Microsoft rivals gain after Europe browser warning

Warnings by the German and French governments about the vulnerability of Microsoft’s Internet Explorer 6 in the wake of the serious China-based cyberattacks disclosed last week by Google appear to be boosting the uptake of rival browsers across Europe.

However, computer security experts described the Microsoft software flaws as routine and not particularly serious, and called the official warnings in Europe an overreaction.

The spotlight that has been thrown on weakness in its software as a result of the China attacks comes at a critical time for Microsoft, which has been hoping that the release of its Windows 7 operating system would reverse Internet Explorer’s loss of market share.

Internet Explorer is still the leading browser in Europe, with 45 per cent market share, but Mozilla Firefox is a close second at 40 per cent. This compares with a 56 per cent market share worldwide, according to StatCounter, a web analytics company. In markets such as Germany and Austria, Firefox has become the market leader, with IE in second place.

The German and French governments have both warned citizens not to use Internet Explorer, at least until a security patch is released to fix a vulnerability in the software. Concerns were raised after security experts pointed to a flaw in Internet Explorer code as a key vulnerability that had contributed to the cyberattacks on Google and 33 other companies.

There was a huge spike in the number of searches for Firefox in Germany at the end of last week, according to the Google Trends website, which allows users to track internet behaviour. There was also a sharp rise in searches for Firefox in Switzerland and Austria, and more modest increases in Italy, the Netherlands, Spain, Portugal and the UK.

Microsoft said last week that Internet Explorer had been one of several mechanisms used in the attack. Microsoft itself was recommending that customers switch to Internet Explorer 8, a newer version of the browser. Microsoft said it had not seen any successful attacks on IE8.

Andrew Storms, director of security for nCircle, a web security provider, described the warnings from France and Germany as “a disproportionate response” that reflected general paranoia in the wake of Google’s disclosure.

“Microsoft is an American company, Firefox is developed internationally – it’s convenient to kick them over this one,” said Dan Kaminsky, a US-based security expert.

The disclosure of the browser flaw was routine and not materially different from “thousands” of weaknesses found each year in browsers and software “plug-ins” that extend their capabilities, he added.

Internet Explorer has been under intense scrutiny in Europe. Microsoft recently settled a case with the European Commission over tying the browser to its dominant Windows operating system. In December, Brussels agreed a deal in which the company will offer Windows users a choice of a dozen browsers. Microsoft will continue to be under close monitoring by Brussels to ensure that this system works.

Microsoft is trying hard to improve its relations with European policymakers, however. On Tuesday it announced that it would make data from internet searches anonymous after six months, in line with recommendations by the Commission.

The Article 29 Working Party, a group of European data protection officials that advises Brussels on its privacy policies, had recommended nearly two years ago that user data collected by search engine companies be deleted after six months. Although Microsoft is responding slowly to the request, it will look compliant compared with Google, which keeps search data for nine months.