The Security Mentor

Two bugs, actually.

Internet Explorer ("IE") is supposed to show you a warning if you try to run a program you found on the web. One bug allows bad guys to send you a file that won't set off the warning. You shouldn't have been depending on getting a warning message, though. Ideally you'd just be careful what you download.

The other bug lets a bad guy fool you about what type of file you're downloading. You could think something was a picture and actually be getting a computer program instead.

Things that don't help:

• Your firewall doesn't look for problems like these. As far as it's concerned, you asked to download a file. If it's a toxic file, well, the firewall figures "not my department".


• Service Pack 2 fixes a lot of things, please install it if you haven't already, but both of these bugs are present in Service Pack 2.

Things that help:

• Make yourself harder to fool. Go to My Computer, click the Tools menu, choose Folder Options, click the View tab, look for and turn off the checkbox that says "Hide extensions for known file types". Then when you download things look at the three or four letters after the dot to see what kind of file you've got.


• Your antivirus may help. If it recognizes the file you're downloading as something in its library of bad programs it should warn you.


• Turn off "Active Scripting". But that's not very practical.


• Don't take candy from strangers. If somebody's giving something away on the web then they're either an old-timer who believes in sharing, or they're a scammer. Unless you can tell which is which don't accept "gifts".


• Install and use Firefox. It's gotten to the point that quite a few computer nerds are telling friends and family "Use whatever you want, but I'm never helping you again if you keep running Internet Explorer".