It was announced this weekend that all versions of Internet Explorer have a major security flaw that could allow a hacker to take control of your PC without your knowledge. No solution has been announced yet so you have only two choices: 1) stop using IE altogether or 2) disable the Adobe Flash plug-in within the browser (the behavior that is somehow affected by these two products running in combination hasn’t been widely announced).
If you are going with the first choice, you need to disable any copies of Internet Explorer running on your company systems and the systems your people are running at home—and have everyone switch to an alternate browser like Chrome, Firefox, Safari—or even the lesser known ones. There is no doubt that they have their own undiscovered security flaws, but until they’re found, you’re safer moving to another browser.
Like being in the stock market, or carrying a spare tire, the lesson here is to diversify or avoid dependency on one product, technology or method. If possible, always have a fallback mechanism and alternate methods of getting your work done. Fortunately, installing an alternate browser is a cheap and quick procedure. Of course, it is also true that not all browsers behave identically. So once you switch, you need to test that everything works as expected. Many web designers test on only two browsers and though behavior differences between all the browsers can be slight, I’ve personally discovered flaws that stop an e-commerce application from working in a specific browser. Our company tests on the four major browsers.
So, to summarize:
- Go switch over your users to another browser now
- Try to figure out if you were compromised and make an assessment of what happened
- Look to reduce any damage an information leak might have caused
- Keep up to date on security vulnerabilities on any software you use
- Look for commercially reasonable ways to diversify your risk and dependency
- Stay current in your software and on support contracts for those products that handle secure data (Microsoft has informed its users that it will offer no security updates for Windows XP–still running on 25% of all PCs–because support has been suspended for that operating system)