Thursday, June 10, 2004
Internet Explorer hole allows web sites to take over your computer
Yep. It's really that bad.
Even if you've installed all Microsoft's security patches, going to the wrong web site can let a bad guy install and run software on your computer. When that happens, your computer becomes the bad guy's computer. You don't have to do anything, just open the web page. A firewall won't help.
Security firm Secunia rates this problem "extremely critical" and says that spyware perpetrators are using it now.
This blog is all about telling you what you can do. As usual, stay out of bad neighborhoods: clicking links blindly on sleazy sites is not smart. Secunia offers three technical solutions, two of which apply to home or small business users. They say:
Solution:
Disable Active Scripting support for all but trusted web sites.
Filter "Location:" headers containing the "URL:" prefix in a proxy server.
Use another browser.
Thank you, Secunia.
"Disable Active Scripting support for all but trusted web sites" means click the Start button, move to Settings, wait for the second menu to pop up, move to "Control Panel" and click that, from the window that appears double-click "Internet Options", in the resulting dialog click the tab that says "Security", click the icon that says "Internet", click the button labeled "Custom Level...", scroll almost to the bottom where it says "Scripting" and "Active Scripting", click the radio button labeled "Disable", click OK, click OK again in the first dialog box. Some normal web sites may not work right afterward. If that bugs you, go back to the "Security" tab from the rigmarole above, click "Trusted Sites", and type in the address of the site that you're having trouble with.
The recommendation about a "proxy server" doesn't apply to you if you're a typical home or small business user.
Using another browser is really easy and improves your life anyway. Most competing web browsers block popup ads! I recommend a free one called "Firefox". You should be able to simply jump in and download it, but if you want you can read what it's about first, and maybe read a step by step introduction.
|
Even if you've installed all Microsoft's security patches, going to the wrong web site can let a bad guy install and run software on your computer. When that happens, your computer becomes the bad guy's computer. You don't have to do anything, just open the web page. A firewall won't help.
Security firm Secunia rates this problem "extremely critical" and says that spyware perpetrators are using it now.
This blog is all about telling you what you can do. As usual, stay out of bad neighborhoods: clicking links blindly on sleazy sites is not smart. Secunia offers three technical solutions, two of which apply to home or small business users. They say:
Solution:
Disable Active Scripting support for all but trusted web sites.
Filter "Location:" headers containing the "URL:" prefix in a proxy server.
Use another browser.
Thank you, Secunia.
"Disable Active Scripting support for all but trusted web sites" means click the Start button, move to Settings, wait for the second menu to pop up, move to "Control Panel" and click that, from the window that appears double-click "Internet Options", in the resulting dialog click the tab that says "Security", click the icon that says "Internet", click the button labeled "Custom Level...", scroll almost to the bottom where it says "Scripting" and "Active Scripting", click the radio button labeled "Disable", click OK, click OK again in the first dialog box. Some normal web sites may not work right afterward. If that bugs you, go back to the "Security" tab from the rigmarole above, click "Trusted Sites", and type in the address of the site that you're having trouble with.
The recommendation about a "proxy server" doesn't apply to you if you're a typical home or small business user.
Using another browser is really easy and improves your life anyway. Most competing web browsers block popup ads! I recommend a free one called "Firefox". You should be able to simply jump in and download it, but if you want you can read what it's about first, and maybe read a step by step introduction.
# posted by Frederick @ 11:57 PM Email to a friend:
Haloscan: they provide trackback