Internet Explorer flaw and protecting yourself
It seems there is a new, major computer security breach or issue popping up all around us on a weekly, if not daily basis. Unfortunately, it doesn’t appear the bad guys are going to let up; a new era is officially upon us where any information that holds any type of value is under constant siege and the bad news is that this line of thought is here to stay.
Case in point… Remember a few years ago when identity theft was covered consistently by the media? What happened to the constant media coverage? Has identity theft miraculously gone away because of new changes in place? No, thieves are still stealing identities at an alarming rate and with greater ease than they were just a few years ago.
The difference is that identity theft is no longer the worst thing out there and the media (and us in general) have become somewhat complacent and accepting of identity theft. It’s going to happen and simply a matter of when and how; the difference is that all of it may occur without any fault of your own.
The big security issue this week deals with Internet Explorer. Internet Explorer is the lower case ‘e’ you might find on your desktop to browse the internet. First and foremost of importance is that this particular flaw doesn’t require you to do anything out of line on your end other than simply browsing to a website. Keep in mind that an “infected” website doesn’t necessarily mean the dark, shady corners of the internet. In the past, websites inadvertently serving up malware to unsuspecting users have included some of the most notable and trusted websites on the internet.
Second, Microsoft has yet to release a security patch for the vulnerability. That means you could be doing absolutely everything you are told to do — running Windows Updates, not clicking pop-ups, etc. — and you will still be susceptible. That being said, because the hole is tied to Adobe Flash, the good news is that Adobe has just recently released a patch for the software which patches the hole in a somewhat roundabout way. Microsoft will ultimately come up with their own patch to “officially” close the door on the flaw, but it might not be for some time.
Or will they? Microsoft will patch the hole for some, but not for all. The other importance of this issue is that Windows XP users will never receive a patch for this particular vulnerability. Yes, Adobe has released a patch for Flash users who are still running Windows XP, however, the underlying issue still exists. It’s not quite the worst case scenario or the official death knell for Windows XP, but it is the first major “enduring” blemish since Microsoft ended support for it on April 8th, 2014.
What are some simple steps you can perform to protect yourself and your data? Although it wouldn’t particularly help you in this situation, make sure you are running your updates! Whether those updates are for Windows, Apple, Adobe Flash, Adobe Reader or Java, it is always a good idea to keep them up-to-date.
At Sicoir, we always recommend an “alternative” browser for customers regardless of their operating system — Windows 7, Windows 8, Windows XP, Apple OS, etc. I would emphatically advise using an alternative browser if you are still using Windows XP. What is an alternative browser? Basically, you ditch Internet Explorer and instead use a free alternative such as Google Chrome, Mozilla Firefox, or Opera; most of the time, your internet experience doesn’t change and you typically will have a little higher level of security… especially if you are running Windows XP.
In closing, giving tips on keeping your Windows XP system safe doesn’t mean I condone using it, but that shouldn’t stop you from doing everything you can to protect yourself if you are.
Dallas Haselhorst, CISSP, GSEC, is the founding partner at Sicoir Computer Technologies (www.sicoir.com). He has more than 20 years of IT experience and in that time, he has traveled all over the U.S., physically and virtually, assisting companies large and small with their computers, networks and security. Whether dealing with an individual surfing the web or a business/organization whose primary data relates to PCI, HIPAA, or SOX, he has likely secured it in some way, shape, or form. When he’s not working, Dallas enjoys tinkering in all things technology and spending time with his wife, two children and their family dog.