/>
X
Business

Experts: Don't rely solely on patches

Following unresolved ActiveX vulnerability in Internet Explorer, security experts say users should take extra precaution and not rely on critical patches alone.
Written by Victoria Ho, Contributor on

Users should take extra precautions against security holes and not rely only on critical patches to ensure safety, say security experts.

According to reports, Microsoft was aware of an ActiveX vulnerability affecting its Internet Explorer browser for over a year, but left it open. It issued a security advisory earlier this week, saying it was investigating the hole.

It has also issued a temporary workaround, till the issue is resolved.

Internet Explorer is used by almost 70 percent of the world, as of February this year.

The software giant's failure to issue a patch has led to a flurry of reports online, with some researchers comparing the potential spread of the vulnerability to the Conficker virus.

Paul Ducklin, head of technology for Asia-Pacific at Sophos, told ZDNet Asia the dangers of a software maker taking too long to fix a hole is that it leaves the opportunity open for malicious attacks.

While Microsoft may have not issued a patch sooner because it was wary of creating new problems in its attempt to fix the old, the onslaught of malware while the hole stays open "means you have to rush out a fix anyway", Ducklin said.

"A year sounds like a long time to me, though. Perhaps it could have been a bit swifter in this case," he said.

Ducklin added that users employing antivirus software are protected at a secondary level, with the software intended to catch and block malicious files should they encounter them.

Chia Wing Fei, security response senior manager at F-Secure Security Labs, also acknowledged the possibility of Microsoft's need to ensure stability of the patch.

According to Chia, another way to avoid the Internet Explorer hole is by using alternative browsers, such as Firefox, Opera or Chrome.

Microsoft was unable to respond by press time.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Epson is going to stop selling laser printers. Here's why
piles-of-paper.jpg

Epson is going to stop selling laser printers. Here's why

Apple names the 16 best apps and games of 2022, with BeReal taking top honors
App Store icon

Apple names the 16 best apps and games of 2022, with BeReal taking top honors