This morning Microsoft released a patch for Internet Explorer to prevent an exploit that became publicly known in the last couple of days. The fear is that the bad guys will quickly come up with ways to demagnetize your credit cards and kill your pets if you don’t install the patch. Your computers will be updated automatically tonight and might restart. The patch has a severity rating of “Critical.”
You should install the patch. But the usual articles are appearing about how this demonstrates that Internet Explorer is unsafe and anyone using it deserves scorn or pity, depending on how generous the author is.
The bad guys move very quickly and this exploit will presumably start being used more widely but at the moment its only public appearance has been on a few hundred Taiwanese or Chinese web sites set up to steal online gaming passwords. It’s not a good time to visit porn, hacking, cracking, serials and key-gen websites. I dunno, maybe I just know nice people, but I don’t know many people who will have a problem with that. If you follow the rules at the bottom of this post, none of these exploits will ever mean much to you!
It’s natural to be curious about using another program when there is so much coverage of IE’s patches.
A lot of people talk about Firefox, which achieved quite a distinction this week when it was named the Most Vulnerable Software Program running on Windows. “In 2008, Mozilla patched 10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed URI links, documents, JavaScript and third party tools.” Four of those vulnerabilities have a severity rating of “Critical,” three have a rating of “Severe,” and three have a rating of “Panic.”
Perhaps you’ll consider Opera, an open-source browser with a good reputation, which yesterday released an upgrade that fixed seven security problems that “could lead to remote code execution if an Opera user is tricked into surfing to a maliciously rigged Web page.” Two of the bugs are rated “Oh My God,” three of them are rated “Apocalyptic,” and two of them are rated “Purple.”
You’ll want to look into Apple’s Safari browser, whose last patch in November fixed 11 security problems – four were rated “Meltdown,” and the rest were rated “Zesty.”
A few of you are so tired of constant updates and security problems that you’ll buy Macs for yourself this Xmas. This week Apple released Mac OS X 10.5.6, the sixth update since the Mac OS was released just over a year ago. Apple recently urged all Mac users to install antivirus software, but it’s not because Macs are insecure! Don’t be thinking that! It’s because, um, antivirus programs can be used by the kids for fun and interesting science fair experiments. Yeah, that’s it.
Wanna be safe? Use Internet Explorer, keep your computer up to date, and follow these rules.
Antivirus software will not always protect you against malware if you click OK at the wrong time!
Don’t click on strange URLs! Follow links with carefree abandon to and from legitimate sites, but don’t click on links that arrive in spam e-mail, instant messages, web forums, or IRC chats, or that start from an untrustworthy web site.
Never, never, never open email attachments unless you know with 100% certainty that the attachment is something you expected and want to receive.
The bad guys are liars. They will say anything to get past your defenses, without conscience or remorse.
Please, be careful out there!