Thursday, November 11, 2004
Look at the wrong web page, give away your computer
Last week featured yet another bug in Internet Explorer that allows bad people to write a Web page that will take over your computer if you use Internet Explorer to surf there.
You're still at risk even if you've followed my advice (and the Department of Homeland Security's advice) and switched to an alternative web browser such as Firefox. You see, Outlook and other programs that show "HTML" text (text formatted for the web) will have the same problem.
I haven't found a patch at Microsoft's web site.
The two best defenses are
Your firewall won't help with this because this is an attack that happens inside data you asked for. Your antivirus software may or may not help.
You still can't get infected by anything by just looking at plain old text, like you would have gotten from an old-fashioned typewriter. You can add a lot of protection by giving up on the display of fancy text in programs you use. Microsoft has instructions about how to do that in several of their programs:
Things you can do to make attacks harder to perform or less damaging:
|
You're still at risk even if you've followed my advice (and the Department of Homeland Security's advice) and switched to an alternative web browser such as Firefox. You see, Outlook and other programs that show "HTML" text (text formatted for the web) will have the same problem.
I haven't found a patch at Microsoft's web site.
The two best defenses are
-
Be running XP Service Pack 2
SP2, with its superior design and internal hardening, doesn't fall prey to this attack -
Practice good hygiene
Don't click on links in spam, or from random people in chat rooms. Stay out of sleazy areas of the web.
Your firewall won't help with this because this is an attack that happens inside data you asked for. Your antivirus software may or may not help.
You still can't get infected by anything by just looking at plain old text, like you would have gotten from an old-fashioned typewriter. You can add a lot of protection by giving up on the display of fancy text in programs you use. Microsoft has instructions about how to do that in several of their programs:
Things you can do to make attacks harder to perform or less damaging:
-
Create a new account for yourself, make sure the new account is not an Administrator account, and use that for your web surfing. You won't prevent attacks but they may be easier to clean up. -
Follow these instructions for turning off "scripting" to stop some but not all attacks.
# posted by Frederick @ 7:51 PM Email to a friend:
Haloscan: they provide trackback