Last week the German government warned web users to ditch Internet Explorer and go with some alternative (Firefox, Google Chrome or Safari being the obvious choices).
Why?
As far as I can tell there is a fairly vicious exploit out there which preys on IE version 6.0. It uses an invalid pointer reference to allow it to remotely execute code and hence place a trojan on your PC to steal your information. Microsoft has released Security Advisory #979352, which you can read about here.
The problem only impacts customers using IE6 and while that may still be around 20% of web users, IE7 and IE8 are not vulnerable to this exploit. And even so, to get infected you have to visit a rogue web site with the exploit embedded in it. There are emails in circulation that try to provoke you into doing that. So the risk is there, but it’s not particularly high.
It has to be said that it is not Microsoft’s fault that IE6 users have not upgraded. Many people like myself, who build web sites, gave up trying to accommodate IE6 quite a while ago. It was a bad non-standard release that often generates rendering problems for CSS coders. Microsoft fixed that and moved on. IE6 security was poor as this latest exploit demonstrates. Microsoft will surely produce a fix in time, but Microsoft recommends upgrading or setting Internet zone security in IE6 to high.
So why did the German government suddenly recommend to its citizens to drop this software product?
Even more bizarrely, this morning France has piled in and advised its citizens to drop IE too. Certa, a French government agency that oversees cyber threats, warned against using all versions of the web browser.
What is behind this?
I can only presume that European governments have been spooked by the Chinese attacks on Google and believe that they have to be proactive in order to protect their economies and citizens. However neither government has explained what is wrong with IE7 or IE8. IE8 was designed for security and Microsoft claims that it is the most secure of the browsers.
My advice, until someone demonstrates otherwise is that IE8 is safe, so upgrade unless you were wanting to change browsers anyway.
If a serious vulnerability suddenly emerges in Firefox or Safari, are the French and German governments going to advise you to switch browsers again?
