I wrote this email to my (non-technical) family with the subject, "My Christmas Wish."
Folks,
In light of the most recent "Zero Day" security vulnerability in Internet Explorer, I am writing this to ask all of
you who still use it to consider switching browsers. IE is by far the most ubiquitous source of junk on Windows
computers outside of unsafe downloads. Other browsers do much more to protect you.
So-called "Zero Day" exploits occur on a regular basis and leave you vulnerable to attack for weeks at a time. For
example, the Chinese attacks on Google relied on vulnerabilities in Internet Explorer to steal users' account
information. Google now has a policy tightly restricting the use of Windows and IE to only employees who need it for
testing purposes.
You don't have to do much to pick up malware via websites. There are myriad ways for attackers to deliver malicious
code that you will never see, and often your virus scanners cannot detect either.
http://isc.sans.edu/diary.html?storyid=10132
http://www.microsoft.com/technet/security/advisory/2488013.mspx
It's incredibly easy to avoid the whole mess. Install another, faster and more secure browser. Delete the IE icon
from your desktop and quickstart bars, especially if others use your computer. Set the other browser of your choice
as the default. Here's a list of modern, secure browsers, in my personal order of preference.
http://www.google.com/chrome
http://www.mozilla.com/en-US/firefox/
http://www.opera.com/
http://www.apple.com/safari/
If you can't see yourself using another browser, at least use Chrome for your sensitive data and IE for everything
else. That way at least your bank accounts and health records will be slightly harder for attackers to steal.
Lastly, if you haven't done it in a while, check for updates on the other programs you use regularly, especially
instant messaging like Skype, AOL, MSN, and Yahoo!. Many programs have an automatic update feature under the "Help"
menu that will automatically do all the dirty work.
-Al