On December 11th an advisory was published that identified a problem in Internet Explorer that could allow someone to take control of a computer. It's not at all unusual for this type of advisory to be released; modern software is highly complex and holes are not uncommon. Microsoft has released a patch for the issue and has rated it critical.
Technically, Microsoft describes the vulnerability as: "[it] could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
In plain English, the vulnerability is a problem with the design of Internet Explorer. IE is used to view web pages. In the early days of the web, a web page was nothing more than a bunch of text and images laid out in a specified way in a web browser. Web designers used code to tell the browser where to put the text and images and whether or not the text should be bold, italicized, big, small, whatever.
The code that described where to put things and whether they are big, bold, whatever was referred to as Hypertext Mark-up Language or HTML. When you visit a web site, your web browser (Internet Explorer in this case - there are others, Firefox being one of the big contenders) requests a web page from the server and the server replies with a web page encoded as HTML.
The web browser, understanding this HTML intimately, takes instructions from it and lays out the web page as the HTML instructs it to. HTML is still an integral part of the World Wide Web but it has been superseded greatly by other technologies that make the web much more interesting.
In essence the web has grown from a simple way to display information to an interactive medium that can act very much like any other program on a computer - like a word processor, spreadsheet, database, the sky's the limit. Just consider web sites like facebook.com that elicit user interaction and deliver an experience rather than just information.
And facebook.com just touches the surface of what the web can do today, many businesses are moving toward having their software hosted somewhere on the Internet rather than being installed on their own computers, there are major benefits to this approach.
The web is moving that way so much in fact that Google recently released its own web browser "Chrome" that is built from the ground up to accommodate web applications.
This new generation of web browser isn't meant so much for web browsing as it is for delivering programs. Google sees it evolving into its own operating system. In other words your computer wouldn't load Windows with all of its built-in programs but would load Chrome and Chrome would connect to the Internet to deliver programs.
All this complexity leads to vulnerability however and the Internet is a much less forgiving place than it was in the days of plain Jane HTML. Those who profit from spam, adware, and other malware, have many more avenues to exploit in order to spread their malice.
In itself, the new vulnerability (Microsoft Security Advisory 961051) is not malicious but it does open a door for other malicious software. To date it has been estimated that 0.02% of PC's have been infected by some form of nastiness that found its way in as a result of this flaw. That's not a small number.
As always, the defence against this exploit is to be conscious of security and:
* Keep a firewall between you and the Internet and keep it updated
* Always run up to date antivirus and antispyware
* Always install Windows updates
* Don't visit web sites that just don't feel right or you otherwise don't trust
And the most important thing of course is to stay digitally safe and have the greatest of Holidays and the best in 2009.
Technically, Microsoft describes the vulnerability as: "[it] could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
In plain English, the vulnerability is a problem with the design of Internet Explorer. IE is used to view web pages. In the early days of the web, a web page was nothing more than a bunch of text and images laid out in a specified way in a web browser. Web designers used code to tell the browser where to put the text and images and whether or not the text should be bold, italicized, big, small, whatever.
The code that described where to put things and whether they are big, bold, whatever was referred to as Hypertext Mark-up Language or HTML. When you visit a web site, your web browser (Internet Explorer in this case - there are others, Firefox being one of the big contenders) requests a web page from the server and the server replies with a web page encoded as HTML.
The web browser, understanding this HTML intimately, takes instructions from it and lays out the web page as the HTML instructs it to. HTML is still an integral part of the World Wide Web but it has been superseded greatly by other technologies that make the web much more interesting.
In essence the web has grown from a simple way to display information to an interactive medium that can act very much like any other program on a computer - like a word processor, spreadsheet, database, the sky's the limit. Just consider web sites like facebook.com that elicit user interaction and deliver an experience rather than just information.
And facebook.com just touches the surface of what the web can do today, many businesses are moving toward having their software hosted somewhere on the Internet rather than being installed on their own computers, there are major benefits to this approach.
The web is moving that way so much in fact that Google recently released its own web browser "Chrome" that is built from the ground up to accommodate web applications.
This new generation of web browser isn't meant so much for web browsing as it is for delivering programs. Google sees it evolving into its own operating system. In other words your computer wouldn't load Windows with all of its built-in programs but would load Chrome and Chrome would connect to the Internet to deliver programs.
All this complexity leads to vulnerability however and the Internet is a much less forgiving place than it was in the days of plain Jane HTML. Those who profit from spam, adware, and other malware, have many more avenues to exploit in order to spread their malice.
In itself, the new vulnerability (Microsoft Security Advisory 961051) is not malicious but it does open a door for other malicious software. To date it has been estimated that 0.02% of PC's have been infected by some form of nastiness that found its way in as a result of this flaw. That's not a small number.
As always, the defence against this exploit is to be conscious of security and:
* Keep a firewall between you and the Internet and keep it updated
* Always run up to date antivirus and antispyware
* Always install Windows updates
* Don't visit web sites that just don't feel right or you otherwise don't trust
And the most important thing of course is to stay digitally safe and have the greatest of Holidays and the best in 2009.