To
avoid viruses, choose the browser road less travelled
by Alan Zisman (c) 2004 First
published in
Business
in Vancouver July
20-26, 2004; issue 769 High Tech Office column
The page-one headline of June 26's Vancouver Sun grabbed my attention:
"Computer virus could steal your credit card number." As is often the
case in the world of the high tech office, the real story was both more
and less serious than the headline suggested.
This new style of infection worked on several levels. First, it
infected Web servers running Microsoft's Internet Information Server
(IIS). Visitors to a Web page running on an infected server received an
unwanted bonus: a keystroke logger that recorded everything they typed
(including credit card numbers, passwords and more) and sent the
information on to a Russian computer.
First the good news: this infection (dubbed JS.Scob.Trojan) was not
widespread.
It probably didn't infect your computer, and probably didn't steal your
credit card number or other sensitive information. Several hundred
IIS-powered Web servers were infected, reportedly including a number of
popular (but mostly unnamed) websites. Most infected websites scurried
to clean out the infection and the Russian Web server receiving the
stolen information was quickly shut down, minimizing the loss of data.
The bad news: this sort of attack will probably become more common.
Unlike traditional viruses, JS.Scob.Trojan didn't require infected
users to open an e-mail attachment. They simply had to visit the wrong
website. And where last-generation's viruses might have damaged your
computer, this one was trying to steal data so someone could empty your
bank accounts.
The under-reported story: the last two paragraphs of the Vancouver
Sun's story quotes "security experts" noting that "users can avoid the
exploit by using alternative browsers such as Mozilla and Opera ... .
The infection does not affect Macintosh versions of Internet Explorer."
In other words, only Windows users running Microsoft's Internet
Explorer Web browser could have their data stolen after visiting an
infected website. Of course, that accounts for the vast majority of
users.
The unnamed "security experts" were part of the U.S. government's
Computer Emergency Readiness Team (US-CERT), a division of the
Department of Homeland Security.
There are two issues here. The bad guys go where they can get the
biggest payoff and so target Windows, Outlook, and Internet Explorer
users almost exclusively. But there is also evidence that alternatives
to these Microsoft products are more secure by design.
Switching to a non-Microsoft operating system is a major step that many
users hesitate to take. The Macintosh operating system (OS X) is
secure, stable, attractive and easy to use. But it requires buying a
new computer and getting new versions of applications. Linux will run
on existing PC hardware, but can be complex to install and configure,
and again requires acquiring and learning to work with a new set of
applications.
But it's relatively easy to move from Internet Explorer to an
alternative browser, while keeping Windows as your operating system.
Many home and business users did this in the late 1990s, moving from
the then widespread Netscape Navigator browser to Microsoft's then-new
Internet Explorer.
Download a copy of an alternative browser and take it for a spin.
Alternatives include Mozilla and Firefox (both free from
www.mozilla.org) and Opera (free with ads, otherwise about $50 from
www.opera.com). All include useful features missing from IE like
control over pop-up windows and tabs to view multiple pages. And all
are safe from nasty exploits like JS.Scob.Trojan.
I've set Mozilla as the default browser on my Windows system. Poet
Robert Frost famously wrote: "I took the road less traveled on, and
that made all the difference."