Re: Users of Microsoft's Internet Explorer are being urged by experts to switch to a
While I'm definitely on the anti-Microsoft bandwagon, I really don't think this is entirely IE's fault. This vulnerability only manifests itself if the user clicks on a malicious link, which can expose vulnerabilities in any browser. IE gets a bad rap because it's the most widely used browser, and its widespread use is the reason hackers focus on its vulnerabilities.
I think Trend Micro's advice of switching browsers is misplaced. Switching to another browser treats the symptom, not the problem. The problem is - users clicking on links without checking (or knowing how to check) the integrity of the link first. Everyone needs to know how to determine the URL that a link points to before clicking it, and ways to recognize if the URL might be malicious.
IE and Firefox both have a status bar at the very bottom, which usually says "Done," but also displays the page loading progress when a page is first coming up. Pointing at (but not clicking on) a hyperlink will usually display the URL that the link will take you to if you click it. If the URL contains a direct IP address (like
http://123.45.67.89...) don't click it! If the URL ends with an executable file extension (.exe, .bat, .scr, etc.) don't click it unless you know the link is supposed to download an executable file. If the status bar doesn't update when you point at the link, then right-click the link and go to Properties. That will display the link's destination URL, and then the above rules apply.
DNS hacks can take a legitimate hostname (like
www.somewhere.com) and cause it to redirect to their own server that will serve up a malicious page instead of the one you expected. (That's what happened to Comcast a couple months ago). When you're doing online banking or credit card purchases, be aware if the site will intentionally redirect you to a 3rd-party site for the secure operation (there will be a disclaimer). Pay attention to the URL in your address bar and take note if you've been unexpectedly redirected away from the domain you were just at. And when entering your credit card number, make sure the address bar has a yellow background and/or a lock icon that indicates you have an SSL connection to the server. When you're done, explicitly log out via the page's Logout link, then close your browser.
Having said all that, drop IE like a bad habit and get Firefox already!