Tuesday, November 22, 2005
Major Internet Explorer threat
This affects fully patched versions of Windows, bad guys can copy published examples of how to take advantage of the vulnerability, and the impact is just about the worst possible, allowing attackers to take over your computer if you just visit their web sites.
Microsoft has confirmed the problem They say you're safe if you run Windows Server 2003 with Enhanced Security Configuration turned on, but you're vulnerable even with fully patched XP or Windows 2000. eWeek has an article.
Firewalls don't help with problems like this. Antivirus software may start helping soon but it's iffy. You could try visiting only trusted web pages but that doesn't really work because bad guys will sneak their poison into the advertising that shows up outside the direct control of the web page owner.
If you're a new reader (welcome!) my advice is to import your bookmarks and whatnot into a different web browser program. If you like clean interfaces with just a few nifty features, Firefox could make you happy. If you're a knobs-and-dials-and-bells-and-whistles person you'll be thrilled by Opera,which also has a superb security record.
If someone's forcing you to use "the blue E", your only real option is to turn off Javascript, which Microsoft calls "Active Scripting". Go to Tools, Internet Options, choose the Security tab, click the "Internet" icon, click the Custom Level button, scroll to the bottom of the very long options list and then move one or two screens up to a section called Scripting and a subsection called Active Scripting, and choose the Disable radio button. I am not making this up. You will lose functionality on many web pages. Gmail will stop working. Tough. This is a really bad problem -- the only way it could be worse would be if zillions of bad guys were all using this security hole, and that's going to happen within hours.
|
Microsoft has confirmed the problem They say you're safe if you run Windows Server 2003 with Enhanced Security Configuration turned on, but you're vulnerable even with fully patched XP or Windows 2000. eWeek has an article.
Firewalls don't help with problems like this. Antivirus software may start helping soon but it's iffy. You could try visiting only trusted web pages but that doesn't really work because bad guys will sneak their poison into the advertising that shows up outside the direct control of the web page owner.
If you're a new reader (welcome!) my advice is to import your bookmarks and whatnot into a different web browser program. If you like clean interfaces with just a few nifty features, Firefox could make you happy. If you're a knobs-and-dials-and-bells-and-whistles person you'll be thrilled by Opera,which also has a superb security record.
If someone's forcing you to use "the blue E", your only real option is to turn off Javascript, which Microsoft calls "Active Scripting". Go to Tools, Internet Options, choose the Security tab, click the "Internet" icon, click the Custom Level button, scroll to the bottom of the very long options list and then move one or two screens up to a section called Scripting and a subsection called Active Scripting, and choose the Disable radio button. I am not making this up. You will lose functionality on many web pages. Gmail will stop working. Tough. This is a really bad problem -- the only way it could be worse would be if zillions of bad guys were all using this security hole, and that's going to happen within hours.
# posted by Frederick @ 8:41 AM Email to a friend:
Haloscan: they provide trackback