Flaw in Microsoft Explorer Endangers Data

November 26, 2003
A newly-discovered security flaw in Microsoft's Internet Explorer 6.0 could allow malicious Web sites and viruses to take control of the user's computer, possibly gaining access to confidential data.

The discovery was made by a researcher in Copenhagen, Denmark, Liu Die Yu, who said the problem combines "multiple 'minor' vulnerabilities" and "are as simple to exploit as the three-month-old Object Data vulnerability, which was exploited by several spam mails and pornographic Web pages."

Microsoft has not yet addressed the problem.

There are two actions consumers can take immediately to protect themselves:

• Use a different browser; or
• Disable "active scripting" in Internet Explorer.

"Realistically, for the average consumer who is not very interested in computers, the safest option is to use a different browser. There is no reason for people to subject themselves to the loopholes, backdoors, oversights and other shortcomings that accompany Internet Explorer and the equally reprehensible Outlook Express," said ConsumerAffairs.com president James R. Hood.

Alternative Browsers

There are three excellent, secure, free browsers readily available, Hood said. Any of them can be downloaded and installed in minutes. They are:

• Mozilla Advertising-free, highly secure and easy to install, Mozilla includes pop-up blockers, multiple window capability and many other advanced features. A top-notch email program is included.
• Opera A very fast and economical (in terms of program size) browser with an easy-to-use email program, the free version of Opera displays a single banner ad. The paid version is ad-free and goes for $39.
• Netscape Navigator This is basically the commercial version of Mozilla (above). It's free but comes from the AOL-owned Netscape Communications Corp. and all that that entails.

Disable Active Scripting

For those unwilling to give up their Microsoft browser, it's possible to disable "active scripting" in IE 6.0 (to find out which version you have, click on "Help/About Internet Explorer"). Warning: This fixes the latest vulnerability but does nothing about the ones that haven't been found yet. Also, many Web sites won't display properly if you disable active scripting.

Here's how to make IE 6.0 a little bit safer, at least for now:

1. Open Tools/Internet Options/Security
2. Go to the "Internet" channel/Custom Level
3. Scroll down (way down) to Scripting/Active Scripting
4. Click on "Disable"
5. Click the "OK" button.

A Microsoft executive said the company is aggressively investigating the public reports."

Back to the top | News