Skip to comments.Stop using Microsoft's IE browser until bug is fixed, US and UK warn
Posted on 04/28/2014 6:24:40 PM PDT by markomalley
It's not often that the US or UK governments weigh in on the browser wars, but a new Internet Explorer vulnerability that affects all major versions of the browser from the past decade has forced it to raise an alarm: Stop using IE.
The zero-day exploit, the term given to a previously unknown, unpatched flaw, allows attackers to install malware on your computer without your permission. That malware could be used to steal personal data, track online behavior, or gain control of the computer. Security firm FireEye, which discovered the bug, said that the flaw is being used with a known Flash-based exploit technique to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. Those versions of the browser run on Microsoft's Windows Vista, Windows 7, and Windows 8, although the exploit is present in Internet Explorer 6 and above.
While the Computer Emergency Readiness Team in England and the US regularly issue browser advisories, this is one of the few times that the CERT team has recommended that people avoid using a specific browser.
FireEye recommends that if you can't switch browsers, then you disable Internet Explorer's Flash plug-in. You also can use IE with Microsoft's Enhanced Mitigation Experience Toolkit security app, but that will not be as secure as simply switching browsers.
Microsoft and the Department of Homeland Security did not immediately respond to requests for comment.
Statistics vary as to how many people actually use Internet Explorer. NetMarketShare puts the total around 55 percent of the desktop browser market, while competitor StatCounter says that 22.58 percent of people use IE. While the disparity is large, in either case the flaw affects a huge number of browsers being actively used.
How do you disable IE flash plug-in?
Despite not “using” ie, it sure seems like actively using it or not, everything seems to pass through it. When I do my morning clean up ie seems to have the most garbage on it.
so are we supposed to use AOL browser or Firefox?
Go to the “Tools” menu (gear icon in the upper right corner) and select “Manage Add-Ins.” Right-click on “Shockwave Flash Object” and disable it.
At least, that is how it works on my version of IE.
>>so are we supposed to use AOL browser or Firefox?<<
Mosaic on OS/2.
I’m glad I stopped using it during the last century.
I use a Mac but recently had to fire up IE in in Win 7 VM to use a Fortune 500 company’s employment website.
I’m still using the homophobe browser. :>}
Stop using Microsoft's IE browser until bug is fixed, US warns
HOWEVER, it bears repeating, so please, carry on!
Who uses that POS browser anyway?
Time would be better spent downloading Firefox or Chrome.
IE has been a leaky exploitable mess since the turn of the century. Slow as crap, too.
I’ve switched back to NetScrape ....
Tech Ping for a repeat — this is important!
FR Search has its limitations, doesn't it?
> so are we supposed to use AOL browser or Firefox?
Yikes, not AOL browser! Use Firefox or Chrome. A lot faster, more secure.
The real problem with FR search, IMO, is that it defaults to "keywords" instead of "title" string match. Keywords are a lot harder to guess.
In this case, since the titles are identical except for the additional "and UK" in the newer one, a search of title strings would have turned it right up.
Oh well, it's important stuff so repeating it doesn't hurt anybody.
So what happens when I right click on Shockwave Flash Object? What will I not be able to access on the computer? I have Windows 7 Ultimate. (this stuff is Greek to me. Sigh)
Try using the Pale Moon browser.
It works similar to Firefox.
I go hit by some type of infection due to a flash player exploit and I think it made my hard drive unbootable. I ended up putting in a new hard drive and after getting what I needed off the old one just reformatted it which seemed to kill the infection. I needed to clean up my computer anyway and everything is running much faster than it used to. I just put the reformatted hard drive into another computer after checking the drive for viruses and bad sectors (it found none). I guess it’s fixed.
If you see any messages that pop up that says you need to upgrade your flash player program DON’T do it. The hackers made it look like the link went to www.adobe.com. I think they were just able to make the browser show a false address.
I wuz keedean about Netscape.
That’s so 90’s....
People running a business communicating with other websites that, it turns out, aren't coded very well for other browsers.
We're talking major financial institutions here.
Feel better? /s
(last was sarcastic, but I'm serious about IE being the only browser that works well in the cases of which I have first-hand knowledge)
I’ve been using PaleMoon with regularity since another FReeper recommended it (among many).
Unfortunately, my experience with it is as bad as Firefox: It’s a memory hog that crashes with the same regularity as IE (I even reverted to an earlier IE, but no joy). Plugin problems with PM and FF as well.
Opera was just loaded tonight; after a couple of hours, so far I’m very impressed.
The MAIN impressive thing here: My antivirus is running a full scheduled scan in the background and the browser isn’t crashing. (I just checked my cpu performance and was surprised to see it running, as in the past I had to either stop it or stay offline until it was done).
I’ll find out in the next couple days if it works with all our vendor sites...
.02 (my experience)
Do you use Flashblock or NoScript with Firefox?
So let me get this straight. The U.S. govt. warns me not to use Internet Explorer but says it’s ok to submit ALL of my personal information using ANY browser to healthcare.gov?
I have used Firefox for a long time, rather than IE but IE was already installed when I purchased it. I only use IE to check out how my website looks for visitors with IE.
Opera doesn’t seem to support bookmarks, and I have hundreds I’d prefer not to lose. Neither Palemoon nor Firefox have ever crashed on my computer while running a full scan with Malwarebyte.
“FireEye suggests disabling the Adobe Flash plugin because the attacks wont work without it. FireEye also said running IE in enhanced protection mode, which is only available for IE versions 10 and 11, will protect users from attacks....”
I use ESET NOD32 antivirus and have no memory hogging problems on my computer.
Also haven’t had a virus infect my computer and not be found, quarantined or cleaned since around 2005.
Running Win 7 (64-bit), 6GB or RAM.
Maybe I mistyped: They don’t crash, but my system resources get so low it’s like stop-motion.
I hear ya on the Opera bookmarks (they use tiles in the ‘Speed Dial’ interface); not sure how I’m going to address that just now. I just don’t have time to do anything right now but have more than one good alternative to IE with this bug out there. I won’t use Google/Chrome and I needed something stable to get me by...Opera’s stable on my system.
I appreciate that. ESET is at the top of my short list for replacing MSSE if the time comes. If I recall what I looked up last month, ESET & Avast both benchmarked at the top of the list. I’ve had Avast, but I’ve also had it pass malware when in ‘renew mode’ but not expired (still angry about that...same thing happened with NAV almost 10 years ago).
I simply need to get my system upgraded to a quad core + (since I stopped gaming on the pc I’m lagging a bit in that department, to say nothing of disposable income the past couple years).
Last sentence in the article says 55% of desk top browsers.
Well, thatz true.
L.A. Z bass turds ....
its not a perfect world.
Been disabled on all my machines forever. Don't run IE with Flash enabled. Wait, they just said the same thing.
I'm not very tech-savvy either. However, when you right-click on "Shockwave Flash Object" and select "Disable" from the menu, I think that some animations embedded in websites won't play. Which really is not that big of a loss. You also won't be able to play some internet games.
You can go directly to the Adobe website and upgrade your flash player, instead of clicking the pop-up.
I once got a a virus that made web browsing almost impossible, among other things. My antivirus didn’t find it. I ended up having to Google fixes (fun, when the browser is taking 5 minutes to load up because of a virus). I managed to delete the virus and fix some of the registry changes it had made, but I was never able to get that computer to work right again. The virus had made it impossible to log in as an administrator on that computer.
I have three browsers on my computer at work. Not one of them works equally well for all websites. And MSIE is glitching so badly that I may have to put in a help ticket. I see the IT guys on a frequent enough basis as it is...
When I write ‘works well’, I mean it permits accomplishing the task; ‘well’ was, well, an unintentional adjective.
Frankly, I don’t know what the heck they did to 10 & 11 but they’re both so buggy I’ll be a permanent transplant if I find something else I can use personally. We also keep at least 2 browsers for that purpose. Mozilla displays frames in one that are unusable. Just yesterday I discovered the login button on one of our websites was nonfunctional under Pale Moon; oops. IE...geez...so many of our task require multiple tabs/windows on the dual screens that IE’s performance is causing a depression in my desk from lost form filling, as my forehead hits the desk every time I see the underlying tabs ‘contract’ I know I’m about to see the dreaded “Internet Explorer has stopped working”...that’s just off the top of my head with no coffee.
‘Glitching’ is putting it mildly...