Stop Using Internet Explorer!
I have written several times about the high risks of using Microsoft's Internet Explorer web browser. The security problems just keep coming and coming. If you were surfing the web last Friday night or Saturday morning and you were using Internet Explorer, there is a chance that your Windows computer became infected with an Internet "worm." This happened even if you did not directly visit an infected site.
It seems a hacker managed to load malicious code onto a web server that delivers advertising directly to users who visit other web sites. If you browsed with Internet Explorer to an infected site, the code then placed a worm inside your copy of Internet Explorer. The worm allows hackers to take control of the infected PC and steal personal data from your system.
While the site you knowingly visited may not have been infected directly, that site may have delivered advertisements to you from a third-party server. The infected server passed on the infection to your copy of Internet Explorer, even though you never saw its URL in your web browser's address bar. The recommendation is that everyone update their virus definitions from the software vendor's web site and then scan for viruses immediately. In addition, Windows XP users should install Windows XP Service Pack 2, if possible. Anyone running Windows 98, ME, or 2000 has no recourse for closing the known computer security holes; Microsoft has not issued a fix for those systems.
Before those of us with Windows XP get over-confident, we need to remember that Microsoft Service Packs are designed to fix specific, known problems. However, they do not address the underlying security weaknesses that continue to let hackers find other ways into home computers. And the primary avenue for these hackers is Microsoft Internet Explorer.
I have a better idea: dump Internet Explorer. It is weak, slow, and riddled with security problems. Every few weeks a new exploit appears that takes advantage of Internet Explorer's weaknesses. This past weekend's exploit was Internet Explorer-specific: it did not infect other web browsers.
There are better, faster, and more secure web browsers available. Some good ones are even free of charge. My favorite is Firefox, available for Windows, Macintosh, and Linux. It is fast, it is secure, and it is free of charge. It also has many more features than Internet Explorer. You can obtain Firefox at no charge at http://www.mozilla.org. Another good one for Windows is Opera, available at http://www.opera.com.
You do not need to uninstall Internet Explorer; simply stop using it. As some of you may know, downloading updates from Microsoft's web site - including Windows XP Service Pack 2 - requires Internet Explorer. This would appear to be a "Catch-22." However, if you stick to the one task of downloading needed Microsoft updates and do not leave the Microsoft web site, you should be able to complete the necessary download with minimal security risk.
For everything else, use a better tool instead. You can read my earlier review of Firefox at http://eogn.typepad.com/eastmans_online_genealogy/2004/11/a_better_web_br.html. Note that a number of readers of this newsletter posted their comments at the end of the article, describing their experiences with Firefox.
You can read more about this past weekend's problems with Internet Explorer at the highly-acclaimed Information Week magazine site at http://informationweek.securitypipeline.com/news/53701328, on eWeek's site at http://www.eweek.com/article2/0,1759,1730877,00.asp, on ZDNet's site at http://news.zdnet.com/2100-1009_22-5462862.html, on PC World's site at http://www.pcworld.com/news/article/0,aid,118687,00.asp and and probably hundreds of other sites if you look at Google at http://www.google.com/search?hl=en&q=Hacked+European+Ad+Server+Infects+IE+Users&btnG=Google+Search.
Which web browser would you prefer to use?
NOTE: This newsletter's web site at www.eogn.com does not serve ads from any third-party server and therefore would not cause the specific problem that affected other servers this past weekend.
I have been using both Firefox and Thunderbird since your earlier recommendation. I really like Firefox...no pop-ups, a little slow to load (I'm on cable), I basically see no functional difference between it and IE. However, it does not work with Mr. Sid. Has there been a "fix" for this? I know just enough about computers to be dangerous! You said in one article that there are some "conversion programs"(?) that Firefox has that makes certain other types of programs work? (See, I don't even know how to word the question!) When I look at the Mozilla site for options, I'm lost!
Thunderbird works adequately for me. I'm not quite as happy with it as with Firefox. There seem to be fewer options. And the "help" tab is anything but! It takes you to a website that doesn't really answer anything. But it's not bad enough that I'll go back to Outlook. I like the feeling of security.
Posted by: Dawn Amos | November 22, 2004 at 10:25 PM
Opera can use the MrSID viewer. I am not aware of a method of using MrSID on Firefox. Perhaps someone else can jump in here with that answer.
Posted by: Dick Eastman | November 22, 2004 at 10:41 PM
I've used Firefox for a long time now and prefer it over any other web browser. As noted in the article, you have to keep IE for MS updates, and as Dawn noted above, there isn't a Mr. Sid Plugin from Ancestry for Firefox yet.
Don't expect Ancestry to be responsive and provide a plugin. I've complained to them about census record errors for two years including a letter to the Chairman of the Board, and they still haven't fixed the census index link problem for their customers. It would be 'astounding' to have them respond to a need from customers who aren't using the most popular browser.
So, we'll probably all need to use IE for these two specific applications for a while.
Posted by: Lee Drew | November 22, 2004 at 11:12 PM
Opera can be used with MrSID, according to a message posted on this message board several months ago:
The key to making the MrSID viewer at Ancestry.com work with the Opera browser, is to set Preferences/Network to identify as Mozilla 5.0. This is described in the news.opera.com opera.general forum, under the 06/17/04 post by Barb titled "MrSID Plugin".
I am not aware of a similar solution for Firefox, however.
Posted by: Dick Eastman | November 22, 2004 at 11:45 PM
In addition to MrSID, the "Advanced" viewer at Ancestry requires ActiveX, so I haven't been able to get it to work with Firefox. I sent an email to their tech support, with the usual response.
Ancestry census is the only thing for which I use IE.
Posted by: Michael Gilbert | November 23, 2004 at 04:56 PM
You *can* get the MrSID plugin to work with Firefox 1.0. Go to the www.lizardtech.com (the manufacturer of the MrSID software -- not Ancestry!). Download the MrSID Viewer (aka LizardTech ExpressView) using the link in the lower left area of their home page. Then click the "ExpressView Browser Plugin" link.
I think the version of the MrSID Viewer plugin on Ancestry's site is an older version.
Posted by: Mark Roy | November 23, 2004 at 05:06 PM
Lest anyone be lulled into a false sense of security -- you're not invulnerable with Firefox. See http://www.mozilla.org/press/mozilla-2004-10-01-02.html.
Once Firefox's market share gets out of single digits, I suspect you'll see more attacks targeted at it.
Posted by: Mark Roy | November 23, 2004 at 05:21 PM
Mark,
I agree 100% What's the use of spending your time to write viruses, worms, hacks, etc. to attack low market share products? That's why the Mac community has dodged the bullet so far. Not because Unix is a better OS than Windows, but because there's so few of them out there that it's not worth the trouble. Windows is a much bigger bang for the buck.
Once the attacks start, Mozilla will be forced to patch and patch and patch, make the product bigger and slower and end up with something that performs like IE, but has a cooler logo.
Enjoy it while it lasts.
Posted by: Dino (All Dino, All the Time) | November 23, 2004 at 06:09 PM
Dick,
Could you give us some statistics about the worm outbreak of last weekend you referred to? I just checked the McAfee site and couldn't find anything about a huge infestation. Maybe I missed it.
Posted by: Dino (All Dino, All the Time) | November 23, 2004 at 06:13 PM
---> You *can* get the MrSID plugin to work with Firefox 1.0.
Excellent. Thanks for posting that information.
Posted by: Dick Eastman | November 23, 2004 at 07:08 PM
---> Could you give us some statistics about the worm outbreak of last weekend you referred to?
Yes. Check the links at the end of the article, they give very detailed information. They are:
the highly-acclaimed Information Week magazine site at http://informationweek.securitypipeline.com/news/53701328 , on eWeek's site at http://www.eweek.com/article2/0,1759,1730877,00.asp , on ZDNet's site at http://news.zdnet.com/2100-1009_22-5462862.html , on PC World's site at http://www.pcworld.com/news/article/0,aid,118687,00.asp and and probably hundreds of other sites if you look at Google at http://www.google.com/search?hl=en&q=Hacked+European+Ad+Server+Infects+IE+Users&btnG=Google+Search .
Posted by: Dick Eastman | November 23, 2004 at 07:10 PM
I tried Firefox and went back to IE when I discovered that copying my portfolio from Yahoo and trying to paste it into Excel garbles the data, unlike IE which accepts it and even transfers the hyperlinks effectively. I need to do this procedure daily during the week.
Posted by: deappleby | November 23, 2004 at 10:32 PM
Dick,
Thanks for the links. You might want to edit your reply to remove the terminal comma from the hyperlinks.
One of the articles said that about 2% of users who visited The Register from about midnight to 6AM EST got the worm. And it also sounds like a virus scan catches it, so anyone running an updated virus program shouldn't have got hit.
Even though this isn't a raging worm outbreak, it should serve as a reminder for everyone to run virus scanning software and keep it updated. It should also encourage people to try out Firefox and use IE only when absolutely necessary. I have a couple of tasks that I have to do in IE, because Firefox just can't do them correctly. For those tasks I use IE. all else Firefox.
Posted by: Dino (All Dino, All the Time) | November 24, 2004 at 09:31 AM
---> about 2% of users who visited The Register from about midnight to 6AM EST got the worm.
True and also thousands of people who visited other sites. It was not limited to just The Register. That is but one example. Hundreds, perhaps thousands, of web sites besides The Register use the services of this one third-party pop-up ad provider.
Posted by: Dick Eastman | November 24, 2004 at 10:54 AM
Mark Roy, thanks for the information about using MrSID with Firefox. I'll have to give it a try.
Unfortunately, the "Advanced Viewer" still doesn't work. :(
Posted by: Michael Gilbert | November 25, 2004 at 02:23 AM
FOLLOW-UP: Anyone who doubts the security problems with Internet Explorer should read an article by Benjamin Edelman. He took a brand-new installation of Windows XP and Internet Explorer, visited just one web site, one that is known to surreptiously install spyware software without permission of the user. He then recorded the results. He writes, "In the course of my testing, my test PC was brought to a virtual stand-still -- with at least 16 distinct programs installed. I was not shown licenses or other installation prompts for any of these programs, and I certainly didn't consent to their installation on my PC."
You can read Benjamin's article at: http://www.benedelman.org/news/111804-1.html
Posted by: Dick Eastman | November 26, 2004 at 12:31 PM
Yeah, well just when you think you're safe this comes along:
Java flaw could lead to Windows, Linux attacks http://news.zdnet.com/2100-1009_22-5464872.html?tag=default
I think it far more important that you run a spyware package like "Spybot - Search and Destroy". I run it along with Spyware Blaster (both free for personal and non-profit use). That along with a firewall (like Zone Alarm if you don't have a router between you and the internet) is the most important thing to have. I'd even rank an antivirus a distant 3rd, simply because it hasn't alarmed on me in ages. I don't need it as much.
Last but not least, be sure to check those ULAs when you install. I went and downloaded "free" software to help me record a cassette and found myself stung with all kinds of uninvited guests. Was it IE's fault? No, mine for running setup. It look Spybot, Ad-Aware and even "Hijack this" to get all the stuff removed. Learned my lesson.
While I tend to use FoxFire at home, I only run IE at work. Never had a problem, but then I don't usually visit the seedier places on the internet.
Posted by: Russell H | November 29, 2004 at 02:42 AM
For those of us using Netscape 7 or Mozilla as the browser of choice and who run across pages which only work in IE, there is an add-in which can be very useful:
http://extensionroom.mozdev.org/list.php/Mozilla/all#ieview
This adds an option in the right-click menu which will open IE with the current netscape or Mozilla page.
I also use it to check the way IE shows pages I develop for my web site.
There are some others there which may interest Netscape/Mozilla users as well; one I find very useful is Autoscroll:
http://extensionroom.mozdev.org/list.php/Mozilla/all#autoscroll
Dick
Posted by: Richard | November 29, 2004 at 09:14 AM
to avoid spyware and adware, you can download freeware called SpyBot and SpyBlaster. I've found both to work great, and best of all they're free. Just search for "SpyBot"
Posted by: tami | November 30, 2004 at 12:33 PM
I am a new subscriber, and have been reading your warnings about Internet Explorer. I have been running IE for a very long time. I have had one virus or worm in that time, and that was one that was specific to Windows 2000 and had nothing to do with IE. Now either I don't go to enough websites, or I keep My Norton Intenet Security updated constantly, but I think the grave warning about IE is a little over the top. I will agree that there are problems with Windows as a whole, but just think where we would be without windows? Anybody remember MS-DOS?
Posted by: David Golden | November 30, 2004 at 04:47 PM
Read a great article on Opera Vs. Firefox from Opera Watch.
http://operawatch.blogspot.com/2004/11/opera-vs-mozilla-firefox.html
Posted by: O | December 01, 2004 at 10:18 AM
Will someone ask Microsoft to please sponsor one of Dick's newsletters so we no longer have to read all of this harping about Internet Explorer. I think the topic is somewhat far distant from genealogy.
Posted by: Donald Purfeerst | December 01, 2004 at 07:59 PM