IE 8: Its Security Is Worth the Download

Microsoft released Internet Explorer 8 in March, and whether to install it is likely your biggest up­­date decision right now.

The browser has plenty of new security features, such as expanded phishing-site blocking of known malware distributors. IE 8 also highlights the domain name in the URLs you visit, making it easier to recognize a phishing scam.

New as well are a private browsing mode (called InPrivate Browsing) and behind-the-scenes tuning to help neutralize attack code on poisoned Web sites. Read more on IE 8's enhanced security.

Of course, downloading IE 8 isn't a silver bullet, but from a security standpoint the upgrade is a no-brainer. However, the new browser may not display all sites correctly-even in its compatibility (with IE 7) mode. If IE 8 can't handle a site you need to view, you can uninstall it (via Add or Remove Programs) and revert to the earlier browser.

Firefox, Opera Fixes

Firefox 3.0.8 closes two security holes that could allow an attacker to use a poisoned Web site to take over a PC. Make sure you have the latest security plugs by clicking Help, Check for Updates, or by visiting getfirefox.com, and get more info on the flaws.

The new Opera 9.64 fixes a number of problems, including one critical hole that viewing a specially crafted JPEG image could open. Another fix closes a risk of browser plug-ins launching data-stealing cross-domain-scripting attacks. See the full list of changes. Click Help, Check for Updates to make sure you have the latest Opera version; if you don't, you must download and manually install the new version--an annoyance, but a worthwhile one.

Microsoft has fixed a similar flaw in Windows. Viewing a malicious Windows Metafile (WMF) or En­­hanced Metafile (EMF) image on a Web site or in an HTML e-mail could have let a bad guy run any command on a PC--a critical risk for Windows Vista, XP, 2000, Server 2003, and Server 2008. Get the fix via Automatic Up­­dates or download it.

Adobe, Too

Crooks have actively targeted a hole in Adobe Reader and Acrobat that victims can trigger by opening a malicious .pdf file distributed as an e-mail attachment.

Reader 9.1 and Acrobat 9.1 fix the hole; updates for the Windows, Macintosh, and Unix versions of the software are available. Adobe also released updates for those stuck with older versions of the software-Acrobat and Reader version 8.1.4 and 7.1.1 contain the fix. Click the usual Help, Check for Updates, or download from Adobe.

Foxit Reader, an alternative program for handling .pdf files, has its own vulnerabilities to malicious files. Version 3 users can pick up the patched Build 1506, and those on version 2.3 can get Build 3902, by clicking Help, Check for Updates Now, or by clicking here for the download.

Subscribe to the Security Watch Newsletter

Comments