Quantcast
Bugs and Fixes
Bugs and Fixes
Contributing Editor Stuart J. Johnston advises you on how to fix the latest problems affecting your operating system, your browser, your other software, and your hardware.
Show article:

Bugs and Fixes: Microsoft: Cripple IE to Protect Your PC

The company says that you should disable one of the browser's features.

Stuart J. Johnston

  • 0 Yes
  • 0 No

With HP wireless printers, you could have printed this from any room in the house. Live wirelessly. Print wirelessly.

Illustration: Campbell Laird
Microsoft is doing something unprecedented: It wants you to break one of Internet Explorer's key features. Why? Because only by limiting the browser's functionality can you be sure of stopping a sneaky--and dangerous--new breed of Internet virus. This latest targeted attack scenario, which uses malicious code dubbed "Scob" or "downlad.ject," exploits three flaws: two in Windows and one in Internet Explorer. One of the holes involves JavaScript; targeting this flaw, the Scob code lets a hacker attach a program written in JavaScript to Web pages. If you visit an infected Web site, the program automatically executes in IE, and voila! you're infected.

Taking advantage of these multiple flaws, a group of Russian crackers recently mounted attacks on several hundred Web sites--aimed at putting lots of visitors at risk. Included on their hit list were some very reputable sites.

Some Scob virus strains installed keystroke-logging software on users' PCs--apparently to steal financial data (head to "Known Trojan Still Plagues Web Servers" for more details).

Microsoft says that your PC will be protected if you're running the beta version of Windows XP Service Pack 2. (Visit "Windows XP Service Pack 2 Release Candidate 2 Preview" for a link to the close-to-final version of SP2). The company says it is still working on a patch to deal specifically with this combination of flaws.

Microsoft also wants you to take the extreme step of disabling JavaScript. Many sites use JavaScript--to display video, say--and without this programming language, some sites, including Microsoft's own Windows Update site, won't even function properly.

If you want to go this far--and I recommend that you do--you need to adjust your IE settings. To disable JavaScript in IE, click Tools, Internet Options and choose the Security tab. Click the Internet icon, click the Default Level button, and move the slider to High. To get around any problems with sites not loading, in IE click Tools, Internet Options and choose the Security tab. Click the Trusted Sites icon and add the sites you want to access. Your machine is still protected. (For Microsoft's full list of safety measures, visit "Increase Your Browsing and E-Mail Safety".)

If all this sounds like too much hassle, you might want to consider switching to a browser like Mozilla or Opera. You can have JavaScript turned on in these browsers, yet remain safe from IE-like attacks. At least, for now.

  • Recommend this story?
  • 0 Yes
    0 No

Related Web Articles

  • CDW Virtualization Center What is Virtualization and how can it help you save money? Click here to find out.
  • Asus Laptop Showcase Ultra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more...
  • HP Ink Center Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)