PC World - In the wake of the attacks in China it has been determined that a zero-day flaw in Microsoft's Internet Explorer Web browser is one of the primary exploits used to compromise target systems. Germany, and now France, feel the solution is easy--stop using Internet Explorer. This simplistic approach is shortsighted and may create a false sense of security.
Blaming Internet Explorer
The attacks against Google, and an array of other private corporations, political activists, and international journalists, which have led Google to consider shutting down operations in China completely, did use Internet Explorer as an attack vector.
McAfee CTO George Kurtz explains on his blog "In our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer."
It is worth noting that Kurtz used the phrase "one of the malware samples", implying that there are others and that additional attack vectors may be involved. There is a fair chance that Internet Explorer is not alone in enabling the attacks.
I asked Kurtz about initial speculation that the Adobe Reader zero day exploit patched by Adobe last week was involved. He responded "We have heard the rumors but have not confirmed nor analyzed any malware specific to these attacks that used Adobe Reader. I can only comment on the malware we have examined and there certainly could be other pieces of malware that have not yet been discovered. Additionally, it is common for an attacker to leverage one point of access as a pivot point, and attack other internal systems with different exploits specific to that operating system or application."
False Sense of Security
I asked Kurtz about the irony that Google, makers of the Chrome Web browser, could be compromised by a flaw in Internet Explorer. Shouldn't Google be using Chrome?
Kurtz replied "It is easy to come to that conclusion, but IE is ubiquitous and is used in almost every corporation. Keep in mind, there are many enterprise applications that only work with IE--so it is difficult to just mandate an alternate browser even if you are the creator of that browser."
Still, the problem with adopting the "abandon Internet Explorer" defense as a strategy is that it creates a false sense of security. Other browsers, applications, and operating systems can be breached as well--especially by attackers with a dedicated mission and sophisticated resources.
At the CANSEC West conference last year the Mac OS X operating system was compromised in a matter of seconds for the Pwn2Own contest using a zero-day exploit for the Safari Web browser. In an interview following the contest, the winner explained that "It's more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn't have anti-exploit stuff built into it."
- Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester's own market data,...
- Case Study: Intuit Turns to Self-Service IT Intuit empowered its users to resolve their own IT issues with a consumer-like experience to free IT to focus on more strategic initiatives....
- Automation for a Better Tomorrow Check out the five most common annoyances facing enterprise IT service desks today, and how automation can resolve all of them. Download the...
- Beyond the Enterprise App Store Leverage proactive, secure and automated IT Service delivery to move beyond the traditional App Store and empower your users. Read the white paper...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!