Tuesday, April 29, 2014

Stop using Internet Explorer. Now.

Hot on the heels of Heartbleed, the web-based vulnerability that generated global headlines and worry earlier this month, we now have our next big technological weakness. This time it's Internet Explorer, the browser that ships with every version of Windows.

Researchers have revealed that IE versions 9, 10 and 11 - which currently runs on 26% of all the PCs in the world - suffers from something called a Zero Day vulnerability. This makes it easy for hackers to launch socially engineered attacks that trick users into visiting fake websites that subsequently infect their machines. Older versions of IE, dating back to version 6, are also at risk.

Following the end-of-support for Windows XP, this is the first major incident where a known weakness in XP (IE ships with all versions of Windows, and is the default browser) will not be patched or fixed by Microsoft. And just like with Heartbleed, we CAN protect ourselves. Here's how:
  • Stop using Internet Explorer. Immediately. Any version of Windows and any version of IE: just stop using the browser.
  • Switch immediately to an alternate browser like Google Chrome or Mozilla Firefox (both are free downloads and can be installed in well under 5 minutes.)
  • As soon as Microsoft has a fix available for your computer (no ETA yet, but I'm seeing reports that indicate we might have to wait until May 13), download and apply it if you're running Windows Vista, 7 or 8.
  • Download and install Microsoft's Enhanced Mitigation Experience Toolkit 4.1. It isn't the ultimate fix, but it's better than nothing.
  • If you're running XP, download and use an alternative browser, and do NOT use IE again. Ever.
  • In all cases, make sure you're using security software on your computer, and that it is regularly updated.
If you needed another excuse to get off of XP, this is it. And if your version of Windows is newer, it's just as well to start using Chrome and/or Firefox exclusively.

Fun stuff, isn't it?

Related media:
  • Spoke live with CTV News Channel's Jacqueline Milczarek. Video here.
  • Was interviewed for Bryan Bicknell's report on the CTV London 6pm newscast. Video here.
  • Chatted with Mike Stubbs on 1290 CJBK London as part of our weekly tech rundown.
  • Spoke with Charles Adler on 680 CJOB Winnipeg.
  • Talked with Angela Kokott of NewsTalk770 Calgary for our weekly Tech Tuesday segment.


Kalei's Best Friend said...

Right now Chrome has their own issues.. I still can't use the pull down tab for comments on Blogger via Chrome.. nor can Chrome download Hotmail... Rarely do I use IE, in fact in the past it caused more issues than ever..

BreadBox said...

The instructions said "use windows 7 or better", so I did. I installed linux.

Tabor said...

You might find it interesting to learn that the U.S. Dept. of Homeland Security offers only IE to its employees as of today!

ifthethunderdontgetya™³²®© said...

I don't use I.E., for a long time.

Not real excited about switching from XP, though.