Ads by Terry The World's Shortest Excel Book Short, Effective Excel Training eBooks and Video Training, too! TerrysComputerTips.com/twseb Acronis True Image 11 Complete PC backup and restore software Create Your Own Recovery DVD TerrysComputerTips.com/TrueImage Sunbelt Personal Firewall Free Trial - Full-function 30 day Trial Award-Winning Two-Way Firewall TerrysComputerTips.com/SPF

Top Choices for April...   CounterSpy 15-day Free Trial   Sunbelt Personal Firewall $9.95   NOD32 Antivirus 25% OFF 2-Yr   NetZero Free Dialup 10hrs /month   GoToMyPC 30-day Free Trial   Hostgator 20% Off WebHosting

Browser Vulnerability, Security and Updates

Mozilla has a history of issuing patches to Firefox and its other products within days of learning of a vulnerability.  Often, the patch is issued before the public announcement of the vulnerability by the person that discovered it.

This is the way that vulnerability management should occur -- the discoverer should allow the software company a chance to patch the software before telling the public (and the bad guys) about the security hole.  This is totally different than the release in May by FrSIRT (the French Security Incident Response Team), who published exploit code while Mozilla was working with Greyhats Security Group, the discoverers, to solve the problem.

Microsoft, on the other hand, seems to let their security problems lie around and fester.  After all, Active-X is still part of Internet Explorer.

Microsoft finally put up a roadblock to Active-X "driveby downloads" in Windows XP Service Pack 2 — but they are not putting any prevention into earlier IE versions. IE for WIndows XP SP2 is the only one getting fixed!

A driveby download occurs when your brower goes to a web page that wants to download an Active-X program.  If you are not running XPSP2 and you are using I.E. as your browser, I.E. will merrily download the Active-X program and run it -- without even asking.  As of XPSP2, it asks first.

However, if you are not running Windows XP, or if you are running Windows XP and have not updated to SP2, then nothing stops the driveby download.  If you need a reason to upgrade to Windows XP, this is it.  Security is much better than Windows 98 or Windows Me.

Yes, I know Microsoft calls it an "Active-X Control" and not an Active-X Program.  Some bright spin-doctor decided to use pretty, but misleading, terminology.

A rose is a rose by any other name.  Anything that downloads and runs on your computer with the ability to write to your hard drive is a program.  Ever wonder how all those trojans, downloaders, adware and popup generators got on your system?

Try using Firefox or Opera as your web browser.  Save Internet Explorer for the things it can safely handle -- like Windows Updates, which requires Active-X.

Link to this page — just add this code to your web page!

<a href="http://www.terryscomputertips.com/computers/browser-vulnerability-security-and-updates.php">Browser Vulnerability, Security and Updates</a>

Copyright © 2005-2006 Terry A. Stockdale. All rights reserved.