“Security Hole Opens The Door To Hackers”
by Andrea Eldridge
This weekend, September 15, researchers discovered a large security hole in Microsoft’s Internet Explorer. The security hole is bigger threat than any previously discovered and affects the last four versions of the browser, IE 6, 7, 8, and 9. The bug has been revealed to affect Windows XP, Vista, and Windows 7, putting all Windows users, who browse the web with Internet Explorer, at a great risk. (Zataz.com, 2012)
A Trojan virus called “Poison Ivy,” which triggers when users visit an infected website, is exploiting the security hole. According to Microsoft, “an attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” In laymen’s terms -once infected an attacker can take control of your computer, completely.
The German government’s Federal Office for Information said it has seen attacks using the exploit, and hackers could prey on users who visit infected websites. Therefore, they are strongly urging their citizens not to use Internet Explorer at all. (Reuters, 2012)
While Microsoft has acknowledged the issue and urges those using its browser to upgrade to better security software, at the moment however, the only guaranteed method of protection is not to use Internet Explorer. Security researchers say that Microsoft will have a patch out to fix this problem; it is estimated to be out within a week.
While Internet Explorer usage has declined in recent years, it still holds almost half of the worldwide market. This means that millions of users are currently at risk of being infected with a number of viruses because of this security hole.
What you need to do – Ditch Internet Explorer. Chrome and Firefox both offer a number of security features that make this problem a non-issue. Both are available as free downloads. Should you choose to look for another browser, here are few key security features you should look for:
If you use tabs instead of opening another window every time you visit a new site, sandboxing isolates each tab from the rest of your system. If one tab gets infected, crashes or runs a piece of harmful code, simply closing the affected tab kills the process and leaves the other tabs — and all parts of the system — untouched. Internet Explorer and Chrome use sandboxing; Firefox does not.
Plug-ins are small applications that run within your browser to enhance functionality, customize the user interface or let you play games. One of the most popular plug-ins is “AdBlock” , which blocks annoying website ads, leaving only the content. From a hacker’s point of view, finding vulnerability in a plug-in is easier than attacking the whole browser. Each browser differs in the amount of access it allows plug-in on your system. Chrome is the only one that doesn’t allow plug-ins to install software or run scripts without user interaction.
Just-in-time (JIT) hardening
Viewing a static page on the Internet isn’t a security risk, but many websites let users do stuff, from calculating mortgage payments to playing games or creating a spreadsheet. But if you allow a website to run code on your machine and stumble upon an infected website, BAM! Suddenly you’re hosting Season 7 of “Entourage” for Internet pirates in Denmark. While Chrome and Internet Explorer block this type of malicious code from running, Firefox does not.
Firefox lovers, don’t despair. With good anti-virus and anti-spyware protection and a little effort, you can make your browser safer than the default configuration. Firefox offers a plug-in called “HTTPS Everywhere” that will let you browse over 1,000 websites securely. Https encrypts the website pages you see so that passwords, emails and other data you send and receive can’t be easily recreated by a hacker via the browser you’re using. Ironically, the security settings in Chrome and Internet Explorer block this plug-in.