Internet Explorer, Security Concerns and Browser Alternatives
Internet security firms say that switching browsers is little more than a knee-jerk reaction to a problem that will remain regardless of which browser is used. They urge computer users, instead, to take proactive approaches to prevent and guard against intrusions before they strike.
Aug 28, 2004 1:30 AM PT
Computer users, faced with never-ending security attacks from surfing the Internet and opening e-mail, are showing increased interest in switching Web browsers. Downloads of popular non-Microsoft Web browsers have doubled this summer, software makers say.
The trend toward considering alternative browsers comes on the heals of a warning in June by the United States Computer Emergency Readiness Team (CERT) to stop using Internet Explorer (IE) until Microsoft solves the worsening security vulnerabilities. The CERT advisory issued a challenge to Microsoft to harden the flaws inherent in its Web browser.
Still, Internet security firms say that switching browsers is little more than a knee-jerk reaction to a problem that will remain regardless of which browser is used. They urge computer users, instead, to take proactive approaches to prevent and guard against intrusions before they strike.
That approach is urged by Robert Shively, chairman and CEO of PivX Solutions, maker of Qwik-Fix Pro, an advanced tool for protecting Microsoft Windows-based desktops and servers from worms, viruses and other malware.
Qwik-Fix Pro is designed to help safeguard PCs from intruders even before vendor security patches become available. In addition to offering Qwik-Fix Pro, the company also is offering a home version for free download until November 1. Shively said that, so far, more than 250,000 consumers have downloaded that home version.
PivX researchers have identified and fixed the root cause of most IE vulnerabilities -- namely insecure zone privileges and improper MIME type detection -- through a series of "Qwik-Fixes" released in September 2003. Qwik-Fix Pro has since protected users against subsequent IE command execution vulnerabilities, including the recent Scob and Download.ject worms.
"We look at vulnerabilities months in advance of any exposure," Shively told TechNewsWorld. "We find the pathways and entrance paths of intruders. We block those attack vectors."
Shively said that blocking the attack routes is superior to patching vulnerabilities. "Patching makes permanent system changes. With blocking there is no regression, so no applications stop working," he said.
Replace Broken Parts
Another security approach comes from Winferno, whose president, Jon Lal, said it is possible to get the best of both worlds. Using Winferno's Secure IE doesn't completely switch browsers. Instead, it merely interacts with IE. It replaces the "broken" parts of Microsoft's Internet Explorer and gives the user a new and improved interface.
"This method gives users the best of both worlds," Lal told TechNewsWorld. "We provide a new user interface so we can add more features. It's a matter of perception, if you consider this replacing or switching browsers."
Winferno released its Secure IE 2004 Suite last month. It offers new features designed to increase Web browser security and privacy. The product acts as a first-line defense for Web browsing, much like antivirus software does for e-mail. The suite helps protect against inadvertent malicious downloads, like keystroke logging software and spyware from Web sites.
Problems in Switching
Lal said one of the inherent problems with IE is that it leaves content management to the user. However, the average user doesn't know how to select the proper controls. Secure IE fixes that problem by maintaining its own list of ActiveX controls.
Lal explained that switching browsers typically causes two problems. One, users have to deal with incompatibility issues. Two, users trade off one set of known vulnerabilities for another set of potential problems.
Secure IE has a built-in security manager that automatically downloads updates on a preselected schedule. The Internet Security Advisor lets users surf the Web without the need to set and update security settings regularly.
Most Popular Alternative Browsers
Security and compatibility concerns aside, two of the recurring complaints about using IE are its lack of tabbed viewing and its lack of upgraded features. Microsoft hasn't designed a major revision of Internet Explorer since the mid-1990s.
All of the popular alternative browsers have the tab structure and built-in features to block intrusions like pop-up ads. Most of them automatically import favorites and other user settings.
Following is a list of the most popular alternative browsers.
Opera Software of Oslo, Norway, is known for its speed and inventiveness. Its latest version comes with a series of one-click setups that instantly change Opera's toolbars, menus, keyboard shortcuts and mouse gestures, one of which emulates an IE-like look and feel. This shortens the learning curve for users who migrate from IE. Opera comes with integrated searches from Lycos and a fully featured mail client. The purchased version is ad-free.
Slim Browser by Flashpeak.com is a free, multiple-site browser based on the tab-page interface. A large collection of features are built in, including recoverable pop-up killer, form filler, site group, quick-search, auto login, hidden sites, online translation, script error suppression and blacklist-whitelist filtering. It also includes an RSS rendering engine.
The Mozilla Foundation in June released a preview of its next-generation Web browser, Mozilla Firefox 0.9. Faster, more secure and easier to use, the new look and features make migrating from IE a quick transition. The more than 3 million Mozilla users make this newest version one of the most popular alternative browser choices.
Crazy Browser is a powerful, free, tab-based Web browser with the ability to open multiple sites and windows inside a single browser window. It can handle multiple monitors and has tab status indicators. Multiple pages can be saved and reopened together. Crazy Browser comes with many preconfigured search engines and can be customized.
Avant Browser is a free, fast, stable, user-friendly and versatile multiwindow browser that is a smart upgrade from Internet Explorer. Avant Browser can save bandwidth by blocking the download of typically large flash files used for Web site animations. It also provides options to block downloads of pictures, videos, sounds and ActiveX components. These options allow users to control their bandwidth and speed up page loading.
One handy feature allows browsing multiple Web pages simultaneously. All opened pages can be easily stopped, refreshed, closed or arranged with one click. Another feature is the ability to use the mouse button to navigate back and forth within a Web site.
Now owned by AOL, the Netscape browser bears a striking similarity to IE in terms of the user experience. The major improvement in its look and feel is the tabbed viewing. This version is designed for faster rendering and start-up times and has updated plug-ins like Macromedia Flash 7 and enhanced security features.