Will switching from Internet Explorer make you safer?
Summary
Topics
Blogger Info
Ed Bott
Biography
Ed Bott
Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.
The panic over this month’s wave of targeted, zero-day attacks against Google, Adobe, and other companies is over. Microsoft has released a security update for Internet Explorer that patches the underlying vulnerabilities, and everyone can breathe a sigh of relief.
But what does this episode say about Internet Explorer? I’ve seen several pundits argue that Internet Explorer is inherently unsafe. I think they’re overreacting. Yes, there is a case to be made for using a different browser, especially one with a lower market share that is targeted less frequently than Internet Explorer. (And if you’re too impatient to read this entire post, then skip to the last page for that discussion.) But it’s also true that switching browsers is a small part of a comprehensive, defense-in-depth security strategy.
One thing’s for certain: Changing browsers isn’t a magic bullet, and it might not have made a difference in this case, as I explain in this post.
First things first: How do I protect myself from becoming a victim of this exploit?
Regardless of which version of Internet Explorer or Windows you’re using, you should install today’s Cumulative Security Update for Internet Explorer (described in KB978207 and Microsoft Security Bulletin MS10-002). This update should be delivered automatically via Windows Update or Windows Software Update Services.
You should also turn on Data Execution Prevention, a feature which prevents code execution from data pages in memory (technical details for the Windows XP family are here, for Windows Vista and 7 here). DEP is on by default in Internet Explorer 8. To enable DEP on Windows XP or Windows Vista with IE6 or IE7, use the Fix It tool on the MS10-002 advisory page.
So, exactly what happened in this case?
The public does not know the full details of what happened. Various reports and analysts have published conflicting reports with a lot of speculative analysis. A January 12 report by Verisign’s iDefense security outfit blamed the attacks on an Adobe PDF vulnerability. That report was retracted two days later, although many news stories based on that inaccurate report have not been corrected.
Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications.
Disclosure
Ed Bott
Ed Bott is a freelance technical journalist and book author. All work that Ed does is on a contractual basis.
Since 1994, Ed has written more than 25 books about Microsoft Windows and Office. Along with various co-authors, Ed is completely responsible for the content of the books he writes. As a key part of his contractual relationship with publishers, he gives them permission to print and distribute the content he writes and to pay him a royalty based on the actual sales of those books. Ed's books are currently distributed by Que Publishing (a division of Pearson Education) and by Microsoft Press.
On occasion, Ed accepts consulting assignments. In recent years, he has worked as an expert witness in cases where his experience and knowledge of Microsoft and Microsoft Windows have been useful. In each such case, his compensation is on an hourly basis, and he is hired as a witness, not an advocate.
Ed does not own stock or have any other financial interest in Microsoft or any other software company. He owns 500 shares of stock in EMC Corporation, which was purchased before the company's acquisition of VMWare. In addition, he owns 350 shares of stock in Intel Corporation, purchased more than two years ago. All stocks are held in retirement accounts for long-term growth.
Ed does not accept gifts from companies he covers. All hardware products he writes about are purchased with his own funds or are review units covered under formal loan agreements and are returned after the review is complete.
Biography
Ed Bott
Ed Bott is an award-winning technology writer with more than two decades' experience writing for mainstream media outlets and online publications. He's served as editor of the U.S. edition of PC Computing and managing editor of PC World; both publications had monthly paid circulation in excess of 1 million during his tenure. He is the author of more than 25 books on Microsoft Windows and Office, including the recently released Windows 7 Inside Out.
More from “Ed Bott's Microsoft Report”
Related Discussions on TechRepublic
Did you know you can take part in these discussions with your ZDNet membership?Talkback Most Recent of 363 Talkback(s)
-
The Apple and the Worm
MACs are immune to viruses, not to worms. You can still launch a program if the program is written poorly, but once you reboot it is clean.tburzio01/22/2010 04:08 AM -
ZDNet Moderator
That's nonsense
Do you really believe that? The system magically is aware that a particular program has bad intent and automatically removes it on demand?
Sheesh, that's some strong Kool-aid you got there.Ed Bott01/22/2010 04:19 AM -
Seriously ed...
That was one of the more obvious trolls I've read in the past few months. Having a bad day?Spiritusindomit@...01/22/2010 08:26 AM -
Wolfie2K301/22/2010 12:19 PM
-
Two claims, both wrong
1) Macs are *not* immune to viruses. Even though Apple has tried to protect the kernel from being changed, there are always vulnerabilities and ways around that. And OS X has had plenty!
2) Reboot does not clean out a Mac. Geez, where did you get that idea?honeymonster01/22/2010 04:20 AM -
Ed has been in damage control mode ...
... all week.
PS. The damage has already been done.
^o^
n0neXn0ne(Edited: 01/22/2010 05:15 AM) -
ZDNet Moderator
You didn't even read this post, did you?
If you had, you wouldn't call it "damage control."
Read page 5 and let's talk.Ed Bott(Edited: 01/22/2010 06:59 AM) -
skimming the first page was enough
the rhetorical title-question is best answered
with another zdnet title:
Microsoft knew of IE zero-day flaw since last
September
so yes, switching from Microsoft software after
Microsoft sat on this flaw for almost 4 months
would almost certainly make you safer.gfryesc@...01/22/2010 05:21 AM -
ZDNet Moderator
OK, fine
You want to make accusations without even reading what I wrote. PS: I highlighted that same article in my post here.
Welcome to the kill-file.Ed Bott01/22/2010 05:26 AM -
In all due fairness to Ed...
and believe me, I'm no fanboy of his. He did say this...
In my opinion, if you don?t have overriding compatibility or support issues, there are several good reasons to prefer alternative browsers such as Firefox or Google Chrome to any version of Internet Explorer. For starters, both Mozilla and Google have generally been faster at releasing updates to security issues than Microsoft. If it?s true that Microsoft knew about this issue for more than four months before delivering a fix, that?s a big argument against trusting IE.Wintel BSOD01/22/2010 03:06 PM
Talkback - Tell Us What You Think
Get it the way you want it
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Blog Roll
- All About Microsoft
- The Apple Core
- Between the Lines
- BriefingsDirect
- Collaboration 2.0
- Dev Connection
- A Developer's View
- Digital Cameras & Camcorders
- Ed Bott's Microsoft Report
- Emerging Tech
- Enterprise Web 2.0
- Five Nines: The Next Gen Datacenter
- Forrester Research
- Googling Google
- GreenTech Pastures
- Hardware 2.0
- Home Theater
- iGeneration
- Irregular Enterprise
- IT Project Failures
- Laptops & Desktops
- Lawgarithms
- Linux and Open Source
- Managing L'unix
- The Mobile Gadgeteer
- On Sustainability
- The Semantic Web
- Service Oriented
- Smartphones and Cell Phones
- Social Business
- Social CRM: The Conversation
- Software & Services Safari
- Software as Services
- Storage Bits
- Team Think
- Tech Broiler
- Tom Foremski: IMHO
- The ToyBox
- Virtually Speaking
- The Web Life
- ZDNet Education
- ZDNet Government
- ZDNet Healthcare
- Zero Day
Blog Archive
White Papers, Webcasts, & Resources
- Why Hyper V? Dell Part of the "Masters of Virtualization" Series from IDG, Dell and ... Download Now
- Data Center of the Future: Bitlocker Dell Hear about BitLocker?, and important component in WS08 that adds whole ... Download Now
- Image-Based Installation for Microsoft Windows Server 2008 Dell The image-based installation and systems management support in the ... Download Now