Thursday, December 18, 2008

Time to switch browsers

This blog was titled Kosher Computing for a reason. With a goodly number of certifications to my credit, it is my intention to broadcast to cyberspace suggestions on best practices and, when the occasion warrants, to warn of potential problems. If you are using Internet Explorer to read this blog, you are in very serious trouble as of today. As a Microsoft Certified Systems Engineer, it is not in my interest to make Microsoft look foolish or imply that their products are in any way less than sterling. However, over the course of the last few days, a serious security vulnerability has been identified by hackers that will allow websites and hackers which know how to manipulate Internet Explorer browsers to learn of passwords. In effect this could allow devious parties to gain access to sensitive information or in a worst case scenario could empty one's financial resources in seconds. The problem was reported on the ABC, Huffington Post and BBC sites among others. Estimates state the problem is mostly confined to websites hosted in the Far East and that only .02% of the world's websites are affected at present. However, that number at present translates to about 10,000 websites and could rise exponentially as soon as hackers get to work trying to take advantage of the vulnerability. For those of you who are looking for a solution, Mozilla's Firefox is probably the best alternative. This open source browser has been a favorite of many Internet surfers for a variety of reasons, chief among them is security and an almost vigilant determination to prevent hackers from doing just what Microsoft's Internet Explorer could be permitting at this juncture. Here's the site to download Firefox 3.0. Other web browsers that are good temporary choices are Safari, Opera or Chrome. It is highly recommended that you switch to one of these until a patch for the problem is announced and available from Microsoft. If you insist on using Internet Explorer, I have a few suggestions. First, if you are using your Administrator account (or an account that has full Computer Administrator privileges), switch to a profile that has limited abilities. You can easily create one under the Users icon found in the Control Panel. Just remember to give the owner or Administrator account a password and don't forget it. I don't recommend ever writing a password down or saving it to a plainly titled file like "Passwords." However, if you switch to a limited user account, the vulnerability probably won't have access to your original account files. You can, of course, share files with yourself, but that defeats the reason for creating the limited access. If there are files you need to use, I recommend copying them to a flash drive and keeping the flash drive plugged in while using the limited access account. Also, if you still insist on using Internet Explorer 7 or the Beta edition Internet Explorer 8, turn Protected Mode on. Make sure to have the latest updates available from the Microsoft.com site, which can be located through Tools and the sub-menu Windows Update at the top of the browser. Aware of the problem, Microsoft has just released an emergency patch. You can find the link for the patch here. However, in the meantime, I would still be cautious and use an alternative browser for another day or two until reports are in that suggest the problem has been nipped in the bud. Or, you can do like I do when writing my blog: use a Mac.

No comments: