It all turned a bit nasty last week for Microsoft which,
after initially putting on a brave face about its security,
released a patch for an Internet Explorer 6 (IE6) hole
through which China-based cyber spies attacked Google and
other firms.
The French and German Governments joined in calling for web
users to find an alternative to Microsoft's IE to protect
security.
Certa, an agency that oversees cyber threats, warned against
using all versions of the browser.
Germany warned users after malicious code was published
online.
But Microsoft told BBC News that IE8 was the "most secure
browser on the market" and people should upgrade.
Cliff Evans, head of security and privacy, said that so far,
the firm had seen malicious code that targeted only the older
version of its browser - IE6.
The risk was minimal, he said.
Fast forward a few days and Microsoft announced it was
releasing a patch for IE6.
"Microsoft continues to see limited attacks, and to date, the
only successful attacks have been against Internet Explore
6," the company said on its website.
"We recommend that customers install the update as soon as it
is available."
Microsoft broke with normal protocol by releasing the patch
as soon as it was ready instead of on the normal second
Tuesday of each month.
Attacks that prompted a showdown between Google and China
only worked against IE6.
Computers could protect themselves by switching to newer
versions of the web browser, according to a Microsoft
security manager.
IE7 and IE8 seemed to be holding and at writing, none of the
attacks had been successful against IE8.
No matter which web browsers people use, upgrading to the
most current version promises to increase protection against
hackers.
However, what Mack-line found disturbing was an alert from
Symantec, the maker of Norton computer protection software.
New Zealand spokesman Fred Russo said Microsoft had recently
announced a zero-day vulnerability that affected IE6, 7 and
8.
That meant there was a hole in IE that a cyber criminal could
take advantage of, he said.
"Criminals create a malicious threat that targets anyone who
is using the vulnerable browser and is not protected.
"They'll use tricks like spam, phishing or fake websites that
show up on search results to lure people to an infected
site."
He urged computer users to stay on top of security patches.
Vulnerabilities happened all of the time, regardless of the
operating system or software maker.
When the Microsoft patches arrive, they should be downloaded
as soon as possible, Mr Russo said.
Mack-line agrees.
Graham Cluley, of Security firm Sophos, said Microsoft had
admitted there was a vulnerability, even in IE8.
Because details of the exploit were now available online,
hackers could soon change the code to target other versions
of the browser.
Web users should be careful about clicking on links in
unsolicited emails.
Mack-line wonders if any readers have experienced a problem
similar to this.
Internet Explorer and Firefox keep telling Mack-line that
sites, such as a local wine supplier, all major trading
banks, a credit union site, gmail, hotmail and an online
retailer have expired certificates.
IE went as far as not allowing Mack-line to order wine online
or log on to the Bank of New Zealand site.
Firefox allowed Mack-line to create certificate exemptions
but warned against making those exemptions.
