Is Your Web Browser Putting You At Risk?
If you are using Google Chrome, Mozilla Firefox, Apple Safari, or anything other than Microsoft Internet Explorer, then the answer is YES. Arguably the web browser is the most common attack vector used by malicious software (malware) authors today. It is by far the quickest and easiest way for an attacker to deliver malware to a target system. That said, the browser, at least in most consumer environments and many small to mid-sized businesses, is the first and sometimes only defense against web-based attacks. Having effective protection mechanism built in to the browser is essential in preventing our systems from being compromised. In a recent independent study, NSS Labs compared the protection capabilities provided by the leading web browsers against socially engineered malware. The results were stunning. Microsoft Internet Explorer 10 had a mean block rate of 99.1%, leading its nearest competitor by nearly 30%. The results also demonstrated that Firefox and Safari failed miserably, preventing a little more than 4% of these attacks.
Sadly, on the mistaken belief that Internet Explorer is insecure, many uninformed users will install Chrome, Firefox, or Safari in a vain effort to be "more secure". As the test results show, that's not the case. It's important to note that NSS Labs tested Internet Explorer 10, which at the time of this writing is only available with Windows 8. If you are running an earlier Windows operating system, I'd strongly encourage you to upgrade to Windows 8 both for the security and performance benefits. If you are unable to upgrade immediately, or in the very near future, Internet Explorer 10 is available in preview for Windows 7. Regardless, for the highest level of protection from socially engineered malware, make the switch to Internet Explorer today.
Critical Vulnerability Affects Many Home Routers
Recently a vulnerability was discovered in the Universal Plug and Play (UPnP) service running on many home broadband routers like the popular Linksys WRT54GL. UPnP is designed to run on local, trusted networks and enables the transparent configuration of network devices. However, many implementations are exposed to the Internet and may be exposed to remote attacks. If the vulnerability is successfully exploited, an attacker may be able to gain administrative access to your Internet router, allowing them to access your home network remotely, route your traffic to untrusted hosts on the Internet, or disable Internet access completely. You can determine if your home broadband router is vulnerable by visiting this web site. A fix for this vulnerability is still forthcoming, but I would strongly encourage you to disable UPnP on your home broadband router immediately.
Free Anti-Virus Software From Microsoft
Microsoft Security Essentials is a free consumer desktop anti-virus solution from Microsoft. That's right, FREE! If you are running another free or open-source anti-virus program (e.g. AVG) you should switch immediately and install this. If you are running something else, I would recommend making the switch to Microsoft Security Essentials as soon as your subscription expires. Microsoft Security Essentials is very highly rated, performing better than offerings from established anti-virus vendors such as Symanetc, McAfee, Kaspersky, and more. If you are running Windows 8, there's no need to install MSE. Windows 8 has malware and spyware prevention integrated into the operating system iteslf. Another excellent reason to upgrade to Windows 8 today!
I am a network and information security expert specializing in Microsoft technologies. An MCP, MCSE, MCITP Enterprise Administrator, and a four-time Microsoft Most Valuable Professional (MVP), I have traveled around the world speaking to network engineers, security administrators, and IT professionals about Microsoft edge security and remote access solutions. A former information security engineer for a Fortune 100 financial services company in the U.S., I have nearly two decades experience working in large scale corporate computing environments. I have designed and deployed perimeter defense and secure remote access solutions for some of the largest companies in the world. I am a contract trainer for Trainsignal and a contributing author for WindowsSecurity.com and ISAserver.org. I'm an avid fan of Major League Baseball and in particular the Los Angeles Angels (of Anaheim!), and I enjoy craft beer and single malt Scotch whisky. I live and work in beautiful, sunny Southern California.