November 27, 2009, 2:43 PM — Earlier this week Microsoft announced yet another IE (Internet Explorer) bug. This one, Microsoft Security Advisory 977981, is one of the really bad ones that can allow attackers to take your Windows PC over. Yuck!
Microsoft is working on a fix, but there still isn't one, and worse still, there are already several attacks out there that can exploit this IE security hole.
The new hole exploits how Internet Explorer uses certain CSS (Cascading Style Sheet) objects, which is commonly used to determine how a Web page is displayed. It's put into play when you go to a page with contaminated JavaScript. Sound familiar? It probably does, deliberated corrupted JavaScript has been used to compromise browsers for over a decade, and it's still doing it today.
This particular problem hits IE 6 and 7. If you have Internet Explorer 8, which is what comes on Windows 7, you're safe from this one.
The fastest way to avoid the problem is to turn off JavaScript. You do this by selecting the "Tools" menu in IE, then click your way down "Internet Options," "Security" tab and the "Internet" content zone. At this point, click "Custom Level" and in the "Settings" box, click "Disable" under "Active scripting." Click "OK" in the current dialog box, as well as the next and you're safe from this bug. The downside is that you'll have trouble using Web sites that make extensive use of JavaScript.
The smartest thing to do though is to dump IE 6, which even Microsoft wants you to do, or IE 7 for another browser. While IE 8 is the best of the IE family, historically, IE has a lousy security track record.
I think your best move to keep the world from sneaking in some malware over your browser is to get the latest versions of Firefox 3.5.5 or Google's Chrome 3.0.x Web browser. Neither is perfect, but they are better than IE. I wish I could recommend Opera, but I continue to have real concerns about Opera's built-in Web server security.
Regardless of which browser you choose, do yourself a favor and move off IE 6 or 7. Any other browser will do a better job of protecting you from an increasingly hostile Web.
