US-CERT: Beware of IE

[Vernon Frazee]

Source: internetnews.com > Security > US-CERT: Beware of IE

June 29, 2004
US-CERT: Beware of IE
By Ryan Naraine

The U.S. government's Computer Emergency Readiness Team (US-CERT) is warning Web surfers to stop using Microsoft's Internet Explorer (IE) browser.

On the heels of last week's sophisticated malware attack that targeted a known IE flaw, US-CERT updated an earlier advisory to recommend the use of alternative browsers because of "significant vulnerabilities" in technologies embedded in IE.

...

On discussion lists and message boards, security researchers have spent a lot of time beating the "Dump IE" drum, and the US-CERT notice is sure to lend credibility to the movement away from the world's most popular browser.

US-CERT is a non-profit partnership between the Department of Homeland Security (DHS) and the public and private sectors. It was established in September 2003 to improve computer security preparedness and response to cyber attacks in the United States.

... continues ...

[kv]

Oops, I had posted another thread after missing this one, so I've deleted it and am adding the content below for the sake of throwing my $0.02 in...

I was debating which forum would be most appropriate for this, but figured this was the most relevant.

Found an interesting article on C|Net that echoes what has been said in many posts within VDr, ditch IE and go third party to avoid the frequent browser exploits. Even CERT, who are notoriously impartial, are grudgingly recommending an alternative browser. The only other option is to strip IE of considerable functionality by disabling scripting etc.

I like the fact that they point to OS integration as a big flaw, application integration in the name of competitive advantage is my biggest peeve with MS, as it often opens up security holes in the OS. I've said this many times previously so will refrain from ranting.

In the interest of keeping this post impartial, I'll also resist the urge to promote Mozilla's FireFox browser as an ideal replacement for IE, despite the fact that I've been using it as my primary browser for months and have found it performs exceptionally (as have many others before me....), is faster than IE, and is (for now) exploit free...

Cheers,

KV

[Nix]

Originally posted by kv
I'll also resist the urge to promote Mozilla's FireFox browser as an ideal replacement for IE

Glad you resisted. LOL

I have been using MFF for about a week at both home and work.

I like it.

[usil]

Unfortunately, we still need IE to update windows. FF doesn't work for that

[Nix]

Originally posted by usil
Unfortunately, we still need IE to update windows. FF doesn't work for that

Ah yes, but aren't the majority of updates on WU to patch 'holes' in the IE browser ??

So you need to run IE so that you can download fixes to IE that will allow you to run IE so that you can download fixes to IE that will.......

[usil]