If you have been using any version of Internet Explorer, you are potentially vulnerable to being hacked. The recent zero day exploit has now been patched with a critical security update released this past Tuesday. The next attack, however, is just around the corner.
Incidents such as this not only are a sound reminder to enable Windows Update and make sure all critical updates are installed immediately, it also raises the question whether there are safer options. Let us recap the events and explore what you can do to protect yourself from getting hacked in future.
What Happened To Internet Explorer?
On September 17, Microsoft announced that hackers were exploiting a previously unknown, unpatched vulnerability in all versions of Internet Explorer. While Microsoft was working on an official patch, they offered a temporary Fix it tool, which users could apply manually to protect themselves from the zero-day exploit.
Meanwhile, the announcement raised attention. Moreover, the attack code was integrated into Rapid7’s open source Metasploit penetration testing tool, making the code freely available to security professionals and cyber criminals alike. This move likely invited a surge of attacks, affecting unsuspecting users of Internet Explorer, who did not apply the security patch.
It took Microsoft three weeks to prepare a security bulletin. On October 8, Patch Tuesday, the critical security update was rolled out to fix the vulnerability on all machines that had Windows Update enabled. If Windows Update is enabled on your machine, you are safe; at least for the moment.
Enable Automatic Windows Update
The first and most important step is to enable Windows Update because Microsoft typically offers security patches in a timely manner. Both important and recommended updates can be downloaded and installed automatically. Users who disabled Windows Update to automatically install important updates, remain vulnerable to malicious attacks until they manually apply critical security patches.
Upgrade To Latest Version Of Internet Explorer
While the recent exploit affected all versions of Internet Explorer, older versions are typically more vulnerable because they lack security features or are no longer supported by Microsoft. Presently, Internet Explorer 10 is the most recent version for Windows 7, while Windows 8 users should run Internet Explorer 11.
Both recent versions of Internet Explorer are up to par with competition. IE 10 offers significant improvements, such as a 20% speed increase over IE9. Meanwhile, IE 11 introduced novel features, most notably a touch-enabled interface and the ability to sync tabs across Windows 8.1 and Windows Phone devices.
Run Internet Explorer In Protected Mode & High Security Level
It took Microsoft a very long time to release a patch via Windows Update for the recent security loop hole. While a Hotfix was made available immediately, it required manual user intervention. To increase protection from malicious attacks until a patch is applied, the average user running Windows 7 or 8 can enable Internet Explorer’s Protected Mode and set the security level to high.
In Windows 7, go to Start, search and open Internet Options. In Windows 8, open the Settings charm, click Settings, open the Control Panel, and find Internet Options. Switch to the Security tab and make sure Enable Protected Mode is checked for all zones. Set the security level to high for Internet and Local intranet.
To access less secure features on sites you frequently visit, manually add the URLs to your Trusted sites and set the security level to medium for that zone.
Use A Different Browser
All versions combined, Internet Explorer remains the most abundantly used browser worldwide. This alone makes it a prime target for hackers. Add that it is the standard browser in many corporate environments and you can be certain that any vulnerability will be exploited rigorously as soon as it becomes known. Running the latest version under the highest security standards may not be enough to protect yourself.
While you can never be completely safe, unless you unplug the Internet, your best bet is to use a less commonly used open source browser with an active user base and developer community. Chances are you will not only be alerted of a potential security risk, the community will likely work day and night to patch the exploit as soon as possible. The first alternative that comes to mind is Firefox, the open source and cross-platform browser that made tabbed browsing popular, but there are many more great browser for Windows.
Run Security Software & Browse Responsibly
Last but not least, you should run software to protect your system from viruses and other malware and use common sense when you use the computer. Software won’t always be able to fend off malicious hacking attacks, but their algorithms may detect attacks based on common patterns.
How Do You Protect Yourself From Security Exploits?
Internet Explorer is not the only entry point for malicious attacks. Any software and any operating system likely contains loop holes that are yet to be discovered. This is why it is important to install security software, regularly run updates, and stay alert.
Are you still using Internet Explorer? What measures have you taken to protect your system from vulnerabilities? What do you recommend other users to do?