Hackers Just Found a Big Hole in Internet Explorer. Should You Switch Browsers?

The Citizen's Guide to the Future
Sept. 18 2012 3:26 PM

Hackers Just Found a Big Hole in Internet Explorer. Should You Switch Browsers?

Microsoft IE9 vulnerability
If you're a Windows user who's browsing the Web with Internet Explorer, you might consider trying a different browser for a while.

Photo by Microsoft via Getty Images

In an alarming development for both Microsoft and the millions who use its Internet Explorer browsers, hackers have found a security hole that allows them to install malicious software on Windows computers.* Specifically, security researcher Eric Romang of Zataz.com discovered on Sunday that the fresh "zero day" vulnerability allowed cybercrooks to use a form of the old Poison Ivy trojan to take control of victims' machines. The flaw appears to affect Internet Explorer versions 6, 7, 8, and 9, though not the brand-new version 10 (which is only available on Windows 8). It seems the culprits may be related to the bunch who exploited a major flaw in Oracle's Java browser plug-in last month.

When news of the Java vulnerability broke, security experts' advice was clear-cut: Disable the Java browser plug-in immediately unless you absolutely need it. The fact that Java applets have grown relatively scarce on the Web, coupled with Oracle's sluggish response to the problem, made that an easy call for most. (Java has since patched the hole, for what it's worth.)

Advertisement

So if you're a Windows user,* should you now dump Internet Explorer as well? Perhaps, experts say, though the hack shouldn't be a cause for mass panic. For one thing, Microsoft itself has responded quickly with a security advisory that includes an extensive list of work-arounds. Its apparent sense of urgency suggests that it may offer a prompt update that patches the problem, though it hasn't done so yet.

Unfortunately for Microsoft, the work-arounds are a bit cumbersome and could affect your browsing experience—potentially more so than just switching to another browser. And while IE loyalists could just try to avoid potentially malicious websites and hope for the best, you never know. "I would recommend not using Internet Explorer until this issue is patched," Sophos' Chet Wisniewksi tells me. "While the exploit is not in widespread use, it could be integrated into popular attack kits like the Blackhole Exploit Kit any time now."

For those who were already thinking of switching to another browser, such as Google's super-fast Chrome, Mozilla's highly customizable Firefox, or Opera, consider this the perfect time. If you don't like it, you can come back to IE once Microsoft fixes this flaw.

Correction: This post originally implied that only computers running Windows XP are vulnerable. While the hack was first discovered on Windows XP, Microsoft's own security update made it clear that most Windows versions are vulnerable, including Vista, Windows 7, and Windows Server 2003 and 2008.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Will Oremus is Slate's senior technology writer.

TODAY IN SLATE

Politics

The Democrats’ War at Home

How can the president’s party defend itself from the president’s foreign policy blunders?

Congress’ Public Shaming of the Secret Service Was Political Grandstanding at Its Best

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

A Plentiful, Renewable Resource That America Keeps Overlooking

Animal manure.

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Politics

Cringing. Ducking. Mumbling.

How GOP candidates react whenever someone brings up reproductive rights or gay marriage.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Hasbro Is Cracking Down on Scrabble Players Who Turn Its Official Word List Into Popular Apps

Florida State’s New President Is Underqualified and Mistrusted. He Just Might Save the University.

  News & Politics
Politics
Sept. 30 2014 9:33 PM Political Theater With a Purpose Darrell Issa’s public shaming of the head of the Secret Service was congressional grandstanding at its best.
  Business
Moneybox
Sept. 30 2014 7:02 PM At Long Last, eBay Sets PayPal Free
  Life
Gaming
Sept. 30 2014 7:35 PM Who Owns Scrabble’s Word List? Hasbro says the list of playable words belongs to the company. Players beg to differ.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
  Arts
Brow Beat
Sept. 30 2014 8:54 PM Bette Davis Talks Gender Roles in a Delightful, Animated Interview From 1963
  Technology
Future Tense
Sept. 30 2014 7:00 PM There’s Going to Be a Live-Action Tetris Movie for Some Reason
  Health & Science
Medical Examiner
Sept. 30 2014 11:51 PM Should You Freeze Your Eggs? An egg freezing party is not a great place to find answers to this or other questions.
  Sports
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.