Please read http://www.telegraph.co.uk/scienceandtec...s-at-risk.html. I'm sure it's elsewhere as well.

Hackers have discovered a way of misusing MS Internet Explorer 7 in a way that MS currently have no solution for. The purpose is to steal passwords, bank account details, etc.

The only short-term fix is to use another browser, such as Firefox, Safari or Opera. And to be very careful browsing websites, on the lookout for sites that are either bogus or which have been "got at". Plus of course to ensure you have really good firewall and anti-malware software in use. It isn't clear whether simply having IE7 installed even if you aren't using it also makes you vulnerable, as has been the case in the past.

This is very serious.

I'm quite surprised people don't seem to have understood how this affects them. Apparently more than 2 million computers have so far been hacked as a direct consequence of this. Microsoft have just released an emergency "fix" that MUST be installed on every machine (see http://www.telegraph.co.uk/scienceandtec...t-Explorer.html) but even so it only reduces the risk and doesn't eliminate it.

The update is at http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Received an auto update this morning pushed to my system from Microsoft through a subscription I have when such issues occur. Fun!

i prefer safari or firefox. MSIE is too tied to the internals of windows. i only use msie to view websites i am making to make sure they display properly.

i was predominantly mac for many years, then about 1998 i went to windows with macs just for site checking. i have been mainly using a mac laptop the last 6 months. very happy with it. incredibly less viral problems. went from major concern to no concern. thats quite nice. 30 inch monitor is nice too. with the laptop screen for an extended desktop. big screens and/or dual monitors are the number one time/labor saving device for a computer.

number two computing labor saving device are the little hacks that let you do copy 1, copy2, copy3, etc. an empowered copy function. you can store things in certain copy slots and use em when editing. glorious thing. like this program: COPYPASTE
(available for mac or windoz)

Agreed with all that, Marty. My only problem with Apple is the physical quality of many of their products, and their cavalier attitude towards the customer. When the new Macbook range came out it was reported as dreadfully unreliable, and Apple simply ignored warranty claims. Many people were left with non-functioning computers for months. And I know far more people who've had their iphones die than people who are satisfied with them.

You say "far fewer" virus problems. It's noteworthy that there are still some - many Mac users use no form of anti-malware protection at all in the false belief that they're immune from attack.

Some Windows vulnerabilities don't require that IE be used, just that it be installed on the machine. The commonsense thing to do it is not to install it at all, but since Windows Update only works with IE, if you want to have the automatic update facility you have to have IE installed.

On the latest Windows problem, it's worrying that MS have asked users to test their new security update. Doesn't exactly inspire one with confidence.

I don't know anyone who's looked at the Mac OS code, but I used to be relatively familiar (years ago) with the DOS/Windows code. It was absolutely dreadful, with branches everywhere around bad code that they left in there, not for any positive reason, but because they weren't sure what the effect of removing it would be. Small wonder that they really don't know what the coding does, so are constantly caught napping.

What is needed with Windows is a complete rewrite to deal with all these issues, to remove all branches other than those serving discrete subroutines and to find out what the logic actually does, not what they fondly believe it ought to do. That would also reduce the size of the software and make it run faster, probably greatly so in both cases. It'd be an incredibly costly exercise after all these decades of sloppy development, and of course will never happen because there's no incentive for them to do it - they effectively have a monopoly over most of the personal computers in the world.

I'm sure this is very serious, but the tech talk leaves me far behind.
Would you techies be so kind as to dumb down substnatially and talk to folks like me who are self-taught on these things?
Thanks guys - basically if I have a laptop on hughes with Microsoft what do I do?

I gather that one thing may be to keep important files on an external hardrive and only work online occasionally?

Download and instal Mozilla Firefox. Us Mozilla to access the internet. Simple fix.

I must be one of the few who likes ie7. I hate the poor resolution of firefox.

Diane (and other people to whom a computer is a "black box") - when you browse the internet you use a program called, unsurprisingly, an internet browser. Assuming you're using a computer with Microsoft Windows (if you're using anything else you probably already know quite a bit about what happens inside), Microsoft provide their own browser called (wait for it .....) Microsoft Internet Explorer. This has come out in several editions, and the current one (I believe) is 7.

Other companies have produced their own browsers, the names of the principal ones being Firefox (by the company Mozilla), Safari and Opera. Firefox is generally regarded as the best of these. Any of these may be used with Windows - I'm accessing the Ambergriscaye.Com page right now using Firefox. To get any of these, use your search engine to look for each by name and simply follow the instructions.

When you access a web page (with any browser) that is an interactive process - you obviously know you've connected, but so does the website "know" that you've connected to it. And just as you search for and recover information from the web (which is really just a collection of other computers connected together), the web can look into your computer and extract information from it. As this is personal and can be sensitive, such as passwords, bank account details etc, this reverse process is regarded as undesirable other than under very tight controls.

Quite simply, the Microsoft product Internet Explorer (abbreviated IE) is the worst at preventing this, largely because it's very badly written. Each time Microsoft (abbreviated MS) produce a new version (as I said, they've reached version 7) they introduce new features, correct some errors they made earlier, and as is the way of these things introduce new errors. It's just been discovered that in version 7 they introduced an error that allows certain websites almost unrestricted access to your computer. The bad guys are of course always ahead of the game and they spotted this some time ago and have been exploiting it, either modifying legitimate websites to their malicious ends without the owners of those sites realising, or creating new ones that look superficially like legitimate sites but which are actually wholly bogus. The day before I made my original post Microsoft had admitted that upwards of two million computers worldwide had probably been subjected to this, and a lot of personal information has probably been stolen. Of course, once that information has got out it's unsafe to use it, which can mean (even if no actual loss has taken place) changing bank accounts, passwords, and everything that you might have keyed into your computer that you'd rather others didn't see. It rapidly becomes very serious.

How can you protect yourself? There are several things you should do, and undoubtedly I'm going to forget some:-

1) Whichever version of Windows you use (the current version is Vista though most people prefer the previous one XP and some are using even older ones), set up "automatic updates" and once a week go to the appropriate Microsoft website to check for any other amendments they've issued. Make sure Windows and any other MS software on your computer (Office - Word, Excel, Access, Powerpoint, etc is the main other one) is always up to date. MS have partially integrated their Office suite into Windows, not by design but more out of sloppiness, so any weakness in Office can also affect Windows and your entire computer.

2) Get, use and keep up to date one of the leading Firewall software packages, to make it much more difficult for someone out in the web from finding your computer, seeing it has vulnerabilities and exploiting them. Ditto for anti-Virus and anti-Spyware software. These are all often bundled into a single package, such as the Bullguard that I use. There are free versions out there but unless you know what you're doing be wary of these - their coverage is often quite selective and will leave you exposed in subtle ways. As well as leaving it permanently active, make sure it is updated (usually in real time) and once a week you do a complete scan of your computer and any external hard disks you attach to it.

3) Other than Windows itself avoid using any MS product, or if you do be aware that it is probably riddled with inadequacies and errors. The most popular non-MS browser is Firefox, and though it has a few problems of its own it is streets ahead of IE in protecting you. Office, especially the older versions (Office XP for example) has had most of the bugs ironed out of it but remains vulnerable because of the way it shares code with Windows. I long ago changed to Open Office, which incidentally is free.

4) Be careful which websites you visit, and which websites anyone else using your computer visits. Kids love to visit new and funky gamesites and the villians out there know that, so most (I do mean most) of these are riddled with malware waiting to infect your computer. If a site looks too glitzy don't visit it. If you do visit a site that with hindsight you wished you hadn't, immediately do a full system scan with your anti-malware software and DON'T EMAIL ANYONE until it's completed. Emails are the most common way these "infections" spread from computer to computer. That and transferring files with flash drives.

5) Extension of the above. If you use a computer for important work don't allow kids access to it. By "kids" I refer to anyone with absolutely no sense of responsibility or understanding of computers, regardless of their age. Get them their own, then after about a month do a full scan of that machine to see what "diseases" they've managed to contract.

6) Be very wary of files or anything else you download from the internet. If there's something you want and you have the option of downloading it or executing it from the web, ALWAYS download it and then specifically scan it with your anti-malware software before you try opening or executing it. NEVER execute any file that came from outside without scanning it first.

7) Remember that this isn't serendipidity - there are people out there whose full time occupation is working out ways to get inside your computer and steal from you. The fact that you can't see them is irrelevant - they're there. The fact that you don't understand any of this and don't see how they could do it is irrelevant - THEY know. Remember that whenever any device is connected to your computer, either directly or via the web, that connection is two-way. You may have just plugged in that memory stick to pull a file off it, but there could be software on it that will secretly load itself onto your computer and start gathering passwords, bank account details, etc, ready to transmit them to someone else sometime when you're on the web. You'll never know when the information left your computer or how anyone gained access to it, but you will notice the unauthorized transactions on your bank account.

8) In case all this seems paranoid and OTT, just go to the website of any of the anti-malware companies and read what happens - it's horrific. They really ARE out to get you!!

diane- do you have firefox installed? i don;t think its a huge deal. i keep all my important files on my main computers, and they are all connected to the internet 24/7