By Kim Tong-hyung
Staff Reporter

Government authorities are wary about the serious security flaws of Internet Explorer 6 (IE6), the sixth revision of Microsoft's Web browser released in 2001 that remains the country's predominant Internet gateway.

However, it's unclear what Korean computer users are supposed to do, when this is the same government that decided years ago that allowing a Microsoft monoculture in Web browsers would be the best way to ensure safety in online communications.

The National Intelligence Service (NIS), the country's spy agency, recently advised computer users to strengthen security settings on their IE6 and IE7 Web browsers, which were recently exposed to vulnerabilities that Microsoft has yet to issue a patch to fix.

The security flaws in the Web browsers could make it easier for tech-savvy criminals to attack people's computers and steal information or distribute malicious software, the NIS said.

Until Microsoft releases a security update, computer users must strengthen the security settings of their Web browsers and disable "Active Scripting" functions, the NIS said.

However, following such advice would cripple the daily computing experience. Perhaps, it would be hard to find even an NIS employee following such instructions, when it would prevent him from accessing his bank accounts from his computer, buying products from online shopping malls, and visiting news sites and other major online destinations that were designed for the antiquated IE6.

The problem created by turning off Active Scripting is that it would cut off the browsers from Active-X, an aging Microsoft tool that is still the engine behind virtually all Korean Web activity.

Virtually all encrypted online communications here are made to rely on Active-X controls, which first debuted in 1996, as the government recognize the tool as the only method for downloading public key certificates that are required for online transactions.

Korea's dependence on Active-X is unique, as security concerns have limited the deployment of the technology elsewhere.

Instead of a security-based model, Active-X relies on signatures to allow users to judge whether to download an Active-X control. This is a risky arrangement, since Active-X controls require full access to the Windows operating system, meaning it is often abused by cyber criminals to compromise the user's control of the computer.

Its usage became a hot topic again in July when a massive Internet attack left more than 80,000 Korean computers crippled.

thkim@koreatimes.co.kr