When Homeland Security issues a warning about new risks of using your computer, you should stop and pay attention. When mighty Microsoft tells you to temporarily stop using one of their programs due to a security issue, you should stop and pay attention once you’ve recovered from fainting.
Yes folks, our computing environment has just gotten a whole lot riskier, especially when exploring the internet.
First, let me advise you that the issues have not yet been resolved, despite reports issued based on misinformation and misunderstanding. That’s because we’re dealing with multiple issues, on multiple software platforms.
The issue dealing with Adobe Flash Player was resolved (hopefully) by a security update from Adobe on Monday, April 28. That problem involved a Flash bug that was attacking computer visitors of a Syrian government web site. Although that bug was significant, it is not at all related to the major boo-boo in Internet Explorer. And it’s doubtful it would have impacted too many of you in the legal environment.
The “big” Microsoft bug, which Microsoft is currently scrambling to address with a patch, affects versions 6 to 11 of Internet Explorer. It potentially gives data thieves the same access to a network computer as a legitimate user. Microsoft has acknowledged that there have been “limited, targeted attacks that attempt to exploit a vulnerability.” Excuse me? It can’t be so limited if Homeland Security is involved, along with every major media outlet.
The security flaw in Internet Explorer comes into play if you click on a bad link. Not the type which gives you an innocent “404, Not Found” but rather the kind which takes you to a fake web site, where malicious code can be injected into your computer. Some of these sites are so realistically designed, you have no clue they’re fake and “bad”.
This is the first major security flaw discovered since Windows XP support was discontinued. That means that when the security patch is issued, both Internet Explorer and Windows 8.0+ will be updated. Windows XP will remain vulnerable.
What should you do?
- Stop using Internet Explorer for now. Use one of the competitors like Google Chrome or Firefox.
- Don’t click on links found on web sites which go outside that site. Rather, use your “favorites” to get to the other site, or look up the other site and go there directly. It’s estimated that as much as 40% of legitimate web sites may unknowingly have malicious code on their site. One example would be replacing a legitimate link with one which misdirects you to a “bad” web site.
- Make sure you’re installing all security updates which arrive at your computer.
- Be sure your anti-virus and anti-spyware software is kept up to date, and is running continuously in the background.
- Make sure your firewall is up to date.
- If you’re still using Windows XP, make a permanent change to your internet browser choice. Also, whichever browser you choose, you may want to have your security software checking each site before it actually allows you to land on it. It will slow your travels, but keep you much safer.
Keep in mind that you will have to get off of Windows XP in short order. Hey, I don’t like it one bit either! But keep in mind that law firms must take due diligence in safeguarding client confidentiality. Knowingly using software which will never receive additional security updates is much like putting your most confidential client documents in a trash bag, and throwing it off the Empire State Building. It’s not a question as to whether those papers will be scattered on impact, but rather how far they’ll be scattered!