Microsoft is encouraging users of their Internet Explorer web browser to switch to one of their rivals today as a new vulnerability has been found in the program. The flaw allows for hackers to take over a computer that has visited an infected site regardless of whether or not they’ve downloaded an executable file. Reportedly, the hacking community is mainly using this IE flaw to steal computer game security keys but it has potential to be more dangerous than that. According to Trend Micro, a popular Anti Virus company, around 10,000 sites have already been infected.
Switching to one of the rival browsers temporarily is the best thing to do at this time. Eventually Microsoft will fix the problem via a Windows Update but they’ve yet to schedule one. Also, as I often encourage you to do in my classes, make sure you primarily use your computer as a limited user. A virus or exploit acquired as a limited user can do less damage than one picked up while logged in as an administrator.
To verify if you’re an administrator in Windows XP/Vista, do the following:
1. Click Start, then Control Panel.
2. From the next screen select User Account.
3. If you’re in Windows XP, the next screen that displays will have each account currently registered on the computer at the bottom. Each account will have Limited User or Computer Administrator underneath it. In Vista, the screen will only display the account you’re logged in as.
To create a new user account, do the following:
Windows Vista
1. From the User Accounts screen, click Manage Another Account.
2. Select Create a New Account at the next screen.
3. The following screen will allow you to select the account type. You’ll want Standard User.
Windows XP
1. From the User Accounts screen, select Create a New Account.
2. After that, you’ll be prompted to enter a name for the account.
3. The third screen will ask what type of account you wish to create. Select Limited User.
It looks as though there is no way to completely guarantee your safety from this new exploit aside from switching browsers. Running as a limited user is suggested by most tech industry professionals, though. I typically suggest that users keep two accounts – one administrator and one limited user – and run mostly as a limited user. When something needs to be installed, simply switch to the admin and do what needs to be done.
I also wish to stress applying the latest patches and updates from Microsoft. As annoying as Windows Update can be, in cases such as this one they help immensely.
No Comments Yet