Internet Explorer – what actions to take

If you’ve been seeing some of the tech news, you’ll know that a group overseas called Xfocus published some details of Internet Explorer vulnerabilties on the web right before Christmas.  And while the press can say [clearing their throats] “Microsoft hasn’t responded”, I can say that every time I sent in an email to the Secure alias [secure - at - microsoft.com] I got a response back.  They know and are “responding“ in their own quiet way when such things occur.


But in the meantime some general rules to keep safe until a patch is released:


  • Begin to push for running in lesser “rights“ on the desktop.  This isn’t easy at all, but it’s something that we all need to push our app vendors to do natively in 2005.  I don’t expect you guys to do this right away, but start thinking about preparing your end users and clients to not being able to download and install just willy-nilly.
  • Ensure that you always use up to date antivirus
  • Only surf where you know you’ll be safe [I know...this one is kinda dumb as there have been reports of “good sites“ that don't keep themselves up to date on patches getting turned into “bad sites“ - but just try to be AWARE]
  • Block all unnecessary email attachments.  Whether you use the native to SBS Exchange attachment blocker or Trend’s blocker, PICK ONE and don’t even let this stuff get in your network.
  • Consider running IE with High security turned on, and only place those web sites into “trusted“ zones that you need fully functional for business purposes.
  • While you can use alternative browsers like Firefox, Mozilla, I’d still recommend that you not “install and forget it“.  Mozilla today just released a new patch for a security issue it had.  Remember that Windows update does not patch Firefox, Mozilla, so you are on your own.  The default for Firefox is to check every 7 days [apparently as I’m guessing from the about:config that I’m looking at.  Brian Livingston has a great primer on Firefox that he had to dig up from their web site and other locations.
  • Just in general be aware.  If an email sounds too good to be true, or is trying to sound like the sky is falling, check it out on the snopes.com web site.

 


P.S.  Next time guys, send an email to the secure alias and work with them for a patch FIRST?  Don’t just disclose this stuff and then contact Microsoft?  Be part of the solution, not part of the problem.

2 Thoughts on “Internet Explorer – what actions to take

  1. Raymond Smith on December 31, 2004 at 8:31 am said:

    Susan,

    One of the greatest examples on not running in User modes is SBS, since it’s own installer sets users up as admins and then complains if you change them to users. Shouldn’t we be pushing Microsoft to cleanup their own house as well?

  2. At the time SBS 2k3 was built we didn’t have the rising tide of "user mode" like we do now. I think SBS 2k5ish 2k6ish is the better timing IMHO.

Post Navigation