Major flaw revealed in Internet Explorer; users urged to switch

[magicfingersny]

Major flaw revealed in Internet Explorer - Patch Released UPDATE YOUR BROWSER

Patch Released by Microsoft: If you have auto Windows Update the patch should install by auto. If not here is s guide how to install the patch

http://www.microsoft.com/protect/computer/updates/bulletins/200812_oob.mspx
default vista: http://update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us


OK I'm definitely a non-techy but need some help here. I have IE & firefox3 but hadbeen using IE and when I opened a window with it firefox seemed to open as well. If I try to just open firefox alone I seem to get some conflicts, freeze-ups etc. Suggestions please

MEANWHILE I THOUGHT THIS WAS URGENT INFO FOR EVERYONE

http://tech.yahoo.com/blogs/null/111811
Tue Dec 16, 2008 11:49AM EST
See Comments (104)

Buzz up!on Yahoo!The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)

Expedient patching or switching are essential. Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser. It's now down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated. (To clarify: You don't need to uninstall IE, just don't use it for the time being.)

Links for other browsers to try: Firefox Chrome Safari Opera

 

[scoochamenz1]

thank you

 

[elmo16]

Why are you, or anyone else still using IE? I only use it to get Window updates from Microsoft as Microsoft doesn't any other browser to get Window updates. My main browser is Firefox, although I use Chrome a lot also. Chrome seems to render some web pages better then Firefox, and is a lot faster.

 

[magicfingersny]

1)Probably because that is what the monopoly of microsoft installed on my computer.
2)When I read the post on it, it sounded like a potentially major threat to all computer users so I was posting a piece of information that I believed to be vital importance, and that if it benefits 1 of the 66,000 members on this board is worth it as far as I am concerned.
3) I am not computer savy at all. At the advice of others I installed Firefox, but I keep having conflicts with it, as I stated at the start of my post!
4) You seem to post a lot of tech info, much of which is above my head. Maybe if you would add some layman explanations as well, it would be of great benefit to me.
Thanks!

 

[Duckman]

Why are you, or anyone else still using IE?

There are still vendor-specific tools and web sites that insist on IE as they use active x controls. Although I use firefox as much as possible, I still have to use IE because of active x controls, e.g., using the Cognos web client.

 

[marcinny]

True, I use Firefox almost 100% it is been almost a year now. However, there are programs and services that are compatible only with IE.

For example, the only way to watch a movie on-line from Netflix is to use IE.

 

[elmo16]

With all this hoopla, no one has actually suffered any damage or experienced any problems with IE.

Whenever I hear or read about what "experts say" or "a study showed" or what "they" or what "every body knows", I tend to ignore it.

 

[magicfingersny]

Which is better elmo?
To post and find that nothing happens or
to remain silent and risk others suffering irreparable damage.
As I said further up this thread I am a non-techie person
It would be helpful to me and I am sure others like me
if you were to post some things that might be either explanation or guidance to us non-techie.Other tech types have offered guidance and advice, when I am sure I posted what was probably a rather simple question, but was beyone the scope of my knowledge. Reading back in this thread from what others have posted it seems there are still time when IE is needed and necessary. As amatter of fact someone sent me something quite recently that needed the active-x component.

 

[elmo16]

Which is better elmo?
To post and find that nothing happens or
to remain silent and risk others suffering irreparable damage.
As I said further up this thread I am a non-techie person
It would be helpful to me and I am sure others like me
if you were to post some things that might be either explanation or guidance to us non-techie.Other tech types have offered guidance and advice, when I am sure I posted what was probably a rather simple question, but was beyone the scope of my knowledge. Reading back in this thread from what others have posted it seems there are still time when IE is needed and necessary. As amatter of fact someone sent me something quite recently that needed the active-x component.

Get a good security suite, I use Norton 360 Vs. 2, I also use PC Tools Spyware Doctor. I update both every day. I also get all window updates. I run a scan with Spyware Doctor on a regular basis. I make sure that PC Tools Spyware Doctor’s real-time anti spyware is turned on and have PC Tools check everything. Have Norton check everything as well.
Double click “My Computer”, right click on “Local Disk C”, and click on “Disk Cleanup”. This removes all temp files, cache files, internet temp files, etc. Uncheck setup log files as you will need these to properly uninstall files and programs. Also don’t remove “Catalog files for the Content Indexer” as Windows Vista needs these to find files on your computer. Then run a registry cleaner and finally, defrag your hard drive.
After your computer is squeaky clean and properly defragged and updated, backup your entire computer to an external hard drive with good backup software like Norton’s Ghost. Do this on a regular basis. Make sure that your external hard drive is at least twice as large as your computer’s hard drive so that you can make at least two copies of your hard drive. Make sure that you label the disk image so that you know which is the latest disk image. Also make sure that you have the backup software verify the backup image after it is made. I don’t like to make incremental backups as these can confuse that backup software, especially if you delete files on a later incremental up date. I like to make a fresh complete disk copy. Make sure that your backup software allows you to make an emergency recovery disk just in case you can’t boot your computer to Windows. This is why I don’t use the backup feature of Norton 360 as it doesn’t allow for a emergency recovery disk.
Also, don’t download free video games as these almost always have serious worms and spyware (in fact, be very suspicious about any free software especially if it comes from a Russian web site). Don’t open email attachments from people or institutions you don’t know. Real banks will never ask you for personal information in a email. Don’t go to a Banking or other serious web site from a link in an email. There are many other hints I could give you, but I’m getting tired right about now and I’m sure that there are other frequent posters who will add things or contradict me.
In this day and age, you can’t afford to be a non-techie. You have to know how to drive well, you also have to know how to use your computer well too. Read reviews, computer web sites, forums, etc.

 

[Left_the_scene]

better yet, screw PC based security for the most part. I mean, DO use an anti spyware and and anti virus on your PC, run them regularly, but you can forgo the real time scans if you have a decent deep packet inspection type firewall with inline anti vrus/anti spyware. These will scan the packets as they come in for viruses and malware, and not tie up your PC CPU resources while doing so. Something like the fourth generation Sonicawall series firewalls. Of course you pay through the nose for this type of setup (figure in the 500-800 dollar range for the initial hardware plus a couple hundred a year for the subscribtion to the security threat signature updates - and yes, those prices are for the models aimed at home or small home office users - the higher end ones go up into 5 figures)

Also using something other than the stock windows IE as your browser is safest. Other browsers get security issues as well, but are not exploited as much simply because the payoff for the criminals is not as high - fewer users means fewer targets.

When you absolutely MUST surf a site that you are not comfortable with, I highly recommend using Lynx for your browser- it's text only, and does not allow plug ins. There is nothing in it that can be exploited for the most part. It woin't run flash, or javascript, etc. I have used it to surf UG at work, since it does not look like a browser (hence casual observers don't even realize I am surfing), and it won't show the scantily clad excort banner adds at the top of the pages. Plus, it's FAST.

 

[xcalibur]

posted patch info in the OP