Microsoft is stopping supporting Internet Explorer (IE) 8, 9 and 10. Users of IE 11 will continue to receive technical support and security updates, leaving users of legacy versions of IE more vulnerable to malware, warn IT security firms.
Craig Young, security researcher for Tripwire’s Vulnerability and Exposure Research Team (VERT) said: “It is safe to assume that cybercriminals have been stockpiling IE vulnerability information ahead of the support cutoff, and they will easily learn new attack techniques for older versions by analysing future IE 11 updates.”
Tim Erlin, director of IT security and risk strategy for Tripwire, said: “It’s a cruel reality, but in an age of continual cyberthreats, there are no excuses for not carrying out browser updates.”
As for what users can do to stay safe during the IE upgrade, Steve Donald, Chief Technology Officer at Hexis Cyber Solutions says: “Running an unsupported or unpatched version of Internet Explorer is like leaving your car unlocked in public – an extremely preventable risk.
“The vast majority of cyber-attacks are content delivered or displayed within a web browser. While there may be operational reasons for keeping an older, unsupported version of the software, there are significant risks in not maintaining the latest web browser and running regular updates. In the last three years alone, there has been approximately 646 vulnerabilities reported across Internet Explorer versions 7-11, which is why all users should take measures to protect themselves.
“To navigate this latest change, take advantage of the automatic updates within Windows. Remember, Microsoft will not send unsolicited email requesting personal information or asking you to follow web-links. As a result, be wary of attackers that leverage the chaos during support changes to dupe people into installing malware or giving away personal information. For example, alarmist emails that warn you to open an attachment or risk losing all internet access. Or phone calls from “tech support” that lead you through the update process and ask for usernames, passwords or computer information.
“Within the enterprise world, many organisations may circulate internal emails about the need to update with instructions on how. These organisations need to be aware that attackers will mimic or spoof communications and follow best practice in IT change management. This includes not distributing software via email or third-party sites, using signed or authenticated emails from IT and posting any update instructions on internal sites with proactive communication regarding updates.”
Mark James, Security Specialist at IT security firm ESET, says: “EOL (End of Life) software will sadly haunt us for many years to come, from operating systems to browsers and all manner of applications, it’s a fact that some software will no longer be supported or updated. It’s just not possible to span a finite amount of resources to look after the ever increasing versions of software and expect the same great service from companies we trust.
“So what exactly does EOL mean? No updates, no patches, no fixes, no new versions and no support options if things go wrong. This basically means it’s a hot potato and YOU need to drop it as fast as you can. With the majority of malware being delivered via your web browser these days, it’s imperative you keep it as up-to-date as possible. Of course sometimes it’s not always possible to do this and Microsoft have stated they will do their best to factor in better compatibility into their new Edge browser.
“But remember as long as you don’t have very special requirements via your own web applications then using one of the other many choices of web browsers that include but are not limited to (in no particular order) Firefox, Chrome or Opera, may be a viable option. But let’s be realistic here, if you’re forced to use one of the older browsers due to your operating system being old and possibly EOL itself, then don’t fool yourself into thinking just because you’re using another more secure browser that you are safe. Having the best quality locks on a wooden shed does not change the fact it’s a wooden shed!” Mark James suggests:
– Always ensure you have a good updating Internet Security product installed and working at its optimum level.
– Check your operating system (OS) and where possible make sure your using the latest OS possible.
– Before moving completely to a new application make sure you test everything to ensure there are no compatibility problems.
– Security should be multi-layered, think of it like a bicycle chain and remember you’re only as strong as your weakest link.
– There are many browser alternatives as well as options on the internet to “check your browser security”; not all browsers are equal.
