Hackers Just Found a Big Hole in Internet Explorer. Should You Switch Browsers?

The Citizen's Guide to the Future
Sept. 18 2012 3:26 PM

Hackers Just Found a Big Hole in Internet Explorer. Should You Switch Browsers?

Microsoft IE9 vulnerability
If you're a Windows user who's browsing the Web with Internet Explorer, you might consider trying a different browser for a while.

Photo by Microsoft via Getty Images

In an alarming development for both Microsoft and the millions who use its Internet Explorer browsers, hackers have found a security hole that allows them to install malicious software on Windows computers.* Specifically, security researcher Eric Romang of Zataz.com discovered on Sunday that the fresh "zero day" vulnerability allowed cybercrooks to use a form of the old Poison Ivy trojan to take control of victims' machines. The flaw appears to affect Internet Explorer versions 6, 7, 8, and 9, though not the brand-new version 10 (which is only available on Windows 8). It seems the culprits may be related to the bunch who exploited a major flaw in Oracle's Java browser plug-in last month.

When news of the Java vulnerability broke, security experts' advice was clear-cut: Disable the Java browser plug-in immediately unless you absolutely need it. The fact that Java applets have grown relatively scarce on the Web, coupled with Oracle's sluggish response to the problem, made that an easy call for most. (Java has since patched the hole, for what it's worth.)

Advertisement

So if you're a Windows user,* should you now dump Internet Explorer as well? Perhaps, experts say, though the hack shouldn't be a cause for mass panic. For one thing, Microsoft itself has responded quickly with a security advisory that includes an extensive list of work-arounds. Its apparent sense of urgency suggests that it may offer a prompt update that patches the problem, though it hasn't done so yet.

Unfortunately for Microsoft, the work-arounds are a bit cumbersome and could affect your browsing experience—potentially more so than just switching to another browser. And while IE loyalists could just try to avoid potentially malicious websites and hope for the best, you never know. "I would recommend not using Internet Explorer until this issue is patched," Sophos' Chet Wisniewksi tells me. "While the exploit is not in widespread use, it could be integrated into popular attack kits like the Blackhole Exploit Kit any time now."

For those who were already thinking of switching to another browser, such as Google's super-fast Chrome, Mozilla's highly customizable Firefox, or Opera, consider this the perfect time. If you don't like it, you can come back to IE once Microsoft fixes this flaw.

Correction: This post originally implied that only computers running Windows XP are vulnerable. While the hack was first discovered on Windows XP, Microsoft's own security update made it clear that most Windows versions are vulnerable, including Vista, Windows 7, and Windows Server 2003 and 2008.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Will Oremus is Slate's senior technology writer.

TODAY IN SLATE

War Stories

The Right Target

Why Obama’s airstrikes against ISIS may be more effective than people expect.

The One National Holiday Republicans Hope You Forget

It’s Legal for Obama to Bomb Syria Because He Says It Is

I Stand With Emma Watson on Women’s Rights

Even though I know I’m going to get flak for it.

Should You Recline Your Seat? Two Economists Weigh In.

Doublex

It Is Very, Very Stupid to Compare Hope Solo to Ray Rice

Or, why it is very, very stupid to compare Hope Solo to Ray Rice.

Building a Better Workplace

In Defense of HR

Startups and small businesses shouldn’t skip over a human resources department.

Why Is This Mother in Prison for Helping Her Daughter Get an Abortion?

Politico Wonders Why Gabby Giffords Is So “Ruthless” on Gun Control

Behold
Sept. 23 2014 4:45 PM An Up-Close Look at the U.S.–Mexico Border
  News & Politics
Foreigners
Sept. 23 2014 6:40 PM Coalition of the Presentable Don’t believe the official version. Meet America’s real allies in the fight against ISIS.
  Business
Moneybox
Sept. 23 2014 2:08 PM Home Depot’s Former Lead Security Engineer Had a Legacy of Sabotage
  Life
Outward
Sept. 23 2014 1:57 PM Would a Second Sarkozy Presidency End Marriage Equality in France?
  Double X
The XX Factor
Sept. 23 2014 2:32 PM Politico Asks: Why Is Gabby Giffords So “Ruthless” on Gun Control?
  Slate Plus
Political Gabfest
Sept. 23 2014 3:04 PM Chicago Gabfest How to get your tickets before anyone else.
  Arts
Brow Beat
Sept. 23 2014 8:38 PM “No One in This World” Is One of Kutiman’s Best, Most Impressive Songs
  Technology
Future Tense
Sept. 23 2014 5:36 PM This Climate Change Poem Moved World Leaders to Tears Today
  Health & Science
Science
Sept. 23 2014 4:33 PM Who Deserves Those 4 Inches of Airplane Seat Space? An investigation into the economics of reclining.
  Sports
Sports Nut
Sept. 23 2014 7:27 PM You’re Fired, Roger Goodell If the commissioner gets the ax, the NFL would still need a better justice system. What would that look like?