Security

Thwart the Three Biggest Internet Threats of 2007

Illustration: Harry Campbell
The same Internet connection that lets you reach out and touch millions of Web servers, e-mail addresses, and other digital entities across the globe also endangers your PC and the information it contains about you. Here's how to stymie the three gravest Internet risks.

Threat #1: IE

Internet Explorer heads the list of top Internet security attack targets in the most recent joint report of the FBI and security organization SANS Institute. One reason: As the most widely used browser, IE provides the biggest payoff for malicious hackers who set out to exploit its flaws.

The biggest problem with IE is its reliance on Microsoft's ActiveX technology, which allows Web sites to run executable programs on your PC via your browser. Security patches and upgrades, including Windows XP's Service Pack 2 and the recently released IE 7, make ActiveX safer, but the inevitable flaws that allow malware to circumvent those security measures--combined with the reality that we computer users are often a credulous lot--make ActiveX a risk not worth taking. Happily, with very few exceptions (such as Microsoft's Windows Update site), you can browse the Internet effectively without ActiveX.

To disable ActiveX in IE 6 and 7, choose Tools, Internet Options, Security, Custom Level, scroll to 'Run ActiveX controls and plug-ins', and select Disable (see Figure 1

Figure 1: Deactivate ActiveX controls in Internet Explorer 6 and 7 to put drive-by browser hijacking on ice.
). Click OK, Yes, and OK to close the dialog boxes. To enable ActiveX on a known and trusted site, click Tools, Internet Options, Security, choose Trusted Sites, click Sites, enter the site address in the text box, and click Add. Uncheck Require server verification (https:) for all sites in this zone, and click Close and OK.

If you leave ActiveX enabled, you may quickly encounter malware-harboring sites and e-mail attachments that ask you to let them install their ActiveX controls on your system. Unless you're 100 percent certain that the control is safe and legitimate, don't allow it.

Regardless of which browser is set as the default on your system, always keep Windows (and IE) updated to minimize your risk. To keep Windows XP up-to-date, visit update.microsoft.com (you'll have to use Internet Explorer) and install Service Pack 2, if you haven't already. Next, choose Start, Control Panel, System, and click the Automatic Updates tab. Select Automatic (recommended) If you trust Microsoft implicitly, Download updates for me, but let me choose when to install them if you trust the company a little bit, or Notify me but don't automatically download or install them to play it safest. (Click "Don't Let a Windows Update Bring You Down " for more on Windows updates.)

Whichever option you choose, click OK to download and install the most recent security patches. If you stick with IE, upgrade to version 7, which improves ActiveX security. Still, the best way to reduce your PC's vulnerability to ActiveX exploits is to download and install another browser, and set it as your default browser. Mozilla's Firefox is the most popular IE alternative. Unfortunately, Firefox's growing popularity has enticed malware authors to exploit its own flaws. While no software is perfectly secure, many experts (including me) think the Opera browser is safer than either IE or Firefox.

Subscribe to the Security Watch Newsletter

Comments