Microsoft admits security flaw; Stop Exploring, experts say
By Andrew Heining | 12.16.08
There’s a critical security hole in Internet Explorer, the world’s most popular web browser.
The unpatched vulnerability, first discovered by hackers and recently acknowledged by Microsoft, could allow someone to gain access to a computer through a website that executes a malicious code. Some 10,000 sites have been compromised so far, putting passwords, financial data, and other sensitive information at risk.
In a lengthy security advisory memo on its website, Microsoft urges users to change their “Internet zone security setting” to “high” and to run the browser in “Protected Mode.”
Computerworld has a good tech-heavy breakdown of the exploit and the best way savvy surfers can disable its ability to affect their machines. But the easier solution may just be to drop IE.
Internet security firm Trend Micro’s Rick Ferguson told the BBC that “if users can find an alternative browser, then that’s good mitigation against the threat.”
Microsoft has come out against users switching to another browser, citing security flaws. “It would not be advisable to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities,” Windows head at Microsoft UK John Curran told the BBC.
That statement could be in reference to a report out this week on the password managers of popular browsers. It ranked Chrome and Safari at the bottom of the list of how securely browsers safeguard login information.
Though this new exploit is the real deal and should be taken seriously, Wired News reminds that garden variety PC users needn’t worry just yet.
<< Where children learn to TEL.A.VISION | MainIf you’re the pry-it-out-of-my-cold-dead hands sort of IE fan, there is one bright side to news that some 10,000 sites are ready to pwn your PC: so far the sites are mostly Chinese and the malicious software is mainly after passwords for computer games, which can be sold on the black market.
Comments
2. OfficeTech | 12.16.08
By switching IE in to “high” and “Protected Mode.”
This will render it useless for most users, this will require the user to accept so many prompts and add sites to their trusted zones just to be able to do various items and work.
Personally this is not advisable for an everyday user, Personally i would be suggesting that people start to migrate over to another browser like Firefox or chrome.
Microsoft for a long time has proven that every single piece of software they release has a bug or an issue and the commonly used software has even more. What is more common then IE apart from windows?
It would be in the best interest for businesses to change to another browser due to the amount of work that is now completed online. The trend in websites now support other browsers and not IE is growing slowly which means that IE will be left behind.
If Microsoft took their customers seriously. Their web browser would be able to keep up with others that are made on a smaller budget and supplied free to the world.
3. Peter | 12.17.08
I also use Ubuntu when I want to be protected on the net. It is a wonderful alternative to have.
4. Nick Woodson | 12.17.08
This is such old news. I mean years old….MS did away with their “wallet” years ago because of similar vulnerabilities. Even if you use Windows, use another browser…I use Firefox, but I don’t use ANY password manager. Then again, I’m a just network administrator….who would listen to me?
5. Bernie | 12.17.08
Get with the program !!! Firefox has been a much better browser for quite some time. It is faster, easier to use and no “bugs”.
6. Zebracat | 12.17.08
Where was Apple? When Vista turned out to be a bigger turkey then Windows ME they should have pounced and sold their O/S as an option to other computer makers and the general public. Instead they held onto it for their own systems and instead gimped out their own product line, especially the laptops. Now I see a number of sites and know a fair number of users who took a hacked version of Mac OS 10 Leopard and built or converted to their own “Hackintosh” home made system. Security and bug problem solved by the same hackers who created them, except the profit for Apple was lost. Sad, Steve Jobs is no brighter then Bill Gates.
7. Scott | 12.17.08
Yeah. Firefox is OK…but you can’t PRINT from it (only a minor flaw, if you ever need a HARD COPY of anything!). Says something about where that organizations priorities are…”We’re secure, but you can’t use the information you find online.”
Even Mozilla admits downgrading to 2.0 is the only option:
http://support.mozilla.com/tiki-view_forum_thread.php?comments_parentId=184982&forumId=3
8. forestwalkerjoe | 12.17.08
I will not play the “LINUX is the Best” game here.. i will not overtly say that microsofts Golden Age has passed.. I’ll not tell every one that i had major virus issues nearly every year while using ONLY MS software and browser IE. I’ll not point out that IE 6 and 7 are terribly slow and cumbersome and Flawed in too many ways to count. I have Firefox newest version on my computer and use that by default. I have had upwards of 11 Linux versions Duel booted into my system for a long time and found them Stable able and to most uses.. better than the MS OS’s. The day will soon come where MS will get back into the work room and DO SOME WORK “we want done” or they will basically FIRE themselves. Linux being free largely will get sucked into the void.. RIGHTLY.
9. Chris | 12.17.08
Indeed IE has had many bugs, but I am surprised by the commenters suggesting that Firefox or any other browsers don’t have bugs. All software has bugs and all users should be on guard.
The reality is, Windows and IE have the largest install base and that makes them the most attractive targets for online organized crime and script kiddies alike.
Switching browsers in this situation is a good call. Just don’t be overly complacent.
Trackbacks/Pingbacks
1. Goughs legal beagle » Blog Archive » Microsoft admits security flaw; Stop Exploring, experts say | csmonitor.com | 12.16.08
Leave a Comment
We do not publish all comments, and we do not publish comments immediately. The comments feature is a forum to discuss the ideas in our stories. Constructive debate - even pointed disagreement - is welcome, but personal attacks on other commenters are not, and will not be published.
Tip: Do not write a novel. Keep it short. We will not publish lengthy comments. Come up with your own statements. This is not a place to cut and paste an email you received. If we recognize it as such, we won't post it.
Please do not post any comments that are commercial in nature or that violate copyrights.
Finally, we will not publish any comments that we regard as obscene, defamatory, or intended to incite violence.
1. PaulVon | 12.16.08
One word
LINUX
I started using Ubuntu as dual boot for browsing purposes. Whenever I don’t want to worry about whether I am protected or not I just reboot into Ubuntu.