This article can also be found in the Premium Editorial Download "Information Security magazine: Weight lifter: Appliances that lighten your security load."
Download it now to read this article plus other related content.
Following the discovery that several major financial institutions' Web sites were being used to spread an Internet Explorer exploit, The Register ran the story, "CERT recommends anything but IE."
CERT's point is that enterprises and individual users can reduce their risk exposure by using browsers that aren't as susceptible to Web-based exploits.
So, why are we giving malware writers easy targets? Why aren't we switching to more secure browsers?
When Robert Morris released his famous worm in 1988, it wasn't capable of infecting most Internet-attached systems because there was a healthy diversity of OSes. But, modern worms achieve huge infection rates because we're all running the same operating systems and programs.
Given this apparent problem with IE, should we look to alternatives? Absolutely.
The commercial Opera browser runs on Windows, Unix, Mac and even cell phone OSes. Opera is blindingly fast and relatively inexpensive. But, if commercial tools don't fit your budget, there's Mozilla, the open-source offshoot of Netscape (the original Web browser). Both Opera and Mozilla would help organizations to avoid the next IE exploit.
Microsoft might claim that you're losing interoperability by switching browsers, but this isn't always the case. Some Web pages may not appear as pretty as in IE, but it doesn't go deeper than that. Opera renders pages just as well as IE.
As long as we're considering alternatives,
Best of all, from the migration perspective, Crossover Office ships as part of the Debian-based Xandros Linux Desktop, which syncs out of the box with Windows 2000 Active Directory or a Windows NT PDC.
For a long time, Linux enthusiasts have been told, "Users don't care about operating systems, they just want their applications to run." IT managers don't consider Linux for the desktop because they expect to lose application support. Perhaps these worries are unfounded.
Crossover Office isn't the only tool allowing Linux desktops to integrate into the Microsoft enterprise. Novell's Evolution (free) provides Linux users a client for Microsoft Exchange and Novell Groupwise.
Moving from Windows to Linux isn't a new concept, but products like Crossover Office and Evolution are making it easier. IBM, Novell and many smaller players offer migration assistance and consulting, and there are multiple books and training courses.
Whether you only migrate away from IE or wholly to Linux, you can dodge many prodigious and insidious attacks. The alternatives won't make you bulletproof, but they may reduce your risk exposure.
About the author
Jay Beale is the lead developer of Bastille Linux and the editor of Syngress Publishing's Open Source Security series.
Note: This column originally appeared in the August issue of Information Security magazine.
Subscribe to Information Security magazine.
This was first published in August 2004