Microsoft accused of dragging its feet with IE9 glitch
Security vendor StrikeForce says glitch in browser is preventing its keystroke encryption product from running
By Jaikumar Vijayan | Computerworld US | Published: 11:45, 15 September 2011
Microsoft has been accused by keystroke encryption specialists StrikeForce Technologies of not acting fast enough to fix an Internet Explorer 9 browsing glitch.
StrikeForce say the glitch is preventing its tool from working in IE9, even though it worked in Microsoft's beta version of the product.
The problem was first reported to Microsoft and acknowledged by the company in April, said George Waller, executive vice president of StrikeForce. Since then Waller said that Microsoft has been saying it will fix the problem but has not gotten around to doing it yet.
Related Articles on Techworld
"I've been calling Microsoft every two weeks since April," said Waller, who revealed the text of what he said were several email exchanges StrikeForce has had with Microsoft on the issue over the past few months. "They keep on saying we are working on it each time we call them," he said.
In an emailed statement, Microsoft said that it is looking into the matter. "Our engineering team is actively investigating the claim that this third-party toolbar is no longer working in IE9; upon completion of that investigation, any necessary updates will be provided," the company said.
No security impact - Microsoft
"Windows customers and Internet Explorer users should know there is no impact to their security or browsing experience as a result of this claim," Microsoft added.
Waller said the issue has caused considerable frustration for StrikeForce and the nearly 2 million users of its technology. "Our anti keylogging technology is useless with Microsoft's IE9 browser because of Microsoft," he said. "What we have been doing is walking everyone through removing IE9 and putting IE8 back to work," he said.
StrikeForce is a maker of several authentication, keystroke encryption and mobile security products. The publicly listed company sells mainly to small and medium businesses and individual consumers though Waller says it has recently begun pushing into the enterprise space as well.
StrikeForce's products are also resold by other security vendors such as Trend Micro and Identity Guard.
The product at issue is called GuardedID Keystroke Encryption, a $30 product that is designed to protect users against keystroke-logging malware. One of its components includes a toolbar that sits within either IE or Mozilla's Firefox and automatically launches each time the browser is opened.
Microsoft confirm fault an 'unintentional regression'
Guarded ID automatically encrypts all keystrokes made by a user and sends it to the browser where it is decrypted into the web application that the user has logged into.
The product worked fine with Microsoft's beta version of IE9 but doesn't do the same with the production version of the browser Waller said. The browser problem basically doesn't allow GuardedID to decrypt the keystrokes as it should, Waller said.
In one email from April, a Microsoft engineer acknowledges the issue and claims that it is "at the highest point of escalation" at Microsoft. "The product team has already reviewed this issue and they have confirmed that this was an unintentional regression," the engineer said. "A fix request has also been submitted."
Though it has been several months since that email, Microsoft has yet to address the issue, Waller said.