Internet Explorer is easy to use -- it's in every Windows installation. But there are reasons why you may want to look at browser alternatives.
Last week, and for the second time this year, Microsoft released a security patch for its popular Web browser, Internet Explorer. The patch corrects flaws that could allow malicious users to execute code on your computer.
Why does IE need so many security fixes? I don't think it's because hackers target Internet Explorer more than they do Netscape, a common defense offered by IE supporters. Rather, I think Internet Explorer is inherently vulnerable because it is so tightly bound to the Windows operating system. In the future, more IE vulnerabilities will surface, and hackers will find ways to take advantage of them.
One browser is not enough
I suggest that you take a serious look at the other Web browsers, such as Netscape and Opera. If one browser continues to dominate the Internet, it's easier for hackers to wreak havoc worldwide through one attack.
The latest IE patch, MS02-015, supersedes the previous patch, MS02-005, and includes fixes for several Internet Explorer vulnerabilities discovered earlier this year. The new vulnerabilities identified in MS02-015 involve Internet cookies and object tags placed on HTML pages. They affect IE versions 5.01, 5.5, and 6 running on most versions of Windows.
The first new vulnerability affects the way Internet Explorer handles scripts embedded within an Internet cookie. Cookies are files used by some Web sites to gain information about their visitors. Often, cookies are used to monitor visitors' behavior or to simplify the login process by saving usernames and passwords.
Apparently, Internet Explorer ignores whatever security rules you set for the Web site at which a cookie originates. For example, if you receive a cookie from a Restricted Zone Web site, IE saves the cookie outside the secure area you set. This allows malicious scripts within the cookie to be executed the next time you visit the site.
The second new vulnerability involves object tags in HTML pages. It allows malicious users to build Web pages that include object tags that open any program installed on victims' computers.
So many patches, so little time
By releasing a cumulative patch, Microsoft makes it possible for you to fix all known vulnerabilities that have been resolved by Microsoft in Internet Explorer 5.01, 5.5, and 6. Unfortunately, these vulnerabilities are not the only serious security holes in IE. Software engineers Tom Gilder and Thor Larholm have documented several others that affect the browser.
Two months ago, I wrote a column explaining why it might be time to leave Internet Explorer behind. Since then, I've received lots of e-mail asking me which browser I would recommend. Maybe I'm in the minority, but I'm a loyal Netscape fan. Whenever there's a new vulnerability to be patched in Netscape (it's not perfect, either), I know there'll be a point upgrade available from Netscape. The same is true with Opera, another secure browser option.
What I don't understand is why we all put up with Microsoft's piecemeal security updates. Why doesn't Microsoft retire 5.01, 5.5, and 6 and release Internet Explorer 6.1? How many service packs and patches are you willing to download to secure your browser? It seems like too much hassle to me.
If you're ready to check out a new browser, download Netscape 4.79, Netscape 6.2, or Opera from CNET Download.com.
AOL, which owns Netscape, is considering breaking free of Internet Explorer and bundling Netscape in its ubiquitous free AOL CDs. You can set yourself free, too. Together, we can diversify the Internet and possibly save it from more debilitating hack attacks in the future.
3%
5%
