WireSpring Blog

If you use Internet Explorer, please read this!

Author: Bill Gerba on 2004-08-03 10:44:11

This isn't the most digital signage or kiosk-focused article that I've written, but I think it's very important, especially given the amount of traffic coming to this site from people using Internet Explorer in Windows.  Over the past several weeks, basically everybody on the Internet has been writing about an extremely severe security problem in Internet Explorer that can allow a virus or spyware program to take over your computer with hardly any action on your part.  All you would have to do is surf to a website infected by the virus using IE in any version of Windows.

The bug/virus/loophole is called Download.Ject, and basically works like this:  A website running Microsoft's IIS gets infected by a virus, hacked, or otherwise compromised.  According to different news sources, a lot of big, famous sites got hit by this (along with a lot of smaller, not-so-famous sites as well).  IIS is an attractive target because of its large installed base and notoriously poor security history.

Once the site is infected, anybody browsing with Internet Explorer is subject to the bug, which uses ActiveX to transfer arbitrary data to your computer, and then (presumably) execute it.  I don't know exactly what payloads have been used, but obviously things like keystroke loggers and other spyware, spam email servers, viruses and all sorts of other nasties are likely.

Microsoft has issued a number of patches to (sort of) fix this problem, and recommend that you turn your security settings up to "high."  If you haven't done so already, use windows update to update your system with the latest fixes.

Personally, I've stopped using IE altogether in favor of Mozilla.  I use the Mozilla Suite for both web browsing and email, but if you're just in the market for a browser, I'd try Firefox.  It's very small, easy to install, will use all of your IE preferences and bookmarks, and has other neat features like pop-up blocking and tabbed windows.  Oh, and it's free, so if you don't like it, you can toss it with no guilt :)  If you run into problems with some sites that don't like Mozilla, you might also want to give Opera a try.  It's extremely fast and seems to work better in pages that render poorly in Mozilla.  Neither of these browsers is totally free of security problems, but they have much better and more secure underpinnings than IE, and since they represent a smaller user base, they're a less interesting target for hackers.

Finally, if you're running digital signage systems based on Windows, you should seriously think about enabling Microsoft's automatic windows update features, or use a patch management program to make sure you can deliver new security updates remotely so that you don't inadvertently create a network of zombie machines for malicious coders to take advantage of.  Because WireSpring's kiosk and digital signage software products all use Linux, we have much lower risk of running into a problem like this (for the time being, anyway), but we still actively patch as new security warnings come about.  I would suspect that if you're using a Windows-based vendor they would do this as well, but you should probably call and check.

Comments (0)

Subscribe to comments for this article | Trackback

Leave a Comment

Digg this! | Del.icio.us


Previous Article: Avoiding Common Kiosk and Digital Signage Project Pitfalls
Next Article: Staples sales staff has kiosk appreciation: all eyes turn to Office Depot

Front page of dynamic digital signage and interactive kiosks journal