If You Use Microsoft Windows and Internet Explorer,
Please Read This Page
Updated March 5, 2009, Douglas J. Eadline.
This work is licensed under a Creative Commons License.
PLEASE NOTE: This page recommends using tools and programs for which I have no control. These programs have worked for me. If using the programs causes problems for you, please do not ask me to fix them. If you are truly concerned about the issues I describe below and do not want to try and fix things on your own, then consult a professional.
Read This First
The Malware problem continues to grow. Clicking on the wrong website
can allow the bad guys to "own" your system. By "own", I mean they have complete control of your system from which they
can launch SPAM email campaigns, monitor your keystrokes (looking for passwords), watch where you go on the web and
place pop-ups on your computer. And, you may never know all this happening in your computer.
The possibilities and problems are endless. These types of attacks are not limited to
teenage pranksters, this is a serious worldwide organized crime and you are the target. Yes you.
The most vulnerable are those that have all or some of the following:
- Use Microsoft Windows
- Use Internet Explorer
- Have not installed all the current Microsoft Security Patches
- Have a high-speed (broad band) connection to the Internet
- Have a "naked" Internet connect (a PC directly connected to a cable of DSL router)
- Have visited questionable websites (i.e. gambling, porn, etc.)
- Have recently place an unsolicited CD or floppy in your computer.
If any of the above apply to your computer, please read the rest of this page. It is long, but an ounce of prevention
will be well worth the mountain of pain a successful hack can cause on your financial well being.
So What Is The Big Problem?
Many versions of Microsoft Internet Explorer (IE) are insecure (The thing that shows you the Internet). It can be used by someone on a
remote computer to take over your computer and download viruses, load
programs that monitor your keystrokes to get passwords and credit card numbers, or turn you computer into a remote spam mailing machine. Despite efforts by Microsoft, IE is still a huge security risk.
Also, connecting a Windows machine directly to the Internet is dangerous. See
below for free virus, SpyWare, and firewall software. It now take less than
20 minutes for a naked Windows PC to get infected with some kind of crud from
the Internet.
Is This A Real Problem?
Yes. Please read this article and/or this
article (registration required).
This problem is serious. There are many other articles about Internet Explorer security, but this recent one is the most serious.
Update: Jan 25-2006 There is an yet another extremely dangerous Windows flaw that allows easy access to
your system. Check out this announcement
from Microsoft. (Remember you paid money for this product).
Last year there was an other extremely dangerous
flaw
in Microsoft IE. This flaw exists even with the new SP2 updates installed.
You can go to this Site
for more information. They even have a test to see if you are vulnerable.
Take a look at: Browse Happy
You may also want to look at how long it takes for your system to become a spam sending machine for the jerks that clog your machine and the Internet with spam.
What About Vista?
In most cases it will not work with your existing hardware and it does not offer
any additional features that will make you life easier. From the feedback I have read
it may even make you life harder. Funny, to get the "new/better/latest" Microsoft
software, you need to buy a new computer. Kind of like having to buy a new car to get
a better radio. Getting tired of the hustle and headaches, check out Macintosh or Linux (more below).
Are There Any Other Pressing Concerns?
Yes. There is a particularly nasty exploit that has not caused any problems, but has the potential to infect many system. Unless, fixed Microsoft systems have a
vulnerability that will allow viruses and other malignant software to enter your
system when you look at a web-page with a picture in it. That is right.
By just browsing the web, you can get infected. Microsoft is aware of this
and has, in traditional Microsoft fashion, put out a tool that "kind-of" works.
You should read this advisory from Microsoft, then read
this page. You should download and install all Microsoft Updates, THEN Download
this tool and scan your system as you may remaining vulnerabilities. You may need to contact the vendors of the software that have included the software that has the problem. The exploit is often called the GDIPLUS.DLL vulnerability. Good luck, this one is not easy as easy to clean up. Also remember Google is your friend. Ask questions and dig for answers.
What Should I Do?
If you think your system is completely "hosed" (slow and infected) and full of "gunk" (malware) it may
be best to start over and reinstall Windows. At the same time install and use the free software
described below to fortify your system. A few thoughts may be helpful, however.
- If you use your computer to browse the web and do office work (word processing, spread sheets, etc.) consider
using Linux. A free and particularly friendly version is called Ubuntu. Ubuntu
includes a more secure web browser (Firefox) and a complete office suite (OpenOffice). OpenOffice is almost 100%
compatible with Microsoft office.
- If you want to reinstall Windows, then consider a small firewall/router to put between your computer and the
Internet.
Although it does cost some money (usually less than $80), it will allow you to re-install Windows safely. If you do a Windows reinstall
from your original CDs, the first thing you will need to do is update all the Microsoft security patches. (The number of files is about the size of a typical CD so the update process will take a while). While you are doing this, you computer is vulnerable to attacks from the Internet.
If your PC is "naked" (just connected to the cable or DSL modem) chances are you will get attacked during
the security upgrades! With a cheap firewall/router placed between your computer(s) and Cable or DSL modem such attacks can be prevented.
Plus it will offer a continued first level (but not complete) of protection once your system is up and running.
What Can I Use Instead of IE?
There are two options:
- Use Internet Explorer only when you have to and wait until
Microsoft releases a security update. I understand a patch is available, but I am not sure it has solved the entire problem. This approach is somewhat dangerous
and Microsoft is not known for producing security patches in a timely fashion.
- You can use another browser. There are other free browsers available
for Windows:
These browsers are not vulnerable to the security holes that are present in
Internet Explorer. In addition, they have better security options like "pop-up blocking".
What About Viruses, Worms, and SpyWare?
There are FREE TOOLS that can help with your system. Even if a pop-up tells you otherwise, you do not have to buy anything. After using the free tools, if you like one or some of them, I recommend buying the full versions as they are not that expensive. You may not need to buy them all as they have overlapping functionality.
Anti-Virus
In all cases get yourself a copy of AntiVir and run it on your PC. It is totally free and it will help clean up any nasties on your PC.
SpyWare
Spyware is a program lives on you computer and monitors what you are doing. It may do nothing at all, it may redirect your browser to a website you had not intended, it may cause pop-ups to appear, it may monitor your keystrokes
and report accounts and passwords back to its writer, it may change your dial-up
phone number so you get large long distance phone bills.
Download SpyBot Search and Destroy to clean your computer. These types of programs get on your system when you download "free" programs or through "holes" in the Windows operating system. Run this every couple of weeks.
In addition to SpyBot, you should also run Ad-Aware from LavaSoft
In addition to the above two applications, you should run SUPERAntiSpyware. Yes this is a lot of scanning. Send Microsoft the thank-you card.
Firewall
Update 03-30-2008: I found this story
about Zone Alarm recently. A follow-up story is here. It does not seem to be an issue with newer version.
Stay tuned.
A firewall will help you control what programs and people get IN and OUT
of your computer. You can get a free firewall called ZoneAlarm for your computer from
Zone Labs (Note: Download the "Basic Firewall Only" DO NOT SIGN UP FOR THE TRAILPAY). ZoneAlarm requires you to answer some questions that you may not understand. There is a tutorial and good explanations. Basically any time something tries to enter your PC over the network, ZoneAlam will alert you. If a program on your PC
tries to send data out (like an email) ZoneAlarm will also alert you. You can tell ZoneAlam what programs are allowed to send and receive data. If you ever have a question about a program identified by ZoneAlam, enter the program name into Google and see what it says about it. If it is part of Windows or some software you know you are using (like a web browser), then let it pass. If the program is
SpyWare or a virus, then do not let it pass.
Make sure you also get the latest security fixes from Microsoft. There is a
a "Windows Update" function in the "Start" menu. Newer versions Windows also have a firewall, but ZoneAlarm is said to work better.
Crapware and Startup Cluster
New PCs normally are loaded with extra software as trial subscriptions (or cut down versions). PC manufactures
receive a payment for this software and thus are able to reduce the cost of the PC. Almost all of these
programs are annoying and are only there to get you to buy somethings. You may go to the control panel
and remove many of these with little of no consequence.
Many of the security tools are subscription based. So that means, after a few months they stop working and to continue the protection you need to pay -- I call this a
"Protection Racket" because it is similar those actions for which we put people in jail. You can remove these
and replace them with the packages referenced on this page.
Another annoying thing is all those programs that you do not use that pop-up at start-up or appear in the
system tray along the left bottom. You can down load a program called Startup Control Panel that allows you to control what starts up when you log-in or start-up your computer. The tool will appear in the control panel and not in the programs menu.
Acrobat Reader
Newer versions of Adobe Acrobat Reader (the tool that lets you read PDF files) have the capability to run
programs that are placed inside a PDF file. A bad guy can now craft a document that contains a program
that can infect your computer. The simple solution is to open the Options or Settings menu in Acrobat Reader and
turn off Java Script. I highly recommend this as it is like leaving your car keys on the windshield wipers.
Why Does My Computer Have All These Problems?
Chances are you run some version of Microsoft (MS) Windows. There are two main reasons
why MS Windows has problems.
- MS software is poorly implemented and designed. The growth of the Internet
has amplified these problems to where it has become a real threat to your own privacy and security. Because of poor design, MS Windows is very easy to exploit once you gain access. For instance, if MS Windows were a house, someone breaking in through a window (no pun intended)
would have the full run of the house, they could be malicious and turn the power/water/gas off or they could steal all your valuables or use you phone to make
long distance calls. The same is true when someone breaks into your Windows computer. They can delete files, access passwords and credit card information on your system, and just like our house analogy, they can use your phone. Another thing they can do is use you computer to send spam email to people -- you will never know this is happening until your ISP tells you the you have an abnormal amount of mail coming from your computer.
Other operating systems, like UNIX (which is used in the new MacIntosh's), and Linux (which is mostly what I use) are designed with better security. Using the house analogy, in UNIX/LINUX, all the rooms have locked doors. This way if someone gets in a window, they will not have the run of the house. The damage they can do is limited to one room. They can turn the lights off in one room but not the whole house. Therefore, it is a lot harder to do bad things in a UNIX/Linux machine/house than in a Microsoft/house. Microsoft computers are easy pickings for the bad guys.
- The second reason, is that Microsoft is a convicted monopoly. (Convicted means they were found guilty of using their market dominance to put competitors out of business.) Because they have no competition, and because the US Government,
gave them a "wrist slap" for all their illegal activities, they also have no incentive to improve their products.
Improvements also include security fixes and updates. Of course, Microsoft does provide security fixes,
but it is at their leisure (Half baked fixes for the Internet Explorer problem took at least 6 months to come form Microsoft -- in the Linux world fixes are available in a matter of days.)
If your a Microsoft computer were a car, your experience would look like the following. A drive to the grocery store would result in a bunch of pushy salesman getting in the backseat of your car because you have no locks on the door (pop-up adds).
On the way home, the car would stop working (system crashes). You have to get out, open the hood and hand crank the engine (reboot). After getting home, you kick the salesmen out, but some of them leave
hidden tape recorders in convenient compartments in the dashboard so they can hear what you and your family are talking about (SpyWare). Then you find out that because your trunk lock does not work, a criminal is in your trunk selling drugs to
the neighbors while you are sleeping (viruses, spam agents, etc). When you take the car back to the car dealer and demand the they fix these problems (no locks, compartments for tape recorders, constant engine stalling, easy access to the trunk) they say, "that's too bad, but you know we have a new model coming
out that you need to buy (upgrade) which should fix all this,
but in the mean time here are some things you can buy to fix the problems we should have fixed in the first place. Besides, where you going to go, we make all the cars." That, in my opinion, is the Microsoft Corporation.
Perhaps the biggest difficulty with "The Microsoft Software Experience"
is that computer users believe that all these problems are normal. They are not.
If you car behaved like your computer, you would be back at the dealer demanding a refund.
Why Are You Doing This?
Let's just say that I like to help friends because a convicted monopolist with over 70 billion dollars in the bank will not. I do not sell home computers or software, so I have no profit motive from posting this page. And, by the way, I use
Linux.
Version 030509-dje