The rise of the phisher kings continues apace. Their most recent achievements include the combined IIS and IE exploit that infects visitors to apparently impeccable sites, and a phishing attack based on the use of Browser Helper Objects.
There is nothing new in this, since bugs in Internet Explorer have been part of the Internet landscape for years. What is novel is that this time people may have had enough, prompting what has been rightly called "a growing crisis of confidence in Internet Explorer".
This is not the first time that users have been urged to switch browsers. In October last year, US-CERT (Computer Emergency Readiness Team) offered the simple solution of "use a different web browser" as a way of dealing with bugs in Internet Explorer. Two things make the situation different now.
One is the extreme gravity of the latest phishing scams: victims of phishing attacks might conceivably lose their life savings. Some people now perceive Internet Explorer and Internet Banking as a potentially lethal cocktail that must not be mixed, with insiders in the banking industry urging their families to switch if not operating systems, then at least browsers, while conversely some internet banking customers have adapted to the threat by forgoing convenience and moving funds back into accounts which require traditional telephone and fax instructions.
The other major difference from previous occasions is that there is now a serious alternative to Internet Explorer available on Windows. Although the open source Mozilla project has had a long and troubled history, the current release of its next generation product, Firefox, seems excellent.
This is an extremely dangerous situation for Microsoft. The phishing threats and the growing professional chorus of disapproval for Internet Explorer provide Windows users with very good reasons to turn elsewhere, even if only temporarily. But Firefox is so good that many will want to stay with it. And once they have tasted the power and freedom of open source, maybe they will be tempted to try "just one more program".
Firefox and the Thunderbird email client will form the basis for the next iteration of the main Mozilla package. One way of obtaining this is to download the free TheOpenCD image, and to burn it to CDs for easy distribution to Windows users around an organisation. TheOpenCD also contains the increasingly viable OpenOffice suite, the powerful GIMP image manipulation program, and several other useful open source offerings for Windows.
This experience of the professional quality of free software might even lead some into the ultimate temptation: GNU/Linux itself. That option has been made as convenient as possible by the creation of Knoppix, another image file that can be downloaded, burnt to CDs and passed around. Remarkably, this 2 Gbyte package of GNU/Linux plus applications can be run from any Windows PC without changing a single file on the hard disc simply by booting from the CD drive. The automatic configuration allows users to experience GNU/Linux in a completely risk-free way.
In the very earliest days of Linux, the Yggdrasil distribution could also be run as demo on a PC. One person to try out this feature, in 1993, was Eric Raymond, until then rather sceptical of Linux. The rest is history. Who knows what knock- on effect Firefox, TheOpenCD and Knoppix may have on other people today?
Glyn Moody welcomes your comments.
Posted by Glyn Moody in Security
Your link here? Advertising on the Netcraft Blog