Disturbing but not surprising news about Internet Explorer.

Bad things keep happening to Internet Explorer.  Why that’s a big deal and what you can do to avoid it.

Internet ExplorerWhat is Internet Explorer?  Internet Explorer or, ‘the big blue e’ is an Internet web browser.  An easy way to think of it would be to liken the Internet to an object in a square room with four windows.  One ‘window’ would be Internet Explorer, one ‘window’ would be Google Chrome, one ‘windows’ would be Mozilla Firefox and one ‘window’ would be Apple Safari.  There are other web browsers, but those seem to be the ‘big ones’ at the moment.  The important thing to note here is that, when you view the object inside the room through the window that is Internet Explorer, you’re viewing the exact same object that you view through Google Chrome, Mozilla Firefox or Apple Safari.  Some web developers have written in special add-ons to their websites that may require a specific browser (window) but, ideally, all of the browsers do the same things.

Why is Internet Explorer any different from any other web browser?  Internet Explorer is a web browser that let’s you ‘see’ the Internet, just like Google Chrome, Mozilla Firefox, Apple Safari, etc., but it’s different because it’s part of the Microsoft Windows Operating System.  From a developer’s standpoint, this is nice because they [developers] can do things with Windows from Internet Explorer that are either significantly harder or just not possible with other browsers.  From an attacker’s standpoint though, this is also nice for the same reasons, they [attackers] too can do things from Internet Explorer that are either significantly harder or just not possible with other browsers.  An attacker typically wants to gain access to your computer so that they can attack other computers, install viruses, send spam, store files (stolen credit card numbers, pornography, pirated music or movies, etc.) that they don’t want to store on their own computer.  To do this, they need to gain access.  With Internet Explorer, since it’s part of Windows, an attacker can often compromise Internet Explorer by getting you to you visit an infected website, view an infected ad, open an infected email, watch an infected video, etc., and break into Internet Explorer as a result.  What’s more though, this often also gives them access to the underlying Windows Operating System as well.  In other browsers (Google Chrome, Mozilla Firefox, Apple Safari, etc.), this one step process is typically at least two steps (break the browser and then break Windows).

Ok, so what’s the big deal?  Attackers (the bad guys) know that most people use Windows computers.  They also know that all Windows computers, by default, have Internet Explorer installed.  They also know that many people, by default, just use Internet Explorer either because it’s already there and they don’t have to install anything new, they don’t know that there are options (Google Chrome, Mozilla Firefox, Apple Safari, etc.) or they have to access a website (their bank or other financial institution, a real-estate website, their office extranet, etc.) that requires Internet Explorer (because the developers can ‘do things’ with Internet Explorer that is either harder or not possible, likely for good reason, in other web browsers).  There are a lot of very well publicized ways to break into a computer, and new ones are discovered all the time.  Microsoft and Adobe patch these holes monthly, and most other software vendors have an update schedule for the same reason, but there is always a hole between the time that the hole (vulnerability) is discovered and the time that the vendor (Microsoft, Adobe, Java, etc.) is able to develop, test and deploy a fix.  Lately though, it looks like Internet Explorer is taking the lead in vulnerabilities in 2014, surpassing Java and Adobe with a more than 100% increase in the number of vulnerabilities in the first half of the year already (according to this article).

Ok, so what do I need to do?  The good news is that a few simple steps can save a lot of time, trouble and money.  First, make certain that you’re keeping up with updates.  Microsoft, Adobe and Java to be sure, but look around your computer to see what other updates may be available.  Second, make certain that you have good antivirus and that it’s up-to-date and is configured to automatically update frequently (I typically recommend daily at least).  Third, make certain that you have a hardware firewall.  I am a fan of the Cisco Small Business / Linksys products, Netgear, Acer and recently the Western Digital MyNet devices.  Don’t rely on the ‘box’ that your Internet Service Provide gave you to protect your network.  That device is there to get the Internet into your location so that the provider can send you a monthly bill.  Nothing in that box is geared to protect you or your network.  Lastly (in this example), don’t use Internet Explorer for anything that doesn’t absolutely require it.  Google Chrome, Mozilla Firefox and Apple Safari (in order of preference) are all free to download and use and offer more security than Internet Explorer.  Also, find a good IT shop that you can email or call with problems when you have them.  If you don’t already have one, I can certainly recommend one 🙂