Microsoft IE Security Storm Builds

It has not been a good week for Microsoft's Internet Explorer browser. After last week's Download.JECT virus, which used IE as a vehicle for installing a worm, and a vulnerability report from the U.S. Computer Emergency Readiness Team, some industry experts have called for a switch to other browsers, such as Mozilla or Opera.
Ironically, during the same week Microsoft finally put to rest its long-running court battle with the U.S. government over the company's business practices -- specifically, weaving Internet Explorer into the fabric of the Windows operating system. A District of Columbia appeals court affirmed a lower court ruling that Microsoft would not have to make IE a separate software program.


Own Worst Enemy
But the fact that IE is bundled into Windows rather than being marketed on its own has allowed the browser to languish without material security updates for almost four years. "There hasn't been any competition, so there hasn't been a reason to improve it," said Gartner analyst John Pescatore.
But there is a deeper reason that Microsoft has not beefed up the security of its browser: It is woven into Windows. "To change the browser, you have to change the operating system," Pescatore told NewsFactor. "It's a bad idea to integrate applications into an operating system."
Linux in the Wings?
Microsoft was caught off guard with the Download.JECT virus, because the worm was written independent of Microsoft's announcement of a vulnerability in IE -- many worms are written after the company identifies weaknesses in its products and offers patches. Microsoft has yet to offer a patch for the IE problem -- hence, the calls by some industry experts for a switch to an alternate technology.
But experts say the enterprise has few alternatives.
"Mozilla has been shaky in the past, although the new versions have been pretty good," noted Pescatore. "But you don't have any grand assurance that a company like IBM or Red Hat is behind the browser," he said.
Security problems in Windows, such as the Explorer vulnerability, are causing more enterprises to look at the Linux desktop, says Pescatore. "But I don't think it's making any businesses just drop Windows at this point."