Originally published July 20 2005
Internet Explorer browser vulnerable to hackers and thieves
by Mike Adams, the Health Ranger, NaturalNews Editor
While all browsers face similar threats for security breaches, Microsoft's popular Internet Explorer was under so many attacks that they release an enhanced security package in 2005 to fix some of the bugs.
IE's problems at the time were pervasive, and many of them were rooted in its complicated architecture.
Vulnerabilities in IE were being reported almost monthly, and users faced risk until Microsoft released updates.
By June 2004, attackers had started targeting IE. Exploits appeared "in the wild" on Web sites that installed malicious software on visitors' computers.
First, Microsoft released security enhancements in its Windows XP Service Pack 2.
Second, attackers have begun to exploit vulnerabilities similar to IE's in alternative browsers.
Two of the most important improvements are the lockdown of the Local Machine zone and improved restrictions for "chromeless" windows.
Local Machine zone lockdown almost eliminates the ability of Web pages in the Local Machine zone to run scripts.
Nor should a browser treat scripts from a remote Web site as originating on the local computer.
Local Machine zone lockdown limits the actions an attacker can take, making it difficult for an attacker to run malicious programs.
"Chrome" is what makes a window look like a window: a border, an address bar, navigation buttons and so on.
IE, like some other browsers, allows Web site developers (and attackers) to create windows without chrome.
Before SP2, attackers could create deceptive chromeless windows that cover important elements such as the address bar, the security padlock icon, or even the Windows Start menu.
This functionality made it easy to mislead users by making a spoofed Web site appear legitimate.
Other browsers, similar threats All Web browsers face similar threats, and some share similar design features.
IE is essentially a wrapper program around two Windows components: the Web browser ActiveX control that handles browser windows and navigation, and the MSHTML rendering engine that displays HTML and runs scripts.
The Mozilla Foundation's Web browsers, including the Mozilla suite and Firefox, use the Gecko Runtime Environment, or GRE.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml