Microsoft Dragging Its Feet with Browser Fix, Security Vendor Says

StrikeForce Technologies, a small vendor of a keystroke encryption technology, is accusing Microsoft of not acting fast enough to fix a browser issue that it says is preventing StrikeForce's technology from working with Internet Explorer 9.

StrikeForce Technologies, a small vendor of a keystroke encryption technology, is accusing Microsoft of not acting fast enough to fix a browser issue that it says is preventing StrikeForce's technology from working with Internet Explorer 9.

The problem was first reported to Microsoft, and acknowledged by the company, in April, said George Waller, executive vice president of StrikeForce. Since then, Microsoft has been saying it will fix the problem but has not gotten around to doing it yet, Waller said.

"I've been calling Microsoft every two weeks since April," said Waller, who sent Computerworld the text of what he said were several email exchanges StrikeForce has had with Microsoft on the issue over the past few months. "They keep on saying we are working on it each time we call them," he said.

In an emailed statement, Microsoft told Computerworld that it is looking into the matter. "Our engineering team is actively investigating the claim that this third-party toolbar is no longer working in IE9; upon completion of that investigation, any necessary updates will be provided," the company said.

"Windows customers and Internet Explorer users should know there is no impact to their security or browsing experience as a result of this claim," Microsoft added.

Waller said the issue has caused considerable frustration for StrikeForce and the nearly 2 million users of its technology. "Our anti keylogging technology is useless with Microsoft's IE9 browser because of Microsoft," he said. "What we have been doing is walking everyone through removing IE9 and putting IE8 back to work," he said.

StrikeForce is a maker of several authentication, keystroke encryption and mobile security products. The publicly listed company sells mainly to small and medium businesses and individual consumers though Waller says it has recently begun pushing into the enterprise space as well.

StrikeForce's products are also resold by other security vendors such as Trend Micro and Identity Guard.

The product at issue is called GuardedID Keystroke Encryption, a $30 product that is designed to protect users against keystroke-logging malware. One of its components includes a toolbar that sits within either IE or Mozilla's Firefox and automatically launches each time the browser is opened.

Guarded ID automatically encrypts all keystrokes made by a user and sends it to the browser where it is decrypted into the web application that the user has logged into.

The product worked fine with Microsoft's beta version of IE9 but doesn't do the same with the production version of the browser Waller said. The browser problem basically doesn't allow GuardedID to decrypt the keystrokes as it should, Waller said.

In one email from April, a Microsoft engineer acknowledges the issue and claims that it is "at the highest point of escalation" at Microsoft. "The product team has already reviewed this issue and they have confirmed that this was an unintentional regression," the engineer said. "A fix request has also been submitted."

Though it has been several months since that email, Microsoft has yet to address the issue, Waller said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com .

Read more about security hardware and software in Computerworld's Security Hardware and Software Topic Center.

This story, "Microsoft Dragging Its Feet with Browser Fix, Security Vendor Says" was originally published by Computerworld.

Insider Resume Makeover: How (and When) to Break the Rules
Join the discussion
Be the first to comment on this article. Our Commenting Policies