The Security Mentor

Security company eEye (yes, they really spell it that way) reports a critical vulnerability in Microsoft Internet Explorer. But they're holding back the details until Microsoft releases a fix, so we don't know how the problem gets triggered or how to avoid it.

I'll give you some educated guesses.

First, eEye says the bug won't bite if all you do is look at the wrong web page. They say it requires "minimal user interaction". Don't let yourself get talked into doing anything unusual.

Stay away from porn, gambling, and pirated software sites if you're running Internet Explorer. They're notorious for having booby traps. Sometimes online ads on reputable sites contain something dangerous to IE, so an ad blocker is a security measure.

Most important, turn off Javascript, which Microsoft calls "Active Scripting", unless you absolutely need it. Virtually every browser security problem I've seen depended on using Javascript. Go to Tools/Internet Options/Security/Internet/Custom Level/Scripting (it's near the end of the list)/Active Scripting and choose "Disable" or "Prompt". Unfortunately a lot of useful sites like GMail depend on Javascript.

If you're still using IE because your employer won't allow you to install anything else, try getting a USB drive ("nerdstick") and put Portable Firefox on it.