CBCnews
Story Tools: EMAIL | PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK | Bookmark and Share

Security flaw found in new Internet Explorer web browser

Last Updated: Thursday, October 19, 2006 | 11:55 AM ET

CBC News

In a blow to Microsoft Corp., a Danish security company on Thursday reported a vulnerability in the software giant's newly released web browser that could let an attacker gain access to documents over the internet.

"A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information," Secunia said in an advisory on its website.

No repair is yet available for the flaw, which Secunia rated as "less critical" — the second-least-serious on the company's five-point threat-rating scale.

Microsoft late on Wednesday released Internet Explorer 7, touting its security features as a key element of its first major upgrade in years.

The new version brings Microsoft's browser more in line with competing products such as Opera Software ASA's Opera and Mozilla Corp.'s Firefox. Internet Explorer 7, or IE7, adds features such as tabbed browsing, which lets people open several Web pages without cluttering their desktop with multiple open browser windows.

Microsoft has been heavily testing the new browser, releasing five beta versions over 14 months, and has periodically offered security updates for IE6, first released in 2001.

Still, a lag of more than five years between official releases has cost the company.

Web analysis company WebSideStory estimates that Internet Explorer's U.S. market share is about 86 per cent, while Firefox commands about 11 per cent of the market and smaller offerings account for the rest. Two years ago, IE had about a 93 per cent share.

Dean Hachamovitch, Microsoft's general manager for Internet Explorer, acknowledged the company could have done more sooner, but he said the new version should address users' concerns.

"We did have active development," he said. "The question is whether it was enough."

Product may lure back some users

Matt Rosoff, analyst with independent researchers Directions on Microsoft, said Internet Explorer is important to Microsoft's business because most people believe an operating system should include a way to immediately access the Web.

Still, he said, Microsoft may not have seen much reason to spend a lot of money upgrading sooner since most people continued to use the older version.

Rosoff said the new product includes enough improvements to lure back some users.

But Colin Teubner, an analyst with Forrester Research, said people already using Firefox and rival products might not immediately come back. That's partly because those users have soured on Microsoft, he said, and partly because IE7 doesn't break much new ground.

"A year ago Firefox was head and shoulders above Microsoft's current offering, and I think even with IE7 it's mostly playing catch-up," Teubner said.

But he does recommend that IE6 users upgrade, and he believes Microsoft may surpass competitors with future improvements.

Improved security features

Besides tabbed browsing, Microsoft has improved security to help keep users from falling victim to things like malicious software attacks and phishing scams.

Microsoft products are a near-constant target of internet attackers, and some people have recommended switching browsers because a less high-profile product might be more secure.

The Redmond, Wash., software maker also has added a box in the browser that lets people search the internet without going to a separate web page, much like competitors.

In a last-minute change, people who are upgrading from the previous version of the browser will now have a clearer way to choose whether they want to use Microsoft's search engine or a competing one from companies like Google Inc. or Yahoo Inc.

The change announced Friday was one of several aimed at soothing antitrust worries in Europe, where Microsoft faces a long-running regulatory battle.

IE7 was available as a free download beginning Wednesday evening. Next month, the company also will begin delivering it to Windows XP users who have signed up to receive security fixes automatically.

Hachamovitch said that's because the product makes major security improvements.

Such distribution also will provide a powerful tool in countering competition from rival browsers.

Security updates typically download with little or no user intervention, but with IE7 people will get an extra opportunity to elect not to upgrade. Also, even people using automatic updates will have to agree to let Microsoft check whether their copy of Windows is pirated before they can get IE7.

Microsoft expects that it will take months to gradually release IE7 automatically. The browser also will be an integral part of Microsoft's new operating system, Windows Vista, due out for big businesses in November and for consumers in January.

With files from the Canadian Press
  • This story is now closed to commenting.
Story Tools: EMAIL | PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK | Bookmark and Share
 

Related

Technology & Science Headlines

Bell quietly drops system access fee
The cellphone system access fee is all but extinct. Bell Canada has quietly axed the charge, joining rivals Rogers and Telus.
Beam sent around Large Hadron Collider
The operators of the Large Hadron Collider have successfully sent a beam of particles around the ring of the world's largest particle collider in Switzerland.
Astronauts begin 2nd spacewalk of Atlantis mission
Astronauts from the space shuttle Atlantis have begun their second of three scheduled spacewalks.
Asian carp close to Great Lakes
U.S. officials say the despised Asian carp may have breached an electronic barrier designed to prevent it from invading the Great Lakes.
Billy Bragg, NDP push for new law on music downloads
British folk singer Billy Bragg teamed up with Canadian songwriters and the NDP to advocate for copyright reform and a new approach to music downloads while on tour in Ottawa Friday.

Technology Features

BRIGHT IDEASHome sweet solar home
Students build solar-powered houses for U.S. competition
THE IDEAS GUYRichard Handler
New thinking about children, some anti-advice
QUIRKS & QUARKSBob McDonald
Energy-efficient homes: Small changes, big gains
Q&A Mayer-Schonberger
Society must teach digital systems to forget, author says
MILITARY MATTERSRobert Smol
Now is not the time to gut our armed forces
SMART SHIFTWeekly Think Tank
Can governments get smarter, leaner and faster?
More Features

Top CBCNews.ca Headlines

Headlines

42 dead after China mine blast
At least 42 miners are dead and dozens still trapped underground after a coal mine explosion in northern China early Saturday.
Rocket hits luxury hotel in Afghan capital
At least two people were hurt when a rocket struck a wall of the heavily guarded Serena Hotel in Kabul, the Interior Ministry says.
Disgraced N.S. bishop Lahey replaced
The Roman Catholic Church has appointed a replacement for Bishop Raymond Lahey, of the Diocese of Antigonish, N.S., who is facing child pornography charges.
Flood forces Vancouver Island evacuations Video
Dozens of homes have water "up to the doorknobs" and others are under evacuation alert after heavy rain combined with high tides to flood low-lying parts of Duncan, B.C., an hour's drive north of Victoria.
Italian police arrest Mumbai attack suspects
Italian police on Saturday arrested a Pakistani father and son accused of helping fund and providing logistical support for last year's terrorist attacks in Mumbai, India, authorities said.