According to security company Sophos

Feb 22, 2010 12:21 GMT  ·  By

This week Microsoft is starting to test drive a browser update which will be served automatically to users of Windows 7, Windows Vista and Windows XP in the European Union as of March 1st, 2010. The “Web browser choice screen” refresh is designed to promote choice in terms of browsers for Windows users, and to compensate for the bundling of Internet Explorer and Windows, which the European Antitrust Commission found to be a monopolist move on behalf of Microsoft. Security company Sophos is now warning that Microsoft’s “Web browser choice screen” could be used by attackers to compromise the computers of unsuspecting victims.

Users in the EU which run IE on top of Windows will be served with an Important Update from Microsoft, via Windows Update and Automatic Updates, advertising Opera, Google Chrome, Mozilla Firefox and Apple Safari in addition to Internet Explorer 8. The refresh will display a window on the customers’ screen prompting them to choose the default browser for their computer.

"The likes of Google and Mozilla will be rubbing their hands in glee at the chance of increasing their share of the browser market, and this increased exposure should be good for them. It will be fascinating to see how many average internet users are tempted to try surfing via another program," explained Graham Cluley, senior technology consultant at Sophos. "But there is a real danger that cybercriminals might attempt to take advantage of this initiative by creating bogus browser choice screens that could pop up on innocent users' PCs and potentially lead them to a malicious download."

In the case of fake antivirus programs, or rogue security solutions, attackers have produced bogus software capable of infecting Windows computers, by copying legitimate products. In this regard, there is a chance that fake “Web browser choice screen” could also start spreading, masquerading as the update from Microsoft, in order to get uninformed users to install malicious code on their computers. This can be done by using pop-up screens presented to end users when they’re browsing.

Of course, in order to protect themselves, users need to be running an antivirus, but also exercise caution when it comes to downloading and installing software that is advertised to them. When it comes down to the “Web browser choice screen” update, Windows customers need to check the legitimacy of the vendor supplying the program if they are not familiar with it.

"Regardless of the dangers of bogus pop-ups pretending to be the browser choice screen, computer users need to remember that no browser is perfect, and whichever one you choose it is essential that you keep it properly patched and updated to reduce the chance of hackers exploiting security vulnerabilities," Cluley added.

Internet Explorer 8 (IE8) RTW is available for download here (for 32-bit and 64-bit flavors of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).

Firefox 3.6 Final for Windows is available for download here.

Google Chrome 4.0 Stable is available for download here.

The latest release of Opera 10 is available for download here.

Photo Gallery (2 Images)

IE8
Web browser choice screen
Open gallery