'

Win2K bug locks users out

Internet Explorer update confusion can cause entire systems to be trashed, but Microsoft says it is acting responsibly

Installing Internet Explorer (IE) version 5.01 on Windows 2000 can permanently lock users out of the system, Microsoft has confirmed.

Windows 2000 users who attempt to upgrade to 128-bit encryption by installing a new version of the browser have found that the system will no longer allow them to log on. Users are then forced to wipe their system clean and reinstall everything from scratch, according to a report on an email newsletter for Windows users.

The new operating system ships configured for 40-bit encryption. However, export controls on 128-bit encryption -- the strongest available -- were recently relaxed by the US government, thus allowing Microsoft to release an upgrade. To use the stronger encryption, Microsoft has offered an operating system patch, since the company sees Internet Explorer as part of the OS, and not a separate application.

However, some confused users have attempted to move up to 128-bit encryption by merely installing a new version of the browser, and that's where they have run into trouble.

Encryption is used to secure Internet communications and data from prying eyes; it is particularly valuable in e-commerce, where sensitive financial information may be involved.

Microsoft "recommends" that users not try to install Internet Explorer software on Windows 2000 without specifying what might happen if they do. "Windows 2000 is up-to-date with the latest released version of Internet Explorer -- Internet Explorer 5.01. Because Internet Explorer 5.01 is already installed on Windows 2000, Microsoft recommends that you do NOT attempt to download Internet Explorer 5.01 software on a computer running Windows 2000," the company says on its Web site.

The company argues out that only a small number of people are likely to accidentally install IE 5.01. "The situation you're describing is a very unusual one, where people go out of their way to actually choose the wrong software," said Windows 2000 product manager, Neil Laver.

He pointed out that Windows Update will tell users they are downloading the wrong software, and the Windows Web site also warns them. "We feel we are doing the responsible thing through these measures," he said.

The 128-bit encryption patch is available on Microsoft's Web site, here.

Move along please -- Windows 2000 coming through. Go with Jane Oliver to read the news comment at AnchorDesk UK.

What do you think? Tell the Mailroom. And read what others have said.