How to Protect Yourself from Internet Explorer
For the second time in the last few weeks, a major problem has been identified that affects a large number of computer users. While this exploit doesn't have a catchy name like the "Heartbleed" bug from early April, it is still very dangerous, and you should take immediate steps to prevent you or your clients from being exploited by evil-doers.
The bug exists because of an old, deprecated method of showing graphics files on Internet Explorer. It is certainly a hodgepodge of an attack, but it is still extremely dangerous. The exploit allows an attacker to take complete control of your computer, allowing them to run and install whatever they please. Essentially the exploit works as follows:
1. A bad or compromised website displays a carefully crafted Adobe Flash file.
3. There is a flaw in this rendering engine that allows the attacker access to your computer.
As stated earlier, this VML rendering engine is now deprecated and has been replaced by more modern techniques of displaying graphic files. While this problem only affects Internet Explorer, the flaw is found in all versions of the web browser from 6 to 11. The US government has issued a statement saying that everyone should consider using an alternative to Internet Explorer immediately until a patch is provided. While this is a great suggestion, many people do not have this option. If you are in a corporate environment- Does your IT administrator allow you to install third party software? Probably not.
The other issue is that if you're still using XP, you are going to be running either version 6,7, or 8 of Internet Explorer. You are not able to upgrade to a later version of Internet Explorer, or even worse, Microsoft ended support for Windows XP earlier this month. This means that Microsoft will be fixing the problem for later versions of Windows, but not yours.
It has been determined that Windows XP still accounts for 28% of all internet-connected computers. this is a huge number of computers that are potentially at risk. In order to help you, we have a few suggestions. You may have to work closely with IT in order to accommodate some of these:
1. If you're still using Windows XP, upgrade. This flaw is the first of many that are likely to be found in the coming months. Microsoft will not be fixing any of these flaws and things are only likely to become worse over time. Save yourself the heartache and do something about it now. This may be costly, but the cost is worth it. Imagine having a compromised system sitting in your corporate network. How long until it is discovered? What data could you be leaking in the meantime? Upgrade now and avoid the risk.
2. If you're still using Windows XP, upgrade. This flaw is the first of many that are likely to be found in the coming months. Microsoft will not be fixing any of these flaws, and things are likely to become worse over time. Save yourself the heartache and do something about it now. This may be costly, but the cost is worth it. Imagine having a compromised system sitting in your corporate network. How long until it is discovered? What data could you be leaking in the meantime? Upgrade now and avoid the risk.
3. If you sign in to your computer with an administrator account, stop immediately. Create a standard user account and use that instead. 98% of the attacks used against Windows systems can be avoided if you are not using an admin account. When you have limited privileges, so does any attacker trying to use your account.
4. Install all Windows updates available for your system. Yes, this is annoying and sometimes time-consuming, but these updates are meant to protect you and your data from attacks such as this.
5. Stop using Internet Explorer. Work with your IT support to find a different web browser that is not affected by this problem. Such browsers include Mozilla Firefox, Google Chrome, and Opera. These browsers are also updated frequently.
6. Stop using Flash. Unless you absolutely need Flash on your computer, remove it. Yes, this will stop YouTube from working, but let's face it, this can only help you become more productive anyway.
In closing, we have two additional comments: Be careful with the websites that you visit. Don't fall into the trap of clicking anything that comes your way. Visiting an unknown website is a surefire way to get infected with something dangerous.
Secondly, there are several "unofficial" patches that you can employ on your systems, but this can only go on so long before the attacks and the exploits become too advanced for unofficial fixes. We can't reiterate enogh- If you are on Windows XP, it is only a matter of time until you are compromised.