About time

Internet Explorer has been officially declared a virus. Windows in general has been declared a carrier.

"the U.S. Computer Emergency Readiness Team (US-CERT), the official U.S. body responsible for defending against online threats. The group on Friday advised security administrators to consider moving to a non-Microsoft browser among six possible responses."

"There are a number of significant vulnerabilities in technologies relating to" IE, the advisory stated. "It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites."

The advisory noted that Internet Explorer has had a great many security problems in several of its key technologies, such as Active X scripting, its zone model for security and JavaScript. However, the group pointed out that turning off certain features in IE increases the security.

"Using another Web browser is just one possibility," said Art Manion, Internet security analyst with the CERT Coordination Center, which administers US-CERT. "We don't recommend any product over another product. On the other hand, it is naive to say that that consideration should not play into your security model."

CERT also noted that people who opt for non-IE browsers but who continue to run the Windows operating system are still at risk because of the degree to which the OS itself relies on IE functionality.

http://asia.cnet.com/my/0,39002192,39185013,00.htm
http://www.chron.com/cs/CDA/ssistory.mpl/business/2648149
http://www.theregister.co.uk/2004/06/28/ie_is_complex/
http://www.vnunet.com/news/1155868