Major flaw revealed in Internet Explorer; users urged to switch

Tue Dec 16, 2008 11:49AM EST

See Comments (161)

The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)

Expedient patching or switching are essential. Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser. It's now down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated. (To clarify: You don't need to uninstall IE, just don't use it for the time being.)

Links for other browsers to try: Firefox Chrome Safari Opera

Comments on Major flaw revealed in Internet Explorer; users urged to switch

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by paulskalleberg on Thu Sep 3, 2009 8:03PM EDT Report Abuse

    So, as long as I don't open IE, I'm safe? I use FF but occasionally open IE. Also, I use the IE Tab extension -- is that affected as well?

  • 7 Posted by donaldsrockets on Thu Sep 3, 2009 3:46PM EDT Report Abuse

    I always use Mozilla Firefox with the NoScript addon installed. I only use IE for Windows updates.

  • 8 Posted by precisionsax on Thu Sep 3, 2009 8:18PM EDT Report Abuse

    Please, give it a break, just because you hate Microsoft you should not be recommending everyone switch to a different browser. All users have to do is simply clear any passwords stored in IE which is a simple two step process. This is not a safe place to have them anyway and one shouldnt be to lazy to enter a password when logging on to a web site.

  • 9 Posted by dl_beam on Thu Sep 3, 2009 3:45PM EDT Report Abuse

    We also use Fire Fox on our computer because the internet explorer kept freezing up. I do how ever have a question to anyone who uses Fire Fox; I updated to the latest version and now every time I open it up I get this page saying you have been updated to latest version can anyone tell me how to get rid of this? I have tried resetting my homepage and that doesn't work and I have had several look at it and no one can get rid of this play. Would appreciate anyone input!! DeeDee

  • 10 Posted by edwards9tcnj on Thu Sep 3, 2009 3:52PM EDT Report Abuse

    yes it's always good to stay away from internet destroyer... ehh explorer

  • 11 Posted by attitude631 on Thu Sep 3, 2009 2:59PM EDT Report Abuse

    I don't use IE anymore it is so slow, and always has to close. I got sick of it. I have been using Mozilla Firefox.It speeds right along and has minimal problems. Way better than IE any day and IE always has some kind of security flaw. You think they could get it right after all this time. Guess not.

  • 12 Posted by strevel on Thu Sep 3, 2009 9:45PM EDT Report Abuse

    I design webpages and live or die via my system and passwords. My system is my life, literally. Any ability to access passwords is not good for anyone. I use Firefox and Opera anyhow. In fairness, Microsoft has more problems because they are larger and are a bigger hit. Firefox and Opera (IMHO) are great, just smaller and a more ego laden hit. Easy way to concoct passwords...take two license plates and put them together on paper. Keep the note. Very secure system, just don't forget your password. :) Don in Las Vegas, NV.

  • 13 Posted by rontech420 on Thu Sep 3, 2009 8:50PM EDT Report Abuse

    I don't use IE. I don't even want it on my computer. When is Microsoft gonna let us remove it completely without screwing up the system? I would give my left nut to get IE off my computer...

  • 14 Posted by kentville on Thu Sep 3, 2009 4:49PM EDT Report Abuse

    I run both, but mainly use Firefox, because I find it to be much better than IE.

  • 15 Posted by thomcanova on Thu Sep 3, 2009 10:08PM EDT Report Abuse

    thank you Steve Jobs. I bought it, turned it on & got to work. No insecurity here.

  • 16 Posted by steve01832 on Tue Dec 16, 2008 9:35PM EST Report Abuse

    I may take some heat here, but I'll say it again. Get rid of Windows and switch to the Linux operating system. It is much more secure and stable.

  • 17 Posted by thekclyon on Thu Sep 3, 2009 10:04PM EDT Report Abuse

    Too bad they ALL suck. Yeah. I said it.

  • 19 Posted by undocumentedspot on Thu Sep 3, 2009 10:28PM EDT Report Abuse

    The best feature of Internet explorer is the X button at the top How long we must say this to newbies, LEAVE THE danged IE. how long we are going to be tortured by all the IE flaws. but I laughed when I heard IE users against PWNED. keep getting duped. I wrote about this subject on my blog (link in my profile) and made a new lyrics called : "Wednesday Bloody Wednesday" all celebrating IE flaws while crying for those of us programmers who are sure that newbies will continue using IE as usual.

  • 20 Posted by nitinmittal85 on Thu Sep 3, 2009 7:39PM EDT Report Abuse

    This article on Yahoo's home page is asinine at best. Get over it - you will never get $31 or anywhere close to it for your stock. Switching to a non-IE browser is not the answer; being more careful on how you use IDs and passwords is something we should all practice anyway.

  • 21 Posted by jjcyr527@rocketmail.com on Thu Sep 3, 2009 4:35PM EDT Report Abuse

    IE not so good. I tried Firefox on my flashdrive. It was great! Then it took me weeks to convince my mom for Firefox. She isn't so tech saavy. So yeah go firefox.

  • 22 Posted by last_man1 on Thu Sep 3, 2009 4:56PM EDT Report Abuse

    What "flamers beating up on Microsoft" one day before they release "the Fix". Switch browsers, no way. All one had to do was turn on the "DEP" setting for the Windows OS to mitigate the exploit. It if was dire Microsoft could push an Update silently (Yeah, they can modify the registry anytime they like) though it's not common knowledge. Firefox, no way Security Chief is quiting said impossible to build totally secure Browser (finally admits it) ha ha. Safari, nope takes Redirects (bad) Chrome(Google following you like a stalker)nope. Internet Explorer is fine you have to utilize it with some sense, as anything.

  • 24 Posted by storageunit33 on Thu Sep 3, 2009 9:45PM EDT Report Abuse

    I actually had this problem that he is describing and it sucks. It's called Spyware.ISpynow. It turns off all of your virus scanners and spyware scanners and it won't let you update them either. The internet barely works and it tries to get you to download a fake virus program. It also doesn't allow you to go to download any real virus programs to get rid of it. I finally was able to get to a site where people could help me and hundreds of other people had the same problem. I do remember reading one year that IE had 98% of virus/spyware problems and FireFox only had about 2%. That seems to happen every year. Firefox is all I use now.

  • 25 Posted by last_man1 on Thu Sep 3, 2009 4:56PM EDT Report Abuse

    Had a really nice commentary to post but no such luck, criticizing Microsoft one day before patch release. Please get a life. All one had to do was turn on "System DEP" for the OS. IE7 runs in "Protected Mode on Windows Vista". Switch browsers.....Ha ha ha. Get some sense people.

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.