Microsoft browser switch could lead to hack attacks, Sophos warns

February 19, 2010 Sophos Press Release

IT security and data protection firm Sophos is warning that hackers could take advantage of an initiative that next week will see millions of Internet Explorer users invited to choose an alternative browser.

Following a legal tussle between European Union anti-competition watchdogs and Microsoft, the software giant will begin to display a message on the screens of Windows PCs across Europe, suggesting they use the browser of their choice rather than Internet Explorer by default.

The first that most users will know is when a dialog pops up headlined "An important choice to make: your browser", followed by a kiosk of alternative browser choices including Google Chrome, Safari, Opera and Firefox.

Browser choice screen

"The likes of Google and Mozilla will be rubbing their hands in glee at the chance of increasing their share of the browser market, and this increased exposure should be good for them. It will be fascinating to see how many average internet users are tempted to try surfing via another program," said Graham Cluley, senior technology consultant at Sophos. "But there is a real danger that cybercriminals might attempt to take advantage of this initiative by creating bogus browser choice screens that could pop up on innocent users' PCs and potentially lead them to a malicious download."

Cluley believes that with possibly millions of people seeing the legitimate browser choice screen, users querying a similar-looking pop-up on their screen could be dismissed as overly paranoid and just told to follow its instructions and download what they believe to be an alternative browser.

"Regardless of the dangers of bogus pop-ups pretending to be the browser choice screen, computer users need to remember that no browser is perfect, and whichever one you choose it is essential that you keep it properly patched and updated to reduce the chance of hackers exploiting security vulnerabilities," continued Cluley.

More information about the issue is available on Graham Cluley's blog, and Microsoft has posted further details, including screenshots of what the choice dialogs will look like, on its website.

About Sophos

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.