Warnings by the German and French governments about the vulnerabiliy of Microsoft’s Internet Explorer 6 in the wake of the serious China-based cyber-attacks disclosed last week by Google appear to be boosting the uptake of rival browsers across Europe.
However, computer security experts described the Microsoft software flaws as routine and not particularly serious, and called the official warnings in Europe an over-reaction. The spotlight that has been thrown on weakness in its software as a result of the China attacks comes at a critical time for Microsoft, which has been hoping that the release of its Windows 7 operating system would reverse Internet Explorer’s ongoing loss of market share.
Internet Explorer is still the leading browser in Europe, with 45 per cent market share, but Firefox is a close second at 40 per cent. This compares with a 56 per cent market share worldwide, according to StatCounter, the web analytics company. In markets like Germany and Austria, Firefox has already become the market leader, with IE in second place. The German and French governments have both warned citizens not to use Internet Explorer, at least until a security patch is released to fix a vulnerability in the software. Concerns were raised after security experts pointed to a flaw in Internet Explorer code as a key vulnerability that had contributed to the cyber-attacks on Google and 33 other companies.
There was a huge spike in the number of searches for Firefox in Germany at the end of last week, according to the Google Trends website, which allows users to track internet behaviour. There was also a sharp rise in searches for Firefox in Switzerland and Austria, and more modest increases in countries like Italy, the Netherlands, Spain, Portugal, and the UK.
Microsoft said last week that Internet Explorer had been one of several mechanisms used in the attack. Microsoft itself was recommending that customers switch to Internet Explorer 8, a newer version of the browser. Microsoft said it had not seen any successful attacks on IE8.
Andrew Storms, director of security for nCircle, described the warnings from France and Germany as “a disproportionate response” that reflected general paranoia in the wake of Google’s disclosure. “Microsoft is an American company, Firefox is developed internationally – it’s convenient to kick them over this one,” said Dan Kaminsky, a US-based security expert. The disclosure of the browser flaw is relatively routine and not materially different to “thousands” of other weaknesses found each year in browsers and software “plug-ins” that extend their capabilities, he added.
Internet Explorer has been under intense scrutiny in European already. Microsoft recently settled a case with the European Commission over illegal tying of the browser to its dominant Windows operating system. In December, Brussels agreed a deal with the company which will see Microsoft offer users of its Windows operating system a choice of a dozen rival browsers. Microsoft will continue to be under close monitoring by Brussels to ensure that this new system works.
Microsoft is trying hard to improve its relations with European policymakers, however. On Tuesday it announced that it would make data from internet searches anonymous after six months, in line with recommendations by the Commission.
The Article 29 Working Party, a group of European data protection officials, which advises Brussels on its privacy policies, had recommended nearly two years ago that user data collected by search engine companies be deleted after six months. Although Microsoft is responding somewhat slowly to the request, it will look compliant compared to Google, which still keeps search data for nine months.