Over this past weekend Microsoft has admitted a rather large bug in Internet Explorer that could potentially allow hackers to sneak malware onto your system. The problem is that hackers are able to do this without having you download a suspicious looking file. All you have to do is visit a website set up by one of these crooks and they can gain access to your computer through Internet Explorer.
While this issue will be solved in the next internet explorer patch (scheduled for May 13th I may add) it will not be solved for XP users. XP is no longer supported by Microsoft, and as a result XP users will not be receiving the patch to fix this bug. As approximately 27% of all desktops still use XP quite a few people will not be receiving the patch.
So what can be done about this? Thankfully there are a number of solutions you can easily employ to protect your computer.
- Use a different browser – It’s that simple. The bug is with Internet Explorer, so stop using Internet Explorer. There are many good alternatives, such as Google Chrome and Mozilla Firefox that allow you to browse the web without being worried about a hacker sneaking malware onto your system. This would work perfectly, if it were not for the fact that Internet Explorer is tied into most of Microsoft’s other products such as Outlook. The only way around this is to copy links and paste them into Chrome or Firefox as opposed to simply clicking the links. This is easy to do for users on newer operating systems, but XP users may need a more permanent solution.
- Disable Internet Explorers Flash Plug-in – The exploit currently involves using a Flash exploitation technique that loads a SWF file to corrupt process memory and direct the program’s flow to a memory location where malicious code is laid out. By disabling flash you would make the hackers unable to use this form of the exploit, which is currently the most popular. There are two downsides to this solution, the first being that the exploit does not rely on Flash to work; Flash simply makes it faster and easier for the exploit to be abused. The second being that Flash would be disabled making you unable to use any online applications that require Flash.
- Turn off/Set to Prompt Active Scripting – This will allow the user to allow or disallow flash and ActiveX applications. To do this you need to go into Tools-Internet options-Security-Custom level-Settings for Scripting- Active Scripting. From there you can adjust active scripting, setting it to disabled which will disallow all active scripting, or prompt which will cause IE to prompt you every time active scripting will be used.
- Install Enhanced Mitigation Experience Toolkit (EMET) – This is software that will handle the exploit entirely and is recommended by Microsoft. It requires some technical knowledge to set up however as it must be configured to internet explorer.
- Disable VGX.dll – If you are comfortable with a command line you can enter the following lines into the command prompt.
This will unregister VGX.dll which can always be enabled at a later date. This was also a recommended solution suggested by Microsoft.
So yes Internet Explorer has a security issue currently, but you can protect yourself quite easily until the next patch is released. XP users who won’t receive the patch will be in a bit of a bind however, and there is only one long term permanent solution. Get rid of XP, upgrade, buy new computers and continue to receive security updates from Microsoft.
Change is difficult, but it is time.