KevinN Posted July 8, 2004 Share Posted July 8, 2004 Noting security concerns, the U.S. government urges computer users to avoid the popular Internet browser. Newsday July 8, 2004 NEW YORK - The federal government's cyberdefense experts, along with other computer gurus, are urging users to consider a switch away from Microsoft's widely used Internet Explorer because of new security problems. The unusual, and for Microsoft, highly embarrassing, warning follows an exploit that has enabled hackers to surreptitiously install software on hundreds of Web sites that use Microsoft's Web server programs. That, in turn, downloads a spyware program to personal computers, including one that steals credit-card numbers and other forms of financial information. "This is a wake-up call for us to advise users to switch to an alternative browser," said Johannes Ulrich of the SANS Internet Storm Center based in Bethesda, Md., which tracks immediate threats on the Internet. "With Internet Explorer, you're playing Russian roulette and hoping the sites you visit aren't compromised." Most anti-virus software has been updated to block the specific program, the JS.Scob trojan, but Microsoft has not been able to inoculate Internet Explorer against the broad technique. A spokesman for Microsoft would not comment further but directed reporters to a Microsoft statement that said, "Customers using Internet Explorer should be sure that they have installed the latest security updates by visiting Windows Update at http://windowsupdate. microsoft.com." Last month, in a related security breach, an adware toolbar was surreptitiously installed into Explorer on thousands of computers worldwide. The technique is expected to quickly become widespread. "There are a number of significant vulnerabilities in technologies" relating to the Internet Explorer, according to US-CERT (U.S. Computer Emergency Readiness Team), based in Pittsburgh. "It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites." Switching browsers is one of the options, CERT said. Other alternatives include disabling some special scripting capabilities of the browser or setting Internet Explorer's security settings to much higher levels. None of the most prominent alternative browsers, Opera (www.opera.com), Mozilla.org or Netscape (www.netscape.com), are vulnerable to the flaw. Nor are computers running Linux or the Macintosh operating system. Linux has become increasingly popular for its relative freedom from security problems. Ulrich and other experts say the new round of malware, or malicious software, deliberately assumes a less aggressive profile. It doesn't spread as quickly as traditional computer viruses and is more focused on stealing or making money for its authors. That creates a whole new round of problems for PC security firms, who spot new forms of malware by surveying hundreds of thousands of PCs. "If you steal a thousand bucks from a thousand people," he said, "you'll probably stay beneath the radar." Link to comment Share on other sites More sharing options...
KevinN Posted July 8, 2004 Author Share Posted July 8, 2004 I dumped it and got mozilla Firefox and it works great,so no problem. Link to comment Share on other sites More sharing options...
Baht Simpson Posted July 8, 2004 Share Posted July 8, 2004 No problems with Mozilla Firefox either. Link to comment Share on other sites More sharing options...
Stocky Posted July 8, 2004 Share Posted July 8, 2004 Sorry but any one who uses Microsoft Explorer and Microsoft Outlook (or should that be Look Out!) deserves what they get! Link to comment Share on other sites More sharing options...
skint_mak_mak Posted July 8, 2004 Share Posted July 8, 2004 I've heard about this recently and i ve also witnessed some very strange activity on one particular pc using the microsoft brower. I'm not sure if they actually hijack the whole browser or key elements of it. But i noticed this afternoon that on a certain pc things were been moved around right before my eyes. Does this have anything to do with hijacking the browser? I mean is it possible to access certain files via a browser? Link to comment Share on other sites More sharing options...
KevinN Posted July 8, 2004 Author Share Posted July 8, 2004 'I sometimes feel that I have nothing to say and I want to communicate this.' You just did. Link to comment Share on other sites More sharing options...
skint_mak_mak Posted July 8, 2004 Share Posted July 8, 2004 'I sometimes feel that I have nothing to say and I want to communicate this.'You just did. I have no time for certain people in here but it's a fine point you make. Maybe you have a guilty conscience about something. It may be yourself. If you feel like playing games put on your dancing shoes. If you have nothing constructive to say to answer my honest questions then, well bye bye have a nice day. Link to comment Share on other sites More sharing options...
Stocky Posted July 8, 2004 Share Posted July 8, 2004 'I sometimes feel that I have nothing to say and I want to communicate this.'You just did. Thank you! You obviously use MS Explorer Might I suggest Opera as an alternative Link to comment Share on other sites More sharing options...
Yohan Posted July 8, 2004 Share Posted July 8, 2004 Does this have anything to do with hijacking the browser?I mean is it possible to access certain files via a browser? If a user is browsing the internet unprotected, he might receive some nice greetings from somewhere.....same with email.... If you are unlucky, your computer data might be destroyed, or data sent out by email to somewhere, or your computer just acts 'crazy' It is good to know, what is in your own computer, and to study a bit about virus and spyware..... Important, but neglected by most users is a reliable backup. If something really goes wrong, you should know, how to setup your operating system and you should be able to re-install lost data. Microsoft related systems are the most vulnerable ones....however they are easy and comfortable (and expensive) ... If you are interested in computers, you should check out non-Microsoft related products as well. Link to comment Share on other sites More sharing options...
Firefoxx Posted July 8, 2004 Share Posted July 8, 2004 This is what I said in the other thread about securing your PC: That you shouldn't use IE and outlook, since they're extremely vulnerable virus magnets. I told an acquaintance about this, and he says that he won't switch. Why? Because "some" web sites won't work with other browsers. He said this right AFTER complaining about getting a trojan through IE. I really don't understand why people whine and moan about getting AIDS when they use needles from the dumpster. I even told him to at least use Opera for web sites that worked, and IE for anything that didn't. He wouldn't listen. I gave up on him. One thing I like about Opera is that I can open up several pages without cluttering up the taskbar, and not having them all grouped into one icon. Link to comment Share on other sites More sharing options...
Phil Conners Posted July 8, 2004 Share Posted July 8, 2004 Unfortunately there is a large number of websites that only works properly with MSIE - and a lot of them are surprisingly online banking sites. Link to comment Share on other sites More sharing options...
Stocky Posted July 8, 2004 Share Posted July 8, 2004 Unfortunately there is a large number of websites that only works properly with MSIE - and a lot of them are surprisingly online banking sites. Opera v7.51 works with all my UK online accounts, provided I set preferences to identify itself as MSIE6.0. Link to comment Share on other sites More sharing options...
Yohan Posted July 8, 2004 Share Posted July 8, 2004 Unfortunately there is a large number of websites that only works properly with MSIE - and a lot of them are surprisingly online banking sites. Can you give me some examples? Citibank Online Banking works with Opera 7.23, European Banking (Germany/Austria related) also works... And you can install both browsers anyway.... Link to comment Share on other sites More sharing options...
george Posted July 8, 2004 Share Posted July 8, 2004 Bangkok Bank works with Firefox as well, if you have the IE simulation extension installed. Link to comment Share on other sites More sharing options...
Phil Conners Posted July 8, 2004 Share Posted July 8, 2004 I can't make Citibank work with Firefox without disabling the popup blocker. Normally you can click on an icon to let the popup work for a single site but it doesn't work with Citibank. My European Bank also doesn't work with Firefox, nor does other financial websites I use. Installing a IE simulation extension would be rather counter productive .. it would just give the website designers more reason to keep up the sloppy design that only works with MSIE. Link to comment Share on other sites More sharing options...
Stocky Posted July 8, 2004 Share Posted July 8, 2004 I can't make Citibank work with Firefox without disabling the popup blocker. Normally you can click on an icon to let the popup work for a single site but it doesn't work with Citibank. My European Bank also doesn't work with Firefox. Installing a IE simulation extension would be rather counter productive .. it would just give the website designers more reason to keep up the sloppy design that only works with MSIE. Have you tried Opera? Link to comment Share on other sites More sharing options...
konangrit Posted July 8, 2004 Share Posted July 8, 2004 I use IE but have Norton and microsoft auto update any security concerns. Do you still think I am seriously at risk, or is it just people who don't update the latest security updates? I'm quite happy with IE and wouldn't like to change just because of some microsoft bashing. That said I'm not too bothered about changing browsers if it's a genuine concern. Link to comment Share on other sites More sharing options...
Stocky Posted July 9, 2004 Share Posted July 9, 2004 I use IE but have Norton and microsoft auto update any security concerns. Do you still think I am seriously at risk, or is it just people who don't update the latest security updates?I'm quite happy with IE and wouldn't like to change just because of some microsoft bashing. That said I'm not too bothered about changing browsers if it's a genuine concern. Depends on the level of risk you're willing to accept. For my work I can't afford not to have my laptop working and I couldn't afford the embarrassment of having my address book used either to spam or send viruses. The software I use requires me to use W2K, so I regularly check and download any security patches and have reduce my exposure further by not using MS Explorer or Outlook, the most often targeted browser and e-mail client, I use Opera and The Bat! instead. I also have Norton Personal Firewall and Antivirus software, which is kept up to date. Lastly I use Ad-aware and SpywareBlaster to reduce problems of spyware Those are the measures I've employed to reduce risk to an acceptable level for me. To some that may be paranoia and no doubt someone else will tell me that there are better products than Norton firewall and virus software. Link to comment Share on other sites More sharing options...
stumonster Posted July 9, 2004 Share Posted July 9, 2004 You can set firefox to allow popups from certian domains, same with java...I have it enabled for thai visa. you can also set it only to install graphics from the site you are looking at, which should allow you to bypass those 1x1 tranparent gifs and other banners. firefox still is not totally secure Mozilla Flaw Lets Links Run Arbitrary ProgramsBy Larry Seltzer July 8, 2004 Updated: The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the "shell:" scheme, which execute arbitrary code under Windows without the user having to click a link. http://www.eweek.com/article2/0,1759,1621463,00.asp if you want a resonably secure computer system you can not sit back and relax. Keep abreast of updates. Browsers can be used as shells to a certian extent....IE more than others because it is tied so closely to the OS...same goes for MS media player..make sure your firewall has permissions set correctly. Link to comment Share on other sites More sharing options...
Firefoxx Posted July 9, 2004 Share Posted July 9, 2004 This really isn't a MS-bashing thread. No one has said that all MS products are bad, just that IE and outlook have some really BIG security holes. Yes, there is a genuine threat. Look around at this forum, and you'll see people having their browsers hijacked, or getting trojans. Through IE. IE is targeted by virus writers because it's the most widely used (and has a lot of holes). You can probably use IE and prevent any future viruses by setting it to HIGH security/privacy, turning off java, active scripting, and pretty much everything else. Of course, that would render it useless for most sites. Link to comment Share on other sites More sharing options...
lopburi3 Posted July 10, 2004 Share Posted July 10, 2004 This really isn't a MS-bashing thread. No one has said that all MS products are bad, just that IE and outlook have some really BIG security holes. Unfortunately they are not alone. Anyone using Mozilla browser such a Firefox had best read and click on Stumonster link and update now. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now