[Previous entry: "more on email snooping"] [Main Index] [Next entry: "Last night's attempt at satire"]

08/03/2004 Archived Entry: "CERT says don't use Internet Explorer"

For today's dose of humor, The Register's Bastard Operator From Hell finds a politically-correct way to view Internet porn at work. This is so outlandish it just might work. And for the perfect accompaniment, one of my favorite Tom Lehrer songs, Smut!

I haven't been reporting much lately on virus attacks and new Microsoft vulnerabilities. Of course one reason is that I was so swamped in July that I didn't blog at all. But also, since we've become an all-Linux household, I've become splendidly indifferent to most such news.

Still, it seems like every week or two I hear about a new flaw in Internet Explorer or Windows XP. It's reached the point where CERT, the Computer Emergency Readiness Team, has started suggesting you use some other browser for your casual surfing.

As CERT puts it,


There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).

Well, I've been saying the same thing since I started contributing to McBlog, and our friends the Millers have been saying this to their clients for years. But it's a big step for CERT to recommand against a major vendor's products, which may suggest how big the problem really is.

CERT, by the way, is one of the best sources for computer security info. You can think of them of the computer equivalent of the Centers for Disease Control -- they exist to collect, evaulate, and disseminate information about security risks and threats. (And like the CDC, they get federal funding, alas.) Their email alerts are intended for computer professionals, but it looks like they're now generating information for the general public. You might want to read their documents

Before You Connect a New Computer to the Internet,
Home Network Security, and
Home Computer Security for starters.

brad

Powered By Greymatter