Earlier this week Microsoft announced yet another IE (Internet Explorer) bug. This one, Microsoft Security Advisory 977981, is one of the really bad ones that can allow attackers to take your Windows PC over. Yuck!
Microsoft is working on a fix, but there still isn't one, and worse still, there are already several attacks out there that can exploit this IE security hole.
The new hole exploits how Internet Explorer uses certain CSS (Cascading Style Sheet) objects, which is commonly used to determine how a Web page is displayed. It's put into play when you go to a page with contaminated JavaScript. Sound familiar? It probably does, deliberated corrupted JavaScript has been used to compromise browsers for over a decade, and it's still doing it today.
This particular problem hits IE 6 and 7. If you have Internet Explorer 8, which is what comes on Windows 7, you're safe from this one.
The fastest way to avoid the problem is to turn off JavaScript. You do this by selecting the "Tools" menu in IE, then click your way down "Internet Options," "Security" tab and the "Internet" content zone. At this point, click "Custom Level" and in the "Settings" box, click "Disable" under "Active scripting." Click "OK" in the current dialog box, as well as the next and you're safe from this bug. The downside is that you'll have trouble using Web sites that make extensive use of JavaScript.
The smartest thing to do though is to dump IE 6, which even Microsoft wants you to do, or IE 7 for another browser. While IE 8 is the best of the IE family, historically, IE has a lousy security track record.
I think your best move to keep the world from sneaking in some malware over your browser is to get the latest versions of Firefox 3.5.5 or Google's Chrome 3.0.x Web browser. Neither is perfect, but they are better than IE. I wish I could recommend Opera, but I continue to have real concerns about Opera's built-in Web server security.
Regardless of which browser you choose, do yourself a favor and move off IE 6 or 7. Any other browser will do a better job of protecting you from an increasingly hostile Web.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Man! Yes!
Amen! Any push to get people OFF IE altogether is best. Granted we need to use IE at work, but I am running IE8 inside of Firefox using the IE Tab extension.Good article.