Reports of IE’s death are extremely premature

It’s easy to take shots at Microsoft’s Internet Explorer and make snarky references to “Grandma’s browser.” But despite a shift from IE in the consumer market, when it comes to business, Microsoft’s browser is still the choice of three out of four users. And when businesses do drop nine-year-old IE6, they are deploying IE8 instead of glitzier competitors like Mozilla’s Firefox and Google’s Chrome.

That’s one of the more interesting results of a new survey by Zscaler, a SaaS vendor of business security applications that looked at actual Web traffic on the networks of its approximately 1 million customers. The study also found that despite efforts to defeat them, old botnots like Koobface and Torpgi are still strong and that black hats are now using SEO (search engine optimization) techniques to attract victims, a twisted variation of the strategy used by content providers to build Web traffic.

[ Also on InfoWorld: A new breed of risk-analysis products can provide the big security picture. | Discover what’s new in business applications with InfoWorld’s Technology: Applications newsletter and Killer Apps blog. ]

While a widely publicized Net Applications study recently pegged overall market share for IE at just below 60 percent for the first time, the Zscalar analysis found that as of January 2010, all versions of IE claimed a 76.6 percent share in the business world, while Firefox, Chrome, and Safari had shares of 9.6 percent, 1.6 percent, and 1.5 percent, respectively.

Moving to IE8

In the first quarter of the year, an unpatched zero-day exploit left users of IE6 exposed for 21 days. But the same exploit had no effect on IE8. By the end of the period, IE6 lost 7.5 points of business share, with most of that going to IE8, according to Zscalar. IE6 dropped from 33.5 to 26.9 percent, while IE8 grew from 5.8 to 10 percent overall share in the business market.

That makes sense, of course, but there’s another factor to consider: ActiveX, its security flaws, and its role in legacy business applications. Many corporate apps were never rewritten for Java, as IE was the standard browser in Windows; its ActiveX client app dev protocol became the standard as well. IE8, though, has issues with IE6’s ActiveX, so many IT shops have been stuck with IE6 even though they would prefer a more modern IE environment.

But that’s changing, says Mike Geide, a Zscalar senior security researcher. As business migrates more and more applications to newer platforms, the use of ActiveX has become less significant. To be sure, the transition has been a slow one, and there are still older, ActiveX applications such as time sheets and project management customized for a particular use, he says.

As that base of ActiveX-dependent applications dwindles, the reasons to leave IE6 behind get more compelling. Security, of course, is a major one; IE8 has security features the older browser lacks. What’s more, as large content providers such as Google’s YouTube drop support of IE6, users pressure IT to upgrade, says Geide.

Old botnets never die Regardless of the browser in place, the Zscalar report also showed that an unpleasant constant has been the botnet threat. “Long-standing threats such as Monkif, Zeus, Koobface, and Torpig continued to dominate the botnet landscape throughout the quarter. The Eleonore exploit kit was also the source of 5 percent of all browser exploits that we encountered,” according to the Zscalar report.

But malware masquerading as antivirus software led the threat landscape in the first quarter of the year, accounting for 14 percent of the threats blocked by Zscalar. So-called fake antivirus has been aggressively distributed by redirecting users from a large variety of seemingly benign links to “scareware” sites that claim to detected a system infection and then provide a download for an antivirus scanner (which is malware itself). Two fake antivirus sites in particular made up the bulk of the fake antivirus transactions that Zscaler witnessed: winifixer.com and xorg.pl.

“A large portion of fake AV redirections occur from poisoned Google search results for popular search terms. Just as businesses leverage search engine optimization (SEO) techniques to ensure that Web pages float to the top within popular search engines, such as Google, Yahoo, and Bing, so too do attackers. Attackers, however, have one significant advantage: They don’t have to follow the rules,” says the report.

Here, according to Zscalar, are the three key tactics used to turn SEO from a marketing tool to a malware attack:

• Keyword stuffing: Adding keywords to a page that are generally hidden using formatting techniques that don’t change the look of the page but include content that influences the SEO analysis of the page content.
• Link bombing: Injecting or adding links to third-party sites to promote a specific Web page, such as through comments and forum posts. Because attackers generally have access to thousands of malicious or infected domains, they can quickly alter search rankings with this technique.
• Doorway pages: Setting up gateways that return different results depending on where the request is originating from. If a search engine bot is making the request, an SEO-optimized page is returned. When the request comes from a potentially vulnerable Web browser, a malicious page is delivered, whereas a benign page is returned if the browser is deemed to have been patched.

I welcome your comments, tips, and suggestions. Post them here so all our readers can share them, or reach me at bill.snyder@sbcglobal.net.

This article, “Reports of IE’s death are extremely premature,” was originally published by InfoWorld.com. Read more of Bill Snyder’s Tech’s Bottom Line blog and follow the latest technology business developments at InfoWorld.com.