Last week, news broke that Internet Explorer, versions 6-11, contained a major security flaw that would allow a hacker to take complete control of a user’s computer if the user navigated to a site that the hacker had specially crafted.
The threat was so severe that the US Department of Homeland Security even urged users to stop using Internet Explorer until a fix had been released for it.
Microsoft have now released an update for the browser that fixes this issue – anyone with automatic updates turned on will automatically receive it. If you don’t have automatic updates turned on, just go to “Windows Update” in the Control Panel.
Surprisingly, Microsoft have also released an update that fixes the issue for Windows XP users as well, despite officially ending support for the old operating system earlier in April. The alternative would have been to sit back and allow millions of XP users to go about at risk of cyber-attack. The backlash of this for Microsoft could have seen them lose trust in a marketplace where their dominance has already slipped.
Microsoft had this to say about the update, and the situation with XP, on their blog:
One of the things that drove much of this coverage was that it coincided with the end of support for Windows XP. Of course we’re proud that so many people loved Windows XP, but the reality is that the threats we face today from a security standpoint have really outpaced the ability to protect those customers using an operating system that dates back over a decade. This is why we’ve been encouraging Windows XP customers to upgrade to a modern, more secure operating system like Windows 7 or Windows 8.1.
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.
Have Microsoft been too slow to fix this issue?
For Microsoft, this fix could be too late to save a large portion of their IE user base. It has been almost a week since the US Government suggested that people use an alternative web browser to IE. How many people in that time will have decided that they actually quite like Google Chrome or Firefox and won’t be coming back?
They have, however, cleverly used this as an example of why their XP users should upgrade to Windows 7 or Windows 8.1. The official comment on Microsoft’s blog goes on to stress:
Just because this update is out now doesn’t mean you should stop thinking about getting off Windows XP and moving to a newer version of Windows and the latest version of Internet Explorer. Our modern operating systems provide more safety and security than ever before. The latest version of Internet Explorer has increased support for modern web standards, better performance, and expanded the ability to deliver an immersive experience from within the browser. In other words, cool stuff that you need even if you didn’t know you need it.
It’s almost as if Microsoft are saying “We warned you to upgrade from XP. We’ll bail you out this time, but now you see what can happen if you don’t use our newer software in the future”.
Should you still use Internet Explorer?
Internet Explorer does actually have excellent security measures built in, such as restricting access to phishing sites unless overridden by the user, and protection against code on websites that track your browsing activity.
PC Mag have excellent reviews of all popular browsers here, stating that Internet Explorer is “fast, lean, and standards compliant. Its only major drawbacks are that it doesn’t run on OS versions earlier than Windows 7 and doesn’t offer syncing for that OS.” This isn’t too much of a problem – if you’re on XP, you need to upgrade your operating system anyway. It seems that only Vista Users will run into a problem here. PC Mag goes on to say that Internet Explorer has “excellent security and privacy features”.
It does seem that Internet Explorer has better security features than Firefox, but is not as customisable. There are a wide range of extensions that you can install to make Firefox your own. Google Chrome has excellent security features and has the customisability of Firefox and is highly recommended by many experts. It is currently the browser with the biggest share of the market.