An unusual advisory warning computer users not utilize the IE web browser until the most recently discovered security issue is fixed. Some experts say that is not very likely to happen any time soon.
The warning was issued by the United States Computer Emergency Readiness Team ( US-CERT) in a press release on Monday morning in which the DHS unit warned that the security issue could lead to a complete compromise of an infected system. The fox, it seems, is really in the hen-house this time.
Quick Fix
Security analysts were quick to point out that the security breach ONLY affects the Internet Explorer web browser. If they can, computer users are being advised to switch to Google Chrome or Firefox until the problem has been fixed, if their business applications work with those browsers. Once the newer versions of IE have been fixed, users who must continue to use XP can download a utility from Microsoft that allows XP captives to use newer versions of IE, but there are known productivity bugs in that utility, which is why many companies have refused to use it.
“Complete compromise” means different things to different organizations, but a technical support team at General Dynamics defines it as a complete takeover of system operations, sometime called the “going hog-wild” phenomenon among hackers. This is not a common garden variety hack, a phishing scheme, or some other low-level annoyance.
On the contrary, this is a prima facie illustration of what a cyber war attack will look like, because that is exactly what is happening right now. So far, the hackers have only been stealing data, but the nature of the security hole is such that the hackers could take control over entire systems and wipe data, change data, add data, or deliberately crash devices running on infected systems. In other words, this is no joke.
The security warning is especially important to Windows XP users because their systems do not work with any IE web browser newer than IE6. Microsoft no longer supports Windows XP, which raises questions about whether or not Microsoft will bother to fix the security hole for an out-of-date browser that is only used by an older version of Windows that the company is trying to kill off.
IE currently owns 55 percent of the web browser market, according to NetMarketShare, with the rest being divvied up between Google Chrome, Mozilla Firefox, Apple Safari and Opera.
Who is Affected?
Just about anyone could be affected by the breach because almost everyone does business with the institutions that were affected, or with other institutions that do business with them. Neither Homeland Security nor anyone else is about to provide any details about who has been affected, or who may be affected in the near future, for the very obvious reason that making such information public would hang a target on those companies for other hackers. However, the fact that the warning came from Homeland Security, rather than Microsoft itself, suggests that at least one of the victims has ties to the American defence systems.
Microsoft Reaction Muted
Microsoft’s immediate public reaction has been low-keyed, promising to get right on it….while skirting the issue of whether or not they will provide a fix for IE 6 so that Windows XP users can pick up where they left off and go about their business. That is not a likely course of events.
While there is little doubt that Microsoft’s decision to discontinue support for Windows XP was specifically motivated by their need to force computer users to upgrade to Windows 8, there is also little doubt that decision may have just created an enormous public relations problem for the company. Without describing the precise nature of the security hole, industry experts, including the prestigious Carnegie Mellon Software Engineering Institute, have indicated that there are no obvious quick fixes for this particular issue, suggesting that it will take a major rewrite to close the loophole, rather than a quick patch.
The bad news for Microsoft is that this event may just trigger the widespread abandonment of Internet Explorer, rather than the retirement of more Windows XP systems , as XP users learn that they can avoid the security problem simply by switching from IE to Chrome or Firefox. That could mean a boost to user rates on those browsers, and continued sluggish sales of Windows 8.
The Internet Explorer security issue that triggered the Homeland Security warning has become the latest hot topic in the news media. The hysteria in the media is spreading as rapidly as the hackers have been spreading through XP computer systems. Some of that hysteria is well-meant getting the word out public service ,but most of it is more gilding on the lily. The best defense is a strong offense. Just do not use IE until the all-clear sounds – and then consider whether or not you want to go back to IE at all.
From an article by Alan Milner on April 28, 2014.
Sources:
Reuters
W3Schools. com
Tom’s Hardware
Technologizer
Fox 13
Business Week