Homepage > News > High Tech > 

Germany, France warn against using Internet Explorer

2010-01-20 08:32 BJT

BEIJING, Jan. 19 (Xinhuanet)-- The German and French governments have warned against using Microsoft's Internet Explorer to browse the web because of security flaws.

The Federal Office for Information (BSI) Security told Germans to avoid use of all versions of Explorer after a security hole led to attacks against Google and others by hackers.

Microsoft admitted last week that its browser was the weak link in recent attacks by hackers who pried into e-mail accounts of human rights activists.

Following the attack, Google threatened to end its operations in China. But Microsoft rejected the German government's warning as too strong and has sought to reassure users that the security threat was low.

"These were not attacks against general users or consumers," said Thomas Baumgaertner, a Microsoft spokesman in Germany, adding that the attacks on Google were carried out by "highly motivated people with a very specific agenda".

Microsoft claims the security risk can be limited by setting the browser's security zone to "high", although they admit this limits functionality and blocks many websites.

But the BSI insisted that such measures were not sufficient and urged internet users to use alternative browsers, such as Mozilla's Firefox or Google Chrome.

"Using Internet Explorer in 'secure mode,' as well as turning off Active Scripting makes attacks more difficult, but cannot fully prevent them," the BSI said in a statement.

Following the German announcement the French government followed suit, issuing an advisory suggesting that all versions of Internet Explorer, which is included with Windows, were vulnerable to attacks.

The French government through the CERTA (Centre d'Expertise gouvernemental de Réponse et de Traitement des Attaques) website, said security holes existed in IE6, 7 and 8 which allowed malicious people to execute arbitrary code remotely.

"Pending a patch from the publisher, CERT recommends using an alternative browser. CERT said it is also strongly advised to browse the Internet with a user account with limited rights and the disabling of interpretation of dynamic code (JavaScript, ActiveX, ...)," a statement on the French government website read. "Moreover, activation of the DEP (Data Execution Prevention) may limit the impact of this vulnerability."

Graham Cluley, a senior security consultant for UK-based security firm Sophos PLC, said he could not recall another example of "such strongly worded advice" from a European government for users to switch from a piece of software.