Security flaw found in new Internet Explorer web browser
Last Updated: Thursday, October 19, 2006 | 11:55 AM ET
CBC News
Related
Internal Links
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
In a blow to Microsoft Corp., a Danish security company on Thursday reported a vulnerability in the software giant's newly released web browser that could let an attacker gain access to documents over the internet.
"A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information," Secunia said in an advisory on its website.
No repair is yet available for the flaw, which Secunia rated as "less critical" — the second-least-serious on the company's five-point threat-rating scale.
Microsoft late on Wednesday released Internet Explorer 7, touting its security features as a key element of its first major upgrade in years.
The new version brings Microsoft's browser more in line with competing products such as Opera Software ASA's Opera and Mozilla Corp.'s Firefox. Internet Explorer 7, or IE7, adds features such as tabbed browsing, which lets people open several Web pages without cluttering their desktop with multiple open browser windows.
Microsoft has been heavily testing the new browser, releasing five beta versions over 14 months, and has periodically offered security updates for IE6, first released in 2001.
Still, a lag of more than five years between official releases has cost the company.
Web analysis company WebSideStory estimates that Internet Explorer's U.S. market share is about 86 per cent, while Firefox commands about 11 per cent of the market and smaller offerings account for the rest. Two years ago, IE had about a 93 per cent share.
Dean Hachamovitch, Microsoft's general manager for Internet Explorer, acknowledged the company could have done more sooner, but he said the new version should address users' concerns.
"We did have active development," he said. "The question is whether it was enough."
Product may lure back some users
Matt Rosoff, analyst with independent researchers Directions on Microsoft, said Internet Explorer is important to Microsoft's business because most people believe an operating system should include a way to immediately access the Web.
Still, he said, Microsoft may not have seen much reason to spend a lot of money upgrading sooner since most people continued to use the older version.
Rosoff said the new product includes enough improvements to lure back some users.
But Colin Teubner, an analyst with Forrester Research, said people already using Firefox and rival products might not immediately come back. That's partly because those users have soured on Microsoft, he said, and partly because IE7 doesn't break much new ground.
"A year ago Firefox was head and shoulders above Microsoft's current offering, and I think even with IE7 it's mostly playing catch-up," Teubner said.
But he does recommend that IE6 users upgrade, and he believes Microsoft may surpass competitors with future improvements.
Improved security features
Besides tabbed browsing, Microsoft has improved security to help keep users from falling victim to things like malicious software attacks and phishing scams.
Microsoft products are a near-constant target of internet attackers, and some people have recommended switching browsers because a less high-profile product might be more secure.
The Redmond, Wash., software maker also has added a box in the browser that lets people search the internet without going to a separate web page, much like competitors.
In a last-minute change, people who are upgrading from the previous version of the browser will now have a clearer way to choose whether they want to use Microsoft's search engine or a competing one from companies like Google Inc. or Yahoo Inc.
The change announced Friday was one of several aimed at soothing antitrust worries in Europe, where Microsoft faces a long-running regulatory battle.
IE7 was available as a free download beginning Wednesday evening. Next month, the company also will begin delivering it to Windows XP users who have signed up to receive security fixes automatically.
Hachamovitch said that's because the product makes major security improvements.
Such distribution also will provide a powerful tool in countering competition from rival browsers.
Security updates typically download with little or no user intervention, but with IE7 people will get an extra opportunity to elect not to upgrade. Also, even people using automatic updates will have to agree to let Microsoft check whether their copy of Windows is pirated before they can get IE7.
Microsoft expects that it will take months to gradually release IE7 automatically. The browser also will be an integral part of Microsoft's new operating system, Windows Vista, due out for big businesses in November and for consumers in January.
With files from the Canadian PressShare Tools
Top News Headlines
- U.S. bank reforms could hurt Canadians, Flaherty fears
- Canada's finance minister and the governor of the Bank of Canada have formally complained to their American counterparts that proposed banking reforms could harm Canadian banks, business, investors and the government itself. more »
- CBC digital music service launches today
- CBC is diving into the world of online music with the goal of providing listeners access to their favourite tunes, and a way to discover new artists and connect with fellow music fans. more »
- Whitney Houston was found unconscious underwater, police say
- Whitney Houston was underwater and apparently unconscious in a bathtub at the Beverly Hilton Hotel when found, Beverly Hills police said Monday. more »
- Organ donation rates go flat
- Organ donation rates have stagnated in Canada since 2006, according to a new report. more »
Latest Technology & Science News Headlines
- Ontario teachers' union calls for classroom Wi-Fi ban
- Ontario's Catholic schoolteachers are calling for hardwire instead of Wi-Fi in classrooms. more »
- Chinese iPhone, iPad factories inspected
- Chinese factories where Apple devices are assembled are undergoing voluntary audits of their working conditions by an independent workers' rights watchdog that the company recently joined. more »
- Teen's Facebook post prompts dad to shoot computer
- A North Carolina father responded to his daughter's disrespectful Facebook post by shooting her laptop and putting the video on Youtube. more »
- CBC digital music service launches today
- CBC is diving into the world of online music with the goal of providing listeners access to their favourite tunes, and a way to discover new artists and connect with fellow music fans. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 10, 2012 3:17 PM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- 'Disgusting' court backlog may free hit and run accused
- Adele wins best album, best record Grammys
- Whitney Houston autopsy results withheld
- Whitney Houston death shows no signs of trauma
- Ice road closed after 2 incidents
- Quebec town 'heartbroken' after killing of woman, sisters
- CBC digital music service launches today
- Manitoba wants ER death lawsuit thrown out
- Greece cleans up after anti-austerity riots
