I have written several times about the high risks of using Microsoft's Internet Explorer web browser. The security problems just keep coming and coming. If you were surfing the web last Friday night or Saturday morning and you were using Internet Explorer, there is a chance that your Windows computer became infected with an Internet "worm." This happened even if you did not directly visit an infected site.
It seems a hacker managed to load malicious code onto a web server that delivers advertising directly to users who visit other web sites. If you browsed with Internet Explorer to an infected site, the code then placed a worm inside your copy of Internet Explorer. The worm allows hackers to take control of the infected PC and steal personal data from your system.
While the site you knowingly visited may not have been infected directly, that site may have delivered advertisements to you from a third-party server. The infected server passed on the infection to your copy of Internet Explorer, even though you never saw its URL in your web browser's address bar. The recommendation is that everyone update their virus definitions from the software vendor's web site and then scan for viruses immediately. In addition, Windows XP users should install Windows XP Service Pack 2, if possible. Anyone running Windows 98, ME, or 2000 has no recourse for closing the known computer security holes; Microsoft has not issued a fix for those systems.
Before those of us with Windows XP get over-confident, we need to remember that Microsoft Service Packs are designed to fix specific, known problems. However, they do not address the underlying security weaknesses that continue to let hackers find other ways into home computers. And the primary avenue for these hackers is Microsoft Internet Explorer.
I have a better idea: dump Internet Explorer. It is weak, slow, and riddled with security problems. Every few weeks a new exploit appears that takes advantage of Internet Explorer's weaknesses. This past weekend's exploit was Internet Explorer-specific: it did not infect other web browsers.
There are better, faster, and more secure web browsers available. Some good ones are even free of charge. My favorite is Firefox, available for Windows, Macintosh, and Linux. It is fast, it is secure, and it is free of charge. It also has many more features than Internet Explorer. You can obtain Firefox at no charge at http://www.mozilla.org. Another good one for Windows is Opera, available at http://www.opera.com.
You do not need to uninstall Internet Explorer; simply stop using it. As some of you may know, downloading updates from Microsoft's web site - including Windows XP Service Pack 2 - requires Internet Explorer. This would appear to be a "Catch-22." However, if you stick to the one task of downloading needed Microsoft updates and do not leave the Microsoft web site, you should be able to complete the necessary download with minimal security risk.
For everything else, use a better tool instead. You can read my earlier review of Firefox at http://eogn.typepad.com/eastmans_online_genealogy/2004/11/a_better_web_br.html. Note that a number of readers of this newsletter posted their comments at the end of the article, describing their experiences with Firefox.
You can read more about this past weekend's problems with Internet Explorer at the highly-acclaimed Information Week magazine site at http://informationweek.securitypipeline.com/news/53701328, on eWeek's site at http://www.eweek.com/article2/0,1759,1730877,00.asp, on ZDNet's site at http://news.zdnet.com/2100-1009_22-5462862.html, on PC World's site at http://www.pcworld.com/news/article/0,aid,118687,00.asp and and probably hundreds of other sites if you look at Google at http://www.google.com/search?hl=en&q=Hacked+European+Ad+Server+Infects+IE+Users&btnG=Google+Search.
Which web browser would you prefer to use?
NOTE: This newsletter's web site at www.eogn.com does not serve ads from any third-party server and therefore would not cause the specific problem that affected other servers this past weekend.