Thursday, December 23, 2010

My Christmas Wish

I wrote this email to my (non-technical) family with the subject, "My Christmas Wish."

Folks,

In light of the most recent "Zero Day" security vulnerability in Internet Explorer, I am writing this to ask all of you who still use it to consider switching browsers. IE is by far the most ubiquitous source of junk on Windows computers outside of unsafe downloads. Other browsers do much more to protect you.

So-called "Zero Day" exploits occur on a regular basis and leave you vulnerable to attack for weeks at a time. For example, the Chinese attacks on Google relied on vulnerabilities in Internet Explorer to steal users' account information. Google now has a policy tightly restricting the use of Windows and IE to only employees who need it for testing purposes.

You don't have to do much to pick up malware via websites. There are myriad ways for attackers to deliver malicious code that you will never see, and often your virus scanners cannot detect either.

http://isc.sans.edu/diary.html?storyid=10132
http://www.microsoft.com/technet/security/advisory/2488013.mspx

It's incredibly easy to avoid the whole mess. Install another, faster and more secure browser. Delete the IE icon from your desktop and quickstart bars, especially if others use your computer. Set the other browser of your choice as the default. Here's a list of modern, secure browsers, in my personal order of preference.

http://www.google.com/chrome
http://www.mozilla.com/en-US/firefox/
http://www.opera.com/
http://www.apple.com/safari/

If you can't see yourself using another browser, at least use Chrome for your sensitive data and IE for everything else. That way at least your bank accounts and health records will be slightly harder for attackers to steal.

Lastly, if you haven't done it in a while, check for updates on the other programs you use regularly, especially instant messaging like Skype, AOL, MSN, and Yahoo!. Many programs have an automatic update feature under the "Help" menu that will automatically do all the dirty work.

-Al

No comments: