It’s been an interesting couple of weeks in the internet security domain. First, there was the HeartBleed issue and, over the weekend, information about insecurity with the Microsoft Internet Explorer browser. As you can imagine, there are millions of installations of Internet Explorer in use. Of particular interest are those installations that are still running Windows XP which Microsoft has indicated that there will be no updates for.
Since the stop of support for Windows XP, I’ve been finding myself morbidly checking out the operating system of people that I have interactions with – in particular vendors who have a Point of Sale software that may or may not actually require Windows XP. I used to ask if they planned to upgrade until I realized that most of the answers were – “no, what’s the problem – my software works”,” too expensive”, “my software needs XP”, “my computer won’t run a newer operating system”, “that would be the boss’ decision”, or “that would be done by our Corporate IT Department”. In reality, the answers that I got didn’t inform me of much and probably just made me look sillier or nerdier than normal. I stopped asking but do continue to look.
In my Zite reader, I have entire sections devoted to all the web browsers that I have installed and use regularly. I like to read about tips, tricks, the latest add-ons to increase productivity and, yes, want to know when there’s a problem that need addressing.
This morning, the Internet Explorer section was completely full of articles about the security problem. Probably the most interesting and objective one came from Forbes:
- Microsoft Races To Fix Massive Internet Explorer Hack: No Fix For Windows XP Leaves 1 In 4 PCs Exposed
In cases of stories like this, I always try to track back to the developer site to see their reaction, response, and their plans to deal with it.
In this case, Microsoft’s Technet has it addressed:
You’ve got to be impressed that it’s out in the open and not swept under the rug. There’s a few woulda, couldas in there but it’s a good read and offers some suggestions for configuring your computer, explains that they’re on it and looking for a fix, probably out of their regular update cycle to handle it. Given all of the stories about it, it’s probably in their best interest to get a fix done and out the door as soon as possible.
Now, I know about this because I enjoy reading technical stuff. I know by the looks that I get from others that I’m probably in the minority!
But, if you’re in the category of just wanting your computer to work, will you even know? It was on the morning news today but would the general public even know what to do or how to do it? And, how about those Corporate IT Departments? Are they informing their clients and giving advice about how to protect things? I read a Twitter message directed to me last night that Internet Explorer is the only browser they’re allowed to use for their own safety. What will happen today?
When you fill your car up at a self-serve gas station, there’s always a kill switch to immediate stop the process if it gets out of hand. Does your computer or vendor have a kill switch that can be used in case of emergencies?
Or, do you care or even listen? I wonder – does the security world cry wolf too often?
Feel free to share your security thoughts in the comments below.