Warning

[KevinN]

Noting security concerns, the U.S. government urges computer users to avoid the popular Internet browser.

Newsday

July 8, 2004

NEW YORK - The federal government's cyberdefense experts, along with other computer gurus, are urging users to consider a switch away from Microsoft's widely used Internet Explorer because of new security problems.

The unusual, and for Microsoft, highly embarrassing, warning follows an exploit that has enabled hackers to surreptitiously install software on hundreds of Web sites that use Microsoft's Web server programs. That, in turn, downloads a spyware program to personal computers, including one that steals credit-card numbers and other forms of financial information.

"This is a wake-up call for us to advise users to switch to an alternative browser," said Johannes Ulrich of the SANS Internet Storm Center based in Bethesda, Md., which tracks immediate threats on the Internet. "With Internet Explorer, you're playing Russian roulette and hoping the sites you visit aren't compromised."

Most anti-virus software has been updated to block the specific program, the JS.Scob trojan, but Microsoft has not been able to inoculate Internet Explorer against the broad technique.

A spokesman for Microsoft would not comment further but directed reporters to a Microsoft statement that said, "Customers using Internet Explorer should be sure that they have installed the latest security updates by visiting Windows Update at http://windowsupdate. microsoft.com."

Last month, in a related security breach, an adware toolbar was surreptitiously installed into Explorer on thousands of computers worldwide. The technique is expected to quickly become widespread.

"There are a number of significant vulnerabilities in technologies" relating to the Internet Explorer, according to US-CERT (U.S. Computer Emergency Readiness Team), based in Pittsburgh. "It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites."

Switching browsers is one of the options, CERT said. Other alternatives include disabling some special scripting capabilities of the browser or setting Internet Explorer's security settings to much higher levels.

None of the most prominent alternative browsers, Opera (www.opera.com), Mozilla.org or Netscape (www.netscape.com), are vulnerable to the flaw. Nor are computers running Linux or the Macintosh operating system. Linux has become increasingly popular for its relative freedom from security problems.

Ulrich and other experts say the new round of malware, or malicious software, deliberately assumes a less aggressive profile. It doesn't spread as quickly as traditional computer viruses and is more focused on stealing or making money for its authors. That creates a whole new round of problems for PC security firms, who spot new forms of malware by surveying hundreds of thousands of PCs. "If you steal a thousand bucks from a thousand people," he said, "you'll probably stay beneath the radar."

[KevinN]

I dumped it and got mozilla Firefox and it works great,so no problem.

[Baht Simpson]

No problems with Mozilla Firefox either.

[Stocky]

Sorry but any one who uses Microsoft Explorer and Microsoft Outlook (or should that be Look Out!) deserves what they get!

[skint_mak_mak]

I've heard about this recently and i ve also witnessed some very strange activity on one particular pc using the microsoft brower. I'm not sure if they actually hijack the whole browser or key elements of it. But i noticed this afternoon that on a certain pc things were been moved around right before my eyes.

Does this have anything to do with hijacking the browser?

I mean is it possible to access certain files via a browser?

[KevinN]

'I sometimes feel that I have nothing to say and I want to communicate this.'

You just did.

[skint_mak_mak]

'I sometimes feel that I have nothing to say and I want to communicate this.'

You just did.

I have no time for certain people in here but it's a fine point you make.

Maybe you have a guilty conscience about something. It may be yourself.

If you feel like playing games put on your dancing shoes. If you have nothing constructive to say to answer my honest questions then, well bye bye have a nice day.

[Stocky]

'I sometimes feel that I have nothing to say and I want to communicate this.'

You just did.

Thank you!

You obviously use MS Explorer

Might I suggest Opera as an alternative

[Yohan]

Does this have anything to do with hijacking the browser?

I mean is it possible to access certain files via a browser?

If a user is browsing the internet unprotected, he might receive some nice greetings from somewhere.....same with email....

If you are unlucky, your computer data might be destroyed, or data sent out by email to somewhere, or your computer just acts 'crazy'

It is good to know, what is in your own computer, and to study a bit about virus and spyware.....

Important, but neglected by most users is a reliable backup. If something really goes wrong, you should know, how to setup your operating system and you should be able to re-install lost data.

Microsoft related systems are the most vulnerable ones....however they are easy and comfortable (and expensive) ...

If you are interested in computers, you should check out non-Microsoft related products as well.

[Firefoxx]

This is what I said in the other thread about securing your PC: That you shouldn't use IE and outlook, since they're extremely vulnerable virus magnets.

I told an acquaintance about this, and he says that he won't switch. Why? Because "some" web sites won't work with other browsers. He said this right AFTER complaining about getting a trojan through IE. I really don't understand why people whine and moan about getting AIDS when they use needles from the dumpster. I even told him to at least use Opera for web sites that worked, and IE for anything that didn't. He wouldn't listen. I gave up on him.

One thing I like about Opera is that I can open up several pages without cluttering up the taskbar, and not having them all grouped into one icon.

[Phil Conners]

Unfortunately there is a large number of websites that only works properly with MSIE - and a lot of them are surprisingly online banking sites.

[Stocky]

Unfortunately there is a large number of websites that only works properly with MSIE - and a lot of them are surprisingly online banking sites.

Opera v7.51 works with all my UK online accounts, provided I set preferences to identify itself as MSIE6.0.

[Yohan]

Unfortunately there is a large number of websites that only works properly with MSIE - and a lot of them are surprisingly online banking sites.

Can you give me some examples?

Citibank Online Banking works with Opera 7.23, European Banking (Germany/Austria related) also works...

And you can install both browsers anyway....

[george]

Bangkok Bank works with Firefox as well, if you have the IE simulation extension installed.

[Phil Conners]

I can't make Citibank work with Firefox without disabling the popup blocker. Normally you can click on an icon to let the popup work for a single site but it doesn't work with Citibank. My European Bank also doesn't work with Firefox, nor does other financial websites I use. Installing a IE simulation extension would be rather counter productive .. it would just give the website designers more reason to keep up the sloppy design that only works with MSIE.

[Stocky]

I can't make Citibank work with Firefox without disabling the popup blocker. Normally you can click on an icon to let the popup work for a single site but it doesn't work with Citibank. My European Bank also doesn't work with Firefox. Installing a IE simulation extension would be rather counter productive .. it would just give the website designers more reason to keep up the sloppy design that only works with MSIE.

Have you tried Opera?

[konangrit]

I use IE but have Norton and microsoft auto update any security concerns. Do you still think I am seriously at risk, or is it just people who don't update the latest security updates?

I'm quite happy with IE and wouldn't like to change just because of some microsoft bashing. That said I'm not too bothered about changing browsers if it's a genuine concern.

[Stocky]

I use IE but have Norton and microsoft auto update any security concerns. Do you still think I am seriously at risk, or is it just people who don't update the latest security updates?

I'm quite happy with IE and wouldn't like to change just because of some microsoft bashing. That said I'm not too bothered about changing browsers if it's a genuine concern.

Depends on the level of risk you're willing to accept. For my work I can't afford not to have my laptop working and I couldn't afford the embarrassment of having my address book used either to spam or send viruses.

The software I use requires me to use W2K, so I regularly check and download any security patches and have reduce my exposure further by not using MS Explorer or Outlook, the most often targeted browser and e-mail client, I use Opera and The Bat! instead. I also have Norton Personal Firewall and Antivirus software, which is kept up to date. Lastly I use Ad-aware and SpywareBlaster to reduce problems of spyware

Those are the measures I've employed to reduce risk to an acceptable level for me. To some that may be paranoia and no doubt someone else will tell me that there are better products than Norton firewall and virus software.

[stumonster]

You can set firefox to allow popups from certian domains, same with java...I have it enabled for thai visa.

you can also set it only to install graphics from the site you are looking at, which should allow you to bypass those 1x1 tranparent gifs and other banners.

firefox still is not totally secure

Mozilla Flaw Lets Links Run Arbitrary Programs

By Larry Seltzer

July 8, 2004

Updated: The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks using the "shell:" scheme, which execute arbitrary code under Windows without the user having to click a link.

http://www.eweek.com/article2/0,1759,1621463,00.asp

if you want a resonably secure computer system you can not sit back and relax. Keep abreast of updates. Browsers can be used as shells to a certian extent....IE more than others because it is tied so closely to the OS...same goes for MS media player..make sure your firewall has permissions set correctly.

[Firefoxx]

This really isn't a MS-bashing thread. No one has said that all MS products are bad, just that IE and outlook have some really BIG security holes. Yes, there is a genuine threat. Look around at this forum, and you'll see people having their browsers hijacked, or getting trojans. Through IE. IE is targeted by virus writers because it's the most widely used (and has a lot of holes).

You can probably use IE and prevent any future viruses by setting it to HIGH security/privacy, turning off java, active scripting, and pretty much everything else. Of course, that would render it useless for most sites.

[lopburi3]

This really isn't a MS-bashing thread. No one has said that all MS products are bad, just that IE and outlook have some really BIG security holes.

Unfortunately they are not alone. Anyone using Mozilla browser such a Firefox had best read and click on Stumonster link and update now.