A newly discovered security gap in Internet Explorer could allow hackers to take control of your machine. We explain the problem and what you need to do to protect yourself.
Is it serious?
The problem is serious both because of how widespread it is and how serious the consequences are. Microsoft says around 10,000 websites have been tweaked to exploit the problem and it estimates that one in five hundred internet users have been affected so far. That may not sound like many, but it works out at around two million people.
At the moment the only evidence of hackers taking advantage involves them stealing passwords for online games. However, given how many computers are at risk, it’s close to certain that criminals will attempt to use the problem to steal more important data or spread serious viruses.
Does it affect me?
The problem can affect every Windows user running Internet Explorer, including those on Vista. (It had been thought Vista was immune, but it appears this confusion was because most users were protected by a security feature which is switched on by default.)
So far, hackers have only exploited the problem in Internet Explorer 7. However, security experts say that in theory the problem should affect all editions of Internet Explorer.
What is Microsoft doing to protect me?
On December 17, 2008, Microsoft issued what it called an out-of-cycle update – in other words, an emergency patch. You can download the patch from both the Microsoft Update and Microsoft Security Center websites. It will also be downloaded automatically to machines with Automatic Updates switched on, though this may take a day or two to reach all machines.
How common are these emergency patches?
They are comparatively rare: aside from one in October, the last one was in April 2007. Because such patches bring bad publicity, Microsoft usually only issues them when there is a serious problem which cannot wait until the next scheduled update, often because hackers are already taking advantage.
Are there any other steps I should take?
As well as the usual advice about running antivirus and firewall programs, Microsoft recommends users go into Internet Explorer’s Tools menu and then the Internet Options menu; from here, set security settings to ‘High’.
It also recommends setting up a Windows user account set to ‘Limited’ rather than ‘Administrator’ and using this account until the patch is downloaded and applied.
Should I switch browsers?
Many technology experts have said rival browsers such as Firefox and Chrome are safer, partly because they have fewer security problems and partly because hackers are much more likely to target the more popular Internet Explorer as it has more potential victims. Since this story broke, even mainstream newspapers and broadcasters have recommended people switch browsers.
While Internet Explorer usually has the most problems, it’s worth remembering that all browsers have security issues: an update to Firefox this week included fixes for four serious problems. That said, it is certainly worth trying other browsers to see if you find them more usable.
Images
