When Google told us they had been hacked, I asked the question, if Google can get hacked, what chance do the rest of us have? Now the revelation comes that one vector of the attack was a zero day exploit in Microsoft’s Internet Explorer (a fascinating not too technical read BTW). Which begs the question:
If Google can’t get rid of Internet Explorer, what chance do the rest of us have?
Let me explain: Internet Explorer is used over 60% of the time. Google produces their own alternative, Chrome, and has been not so quietly advertising the heck out of it (which even MS has noticed). Its market share has now surpassed that of the much more mature Safari. And to top things off people have been generally certain that IE is unsafe for quite a while.
So why is anyone, let alone anyone in a technology leadership position at Google, still using Internet Explorer?
I’m guessing it boils down to one main thing. Internet Explorer is so embedded in the dominant operating system (that’s Windows of course — and incidentally, in case you didn’t read the zero day link above — this bug exists in the brand new Windows 7 as well) that it’s ridiculously difficult to get people, even really smart people who get it, to switch.
Let’s leave aside for a second the idea that an Internet company should be using the same mix of browsers as their customers — that could be handled in a lab.
Then let’s all take a moment to re-read the history of The First Browser War (a name which I love, BTW). Be sure to read the consequences section. And if you’re interested (I was), you might also enjoy popping over to the article about the anti-trust case.
What now? That’s a hard question. And as security threats become more complex, so will the answer.
But maybe the best way to start is to use a different browser. Will that instantly solve all the problems? No, of course not. But it will increase the complexity for someone wanting to exploit a vulnerability. Heterogeneous environments make for more complex targets than homogeneous. And if you can use a browser that makes its source code available for inspection, even better. Firefox, Chrome and Safari all do this. Opera — I haven’t put my hands on it immediately. Internet Explorer — nope.
And now, for your listening and viewing enjoyment (and with a nod to L.) here’s Lady Gaga’s “Bad Romance”. (Infer from it whatever you wish in re: this post. Or, infer nothing and just enjoy it — it’s pretty entertaining.)
0 comments ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment