Rory Cellan-Jones 16 Dec 08, 13:38 GMT
If the average computer user read the Microsoft security advisory about the Internet Explorer vulnerability – and you'd struggle to find it if you weren't looking – you might be none the wiser about how serious this was, or what action you should take.
A long way down comes this line: "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user." As far as I understand it, that means there is a real danger that Internet Explorer 7 users (and possibly users of other versions of IE) could be opening the door to cyber criminals to allow them to ransack the contents of your hard drive. In other words, it is a pretty serious situation.
So when I spoke to John Curran, head of Windows at Microsoft UK, I had three questions.
1. How serious is this?
Mr Curran told me that only a tiny proportion of websites were infected, but given the sheer scale of today's web, that could affect a large number of people.
So, he said, "it is certainly something people should take seriously."
2. So what should IE users do?
Microsoft is working on a patch but in the meantime Mr Curran said there were four steps to take.
– make sure anti-virus software is up to date.
– run Internet Explorer 7 or 8 in "protected mode".
– set Internet Explorer zone security setting to "High"
– Windows users should enable Automatic Updates so that they get any patch that is issued.
But of course doing all of that is not only time-consuming, it will make your web browsing experience slower and less rewarding. Which brings us to the final question.
3. Shouldn't you switch to another browser until the patch come out?
This has been the advice of a number of security firms – who of course are also touting their latest anti-virus products – but you won't be surprised to hear that Mr Curran disagrees. He told me he had recently seen a report which listed another browser as having the highest number of vulnerabilities. "it would not be advisable," he said,"to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities."
But given the choice between messing around with Internet Explorer and so enduring a second-rate browsing experience until the hole is fixed, or running Firefox, Safari or Opera, aren't quite a few people likely to switch? This could be the moment when the minnows in the browser wars finally score a significant victory.
IE security record:
One more reason to switch to Opera: