IT managers are waiting on tenterhooks for Microsoft to
announce a patch to the Bofra vulnerability. It's been three
weeks since the Internet Explorer 6 flaw was discovered, but
the company is still investigating the bug.
Last week hackers also used the Bofra flaw to infect a group
of banner ads. The ads then pointed IE users to another Web
ite that attacked their machines. Analyst Gartner warned this
type of threat will become commonplace, as banner ads supply
an ideal vehicle for hackers to break thousands of machines
in one swift blow.
Although Microsoft says that Windows XP Service Pack 2 is
unaffected by Bofra, the Finnish Communications Regulatory
Authority (FICORA) is warning people to use an alternative
browser until the hole is patched. Is this a rash move? One
ZDNet reader, software engineer Chris Rankin, thought not,
when he posted a tongue in cheek message to us saying that
patches for Internet Explorer's main problems had already been
released: they're called Firefox, Mozilla and Opera.
I love FireFox. Not because I think it is any more secure than IE but because it offers features that are attractive to me. If the hackers didn't have MS and IE to pick on they'd pick on the next big guy.
So I have no delusions of my Firefox being the most secure browser, just the least picked on one.
These people that love to point out flaws in MS Products need to write their own flawless program if they think they can do a better job. If you work hard enough at you can probably find security holes in every browser out there.