Microsoft: Cripple IE to Protect Your PC
The company says that you should disable one of the browser's features.Stuart J. Johnston is a contributing editor for PC World.
Illustration by Campbell Laird
Taking advantage of these multiple flaws, a group of Russian crackers recently mounted attacks on several hundred Web sites--aimed at putting lots of visitors at risk. Included on their hit list were some very reputable sites.
Some Scob virus strains installed keystroke-logging software on users' PCs--apparently to steal financial data (head to "Known Trojan Still Plagues Web Servers" for more details).
Microsoft says that your PC will be protected if you're running the beta version of Windows XP Service Pack 2. (Visit "Windows XP Service Pack 2 Release Candidate 2 Preview" for a link to the close-to-final version of SP2). The company says it is still working on a patch to deal specifically with this combination of flaws.
Microsoft also wants you to take the extreme step of disabling JavaScript. Many sites use JavaScript--to display video, say--and without this programming language, some sites, including Microsoft's own Windows Update site, won't even function properly.
If you want to go this far--and I recommend that you do--you need to adjust your IE settings. To disable JavaScript in IE, click Tools, Internet Options and choose the Security tab. Click the Internet icon, click the Default Level button, and move the slider to High. To get around any problems with sites not loading, in IE click Tools, Internet Options and choose the Security tab. Click the Trusted Sites icon and add the sites you want to access. Your machine is still protected. (For Microsoft's full list of safety measures, visit "Increase Your Browsing and E-Mail Safety".)
If all this sounds like too much hassle, you might want to consider switching to a browser like Mozilla or Opera. You can have JavaScript turned on in these browsers, yet remain safe from IE-like attacks. At least, for now.
HP Recall: Shaky Laptop Memory
Hewlett-Packard is fixing 900,000 HP and Compaq notebooks because of a bug in some of the memory modules. The faulty memory may be present in eight Compaq Evo models (N610c and N610v; N620c; N800c, N800v, and N800w; and N1000c and N1000v); four Compaq Presario models (1500, 2800, X1000, and X1200); and HP Compaq Business Notebook Nx7000 and HP Pavilion Zt3000 models (see "HP Stands Alone With Memory Flaw" for PC World's news story). HP is replacing all the affected modules.
The modules aren't in any HP notebooks currently on the market. But if you bought your laptop from March 2002 through June 2003, check whether your unit is affected. HP released a set of diagnostic programs to do just that (via "Memory Module Replacement Program"). You can also call 800/474-6836 or 800/652-6672 to talk to HP.
In Brief
Security News Feed
Microsoft is making the content of its security bulletins in Really Simple Syndication, or RSS, format. If you're set up with an RSS reader, this means that you can receive notifications as soon as new information is posted by Microsoft. Go to "RSS: Really Simple Syndication" to subscribe to the RSS feed.
RealPlayer Update
RealNetworks patched two big security holes in its media players that could let a bad guy take over your PC. The updates (at www.real.com) repair RealOne Player, RealOne Player v2, RealPlayer 8 and 10, and RealPlayer Enterprise.
Bugged?
Found a hardware or software bug? Tell us about it via e-mail at bugs@pcworld.com.