School's out to shun IE

Penn State urges students to use alternative browsers to reduce risk of attacks through flaws in the Microsoft software.

Jim Hu Staff Writer, CNET News.com
Jim Hu
covers home broadband services and the Net's portal giants.
Jim Hu
2 min read
Citing security risks, a state university is urging students to drop Internet Explorer in favor of alternative Web browsers such as Firefox and Safari.

In a notice sent to students on Wednesday, Pennsylvania State University's Information Technology Services department recommended that students download other browsers to reduce attacks through vulnerabilities in the Microsoft software.

The university said "media reports" and a string of warnings by Carnegie Mellon University's Computer Emergency and Response Team led to its recommendation.

"We're not telling people to wipe off IE, because you need IE to do operating-system updates," Robin Anderson, a spokeswoman for Penn State's ITS department, said in an interview. "We're telling (students) there are alternatives--and for them to strongly look at those."

Microsoft said Internet users have a choice in Web browsers, adding that the company has invested heavily in online security.

"While Internet Explorer is the choice of hundreds of millions because of the unique value it provides, we respect that some customers will choose an alternative," a Microsoft representative wrote in an e-mail statement.

Penn State's new policy highlights the many security vulnerabilities that have dogged IE over the past few months. Nearly two dozen holes in the Web browser have been discovered during the fall, ranging in degrees of seriousness. Malicious code writers have targeted security holes in the browser to launch attacks or install spyware. These attacks are often launched when a victim clicks on a specific Web link, opening the door for criminals to take over the person's computer. Once the PC is compromised, the attacker could access account information, load other software and delete files.

Other attackers have targeted IE vulnerabilities to launch viruses. In November, security researchers discovered two viruses, Bofra.A and Bofra.B, loosely based on the MyDoom source code.

Security concerns have prompted a growing number of Internet users to embrace different browsers, such as The Mozilla Organization's Firefox, Apple Computer's Safari and Opera Software's Opera. While IE remains the undisputed leader for browsers, with nearly 90 percent market share, Firefox continues to gain in popularity.

Firefox has surpassed the 5 million download mark while gaining 5 percentage points in May to 7.4 percent, according to research firm OneStat.com. Microsoft has disputed these numbers, claiming that they do not represent corporate users.

Even though attackers target IE because of its near ubiquity, malicious code writers are widening their reach. Yesterday, a security company discovered an exploit in a feature common to most browsers, including IE, Firefox, Opera and Safari, that could be used to launch an attack.

Penn State's Anderson said the university has just completed a two-month information campaign for PC security, urging students to download firewalls and antivirus software, and to regularly install operating-system updates. She added that changing browsers is one of many ways to defend against attackers.

"What we're saying is, we're taking a hard stance on securing our computers," Anderson said.

CNET News.com's Robert Lemos contributed to this report.