Heads up Internet Explorer versions 6 through 11 are not safe use something else.

I've never trusted IE!

For anyone wanting alternatives, my personal preference is Mozilla Firefox - I find it very user-friendly, quick and secure.
Google Chrome is also very very popular and with good reason. I prefer Firefox mainly because I prefer how it looks but Chrome is a close second.
Safari is Apple's offering though is available for Windows as well as Mac. If you have iTunes installed on your computer, you may find that you've already got Safari as they are often bundled in together. Also a highly regarded browser, built to Apple's supposed principles of simplicity for easy useability. A lot of people simply prefer the way it works.

A more obscure option but still well regarded is Opera. I have all 4 of these browsers installed but tend to use Opera as my second choice... I just like it, I don't know why.

All of the above are quicker and infinitely more secure than IE. Hope it helps!
 
For those who cannot switch the above link contains some simple methods, such as disabling the Adobe Flash plugin in IE, that will stop the attack.
 
Here's the important part for those that cannot use another browser for some reason...


"Because the zero-day exploit gains the Windows user's privileges, surfing the Web under a limited-user account will mitigate, if not completely stop, the attack and prevent the malware from affecting an entire PC."

Never, never, ever, browse the web using the full administrator account. Always use a user account. Even better is to do all browsing from a virtual machine. For Windows 7 users, the full XP-mode is a full virtual PC installation of Windows XP. This can be run either be invoked to run single applications or run as a standalone virtual machine. With a VM there is no direct connection to the host other than through a network share if that is configured at all.

It is important to note that these kinds of drive-by exploits are not new. Two years ago I was removing them from infected user machines while I was working at the rate of 3-5 infected machines. The biggest source of these infections is direct clicking on search results, and usually the results that appear in the top-most portion of the search results. This is due to the malware writers using bots to pollute the ranking system, which makes the mal-formed links more popular than actual results. If you need to access one of the top-most search results, either copy and paste the URL into a new browser window or session, or type the URL manually.

In summary most people can avoid the exploits if they browse carefully and use extra caution when going to places that are not known. Remember never to click on unknown links sent via email, or even open unknown attachments for that matter as they can do the same. Type URLs rather than just clicking on results, and if unsure about a link, don't just go there.

John
 
Last week was OpenSSL and heartbleed, this week yet another zero-day exploit in IE. I almost feel like entering my concrete bunker, sealing up the doors and giving up on the real world!

I have actually given up on IE and moved to Chrome. Not least when, after installing Microsoft's Enhanced Mitigation Experience Toolkit, Internet Explorer stopped working altogether! Microsoft have been typically lackadaisical here: didn't bother telling anyone about this vulnerability and don't seem to be in any hurry to offer a patch to their customers.

Paul
 
Paulsw2 said:
Last week was OpenSSL and heartbleed, this week yet another zero-day exploit in IE. I almost feel like entering my concrete bunker, sealing up the doors and giving up on the real world!

I have actually given up on IE and moved to Chrome. Not least when, after installing Microsoft's Enhanced Mitigation Experience Toolkit, Internet Explorer stopped working altogether! Microsoft have been typically lackadaisical here: didn't bother telling anyone about this vulnerability and don't seem to be in any hurry to offer a patch to their customers.

Paul
Click to expand...

I'm not sure I agree totally. The problem goes back to Netscape which set the standard for Browser add ins before security considerations were that major. Add in Adobe with Flash and you have a potent mixture. Newer browsers such as Chrome were written from scratch with a history of usage so what was needed went in and a lot of junk was left out. So Chrome runs Flash player in a sandbox and it isn't given the same privileges as the browser.

Microsoft just followed the Netscape "standard interface" if you like which at the time was sufficient. There have been plenty of warnings about Adobe flash player and to a certain extent if you have it installed for IE then you should understand the risk you are running.

If you had followed the standard Microsoft advice about only browsing in a standard rather than an admin account then you would not be affected. Unfortunately N3V and other companies don't take security very seriously and by default need an admin level account to run the software although N3V did give instructions on how to run an earlier Trainz version in a standard account.

Not giving out information is standard industry security practice until you have a fix and this one is a mixture of two vendors, Adobe who never were very good at security and Microsoft who have a very good reputation for security in the corporate world.

Cheerio John
 
johnwhelan said:
There have been plenty of warnings about Adobe flash player and to a certain extent if you have it installed for IE then you should understand the risk you are running.
Click to expand...

Exacerbated by the number of sites that expect Flash Player to be installed when there is no practical reason for requiring it.
 
From what I've read, Flash is going away on the mobile browsers, but not soon enough. Hopefully this will extend to the desktop versions as well since the new HTML 5.0 supports this technology built in. The problem with Flash is it went beyond just being a multimedia player and became an interface which is capable of doing things beyond what the original concept was. This then became a hodgepodge of add-ons, plug-ins, updates, patches, etc., which created security holes. A good analogy is building a simple 4-room house. On this little cottage foundation, someone decided to add on a Victorian turret, multiple floors, rooms, bay windows, and porches. If this isn't done properly, we now have a house that will collapse under its own weight due to the foundation being unable to support it.

As I said before in this thread, as users we have to watch where and what we click. We have to be sharp and savvy about our computer usage and not click on things because they are sent to us. When I worked in the corporate world in IT support, I gave computer safety training lessons to the end-users. This saved the companies money due to lost employee production, and additional IT support needed to remedy the ensuing mess that had occurred.

Keep in mind that if we go to the same websites every day, rarely venture off course, don't click on or accept embedded emailed links, and type rather than click on search results, we'll be pretty much immune from this security issue.

John
 
shaneturner12 said:
The only problem I've seen with HTML5 is that it doesn't work very well when it comes to browser games.

Shane
Click to expand...


At least this might be the case right now, but supposedly Flash support is supposed to be built into HTML5. I'm sure there will be upgrades going forward from both the game developer and W3C.

John
 
Hopefully. Most games on Facebook for example are built using Flash (which I personally do not like due to reliability issues with the Flash plugin).

Shane
 
Indeed... Those games always had problems and probably always will. Even YouTube gets stuck sometimes with the flash player.

Good news is Microsoft has supplied a patch for the zero-day hole. Windows will receive this through automatic updates and definitely should be patched right away. I did mine a short while ago and of course it requires a restart to take effect.

John
 
That's good. Luckily I use Google Chrome so hopefully it will not affect me (my system is set up for automatic updates though).

In terms of Youtube, Chrome usually defaults to the HTML5 method on mine.

Shane
 
At 10 AM Pacific time on Thursday, Microsoft will release an update to address the zero day vulnerability recently disclosed in all versions of Internet Explorer.

The advance notification of the update lists Windows XP as among the affected platforms, indicating that it will be among the platforms patched, in spite of its support period ending weeks ago.

-AL
 
Dinorius_Redundicus said:
It's well past 10am US Pacific Time now. Has anyone got the update yet? No sign of it here.
Click to expand...

Security Update for Internet Explorer for Win 7 for 64 based systems (KB2964358) is the only update showing on my Win7 64bit system for Explorer, as at 12.52pm 02/05/2014. (05/02/2014 US)...

Cheers, Mac...
 
Last edited:
meatloaf747 said:
Security Update for Internet Explorer for Win 7 for 64 based systems (KB2964358) is the only update showing on my Win7 64bit system for Explorer, as at 12.52pm 02/05/2014. (05/02/2014 US)...

Cheers, Mac...
Click to expand...

Hi Mac,

I received mine earlier today since I am in the -5 GMT, or Eastern Time. Since my updates are not automatic, I had to check for updates to ensure there was something available. Perhaps your system is configured the same and you need to check manually for available updates.

John
 
Spot on, John.

In addition to the security update, there were 4 other optional/recommended updates including one about nVidia Graphics Adaptor, so I got them all.
 
You must log in or register to reply here.

Similar threads

W
TS2009 - my review
2
Replies
29
Views
7K
jadebullet
J
Back
Top