Major flaw revealed in Internet Explorer; users urged to switch

Tue Dec 16, 2008 11:49AM EST

See Comments (161)

The major press outlets are abuzz this morning with news of a major new security flaw that affects all versions of Internet Explorer from IE5 to the latest beta of IE8. The attack has serious and far-reaching ramifications -- and they're not just theoretical attacks. In fact, the flaw is already in wide use as a tool to steal online game passwords, with some 10,000 websites infected with the code needed to take advantage of the hole in IE.

Virtually all security experts (as well as myself) are counseling users to switch to any other web browser -- none of the others are affected, including Firefox, Chrome, and Opera -- at least for the time being, though Microsoft has stubbornly said it "cannot recommend people switch due to this one flaw." Microsoft adds that it is working on a fix but has offered no ETA on when that might happen. Meanwhile it offers some suggestions for a temporary patch, including setting your Internet security zone settings to "high" and offering some complicated workarounds. (Some reports state, however, that the fixes do not actually work.)

Expedient patching or switching are essential. Security pros fear that the attack will soon spread beyond the theft of gaming passwords and into more criminal arenas, as the malicious code can be placed on any website and can be adapted to steal any password stored or entered using the browser. It's now down to the issue of time: Will Microsoft repair the problem and distribute a patch quickly enough to head off the tsunami of fraud that's about to hit or will it come too late to do any good?

Meanwhile, I'll reiterate my recommendation: Switch from Internet Explorer as soon as you can. You can always switch back once the threat is eliminated. (To clarify: You don't need to uninstall IE, just don't use it for the time being.)

Links for other browsers to try: Firefox Chrome Safari Opera

Comments on Major flaw revealed in Internet Explorer; users urged to switch

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 66 Posted by siriusboy32 on Thu Sep 3, 2009 9:24PM EDT Report Abuse

    hello, i have been using internet explorer ever since the cable person set up roadrunner for me in my trailer,i have windows defender, and all my settings are set to high in internet options, and i think Mcafee is the best choice because its easy to use and it protects everything, i have been using those protections ever since and had no problems, please tell me if i should keep it that way or get something diff.

  • 67 Posted by hffunk6 on Thu Sep 3, 2009 4:18PM EDT Report Abuse

    I've been having a problem with my computer with programs not responding; like autosuggest drop-down, Imm???, Could this be a problem of IE? I tried downloading Firfox but it won't let me and I get the send or don't send error report. Any suggestions on fixing my problem? Thanks

  • 68 Posted by tf43 on Thu Sep 3, 2009 10:02PM EDT Report Abuse

    Going through some posts, but more curious as to how the trojan payload is delivered. Is it via spam e-mails, those silly popups, or other? Honestly, as sort of an IT person, I take precautions, but most do not, and hence infected with what ever is out there floating around. Open this, open that, oh...here's a cute e-mail...open it up...bang, infected. If that is the payload, still leaves me to wonder how it gets onto someone's site...they control the programing, and code behind the scenes...right... I certianly don't think I'm able to modify another website's code with a little touch of anything. Puzzled

  • 69 Posted by yuhateme2 on Thu Sep 3, 2009 10:58PM EDT Report Abuse

    Excuse my ignorance but I'll ask since this seems to be a real issue, how do you switch to "safari or firefox"? I have never heard of them but I'm definetly willing to look into it, thank you.

  • 70 Posted by immaculateproperty on Thu Sep 3, 2009 4:23PM EDT Report Abuse

    lol this is so not a surprise esp being a former H@xXz0r myself. Microsoft Windoze has always had ----- products poor to no quality infact Vista layout Aero is based off of a variant of Linux. point in case never use IE Explorer after this "flaw" (i.e. lazy coders and programmers) is fixed something else will come out we all remember the Active X Flaw days and there are still flaws with that. Firefox is good but i've found Google Chrome to beat Firefox hands down everytime regardless. Also the new Firefox 3 has a serious problem with crashing all the time the beta version of Ff3 never crashed not once wonder what happened..

  • 71 Posted by madcurtis.1959@sbcglobal.net on Thu Sep 3, 2009 7:02PM EDT Report Abuse

    As I have told ALL of my family and most of my friends, There is NO SUCH THING as secure on the internet. I do no banking whatsoever nor do I put anything with my SS number on the net. Security does not exist here and this I will argue AND WIN with anybody on the planet.

  • 72 Posted by madcurtis.1959@sbcglobal.net on Thu Sep 3, 2009 7:02PM EDT Report Abuse

    Oh My! (faint) Nothing is secure on the net. I will never put my sensitive stuff on this darn thing. NO WAY. You read about this stuff every day. You all ought to know better.

  • 73 Posted by dont_leave_home_wojesus on Thu Sep 3, 2009 3:46PM EDT Report Abuse

    Since I got my MAC (the last true MAC/Tiger) in Aug 2005, I have had no virus'. I don't know about the hybrid MAC. To my thinking it part MicroSoft, it has to be open for infection. Safari according to tests out performs the other browsers, tho' it true it's not compatible with some programs. I prefer Safari, because of the features it has, ease of use & stability. Never did care much for IE because its susceptibility,

  • 74 Posted by viperkhan2000 on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    BSOD, RROD, IE security problems, you get the gist of Micro$oft. Deny first when discovered and patch later when screwed.

  • 75 Posted by noodlerr on Thu Sep 3, 2009 7:40PM EDT Report Abuse

    With jray702 above That was my thoughts... when asked by anything that says do you want us to remember your pword, I just don't do it. DUH. and this assumes you scan and clear spyware on your pc for Key Loggers malware etc..right ?

  • 76 Posted by josh_rx21 on Thu Sep 3, 2009 4:41PM EDT Report Abuse

    That's the reason why I don't use IE. I prefer using FireFox than others.

  • 77 Posted by j3rk0ffbust3r on Thu Sep 3, 2009 4:26PM EDT Report Abuse

    Surprise, surprise! Micros**t strikes again. F IE, and F Windows. Time for everyone to learn Linux. If people had a clue, Micros**t would never have gotten off the ground!

  • 78 Posted by sixtiesrad on Thu Sep 3, 2009 9:25PM EDT Report Abuse

    Surprise, surprise! Micros**t strikes again. F IE, and F Windows. Time for everyone to learn Linux. If people had a clue, Micros**t would never have gotten off the ground!

  • 79 Posted by mezzo_tint on Thu Sep 3, 2009 7:17PM EDT Report Abuse

    I am a fan of FF since... especially for developers, IE always gives pain on my ass... Firefox rulz

  • 81 Posted by vinnihoo on Thu Sep 3, 2009 10:36PM EDT Report Abuse

    FYI: speaking of passwords, in firefox, go to tools options click on saved passwords click on show passwords and there are all your passwords in clear view. If you ever walk away from your pc without locking it, someone could do this to gain your saved passwords. Beware

  • 83 Posted by eronos_lookfar on Thu Sep 3, 2009 3:56PM EDT Report Abuse

    hahaha. this story makes me laugh. they are making a big deal about it as if it was only just discovered. this has been a well known fact in the IT world for many years. i feel sorry for any suckers that ignore this and keep using IE.

  • 84 Posted by tf43 on Thu Sep 3, 2009 10:02PM EDT Report Abuse

    In response to post 74 & 75... Wonder why the FDIC (Federal Deposit Insurance Corp.) allows banks to run online banking...if nothing is secure... And banks may also use wireless techno in driving those little ATM's we all love to use, they are not all "hard wired" :) You ever use an ATM by chance :) My post is not made to augue with you, or anyone else...ok! Just so one might give a little thought to it :) I personally don't care if you do or don't use it. Encryption, with different levels of encryption, and those beyond what the everyday user has, is available to those institutions. Hum...wonder why the FDIC allows online banking...gee whiz...

  • 85 Posted by cplaya280 on Thu Sep 3, 2009 3:30PM EDT Report Abuse

    After I heard this news I decided to try out Google Chrome and its by far the best browser I used. Google Chrome is so much faster then IE it's also a really simple layout and user friendly. Even if microsoft fixes the problems with IE I think i'm gonna stick with Google Chrome I recommend it

More Posts: First Prev 3 4 5 6 7 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.