Print 65 comment(s) - last by MrPoletski.. on Dec 23 at 9:12 AM

A new security flaw discovered in Microsoft's Internet Explorer has the company and its customers losing much sleep

News broke in the security world earlier this week that a critical vulnerability had been found in Microsoft's Internet Explorer 7.  The vulnerability could be used to take over computers and is known to be currently being used to steal passwords.

Rick Ferguson, a senior security adviser at security firm Trend Micro says thus far the hole has only been exploited to steal online game passwords, but the attacks could become much more serious for unpatched users.  He states, "It is inevitable that it will be adapted by criminals. It's just a question of modifying the payload the trojan installs."

The seriousness of the flaw was evidenced by Microsoft's rather public announcement of the vulnerability and panicked rush to develop a patch.  So-called "out-of-band" announcements from Microsoft are rare. 

In this case it made such an announcement, stating in a press release, "Microsoft teams worldwide have been working around the clock to develop a security update to help protect our customers.  Until the update is available, Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available."

Microsoft has announced that it will have a patch for the vulnerability by 1800 GMT on 17 December, available via Windows Update.

Some experts have suggested that corporate and private users switch browsers, to an alternative such as Firefox, Opera, or Chrome until the security flaw is patched on affected systems.  Only Microsoft Internet Explorer 7 is vulnerable to this latest attack.

However, some security experts are cautioning that a switch may be equally problematic.  Says Graham Cluley, senior consultant with security firm Sophos, "Firefox has issued patches and Apple has too. Whichever browser you are using you have to keep it up to date.  People have to be prepared and willing to install security updates. That nagging screen asking if you want to update should not be ignored."

The report ironically follows fast on a report that Firefox is a dangerously vulnerable application for businesses.  Apple's Safari has also been blasted within the last year for poor security and patching

Even the security of major open source software, not a popular target for hackers who heavily use such software, was recently brought into question when a major encryption scheme was found to be broken.  All of these instances illustrating the growing challenge of computer security, the difficulty with being a market leader (and thus a mark), and need for diligence when it comes to patches and updates.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Apple....a virus!?!...Holy hole in a donut Batman!
By Dreifort on 12/17/2008 2:03:41 PM , Rating: 2
The report ironically follows fast on a report that Firefox is a dangerously vulnerable application for businesses. Apple's Safari has also been blasted within the last year for poor security and patching.

But according to the guy in the Apple store (who had his collar flipped up and wearing bright white sneakers and asking everyone if they have seen the tennis courts) said that Mac's can't get a virus! WTH? He was preaching something about lack of a kernel in Mac OS and therefore it can't be attacked.

Working for an Apple competitor it is fun to watch customers talk to Apple reps, then speak to me. They actually argue with me if they are now Apple experts since speaking to an "authorized" Apple rep... anyway, they argue with me that Apple's can't get a virus.

I ask them when was the last time someone attacked Canada. Just because Canada doesn't get attacked doesn't mean they are impervious to it. See...people have things to gain by attacking the USA. But not Canada.

By kelmon on 12/18/2008 10:30:54 AM , Rating: 2
Oh, for crying out loud, not this old chestnut again? How do you know that the Mac can catch a virus? So far we've seen nothing that isn't anything beyond the Amish Virus that requires the user to effectively delete their own hard drive (i.e. trojans). Sure, it's possible to write an application that destroys the data on a hard drive (heck, pretty much anyone can write one) but so far they all require the user to do something in order for something bad to happen.

As and when a virus appears for the Mac OS, then I'll concede that it is possible. Until then this is just theory and those people who want to maintain a virus-free computer would do better with a Mac (or Linux, for that matter) for the simple reason that there aren't any today. Perhaps tomorrow there will be gazillions of viruses for the Mac but right now there aren't any. You can't catch a bug that doesn't exist...

The problem with both the Apple and PC brigade is that each wants to skew the truth to the benefit of their own platform because they think the sky will fall in if people don't all use their platform. It's really rather sad.

"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki