IE security problems open doors to friends and foes

Two software developers have opted to take very different approaches to the lack of security in Internet Explorer: one has decided to join Microsoft, the other to beat them

As security software developer Winferno launches an add-on that fills IE's security gaps, UK-based Deepnet Technologies has decided the time is right to release a rival to IE called Deepnet Explorer.

Winferno, a security software development firm from Boston, said its Secure IE 2004 Suite helps protects the user from spyware, unknown ActiveX scripts and key-logging software. Additionally, it also adds functionality such as tabbed browsing, a download manager and improved cookie management.

According to Winferno, the security suite provides a defence for Web browsing in much the same way that an antivirus software provides protection for email.

Internet Explorer owns around 95 percent of the browser market and is relied upon by the majority of computer users as their primary interface with the Web. But over the past few years the browser has been heavily criticised because of some high profile security flaws and Microsoft's apparent lack of interest in improving its features.

Last month was the first time IE has lost market share in many years, which could mean the market is opening up for new entrants and companies that can help secure IE's crumbling defences.

James Governor, principal analyst at Redmonk, said that because browser security is such a hot topic at the moment, it makes sense that companies may want to update their browser security without waiting for Microsoft.

Windows XP is scheduled to have a complete security overhaul when Microsoft releases Service Pack 2 later this summer. SP2 is expected to plug all of the known vulnerabilities in IE and Windows XP, but it is also likely to cause problems for many internal applications, which may require extensive modifications in order to cope with the changes brought about by SP2.

"For corporate users, SP2 may cause more problems than it solves, in terms of breaking corporate applications," Governor said.

The Winferno solution could provide a solution for companies that want to improve their browser's security without having to deploy SP2 or switch to an alternative browser, according to Governor

Deepnet Explorer - an alternative?
Governor said that companies are no longer automatically assuming that their only choice is IE. However, he added they will be reluctant to let go of such a familiar application.

"It's not that organisations are considering throwing out IE, but it is no longer the fait accompli that IE will be the chosen option. The security issues have opened a window of opportunity around the browser," he said.

One possible alternative is the Deepnet Explorer (DE), a locked-down Web browser aimed at the corporate sector, with all the advanced features that are standard these days (except in IE), such as tabbed browsing and pop-up blocking.

There is also a consumer version of DE that includes a built-in P2P application and an RSS news reader. Deepnet said its browser "offers more features than Microsoft's Internet Explorer, and is also more secure."

DE doesn't allow third party plug-ins -- the company said they expose the browser to potential security threats.

"Plug-ins can easily be exploited and used by spyware, adware and viruses, which is why we prefer to develop and build in the features instead. In fact one could argue that DE is probably more secure than any browser that allows plug-ins -- including Mozilla/Firefox," Deepnet said in statement.

Redmonk's Governor questioned Deepnet's decision to exclude plug-ins as they are used by rival browsers to ensure they stay up to date with developments in the industry.

But he added that as long as IEs alternatives keep making some ground, DE has a chance.

"If Firefox and Opera can drive some market share, there is no reason why a British company shouldn't step forward with a differentiated offering," said Governor.