Microsoft's Internet Explorer is broken, and criminal hackers (crackers) know it. Within the last few weeks, these evildoers have staged several well-orchestrated Internet Explorer attacks designed to steal your banking and credit card information. The result has been that you can't trust Internet Explorer -- how will you know if a secure site is truly safe? Here's a look at what's wrong with Internet Explorer and what you can do to keep your data under lock and key.
At issue are not one, but several flaws within Internet Explorer, some well known and some not so well known (so-called zero day attacks). All of the serious attacks also use tiny apps called keystroke-logging Trojan horses, which capture IDs, passwords, and credit card information as you type them. And all of the attacks so far happen without users even suspecting there's anything wrong. Note: Only Windows users are at risk; Mac and Linux folks, you're safe for now.
Last week, a second attack targeted accounts with major financial institutions, such as Citibank and Deutsche Bank. Spread by pop-up advertising, which in turn loaded malicious code, this attack uses a Browser Helper Object (BHO), a type of file that developers frequently use to monitor Internet Explorer sessions. In this case, whenever a user visits a banking site, just before the encrypted secure socket layer (SSL) session starts between user and bank, the Trojan records all the POST and GET information before it is encrypted. The Trojan then starts its own encrypted session, sending your personal banking data to a remote server.
How could this happen? Blame monopolies. When Microsoft launched its browser war against Netscape a few years ago, we all lost. By encouraging Web site developers to "optimise for Internet Explorer," Microsoft killed off the competition by offering Web surfers flashing images and pretty sounds. Internet Explorer now holds a commanding 95 percent of the Internet browser market. Because of that market dominance, however, Internet Explorer engineers have been lax about browser innovations and battening down its hatches.
In the wake of these serious security events, the software giant posted instructions to secure your Internet Explorer.
Here's the best part: there's one flaw that Microsoft fixed six years ago in Internet Explorer 3.0 and 4.0 that has resurfaced in versions 5.01, 5.5, and 6.0. And there are a few new bugaboos within Internet Explorer that even the software giant in Redmond, Washington, didn't know existed, despite its own efforts, a.k.a. Microsoft's Trustworthy Computing campaign. To its credit, Microsoft has since posted a patch for one of the new Internet Explorer flaws, but it waited a week to do so, and this patch still doesn't resolve all the problems.
The crisis with Internet Explorer is so bad that the U.S. Computer Emergency Response Team (US-CERT) now recommends that you move away from Microsoft Internet Explorer. You have Netscape 7.1, Mozilla 1.7, and Opera 7.5 to choose from, however, there is much excitement surrounding Mozilla's new Firefox browser, currently in beta, if only because Firefox reunites several original Netscape developers.
Short of bailing from Internet Explorer, you can also stop remote-access Trojan horses with a good personal desktop firewall such as ZoneAlarm or those included within Norton Internet Security and McAfee Internet Security. Finally, several of the banking Trojans can be removed with apps such as Spybot Search and Destroy and Ad-aware, as well as your favourite antivirus app. If you aren't currently checking for spyware, you should be. And if you aren't running antivirus protection, well, now's a really good time, don't you think?
What do you think? Do these security problems make you rethink your use of IE? Or have you already switched? TalkBack to me below!