March 01, 2010, 3:48 PM — Forgive me for sounding like a broken record, but yet another Internet Explorer security hole has been revealed. Is there no end to the ways that IE can be broken into? It doesn't look like it!
[ Replace IE6 with anything but IE 8 ]
In this latest flaw, there's an unpatched bug in VBScript that hackers can use to drop malware on 32-bit Windows XP machines running IE 7 and 8.
According to Microsoft's Senior Security Communications Manager Lead Jerry Bryant, an exploit "was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box."
Microsoft says that, as far as they know, no one's using this exploit yet. Yeah, and I don't know that anyone is playing hockey in Canada today, but I'm willing to bet someone is.
Bryant continued, "The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as 'unsafe file types.' These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system."
Now, isn't that interesting? Microsoft's very help system is based on 'unsafe file types.' With help like this, who needs enemies? This is just more proof of what I've long said about Windows being insecure by design.
I'm sure Microsoft will fix this specific IE security hole. The boys from Redmond may even get it done by the next Patch Tuesday, March 9th. But what they can't do is fix the built-in cracks in Windows' foundation. It's only a matter of time before yet another exploit will show up that takes advantage of Windows' Help files.
In Linux or on a Mac, this problem simply doesn't exist. Give me a good old-fashioned and safe as houses Linux or Unix Man Page any day. They may be ugly as sin, but no one ever got a bug from using them!
In the meantime, if I can't talk you out of Windows, would you do yourself a favor and switch to another browser? Once more, your selection of alternative Web browsers includes Chrome, Firefox, Opera (which seems to be faster than ever) or Safari. Any of them will make roaming the Internet safer for you.
