January 19, 2010, 1:56 PM — I'm just barely old enough to remember when people used to patch tires rather than just replace them when they had a flat. But you know why people don't tend to do that anymore? It's because a patched tire grew ever more likely to have a total blowout. Guess what? It's not that different with IE (Internet Explorer).
Microsoft is now promising us that they'll have a patch for the latest IE security hole ... real soon now. So what? This problem, while it's been exploited the most in IE 6, it exists in all modern versions of IE and it can be exploited in every version of Windows from Windows 2000 to Windows 7. And, I'm supposed to trust that Microsoft will 'patch' it right this time and that it won't blow up on me again? I don't think so.
Since this security hole has shown up, I'd strongly recommend that people drop IE for all uses. I'm not the only one. France and Germany are both telling users to stop using IE. Even Ed Bott, a long time Windows fan and expert, says that, at the very least, you should stop using IE 6.
We were all saying that before the situation got even worse. Since then, the attack code, which had gone public, is being used in attacks on users who wander onto poisoned Web sites.
When the attacks on IE started, which Google claims came from the Chinese government, big companies were the targets. If you worked at Adobe, Google or Juniper, and you used IE, then you had worries. Now, everyone who uses IE is a potential target.
Who needs this?
This may well be the biggest attack ever on Windows PC coming at them from IE, but it certainly isn't the first. That 'honor' goes to IE 3 back in 1996 with the Princeton Word Macro Virus Loophole. In Scott Scholl's history of Internet Explorer, Scholl wrote, "The Princeton Word Macro Virus Loophole should have been a wake-up call for Microsoft. ... This security hole enabled a malicious webmaster to download files to an unsuspecting user's PC without their knowledge. This could be any file, including a Microsoft Word Macro that could in turn execute DOS commands. Or worse, a malicious webmaster could transmit a virus, a Trojan program that could open a 'back door' into the target system, or a program designed to discretely transmit files back to the malicious web site."
Gosh! That sounds really familiar. It's not the same problem that this new security hole is exposing your computer to. This latest IE security foul-up instantly gives the attacker control of your computer at the current user's authorization level. Some improvement huh? But, what really caught my eye is that more than 13-years later, we are still seeing that same kind of IE bug in contemporary IE security problems.
Isn't it time to just stop using IE? I think so. Here again, are links to the most popular alternative Web browsers: Chrome, Firefox, Opera, and Safari. While I prefer Firefox and Chrome, any of these are much better and safer than IE.
So, what are you waiting for? Switch already.
