Monday, April 28, 2014

New Zero-Day Exploit Targets Internet Explorer


The United States Department of Homeland Security is warning Americans to not use Internet Explorer, until a fix is found and disseminated for a major security flaw that was discovered by the security firm, FireEye.  One assumes that other nationalities should be wary as well.

I will go further and state that you should never use Internet Explorer at all.  Part of the reason for this is that since Internet Explorer is based on proprietary, secret software, no one really knows what is going on in the product.  In this situation, as in others, Microsoft has known about the flaw and said nothing until the flaw was found and publicized by FireEye.  No one knows how long they have known and what they are doing about it.

Contrast this with Firefox, which is fully Open Source, and Google Chrome, which is mostly open source (it is based on the fully Open Source Chromium browser with a few minor and major additions, e.g. automatic crash reports as a minor change, and sandboxed flash as a major change - an attribute that may be responsible for the fact that Chrome is invulnerable to this particular exploit).  Both of these browsers are just out there with everything exposed, and if there is a problem, that problem gets looked at by 10,000 pairs of eyes in less time than it takes Microsoft to inform management and decide how to respond.

Using proprietary software is like giving your home security service the keys to your house and the code to your alarm.  Maybe you can trust them, maybe you can trust all of their employees. But should you if there is a better alternative?

Even though I think that Firefox is the superior browser, I use Chrome because it has a set of extensions that help me with a lot of web activity: Grammarly and Techsmith's Snagit for two of the most prominent.  Add in the Add-ons and it becomes hard for me to do without it.  However, I used to feel that way about Firefox and its add-ons, so I could change back.

Neither Microsoft nor Apple have any great incentive to improve or patch their browsers - they are give-aways that they have to bundle into their primary product, but they are far from their reason for being.  It is different with Mozilla (Firefox) and Google (Chrome).  In the case of Firefox, it is an open source project run by the Mozilla Foundation, a non-profit that exists to "promote the values of an open Internet to the broader world".  In the case of Google, their stated mission is to advance their vision of all computer services ubiquitously accessible on the Internet - to achieve this, they need a great browser.

If you agree with these companies, use their excellent, open and secure browsers.  Or, you can use the closed, "after-thought" browsers made by companies whose business models are based on keeping you in their hardware and/or software silos.