By Craig Buckler

Stop Using Internet Explorer Warns German Government

By Craig Buckler

Stop using IEThe German Government’s Federal Office for Information Security has officially advised (English translation) web users to find an alternative to Microsoft Internet Explorer. The statement comes after it was revealed that IE was one of the primary causes of the recent Chinese attacks on Google GMail and other systems.

Microsoft has released information about the problem which affects IE6, IE7 and IE8 on all versions of Windows (only IE5.01 on Windows 2000 is not affected):

The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.


Software security firm Sophos has rated the threat level as “high” and warns that ways to exploit IE’s security have been posted on the internet. The flaw allows hackers to install a Trojan, gain control of the infected PC and potentially steal the user’s passwords.

Thomas Baumgaertner, Microsoft’s Germany spokesman, said that while they were aware of the Government’s warning, they did not agree with it:

These were not attacks against general users or consumers. There is no threat to the general user, consequently we do not support this warning.

The company has advised users to install the latest browser and use a high security zone. However, the German statement concludes:

Running the Internet Explorer in protected mode and disabling scripting makes an attack more difficult but it can not completely prevented. Therefore, the BSI recommends using an alternative browser until Microsoft release a patch.

Microsoft are working to the flaw and may issue a fix before the next scheduled update on 9 February.

If you’re reading this article on SitePoint, moviedl, you probably aren’t using IE: more than 75% of our visitors use alternative browsers. Whilst no browser is 100% secure, this has become a high-profile story which could affect IE’s market share. Google’s Chrome browser will certainly benefit … perhaps that’s another reason Google were so eager to publicize the GMail attack?

Are you or your company using IE? Would this flaw persuade you to switch browsers?

  • Ketira

    The reason I switched from IE to Firefox was that Firefox took less time to fix things than Microsoft did. Now there’s only one reason I use IE at all: Windows Update.

    I wonder if any other countries have said something like this (besides the US & Germany). Does anyone know?

  • NetNerd85

    because we definitely want to listen to the German government ;)

  • Data Execution Prevention in the OptOut setting (all programs and services) will keep you safe against things like this.

    System Properties > Advanced > Performance > DEP

  • didgy58

    it also seems that France has issued a warning as well

    woohoooooo…. lol

  • get real!

    This is not a matter aof browser performance and security that the attack happened. It was a mere matter of using a tool that’s most accessible. That would be IE! When FF usage reaches that of IE, the attackers focus will adjust accordingly!
    This however does not excuse the poor quality of software that a large company such as Microsoft often releases.

  • I would like to point out in response to the previous comment that the logic given does not seem to hold. Read which is an example where the more popular program is not the most attacked.

  • Niubi

    Good old Germany – you can always rely on them to insist that everything much be in Ordnung before they’ll use something! They also came up with the novel concept for DubLi, so they’re not afraid of innovation.

    Let’s be honest – IE is a horrible, clunky browser in any case.

  • The good thing about European countries is that they don’t appear to be held hostage by corporate lobbyists as North American governments have shown to be. Although in this particular case it is a narrow targeted attack, it is the result of critical flaw in IE that can be duplicated.

    I keep IE around for testing and quite like IE8 but I won’t use it for anything that requires a semblance of online security and haven’t since the IE6 security fiasco’s. FF, Opera, Chrome and even Safari are more than adequate.

  • W2ttsy

    i think the main issue is that the vendor has allowed this error to propagate throughout the various revisions of IE, and once exposed has taken their sweet time issuing a fix. The reason that Firefox, chrome and safari are revered so much by the security folk is that the companies issue bug fixes and updates on a regular basis. Plus, with the open source community constantly finding and fixing errors, there are fewer bugs being introduced into newer versions.
    Having an open and accountable development system has a massive trade off in regards to security, look at the history of *nix security vs that of Windows. Primarily the open source nature of *nix based platforms has allowed the wider community to test and locate bugs, something that could never be achieved by a single company alone.

    I firmly believe that if MS was to adopt OS techs and open up their code base to the dev community that the next rev of Windows would be substantially more stable. It would also involve regular system updates and a commitment to standards (web, platform, etc) and having a management team that was even vaguely interested in OS, but it would be the step ahead that keeps in the game.

  • Nick

    @Awassan: “The good thing about European countries is that they don’t appear to be held hostage by corporate lobbyists as North American governments have shown to be.”

    I bet you’re not talking about Canada and Mexico, right ?! : )

Get the latest in PHP, once a week, for free.