Jump to content

Virus Warning?


Recommended Posts

:( The German government has warned web users to find an alternative browser to Internet Explorer to protect security.


The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google's systems.


Microsoft rejected the warning, saying that the risk to users was low and that the browsers' increased security setting would prevent any serious risk.


However, German authorities say that even this would not make IE fully safe.


Thomas Baumgaertner, a spokesman for Microsoft in Germany, said that while they were aware of the warning, they did not agree with it, saying that the attacks on Google were by "highly motivated people with a very specific agenda".


"These were not attacks against general users or consumers," said Mr Baumgaertner.


"There is no threat to the general user, consequently we do not support this warning," he added.


Microsoft says the security hole can be shut by setting the browser's security zone to "high", although this limits functionality and blocks many websites.


However, Graham Cluley of anti-virus firm Sophos, told BBC News that not only did the warning apply to 6, 7 and 8 of the browser, but the instructions on how to exploit the flaw had been posted on the internet.


"This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," he said.


Computer expert Alan Stevens: "It's like having a window left open in your house"

"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."

Link to comment
Share on other sites

Microsoft patches Explorer hole


Microsoft has released a fix for a hole in Internet Explorer that was the weak link in a "sophisticated and targeted" cyber attack on Google.


Microsoft recommends that customers install the update as soon as possible or update to the latest version of the web browser for "improved security".


Microsoft normally issues patches monthly but the high-profile nature of the attacks led it to act more quickly.


The patch - MS10-002 - was released worldwide at 1000 PST (1800 GMT).


"It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities," the firm said.


"Once applied, customers are protected against the known attacks that have been widely publicised."


Microsoft has admitted that it has known about the vulnerability since "since early September" 2009 and had planned to patch it in February.


Trojan Horse


Google threatened to withdraw from the Chinese market following attacks on its infrastructure.


The hacks - thought to have originated in China - targeted the Gmail accounts of Chinese human rights activists.


Following Microsoft's revelation that Explorer had been used in the attacks, the French and German governments advised their citizens to switch to a different browser until the hole had been closed.


The UK government downplayed the threat and said there was "no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure".


However, Microsoft has taken the unusual step of patching the hole nearly three weeks ahead of its regular security update.


The new patch is available via the Microsoft Update site and will also be fed out to those who have their machines set to update automatically. All versions of Internet Explorer will receive the update.


Malicious code exploiting the weakness is known to be circulating on the web, said security experts.


If a web user were to visit a compromised site using a vulnerable browser, they could become infected with a "trojan horse", allowing a hacker to take control of the computer and potentially steal sensitive information.


Microsoft said on 18 January that the firm had only seen malicious code that targeted the older version of its browser, IE6 and that there were "very few" infected sites on the web.


But security firms had said they had seen "copycat" sites trying to exploit the vulnerability.


The bad publicity has allowed rivals such as Firefox to gain market share.


According to web analytics company StatCounter Firefox is now a close second to Internet Explorer (IE) in Europe, with 40% of the market compared to Microsoft's 45% share.


In some markets, including Germany and Austria, Firefox has overtaken IE, the firm said.


Mozilla, the foundation behind Firefox has just released the latest version (3.6) of the open-source browser.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...