The U.S. Department of Homeland Security has just advised Americans to not use Microsoft's (MSFT 0.13%) Internet Explorer browser until a serious security flaw can be resolved.
The flaw -- which allows malicious hackers to circumvent security measures in Windows operating systems when compromised websites are visited -- exploits a corrupted Adobe (ADBE +0.90%) Flash file to attack the victim's computer. FireEye Research Labs, which discovered the bug, has stated that the hackers exploiting the bug are calling the attack "Operation Clandestine Fox."
In response, Microsoft stated that it was working to repair the vulnerability in versions 6 through 11 of IE, although Windows XP users -- who lost support earlier this month -- will be left without a fix. Windows XP is still installed on 28% of the world's operating systems.
IE users should take measures to protect themselves from Clandestine Fox. Source: Microsoft.
However, Symantec (SYMC +1.99%), the makers of Norton Antivirus, recently released a tool for XP users to protect themselves from the bug. Microsoft has advised downloading its Enhanced Mitigation Experience Toolkit version 4.1 to guard against attacks. FireEye has stated that disabling Adobe's Flash plugin can temporarily fix the issue across all platforms.
At the time of this writing, Microsoft has not released a fix for the bug yet -- a dire problem considering that nearly 57% of all PCs worldwide run one of the affected versions of IE.
What Operation Clandestine Fox means for Microsoft
Operation Clandestine Fox could mean a few things for Microsoft. First, it ironically benefits the company, since this could be the canary in the coal mine that tells late adopters that it's finally time to let go of XP.
However, that sales boost will come at the expense of Microsoft's reputation. Microsoft's operating systems -- both on PCs and Xbox consoles -- have long been riddled with security flaws.
ATMs running on Windows XP were repeatedly hit by USB drive and text-message based hacks. Last month, a 5-year-old boy discovered a security flaw in the Xbox One, simply by typing a series of spaces when prompted for a password. Problems like these often lead critics to claim that Linux distributions or Apple's (AAPL +0.54%) Mac OS are much safer alternatives to Windows.
95% of ATMs across the world still run on Windows XP. Source: Imgdonkey.
Yet in reality, PCs running Microsoft Windows are popular targets for hackers simply because they comprise the vast majority of the computers in the world. It's simply a wasted effort to write a virus targeting Macs or Linux systems, which together only account for 5% of the world's computers.
What Operation Clandestine Fox means for Google
A Homeland Security-issued warning against Microsoft's Internet Explorer could be a boon for Google (GOOG +1.61%)(GOOGL +1.75%) Chrome, which accounts for 12.7% of all PC web browsers worldwide. If Microsoft can't solve its Clandestine Fox issue soon, Chrome could experience a spike in market share.
Google intends for Chrome to house its cloud-based apps, such as Drive, GMail, and YouTube, in a miniature operating system. This mini-OS approach has been seen before in Chrome OS and the Windows 8 version of Chrome, which adds a Google Apps-based taskbar to the bottom of the screen. Chrome's greatest advantage over IE is that it quietly synchronizes search histories, bookmarks, and even autocomplete form information across multiple devices.
Therefore, users abandoning IE for Chrome might eventually get drawn into Google's ecosystem, ditching Outlook for Gmail, OneDrive for Drive, and Bing Maps for Google Maps. That will lead straight to an increased dependence on Google's ecosystem -- the vital engine that keeps sales of Android devices churning along.
What Operation Clandestine Fox means for Adobe
While this is certainly a black eye for Microsoft, it could be far worse for Adobe, which has been struggling to convert itself from a packaged software company to a cloud-based subscription one.
Adobe's reputation was severely tarnished last October after hackers broke into its servers and stole customer account information and the source code for Adobe's top products such as Adobe Acrobat and ColdFusion. The theft of the ColdFusion source code is especially troubling, since it supports the newer HTML5 standard used by many mobile apps. As a result, hackers could use the ColdFusion source code as an open guidebook to create dangerous exploits.
Meanwhile, Adobe Flash, which was directly implicated in the Clandestine Fox hack, has been exploited many times in the past. Like Javascript, Flash can execute malicious code via a plugin on a webpage upon loading to circumvent a computer's security protocols and steal information.
In 2010, Steve Jobs called Flash "the number one reason Macs crash." He also cited Symantec's statement that Flash had "one of the worst security records." Four years later, Operation Clandestine Fox looks like a firm validation of Jobs' declaration.
The next step
At the moment, there's not much computer users can do except avoid using IE and disable Adobe's Flash plugins. However, the hackers behind Operation Clandestine Fox claim that the exploit is part of an ongoing campaign, which means that this "bug" could actually be much more vicious and dynamic than a simple virus.
The longer this debacle drags on, the worse it will get for Microsoft and Adobe. Microsoft will struggle with keeping its IE users from flocking to Chrome, while Adobe will have a tough time convincing its corporate customers that it takes cloud-based security seriously.
