Home
World
Canada
- BC
- Calgary
- Edmonton
- Saskatchewan
- Manitoba
- Thunder Bay
- Sudbury
- Windsor
- Toronto
- Ottawa
- Montreal
- NB
- PEI
- NS
- NL
- North
Politics
Health
Arts & Entertainment
- Music
- Film
- Television
- Books
- Media
- Art & Design
- Theatre
Technology & Science
Money
Consumer Life
Diversions
Weather
Your Voice

Security flaw found in new Internet Explorer web browser

Last Updated: Thursday, October 19, 2006 | 11:55 AM ET

CBC News

In a blow to Microsoft Corp., a Danish security company on Thursday reported a vulnerability in the software giant's newly released web browser that could let an attacker gain access to documents over the internet.

"A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information," Secunia said in an advisory on its website.

No repair is yet available for the flaw, which Secunia rated as "less critical" — the second-least-serious on the company's five-point threat-rating scale.

Microsoft late on Wednesday released Internet Explorer 7, touting its security features as a key element of its first major upgrade in years.

The new version brings Microsoft's browser more in line with competing products such as Opera Software ASA's Opera and Mozilla Corp.'s Firefox. Internet Explorer 7, or IE7, adds features such as tabbed browsing, which lets people open several Web pages without cluttering their desktop with multiple open browser windows.

Microsoft has been heavily testing the new browser, releasing five beta versions over 14 months, and has periodically offered security updates for IE6, first released in 2001.

Still, a lag of more than five years between official releases has cost the company.

Web analysis company WebSideStory estimates that Internet Explorer's U.S. market share is about 86 per cent, while Firefox commands about 11 per cent of the market and smaller offerings account for the rest. Two years ago, IE had about a 93 per cent share.

Dean Hachamovitch, Microsoft's general manager for Internet Explorer, acknowledged the company could have done more sooner, but he said the new version should address users' concerns.

"We did have active development," he said. "The question is whether it was enough."

Product may lure back some users

Matt Rosoff, analyst with independent researchers Directions on Microsoft, said Internet Explorer is important to Microsoft's business because most people believe an operating system should include a way to immediately access the Web.

Still, he said, Microsoft may not have seen much reason to spend a lot of money upgrading sooner since most people continued to use the older version.

Rosoff said the new product includes enough improvements to lure back some users.

But Colin Teubner, an analyst with Forrester Research, said people already using Firefox and rival products might not immediately come back. That's partly because those users have soured on Microsoft, he said, and partly because IE7 doesn't break much new ground.

"A year ago Firefox was head and shoulders above Microsoft's current offering, and I think even with IE7 it's mostly playing catch-up," Teubner said.

But he does recommend that IE6 users upgrade, and he believes Microsoft may surpass competitors with future improvements.

Improved security features

Besides tabbed browsing, Microsoft has improved security to help keep users from falling victim to things like malicious software attacks and phishing scams.

Microsoft products are a near-constant target of internet attackers, and some people have recommended switching browsers because a less high-profile product might be more secure.

The Redmond, Wash., software maker also has added a box in the browser that lets people search the internet without going to a separate web page, much like competitors.

In a last-minute change, people who are upgrading from the previous version of the browser will now have a clearer way to choose whether they want to use Microsoft's search engine or a competing one from companies like Google Inc. or Yahoo Inc.

The change announced Friday was one of several aimed at soothing antitrust worries in Europe, where Microsoft faces a long-running regulatory battle.

IE7 was available as a free download beginning Wednesday evening. Next month, the company also will begin delivering it to Windows XP users who have signed up to receive security fixes automatically.

Hachamovitch said that's because the product makes major security improvements.

Such distribution also will provide a powerful tool in countering competition from rival browsers.

Security updates typically download with little or no user intervention, but with IE7 people will get an extra opportunity to elect not to upgrade. Also, even people using automatic updates will have to agree to let Microsoft check whether their copy of Windows is pirated before they can get IE7.

Microsoft expects that it will take months to gradually release IE7 automatically. The browser also will be an integral part of Microsoft's new operating system, Windows Vista, due out for big businesses in November and for consumers in January.

With files from the Canadian Press

This story is now closed to commenting.

Internal Links

Microsoft releases preview of Internet Explorer 7

External Links

Secunia advisory
Microsoft's Internet Explorer site

(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)

Technology & Science Headlines

Google adds social media to Gmail: Google is introducing Buzz, a group of features that add Facebook and Twitter-like functionality to Gmail.
Montreal inventor unveils 3-D baggage scanner: A Montreal inventor has developed a three-dimensional baggage scanner that he says can make air travel safer and more convenient for passengers.
Tech buying bounces back in 2009: NPD: Canadians spent $4.66 billion on computer and information technology products in 2009, up one per cent from 2008.
Google Street View expands across Canada: Google has updated its Street View service with increased coverage to more than 150 cities and towns across Canada.
Astronauts inspect shuttle on way to space station: Endeavour's astronauts have inspected their ship for any launch damage as they raced toward a rendezvous with the International Space Station.

Top CBCNews.ca Headlines

Headlines

Trenton colonel's charges spur cold case review: The 2001 slaying of a Nova Scotia woman at CFB Trenton in eastern Ontario is among the cases being re-examined after murder charges were laid against Col. Russell Williams.
Health costs push Alberta budget deficit to $4.75B: Alberta's Progressive Conservative government is projecting a record $4.75-billion budget deficit and planning cuts in many departments while increasing health-care spending.
Ottawa to appeal injection site ruling: The federal government is asking the Supreme Court of Canada for leave to appeal a lower court ruling that sanctioned Vancouver's supervised drug injection site.
Haitian man pulled from rubble: A 28-year-old man has been pulled from rubble in Port-au-Prince, Haiti, claiming to have been trapped there since the massive earthquake on Jan. 12.
Tories need plan for isotope shortage: Ignatieff: Liberal Leader Michael Ignatieff accused the Conservative government of having no plan of action to deal with a medical isotope shortage expected to worsen later this month.