| Reply to Thread New Thread |
01-24-2010, 06:43 PM
|
#1 |
|
|
 The IE Fix is in
The IE Fix is in
First, the good news, Microsoft's fixed the IE bug used to attack Google. The bad news: the bug had been known for months. January 24, 2010, 12:00 PM — I still think that the safest thing you can do about your Web browsing habits is to switch from IE (Internet Explorer) to Firefox or some other browser. But, if you're wedded to IE 7 or 8--please, please stop using IE 6--Microsoft has made a fix available for all versions of IE. If you're reading this and you haven't upgraded your copy of IE yet, do yourself a favor, do it now. I'll wait for you. OK, using updated IE or some other browser now? Good. Now, for the bad news, it turns out that Microsoft knew about this critical bug since last August!. Some people are making excuses for Microsoft that five months isn't too long for them to fix this, and seven other serious IE bugs. Please. Give me a break. Serious security bugs are found and fixed in open-source software in days or weeks. Why should Microsoft get a free pass? In its last reported quarter, Microsoft had a net profit of more than 3.5-billion dollars. Is it too much to ask for that they spend more of that on patch programming and quality assurance? But, what worries me far more than Microsoft's tardy ways when it comes to fixing major problems is that a relatively unknown bug was used in the attack. Usually, criminal hackers are a lazy lot. They wait until some security researcher or the other reveals a security hole, and then they attack it. Or, more likely still, they wait until a company announced a patch for a known security hole, and then they jump on it. In other words, they're not really hackers at all. They just have a bag of trick attacks that they deploy once someone else has shown them the way to a security hole. That's why it's so important to patch your software the second a fix is available. It's that brief period between when a security hole is fixed and most users have patched it that the crooks have their best chance to corrupt the most PCs. That wasn't the case here though. This time, someone, Google claims the Chinese government, worked on a very successful attack before the security hole was publicly acknowledged, much less fixed. This indicates to me those China-based hackers, or some other group that's not made up of lazy crooks, is now turning their attention to exploiting Windows' myriad security holes. This is bad, bad news. In the past, if you kept your Windows and its software up to date with patches and used security software, you were relatively safe. Now, now I'm not so sure. It also makes me worry about Linux and Mac OS X. Yes, they're both inherently more secure than Windows, but that doesn't mean they're perfectly safe. They're not. No computer operating system is. They're just much harder to attack. But, if some large, well-funded group with technical savvy is now working on not just exploiting security holes, but finding them, then it makes sense for all of us, no matter what we're running on our computers, to be much more cautious. Be careful folks. It's getting ever more dangerous out there on the Web. http://www.itworld.com/security/93883/ie-fix |
|
|
01-24-2010, 06:49 PM
|
#2 |
|
|
Link to Microsoft Security Bulletin MS10-002
http://www.microsoft.com/technet/sec.../ms10-002.mspx This patch is VERY important. If you have not patched your system do so TODAY. Right Fraking NOW! Several websites have already been compromised as platforms to inflect your computer. If you are still using IE 6, upgrade to 7 or 8. A better option is to use a different web browser such as Firefox or Google Chrome. To update your system : http://helpdesk.wisc.edu/page.php?id=2121 |
|
|
|
01-24-2010, 07:13 PM
|
#3 |
|
|
I need to update to 8 first then do the other part? I don't have Firefox on this computer but son installed it on the laptop.
|
|
|
|
01-24-2010, 07:25 PM
|
#4 |
|
|
If you update to 7 or 8 then you have to repatch. So I would upgrade the browser first and then install all needed patches. If you run windows update and select custom NOT express you can control what is installed. You'll need to run it several times if you are not set for automatic updates.
|
|
|
|
01-24-2010, 07:28 PM
|
#5 |
|
|
Link to Microsoft Security Bulletin MS10-002 |
|
|
|
01-24-2010, 07:36 PM
|
#6 |
|
|
I went to the update site above, got some nice pictures, but nothing happened when I would try to click on the recommended functions. I already have Windows 7 on this computer so maybe I do not have to update. |
|
|
|
01-24-2010, 07:49 PM
|
#7 |
|
|
Tips worth reading in this article to protect yourself from this exploit.
http://windowssecrets.com/paid/100121/#story1 |
|
|
|
01-24-2010, 08:34 PM
|
#8 |
|
|
All versions of windows are vulnerable but Vista and 7 by default are set to automatically update. Most likely your system has already performed the update. And if you are running Windows 7 then Internet Explorer 8 is installed by default. Even so you should use Firefox and not IE. IE any version is not as safe as Firefox. I can't run it on my desktop system for some reason (it freezes...tried uninstall/reinstall to no avail), but it is what i use on my laptop and at work. On a sidenote, this is a good reason to not use hacked software. use only licensed stuff so you can have access to all the security updates. |
|
|
|
01-24-2010, 09:46 PM
|
#9 |
|
|
All versions of windows are vulnerable but Vista and 7 by default are set to automatically update. Most likely your system has already performed the update. And if you are running Windows 7 then Internet Explorer 8 is installed by default. Even so you should use Firefox and not IE. IE any version is not as safe as Firefox. |
|
|
| Reply to Thread New Thread |
«
Previous Thread
|
Next Thread
»
Linear Mode
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
