Is IE still a security risk, even if you're using another browser?

Discussion in 'other software & services' started by Dogbiscuit, Jul 3, 2007.

Thread Status:
Not open for further replies.
  1. Dogbiscuit

    Dogbiscuit Guest

    I have read about how Firefox or Opera users got their computer infected with malware, but through Internet Explorer. If Firefox or Opera is open, and IE is closed and not used, how could a drive-by trojan get onto someone's system? In other words, how does it get around Firefox or Opera?

    Thanks for any input.
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    well if you use instant messager and click on a link then it opens in the default browser.
    so if internet explorer is the default browser then any links from instant messenger and your email client will open in the internet explorer.
    so my best advice is to set firefox or opera as your default browser to avoid any drive by downloads.
    lodore
     
  3. eniqmah

    eniqmah Registered Member

    Joined:
    Jul 7, 2006
    Posts:
    391
    Uninstall I.E ? Put the IE executable in a protected state ?
     
  4. Dogbiscuit

    Dogbiscuit Guest

    Thanks. A thread here on the Yahoo Messenger worm confirms that. Would this mean that only other applications act as the conduit for malware? That if only Firefox or Opera is connected to the internet that a drive-by is not possible?
     
    Last edited by a moderator: Jul 3, 2007
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Have heard varying theories on not using IE but still being susceptible to infection due to its` integration with Windows. Have never heard a definitive answer. Other then to keep your system fully patched.
    As far as "drive-bys", a good properly configured FW be it a router or PC based should pretty much take care of that.
     
  6. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    IMO, because IE is such a big target, it's always at risk. Beyond the web itself, things like CHM help files usually open with IE. HTA files too. And clickable links can be structured so they open in IE, even if it's not the default browser.

    My feeling is to lock IE down. Consider changing it's default security setting in the Internet Zone to HIGH. Place the sites you need and trust in the Trusted Zone. This at least gives you some control over file/ActiveX actions.

    Of course, some might say I'm paranoid... :D

    **EDIT**
    Based on my understanding, I don't advise removing (or trying to remove) IE. If for no other reason, it's our only link to automatic Windows Updates. Most users don't want to track down updates manually...
     
    Last edited: Jul 3, 2007
  7. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Actually fine suggestions. The only time I use IE is for updates and the .01% of the time I run across a site not viewable with FF.

    Paranoid? :cool: Just because you think they :ninja: are after you :shifty: does not mean they are`t. ;)

    Updates can also always be gotten using Belarc Advisor. They usually run a few days to a week behind the actual release date....but still an option. Also very handy if you are wanting to do a "slip stream" install CD.
     
  8. Dogbiscuit

    Dogbiscuit Guest

    Thanks. That makes alot of sense. I found this website which goes into some detail about the benefits of removing IE and why it's a security risk even if not used, but I haven't been able to understand the terminology completely to know if what is being said is accurate or not:
    Does this mean using an alternative browser (behind a firewall with XP, IE fully patched) and with no other software open still leaves you somehow vulnerable with IE on your system? Or are the problems related only to a combination of unpatched systems and third-party software like internet messenging, etc?

    Wikipedia's article for IE mentions several consequences that seem to outweigh the benefits of removing it, if I understand them correctly:
     
    Last edited by a moderator: Jul 7, 2007
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I agree that the Local Zone could be a concern. But, that said, I would hazard a guess that if one's Local Zone is entry point of a direct malware infection, your PC might already be compromised elsewhere. IMO, the biggest risk is still the Internet Zone...
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
Loading...
Thread Status:
Not open for further replies.