- Joined
- May 19, 2004
- Messages
- 14,301
- Reaction score
- 9,068
- Location
- Texas
- Gender
- Male
- Political Leaning
- Libertarian - Right
Source: Houson Chronicle
Once again, users of Microsoft's Internet Explorer browser have been warned that digital evildoers have exploited a security problem with that software.
The best advice that anyone could seem to give beleaguered Web junkies late last week was: Surf at your own risk.
I've got another suggestion. Maybe it's time to dump Microsoft.
The company that says it's now devoted to "trustworthy computing" can't be trusted to provide a safe computing environment. Its software is too full of security flaws.
Windows users may yawn and say, "So what's new?" But the alert du jour issued last week was particularly alarming because, unlike past malicious programs that targeted Windows or Internet Explorer flaws, there's no patch for this one.
The attack — a virus known as Download.Ject or Scob, depending on which security-software company is trying to sell you its products — is actually a one-two punch. Its creators took advantage of flawed versions of Microsoft's Web server software. The server problems were fixed in a patch released in April, but there are still a lot of unpatched machines out there. This allowed placement of an installer program on Web sites users might otherwise trust.
When an IE user views a Web page from an infected machine, the server plants the virus. Fortunately, the installer snagged its copy of the virus from a computer in Russia, which on Friday was disabled. But machines that were infected received a program that collects sensitive information such as passwords and credit card numbers and sends it to a third party.
Because there's no patch for IE users, Microsoft offered suggestions to avoid being infected, but the steps create problems of their own. For example, users were told to turn off Javascript capabilities and bump IE's security settings to high — actions that will affect how many Web sites display and behave.
Until Microsoft gets its act together, the safest thing to do — along with religiously keeping up with patches and updating antivirus software — is to use a non-Microsoft browser. That includes Netscape's latest (channels.netscape.com/ns/browsers/); its open-source first cousins, Mozilla and Firefox (www.mozilla.org/download.html); and Opera, a shareware program that you can try for free, then purchase (www .opera.com). Firefox is my personal favorite (see www.chron.com/firefox), and a new version, 0.9, was released earlier this month.
Getting away from a Microsoft operating system would disengage you from a lot of these problems. However, the major alternatives, buying a Macintosh or installing Linux on your PC, have their own ownsides, not the least of which is reduced compatibility with the rest of the Windows world, and the cost and hassle of replacing software and possibly hardware.
One other option is to install the latest test version of Service Pack 2 for Windows XP (see www.chron.com/sp2).
This download emphasizes security, and those machines on which it is installed are not susceptible to the Download .Ject virus. That immunity is a good sign. Maybe Microsoft will get it right before its users flee in terror.
----------------------------------
Personally I use and (Linux) so Internet Explorer is not on my machines.
Once again, users of Microsoft's Internet Explorer browser have been warned that digital evildoers have exploited a security problem with that software.
The best advice that anyone could seem to give beleaguered Web junkies late last week was: Surf at your own risk.
I've got another suggestion. Maybe it's time to dump Microsoft.
The company that says it's now devoted to "trustworthy computing" can't be trusted to provide a safe computing environment. Its software is too full of security flaws.
Windows users may yawn and say, "So what's new?" But the alert du jour issued last week was particularly alarming because, unlike past malicious programs that targeted Windows or Internet Explorer flaws, there's no patch for this one.
The attack — a virus known as Download.Ject or Scob, depending on which security-software company is trying to sell you its products — is actually a one-two punch. Its creators took advantage of flawed versions of Microsoft's Web server software. The server problems were fixed in a patch released in April, but there are still a lot of unpatched machines out there. This allowed placement of an installer program on Web sites users might otherwise trust.
When an IE user views a Web page from an infected machine, the server plants the virus. Fortunately, the installer snagged its copy of the virus from a computer in Russia, which on Friday was disabled. But machines that were infected received a program that collects sensitive information such as passwords and credit card numbers and sends it to a third party.
Because there's no patch for IE users, Microsoft offered suggestions to avoid being infected, but the steps create problems of their own. For example, users were told to turn off Javascript capabilities and bump IE's security settings to high — actions that will affect how many Web sites display and behave.
Until Microsoft gets its act together, the safest thing to do — along with religiously keeping up with patches and updating antivirus software — is to use a non-Microsoft browser. That includes Netscape's latest (channels.netscape.com/ns/browsers/); its open-source first cousins, Mozilla and Firefox (www.mozilla.org/download.html); and Opera, a shareware program that you can try for free, then purchase (www .opera.com). Firefox is my personal favorite (see www.chron.com/firefox), and a new version, 0.9, was released earlier this month.
Getting away from a Microsoft operating system would disengage you from a lot of these problems. However, the major alternatives, buying a Macintosh or installing Linux on your PC, have their own ownsides, not the least of which is reduced compatibility with the rest of the Windows world, and the cost and hassle of replacing software and possibly hardware.
One other option is to install the latest test version of Service Pack 2 for Windows XP (see www.chron.com/sp2).
This download emphasizes security, and those machines on which it is installed are not susceptible to the Download .Ject virus. That immunity is a good sign. Maybe Microsoft will get it right before its users flee in terror.
----------------------------------
Personally I use and (Linux) so Internet Explorer is not on my machines.