New critical IE vulnerabiltity
Another day, another Internet Explorer vulnerability discovered. This time it is to do with HTA files (?!). Like the previous WMF hole, it is rated critical by most AntiVirus firms, except Microsoft themselves, who is still investigating.
It does not look like the fix will be made available until the next patch cycle of 11th April. What is of interest this time is it seems companies are latching on to a new fantastic marketing opportunity, which presented itself by sheer chance when the WMF vulnerability was discovered. Ilfak Guilfanov, jumped the gun and sprinted to the 100m finishing line with a hot fix, two clear weeks before the official one was available. His website was off line for a while due to the exponential increase in the traffic.
This time round the Knights in shing armour happens to be Determina and eEye Digital Security, who specialise in Internet security and intrusion prevention. Is this a pattern of things to come ? Is a new gravy train on the roll ? we could be witnessing the spinoff of a very lucrative secondary market for companies which are knowledgeable enough to roll out unofficial fixes to critical IE vulnerabilities in the window between them becoming public knowledge and being officially patched. Fear is a wonderful commodity, uncertainty creates arbitrage opportunities, and publicity is good for business.
What choices are there for net users ? Well, if they insist on sticking to IE (although WHY is another question?), then the choices are limited. Amusingly, these patches comes with source code, as if by looking at them, an average IE user will be able to decide for him/herself if the fix will address the problem or not (hey I was kidding, I DO read the source code for fun).
Looking at the statistics of visits to my web server for the last few months, I'd say currently the balance of power is equally split between IE and Firefox, so I guess half of netizens have wised up and moved on from IE. I agree with Mr Vaughan-Nichols in the LinuxWatch article above that Firefox over IE, or Linux over Windows, will provide you only a higher degree of protection. Once the critical mass is reached, nasty people will switch their attention to even your text based Lynx browser, and nothing is unhackable. I guess the only absolute way of protecting yourself from malware is to completely disconnect from the internet, but who'd do that in the 21st century ? Even the Benedictine monks have a website these days
Updated here is the list of unofficial fixes, as I find them:
- Unofficial fix for Microsoft Word vulnerability as reported on 20th May 2006, fix posted on the same day
|Oh dear, another day, another vulnerability. Firefox rules!|
by David at 16 Dec 2008 23:16:36
|As reported by the BBC. Time to switch to Ubuntu ?|
by David at 16 Jan 2009 14:05:35