December 18, 2008 (updated) – Mircrosoft released a patch yesterday to fix a flaw in Internet Explorer that would allow outsiders to compromise a user's computer through corrupted websites. There were multiple reports on Monday and Tuesday of a serious vulnerability in Internet Explorer 7 and 8. The report on the BBC Website is one of the more complete. Apparently, the flaw was found by raiders before Microsoft or the security firms. Mircosoft has now released a patch to remedy this flaw. This flaw is exactly the concern that I had in mind in my blog entry “Power You Shouldn’t Want.”
To get the update, first go to the Microsoft Windows update site. "Security Update for Internet Explorer 7 (KB96074) should listed. You may see additional updates as well if you do not set automatic updates on. Click on "Review and Install" at the top of the page. You should install all updates by clicking "Install." You will have to reboot your computer after the installation, so save all your other work.
This problem arises if you have administrative rights, because modifications can be made to your computer by a compromised website. This software can enable an outsider to access data from your computer. Information Week reports that perhaps 0.2 percent of computers have already been exposed to compromised website. That doesn’t sound like a lot, but for every 10 million computers out there, it comes to 20,000 computers. According to the BBC article, this exploit has, so far, been used to steal game passwords. Real criminals will, without doubt, not be far behind, so an update is critical.
You might also consider switching browsers for regular use. For example, I use Firefox for most of my browsing, but I also have Safari on my desktop. Set either Firefox or Safari as your default browser. (In Firefox, go to Tools, then Options. Then click on the Advanced tab. Under System Defaults click on the “Check Now” and set Firefox as your default browser if it isn’t.) You can download Firefox here and Safari here. However, Firefox does not support the use of ActiveX controls, which IE uses to display some kinds of content. That means you won’t be able to display that content on your browser. You can always switch to IE for ActiveX content -- but then be very careful about the sites you visit.
If you must use Internet Explorer, it is important that you not have administrative rights on your computer. This will prevent the installation of malicious software. In general, you should not have administrative rights for normal use (see the blog entry above).
Here are other important general steps to take to protect your computer:
In Internet Explorer 7 or 8, go to Tools and select Internet Options. Then click on the Security tab. If the Security level is not high, switch it to high. Note, this will interfere with certain operations, but it will also block automatic download-installs.
If you are running IE 7 or 8 on Vista, make sure Protected Mode is turned on.
Make sure your PC has the latest Microsoft security updates and turn on automatic updating.(Right-click on My Computer and select “Properties” from the drop-down menu. Then click on the Automatic Updates tab and click the radio button in front of “Automatic (recommended)” if it is not already set.)
Make sure your anti-virus and anti-spam software is up-to-date and is updating regularly. If your subscription has expired, this would be a great time to renew.
Keep in mind that you can be seriously compromised: You know all that spam that you get. Almost all of it comes from computers like yours that some spammer has taken over without the owner's knowledge. Don’t let yours be one of them.
Keep up. Follow us on Twitter 
Gary's Blog 
TrackBack URI for this entry
Subscribe to this comment's feed