In the wake of the highly-publicized hack attack on Google and other large companies, which some are blaming on Internet Explorer, Germany and France have decided enough is enough. Both countries have warned their citizens that Internet Explorer is not safe and advised them to download alternative browsers.
Somewhat surprisingly, it appears that a good number of citizens are heeding the message. According to the Wall Street Journal, all indications are that the message is getting through. Mozilla, which is behind the Firefox browser, is reporting a "significant surge in downloads" in Germany since the German announcement. Numbers for France are not yet available.
For those who have been screaming for years about IE's lack of security and those who just don't like Microsoft, the German and French warnings are a welcome development. Of course, Microsoft would beg to differ. It's defending its record on security and claiming that Firefox and the other alternatives are actually inferior security-wise.
So who's right and who's wrong? Needless to say, there's enough spin here from all sides to make just about anyone dizzy. I do, however, think that there are three things to keep mind here.
Security doesn't exist online. If you're connected to the net, you're at risk. Period. When it comes to managing the risk that comes with internet usage, there's more to the discussion that just the browser. From plugins to antivirus software to networking setup, the individual configuration of any given machine plays a big role.
And you can't deny the biggest threat: zero-day exploits. They're the unknown unknowns and it's the unknown unknowns that usually cause the most damage. By pretending that switching away from IE to an alternative browser minimizes risk significantly, Germany and France are promoting an illusion.
The attacks targeting Google and other companies were targeted. While this isn't to say that the average consumer doesn't have to worry about nasty, sophisticated malware (they do), the type of attack that was directed at Google isn't likely to be directed at Joe Blow.
Anybody sufficiently motivated to hack a specific target will develop sophisticated methods to achieve that goal. Those methods might take advantage of a vulnerability in a browser, but they could just as easily target another application or even rely on offline methods.
- There's some political context that should be considered. The EU has aggressively pursued Microsoft and while I'm not suggesting that Germany and France are telling their citizens to ditch IE to spite Microsoft, I think it's fair to say that there's no love lost between either nation and the software giant.
In the final analysis, I think it's fair to say that online security is bigger than the browser and that no matter which browser a person uses, there's risk. Therefore, governments calling on their citizens to abandon a particular browser is a bit extreme. After all, why stop with IE? An identity theft nightmare is just an email away. And social networks are pretty dangerous too.
Obviously, it would be quite ridiculous for any government to advise its citizens to abandon email, or to avoid social networks. Which means that we should probably expect those recommendations sometime soon.
Photo credit: volantra via Flickr.