and ugly, the problem with Microsoft is that it dominates the entire information technology industry, including computer systems, applications, pocket devices, home entertainment systems, networks, and the Internet. Microsoft uses its domination to lock hardware manufacturers and consumers into using Microsoft software. That means you have no choice but hairy and ugly. Until now.