Internet Explorer Security Issues Trigger National Security Alert

internet explorer
Internet Explorer (IE) security issues triggered a national security alert today from the Department of Homeland Security (DHS), which issued an unusual advisory warning computer users not utilize the IE web browser until the most recently discovered security issue is fixed. Some experts say that is not very likely to happen any time soon.

The security alert may be the death knell for the still very popular XP operating system, and a wake-up call for thousands of companies that have so far refused to upgrade to Windows 7 or 8. It may also come back to haunt Microsoft later as computer users express continuing concerns about Microsoft’s abandonment of the popular operating system.

The browser problem, which affects IE versions 6 through 11, has allowed a well-organized group of hackers to gain access to confidential information from a broad spectrum of defense and financial industry computer systems in a campaign that has been dubbed “Operation Clandestine Fox.” The warning was issued by the United States Computer Emergency Readiness Team ( US-CERT) in a press release on Monday morning in which the DHS unit warned that the security issue could lead to a complete compromise of an infected system. The fox, it seems, is really in the hen-house this time.

Quick Fix
Security analysts were quick to point out that the security breach ONLY affects the Internet Explorer web browser. If they can, computer users are being advised to switch to Google Chrome or Firefox until the problem has been fixed, if their business applications work with those browsers. Once the newer versions of IE have been fixed, users who must continue to use XP can download a utility from Microsoft that allows XP captives to use newer versions of IE, but there are known productivity bugs in that utility, which is why many companies have refused to use it.

A Concerted Attack on US Infrastructure
“Complete compromise” means different things to different organizations, but a technical support team at General Dynamics defines it as a complete takeover of system operations, sometime called the “going hog-wild” phenomenon among hackers. This is not a common garden variety hack, a phishing scheme, or some other low-level annoyance.

On the contrary, this is a prima facie illustration of what a cyber war attack will look like, because that is exactly what is happening right now. So far, the hackers have only been stealing data, but the nature of the security hole is such that the hackers could take control over entire systems and wipe data, change data, add data, or deliberately crash devices running on infected systems. In other words, this is no joke.

The security warning is especially important to Windows XP users because their systems do not work with any IE web browser newer than IE6. Microsoft no longer supports Windows XP, which raises questions about whether or not Microsoft will bother to fix the security hole for an out-of-date browser that is only used by an older version of Windows that the company is trying to kill off.

IE currently owns 55 percent of the web browser market, according to NetMarketShare,with the rest being divvied up between Google Chrome, Mozilla Firefox, Apple Safari and Opera. Those figures are contradicted by W3schools.com, whose figures show that IE only accounts for around 10 percent of the market, with Chrome holding 57.5 percent against Firefox’s 25.6 percent. Runner up Safari claims just 3.9 percent of the market, leaving 1.8 percent for Opera. The NetMarketShare report reflects a cross-section of all computer users. W3schools statistics are based on data from visitors to their websites, who tend to be computer professionals, rather than end users.

Who is Affected?

Just about anyone could be affected by the breach because almost everyone does business with the institutions that were affected, or with other institutions that do business with them. Neither Homeland Security nor anyone else is about to provide any details about who has been affected, or who may be affected in the near future, for the very obvious reason that making such information public would hang a target on those companies for other hackers. However, the fact that the warning came from Homeland Security, rather than Microsoft itself, suggests that at least one of the victims has ties to country’s defence systems.

Organizations in that category reportedly might include branches of the U.S. Military, The U.S. Postal Service, the Internal Revenue Service, the Federal Bureau of Investigation, defense contractors, and major financial institutions. Homeland Security itself has moved most of its operations to Windows 7, but still requires its employees to use Internet Explorer. The IRS recently admitted that it was paying Microsoft millions of dollars to continue to support their Windows XP installations, a situation necessitated by the fact that IRS’s own software will not run properly on Windows 7 or 8. Thee biggest potential victims in this scenario, however, are the Chinese, who are running more XP systems than anyone else.

Why do these organizations continue to use XP?

In addition to compatibility issues with enterprise software that has not been upgraded to run on new versions of Windows, many users also point to the fact that their older peripheral devices will not work on the newer operating systems. Manufacturers have not released updated drivers to allow older equipment to work on newer operating system, but many computer users have substantial investments in the older devices, which would have to be replaced during an upgrade to the newer systems.

According to Browsium, a software company that publishes software that enables newer operating systems to function like Windows XP, 80 percent of the organizations with more than 10,000 computers in their systems never upgraded their operating systems to Windows 7. The anemic market performance of Windows 8 to date is widely attributed to serious misgivings in the marketplace about Microsoft’s decision to “optimize” Windows 8 to run on touch-screen systems. Recognizing, belatedly, that the majority of the upgrade candidates do not have touch screen computers,Microsoft recently issued an update for Windows 8 that makes it easier to use on systems that do not have touch screens.

In many cases, however, Windows XP users is simply do not want to put new shoes on an old horse. They do not want to upgrade their software until they have to upgrade their hardware, and they don’t want to have to upgrade their hardware just to run Microsoft’s new software. In many cases, computers that run Microsoft XP perfectly well, will not be as successful with Windows 7 or 8 because the newer systems need more processing speed and more memory than the older systems. This forces customers who have to move up to Windows 8 to buy new hardware to run the new software.

Microsoft Reaction Muted

Microsoft’s immediate public reaction has been low-keyed, promising to get right on it….while skirting the issue of whether or not they will provide a fix for IE 6 so that Windows XP users can pick up where they left off and go about their business. That is not a likely course of events.

While there is little doubt that Microsoft’s decision to discontinue support for Windows XP was specifically motivated by their need to force computer users to upgrade to Windows 8, there is also little doubt that decision may have just created an enormous public relations problem for the company. Without describing the precise nature of the security hole, industry experts, including the prestigious Carnegie Mellon Software Engineering Institute, have indicated that there are no obvious quick fixes for this particular issue, suggesting that it will take a major rewrite to close the loophole, rather than a quick patch.

The Homeland Security announcement might just be the silver lining inside the dark clouds surrounding Windows 8’s poor performance in the marketplace. If Homeland Security is telling people not to use Internet Explorer, and Microsoft never fixes the older versions of Internet Explorer, it will be Homeland Security that will be blamed as hundreds of thousands of individuals and companies spend millions (if not billions) of dollars to upgrade to an operating system that most of them did not want in the first place.

The bad news for Microsoft is that this event may just trigger the widespread abandonment of Internet Explorer, rather than the retirement of more Windows XP systems , as XP users learn that they can avoid the security problem simply by switching from IE to Chrome or Firefox. That could mean a boost to user rates on those browsers, and continued sluggish sales of Windows 8.

The Internet Explorer security issue that triggered the Homeland Security warning has become the latest hot topic in the news media. The hysteria in the media is spreading as rapidly as the hackers have been spreading through XP computer systems. Some of that hysteria is well-meant getting the word out public service ,but most of it is more gilding on the lily. The best defense is a strong offense. Just do not use IE until the all-clear sounds – and then consider whether or not you want to go back to IE at all.

By Alan M. Milner
Look for me on Twitter:@alanmilner

Sources:
Reuters
W3Schools. com
Tom’s Hardware
Technologizer
Fox 13
Business Week

16 Responses to "Internet Explorer Security Issues Trigger National Security Alert"

  1. Mary Thomas   September 3, 2014 at 11:59 pm

    For Any Antivirus Tech Support Contact at: +1-844-833-8353

    Reply
  2. Not   May 1, 2014 at 8:04 pm

    Thing one that interests me is what, on a practical level, are the possibly far-reaching residual impacts of this very long standing security breach? Must we wait and see? I really hate that!

    Thing two. Microsoft has always used their OS and their monopoly muscle to push hardware and application purchasing. After all, is it better to operate in a somewhat smaller pond, or do you want to maximize the size of the pond? MS has simultaneously developed an evangelical culture around their products. These have certainly been a couple major factors in their phenomenal business success and a reflection of the personality of Bill Gates himself. It has also been their Achilles heel.The direction they were going has been clearly evident for at least 25 years. They’ve built themselves a highly echoic bubble. Unable to see clearly ahead, as a company they seem to be walking off the end of the pier.

    Reply
  3. Not   May 1, 2014 at 7:32 pm

    Nice article Alan. It’s one of the best I’ve seen on the topic.It’s pretty thorough. I am sorry to see this thread hijacked by the non-issue of which versions of IE run on XP SP3. Early in the 90s, many software developers realized they didn’t need to write a proprietary GUI for their products. They could re-use the web-browser. You accurately describe why XP remains so entrenched: roughly 300M systems.The broader application environment makes it difficult and in some cases impossible to upgrade. What happens when a product developer fails to upgrade their software to reliably support new browsers? This is particularly true with back-office products. Suddenly users feel they cannot run reliably on a newer browser. This is why your IT person claims IE6 is the last version to work with XP. Stricltly speaking it’s not true. But practically speaking, it may be true depending on the environment.The problem usually is that some folks require an application that limits their browser level.

    Reply
  4. Bryan   May 1, 2014 at 1:05 pm

    Looks like Microsoft issued a fix today 5/1 (MS14-021) that fixes this issue EVEN FOR XP. Wonder how long it’ll take to update the article or write a new article covering that news…

    Reply
  5. grace   April 30, 2014 at 8:33 pm

    I just found out that i am using IE 11 and just got updated my windows to W8.1 and i find my computer was so slow most of the time even when i start to open my notebook and i also noticed that it often redirects me to other website that i didn’t search and it seems that all the comments from that site was familiar and its weird and i don’t know.. my computer seems to have “his” own mind and it seems that it all know ..what do i need to know…I am a bit confused on somethings here..and i am worrying that this might lead to a system crash..and i hope not…Your will be highly appreciated…

    Reply
    • Alan Milner   April 30, 2014 at 9:30 pm

      Okay, you have a serious problem. Based upon what you wrote, I would suggest that you review your anti-virus and malware programs. There is a product from Microsoft called Microsoft Security Scanner. Go online, get it, and run it on your computer. It can be run over other security software and it is pretty good at letting you know if you have a problem. My son, who does technical support for xxxxxxxx recommends the free versions of AD-Aware antivirus and Malwarebytes, but I am not sold on Malwarebytes. Since this is an open forum, you will hear a wide range of advice, and the reason for this is that, depending upon the computer’s configuration, the software on board, and whatever has happened to it since you took it out of the box, each situation is almost unique. Make sure you have backed up all of your data before you do this. IF you have a virus program on your computer now, and you paid for it, good luck getting your money back, but you can try. Take it off your machine though, because it didn’t do its job. Also, only use the free versions of the products I mentioned, and do not purchase the add-on or upgrade products. When installing the anti virus programs, read each step carefully and uncheck any offers for free software, toolbars and stuff like that. No promises. No warranties. Remember, free advice is worth exactly what you paid for it.

      Reply
  6. Tom Lake   April 30, 2014 at 8:30 am

    This has nothing to do with XP! Even if you “upgrade” to Windows 8.1, you’re still vulnerable since IE 11 is just as open to the attack as IE 6.

    Reply
    • Alan Milner   April 30, 2014 at 9:33 pm

      Tom that is 100% right. The hole is going to be there regardless. There are however some applications that will not run on anything except IE. I ran into them in the mortgage industry as a management consultant. Hated them.

      Reply
  7. Wyatt   April 30, 2014 at 8:29 am

    Windows XP supports up to Internet Explorer, not 9.

    http://windows.microsoft.com/en-CA/internet-explorer/products/ie-9/system-requirements

    Reply
    • Wyatt   April 30, 2014 at 9:16 am

      Doh: Windows XP supports up to Internet Explorer 8, not 9.

      Reply
      • Alan Milner   April 30, 2014 at 9:32 pm

        Some people say six, some eight, some nine. My source – who supports government systems that are locked into XP – tells me that six is the only bulletproof option if you have to use IE. Of course the obvious choice is to use Google or Firefox and be done with it.

        Reply
  8. Tyr   April 30, 2014 at 1:32 am

    Yet another reason it’s known as Internet Exploder in so many circles.

    Reply
  9. Alan Milner   April 29, 2014 at 3:38 pm

    JImmy, you can leave IE on your computer. Just don’t use it as a browser. You can also remove it from your favorite programs list, and take it off your desktop, without actually removing the program from your system.

    Reply
  10. Alan Milner   April 29, 2014 at 3:36 pm

    XP supports up to 9, but not without problems. Ask anyone who is in the mortgage business. Six is the last version that operates without glitches, but you are right that consumers could use up to 9, but the IRS can’t. They are stuck with XP and from what ai have been told, with 6.

    Reply
  11. Jimmie Roan Sr.   April 29, 2014 at 3:19 pm

    when you say don’t use ie do you mean remove it as browser or just use another untill problem solved, i am using mozilla right now but haven’t done anything about ie, just not using it.

    Reply
  12. Corey Sheppard   April 29, 2014 at 7:02 am

    Windows XP supports up to Internet Explorer 9, not 6.

    Reply

Leave a Reply

Your email address will not be published.