| Why is anyone still using Internet Explorer? |
Mar. 27, 2006
OK, how many times must Internet Explorer be ripped open like a hot 16-year old in a summer slasher movie before people finally get it: IE is not safe. Period. End of Statement.
I don't care if you only run it around the Web on Sundays and to the nicest sites. If you run IE, you're just asking to me slammed by worms, bots, adware, and every other kind of malware on the planet. No, it doesn't matter that you're using XP SP2 and you've downloaded all the patches. The only version that appears to be immune is IE7 beta-2.
Take the IE code execution hole discovered by Secunia Research a few days ago. Microsoft admits that it's there. That's big of them. Malicious hackers have already been using the hole via hijacked Web servers over the weekend to launch attacks.
While Microsoft insists that, "So far we're still seeing only limited attacks," eWEEK, one of Linux-Watch's sister publications, has seen seen a list of more than 20 unique domains and 100 unique URLs hosting exploits using the hole.
These, in turn, are infecting systems with SDbot, a virulent family of backdoor programs that give hackers complete ownership of your computers.
With SDbot, attackers can control your computer by sending commands via IRC (Internet Relay Chat) channels. In the past, it's been used to seed botnets and plant keystroke loggers for identity theft attacks.
Of course, there may be many other backdoor programs being planted by crackers. The hole can be used for many purposes. It's just that SDbot infections are the only ones we know about so far.
This particular attack works by playing games with the "createTextRange()" call usually used with radio button controls in Active Scripting. If you turn off Active Scripting, you'll lock out attacks based on it. Of course, some sites that have been designed with IE in mind won't work right.
Still, which would you rather have? A safe system that won't work with some Websites, or a compromised system? I know which way I'd go.
I use Firefox. It's open source, but what's much more important than that is that it's safer, much safer than Internet Explorer.
What I want to know is why any of you are still using Internet Explorer? I mean how many attacks does it take?
OK, so some of you are experts at securing IE and you wouldn't be caught dead with Active Scripting on in the first place. What about your fellow employees, though? Are they all so clever? What about your husband at home? Your kids? Your mom and dad?
Is everyone you know and care about dedicated enough to read Secunia and SANS ISC (Internet Storm Center) every day? Clever enough to stay one step ahead of crackers who are now attacking holes on the very day that they're discovered?
I make my living from riding the bleeding edge of technology, and I don't think I can do it. The government sure the heck can't do it. And, I have my doubts about businesses as well. Let's not even talk about the state of insecurity of most home computers.
Here's the simple truth: Even if you don't believe in Linux, open-source, and all that jazz, no one who knows anything about computer security can believe that IE has been, is now, or is likely to be secure anytime soon. Firefox is simply the better choice.
Is Firefox perfect? Completely secure? Heck no! Death and taxes are the only things you can really be sure of. But, an unattended copy of Firefox is still a lot more secure than even a constantly watched and updated copy of IE.
If you care about your security, about the security of any of your friends, family, or co-workers, it's time to switch to Firefox.
Oh, and that IE hole? As I write this, on the afternoon of the 27th of March, there is no patch for it. Microsoft assures us, though, that there will be one by April 11th at the latest.
Comforting, isn't it.
-- Steven J. Vaughan-Nichols
Do you have comments on this story?
Talkback here
(Click here for further information)
|
|
|
7 Advantages of D2D Backup
For decades, tape has been the backup medium of choice. But, now, disk-to-disk (D2D) backup is gaining in favor. Learn why you should make the move in this whitepaper.
4 Legal Reasons to Control Internet Access
The Internet is obviously a valuable resource for many organizations. However, many are exposed to legal liability concerns because they fail to control Internet access. Learn if you're safe in this white paper.
Rapidly Resolve J2EE Application Problems
Whether you are in the process of building J2EE applications or have J2EE applications already running in production, you must ensure that they deliver the expected ROI. Learn how in this white paper.
Load Testing 2.0 for Web 2.0
There are many unknowns in stress testing Web 2.0 applications. Find out how to test the performance of Web 2.0 in this white paper.
Build Better Games Online
For the game infrastructure providers, life is complex. Making money from games has become more complicated. Why? Find out in this white paper.
Building a Virtual Infrastructure from Servers to Storage
This white paper discusses the virtual storage solutions that reduce cost, increase storage utilization, and address the challenges of backing up and restoring Server environments.
Gaining Faster Wireless Connections with WiMAX
Welcome to what is quickly becoming the hyperconnected world where anything that would benefit from being connected to the network will be connected. Learn more in this white paper.
Is Your Desktop a Security Threat?
The new wave of sophisticated crimeware not only targets specific companies, but also targets desktops and laptops as backdoor entryways into those business’ operations and resources. Learn how to stay safe in this white paper.
Increasing SAN Reliability by 100 Percent
Storage area networks (SAN) are a strong part of storage plans. Learn how to increase your reliability and uptime by 100 percent in this case study.
|
|
|
|
|
news feed