Major flaw revealed in Internet Explorer; users urged to switch

Yet another problem with IE - oh dear!

by Michael Smith

A major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8 has been discovered. The attack has serious and far-reaching ramifications – and they are, so we understand, not just theoretical attacks. This flaw, in fact, is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts – and that includes us at ICT Review – are counseling and encouraging users to switch to any other web browser; none of the others are affected,such as Firefox, Chrome, or Opera. Do so at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." How could and would they recommend anyone to switch anyway and anyhow. They want people to use their faulty products, same as with the software in general. In addition to that their websites – many of them anyway – in the Windows Live department do seem to have problems rendering properly in other browsers. No surprise there on either count.

Microsoft adds that it is working on a fix but has offered no estimated times on when that might happen and be ready to be released on the unsuspecting public. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds.

There some reports state, however, that none of those the fixes actually work, and that also does not surprise me after the fiasco with a patch that screwed up the workings of a number of encrypted USB drives, such as Cruzer Enterprise and the hotfix to fix this not fixing anything at all.

It is most essential now immediately that the flaw be patched but as a patch dopes not to appear to be forthcoming in the very near future there is but one advice that one gan give: change your browser NOW. Get Firefox.

Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, of which there can be no doubt, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser.

Now it is very much down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, one can but reiterate the advice and recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated, as you need not to uninstall Internet Explorer. Just do not use it for the present time.

I can also nigh on guarantee that once you have experienced the likes of Firefox browser and the security that it offers, especially with the add ons that are available – ensure though that you only download and install add ons that are from the Mozilla website and not from any others. Those from the Mozilla sites are guaranteed to work and free of malware.

© M Smith (Veshengro), December 2008