The latest critical remote-compromise vulnerability hits Internet Explorer as well as other Microsoft applications and is particularly concerning as it is in how a Microsoft library handles the ubiquitous JPEG image format. Security is emerging as the key battleground for web browser market share, as Microsoft’s rivals seem to have started capitalizing on a series of IE related security scares.
Another security scare has hit Microsoft’s Internet Explorer.
While this vulnerability is not yet believed to have been widely exploited, other bugs have been, and many web sites report that their visitor logs show that IE, while still dominant, has seen its market share slip over the last twelve months.
The Mozilla Foundation’s Firefox browser, based on open-source code, is the lead pretender for the throne. The foundation says version 9.0 has been downloaded five million times in two months, and this week released another version. Key among the upgrades are fixes for several critical vulnerabilities, found by participants in Mozilla’s Security Bug Bounty Program, a month-old move that rewards coders $500 for every critical hole they find in the Mozilla code.
Meanwhile, fellow browser maker Opera Software this week seized on a report in the German press quoting a government official recommending web users switch to a non-Microsoft browser for security reasons.
Michael Dickopf, a spokesperson for the German Federal Office for Information Security, was quoted by the newspaper Berliner Zeitung in an article about online banking. Mr Dickopf reportedly said that users may avoid having their machines compromised by worms and viruses by switching to alternative browsers such as Opera or Mozilla.
The US Computer Emergency Readiness Team, part of the Department of Homeland Security, this summer made a similar recommendation due to Download.Ject, a rare incident of a vulnerability being widely exploited before Microsoft had released a patch.
It is widely thought that insecure coding is only partly to blame for IE’s problems. Worm writers and other types of attackers target the largest installed base to maximize the proliferation of their viruses, and IE has the dominant market share.
There has been at least one study, funded by a group comprised mainly of Microsoft’s competitors, that recommended software diversity as a way to reduce security incidents globally and mitigate risk. The Computer and Communications Industry Association said a year ago that the near universal deployment of Microsoft operating systems made the internet more open to cascade failure that could affect critical infrastructure.