7/14/04 Update:
Microsoft has released today new Critical Updates, which can be downloaded from http://windowsupdate.microsoft.com/. (NOTE: Internet Explorer is the ONLY browser supported for Windows Update.) The latest group of patches address problems found in the Help system and Internet Explorer browser, and are not optional. These updates are STRONGLY RECOMMENDED.
   This round of fixes appears to include an attempt to ease some of the bad publicity that Internet Explorer has received. Regretfully, these updates AGAIN fail to fix the most serious security issues found in Internet Explorer. Even with these Critical Updates installed, we suggest that another browser program such as Mozilla's FireFox be used for general browsing until third-party independent professionals can again state that Internet Explorer is safe to use.

7/9/04 Update:
Microsoft has released a Critical Update that adjusts settings in Internet Explorer and Windows to close one of the vulnerabilities exposed by the SCOB virus. (See Windows Update, or http://windowsupdate.microsoft.com - Do you have AUTOMATIC UPDATING set to check every day and automatically download? NO? Why not?) However, this does not end the problem, nor close all the issues revealed by the latest attack.
We must, reluctantly, conclude that Internet Explorer is still insecure and may provide an open pathway to allow criminals control of your computer. For general purpose browsing, we continue to suggest Mozilla's FireFox until Microsoft resolves outstanding security problems with Internet Explorer.

   We have been working on virus and spyware problems with Windows for quite a while. Normally when there are problems, we can find answers. At this time there is a major security issue that Microsoft has NOT resolved.
    Antivirus software simply does not have a good handle on this problem, either. Anti-virus software is unable to stop this particular type of infection from happening in the first place. The current major threats can be detected and fixed by most anti-virus software. Still the threats keep coming, and changing. Under this sort of attack, any Anti-Virus product might fail to give 100% protection- and may itself be successfully attacked.

   The US Government has issued a "vulnerability note" advising Windows users NOT TO USE INTERNET EXPLORER. This warning was issued by CERT, http://www.us-cert.gov/, The U.S. Computer Emergency Readiness Team. We must, in all good conscience, repeat the essence of this advisory bulletin.

   AS THIS PROBLEM HAS NO FIX, CANNOT BE AVOIDED DURING NORMAL USE OF THE SOFTWARE, AND EXPOSES YOUR MACHINE TO CRIMINALS we must extend this important caution:
   Microsoft's popular "Blue E" browser Internet Explorer is currently NOT secure. Software of an unknown origin and purpose, including the SCOB (AKA Ject and Toofeer) virus which you may have heard about but now extending to a large number of variants, has become the latest plague on the Internet. (SCOB itself may be completely suppressed at this time, but the "doors" that it opened remain open to this day.)
   The number of security problems in Internet Explorer may turn out to be quite large. Some of the "exploits" being used to install these viruses were not previously known. Although Microsoft is working with experts around the world to fix the problem, to date there ARE NO PATCHES and this problem is growing more severe daily as thieves continue to take advantage of these flaws with new versions of the software. The software normally targets online banking systems, often stealing access from stored passwords on your PC in the first few seconds of infection. Variants also install "keylogger" software, recording keystrokes to capture passwords and financial transactions.
   Infection may be from ANY LEGITIMATE WEBSITE running Microsoft's IIS software. The first step in the infection process is to break into and infect a legitimate website running IIS, Microsoft-based web server. IIS has several known flaws- Any website you surf to may be harboring this infection without the knowledge or permission of the site's operators. Although Microsoft has released patches for some of these flaws in April, most Microsoft servers are not set to automatically install updates. (Some of the updates will require a reboot; not good behavior from a server.) For this and other reasons many IIS-based web servers do not have the latest patches and are vulnerable to this type of exploitation.
   Any Windows user who views a web page from an infected website will be infected in turn, automatically and silently.
   Much of this software appears to be from criminal gangs in Eastern Europe (especially Russia), and law enforcement is apparently not able to resolve the issue.

Introducing "Firefox"
   Due to the lack of security when surfing the Internet with Microsoft's "Internet Explorer", we invite users to install and try the Mozilla browser "Firefox". See our FireFox page for more details.
   Firefox is a "pure browser", and is a viable alternative to Internet Explorer. It is fast, clean, and elegant. "Firefox" is the end product of years of work by the "Mozilla" (formerly "Netscape") open-source software project. Although earlier versions of the "new Netscape" were flawed, many of these problems have been resolved with Firefox.
Firefox is SMALL- the complete download is less than 5mb, putting it in reach of nearly any user. It seems to be fast, and looks (to the user) much like Internet Explorer. Instead of the clumsy "Favorites" system, Firefox uses the Netscape Bookmarks model, which is far easier to use and manage. Most importantly, Firefox is not subject to the latest round of security threats that are plaguing Microsoft's Internet Explorer.
Firefox's installation also includes an Import utility that says it will import all Favorites, cookies, stored passwords, logins, etc. from Internet Explorer, effectively replicating your current experience with the new browser. This does not appear to work 100%, but most of it does work and it should preserve the majority of your settings.
Firefox 0.9.1 can be downloaded from http://www.mozilla.org/download.html, and downloads and installs quickly. During installation, there is an offer to install "ThunderBird", a free Email client; we don't know anything about this product (and are happy using Eudora, which is another story, or Outlook- Assuming all the latest security patches are applied!) Firefox is one of the components of the (12mb) "Mozilla 1.7 suite", which includes ThunderBird Email and other software.
We have been using Firefox and are impressed by both its speed and the apparent full compatibility with the majority of websites. In addition, the program has RESOLVED problems our clients have had with some websites, including Microsoft's own Hotmail. There are, regretfully, some considerations. Most notable are Style Sheets differences that may result in Font and Line Colors not being properly displayed. Firefox appears to want the CSS (Style Sheet) color descriptions in a different format that the standard "#FF00FF" color scheme so beloved to Internet Explorer HTML programmers; we are still looking into the ramifications of this in regard to our own work.
   Also, the new ASP.NET program from Microsoft will not render HTML properly (natively renders HTML 3.2, not 4.0 to anything but IE) to Firefox (or Netscape 7, Safari, Gecko, Mosaic, or Opera) browsers without a patch in the web.config file that tells it explicitly to render 4.0 HTML. If any developer who gets this note needs these adaptations please write to us with the links below. We would be pleased to provide the code that we have found successful.

IF you choose instead to continue to use Internet Explorer, there are ways to reduce your risk:
Automatic Updates are STRONGLY RECOMMENDED
   IF you wish to continue using Internet Explorer, Microsoft suggests running Windows Update (see the Start Menu for Windows Update, or go to http://windowsupdate.microsoft.com) and installing all Critical Updates. After installing your updates, RETURN to Windows Update; there may very well be subsequent patches. You should also set your PC on AUTOMATIC UPDATES. We suggest setting your PC to update automatically whenever it is on, either at 9 or 10AM, or in the early morning if it stays running. Automatic Updates can be set in Windows XP by right-clicking My Computer and choosing "Properties" from the menu. Then select the "Automatic Updates" tab, and configure to Automatically Update at a set time each day.
   In Windows 2000, the Automatic Updates feature is a Control Panel item.
Modify your Internet Options:
   Microsoft says to set all Internet Zone security settings on their HIGHEST LEVEL. (We are unsure if this offers real protection against these threats, however.) To do this we need the Internet Options control panel. Go to Start Menu > Settings > Control Panel > Internet Options. (Or choose Internet Options from Tools menu inside Internet Explorer.) Select the Security tab. Click on the "Internet" Zone, If set on "Custom", first click the "Default" button to reveal the slider. Move the slider from Medium Low or Medium all the way to the top.
   By the way, this will cause Internet Explorer to demonstrate some VERY unusual behavior. No user will be comfortable using the Internet with this high a setting, at least not for very long! There will be a great many prompts, and also some site features may not work. You will need to make good decisions when you see these prompts, as accepting certain functions can also accept the SCOB virus and it's variants.
Turn Off Javascript?
Another "Solution" is to turn OFF Javascript. Javascript is a system for running website functions inside your computer, and is essential to the operation of most modern websites. Still, Javascript is the mechanism where this particular security problem attacks your computer. Turning off Javascript can be done in Internet Explorer from the Internet Options control panel. (See above for how to access this.) Go to the Security Tab. There should be a button for Custom settings on the bottom right, press it. There is a long list of Security options. Under the Scripting category, select DISABLE on the radio buttons for all three items: "Active Scripting", "Allow paste options via script" and "Scripting of Java applets". Say OK twice to exit; Javascript should now be DISABLED on your browser and you will be safe from this current infestation.
Still another (partial) solution is to only surf the web with a Windows 2000 Professional or Windows XP Professional machine logged into an account that has nothing higher than "Power User" permissions. In this state, software cannot be installed- and neither can the infection. You can still GET the infection, and it may reside on the machine and infect it in the future- but it should not be able to install itself and perform its nefarious tasks. Note that many corporations only permit computers to operate in "Power User" mode.

How will this Virus Problem End? An Editorial from SoftProse Technology, Inc. This virus problem is a quite serious one. Users buy computers with anti-virus software that never updates or will expire updates after a few months, and assume that they "have protection". This encourages virus authors- any anti-virus software that "expires" for updates is a tool that encourages virus authorship, not true protection. Virus software should update for the life of the computer or operating system, and not require periodic re-purchases to remain in effect. In addition, antivirus software should automatically check for updates several times a day, such as the default 4 hours we set for our InoculateIT / EtrustAntiVirus systems. Users also must bear some responsibility to keep their software updated; to not involve themselves with "cheater" software such as Kazaa; and to avoid running strange attachments. Spyware and Adware, along with Spam transmission efforts, are now becoming more and more closely linked to virus authorship. Anti-virus software will not touch "commercial" Spyware and Adware, claiming that this is not their responsibility. However, computers are failing when they are overwhelmed by Spyware and Adware, and this is a major growing problem. Anti-virus software must protect against all malicious software, not just those produced by amateurs. Internet Service Providers such as Earthlink, AOL, Verio, RoadRunner, Optimum Online, etc. are the actual means by which these viruses are transmitted. The true "source of infection" is the Internet pipe by which we are communicating. To resolve these issues, new routers called "filtering routers" can be installed, to replace the current "boundary routers" that connect users to the Internet. Replacing all the boundary routers with new filtering routers that can remove virues and spam is a major expense, and a technological challenge. It is also a challenge that must be met, and SOON, as consumers are being pounded by the products of brilliant but immature criminals. The only way to defend against these problems is for the Internet itself to rise in it's own defense. Companies that make the new generation of router systems include Cisco and Juniper Networks, but many other vendors will be available in the near future. ISP's that implement filtering of this kind will be extremely desirable. SoftProse Technology, Inc. is now involved both in encouraging current ISP's to take responsible actions and to implement these filtering technologies, and to discover and promote ISP's that currently offer these services to their clients.

Further Information on the SCOB Virus and IE problems:
CERT Alert:
http://www.us-cert.gov/
Article from CERT on IE Vulnerability:
http://www.us-cert.gov/cas/alerts/SA04-163A.html
"About.com", commentary on everything, maintains a virus report:
http://antivirus.about.com/od/virusdescriptions/a/scob.htm
Computer Associates, creators of Etrust AntiVirus:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28422
Symantec Corporation, creators of Norton Anti-Virus:
http://securityresponse.symantec.com/avcenter/venc/data/js.scob.trojan.html
Our "FireFox" Page:
http://www.softprose.com/information/internet/firefox.shtml
Good article from Eweek.com:
http://www.eweek.com/article2/0,1759,1623247,00.asp
From the "Other Side", a report on Microsoft's woes from the Linux community:
http://www.linuxinsider.com/story/34802.html

Virus Defenses  Anti-Virus Proposal  Virus Alert  Virus Hoax?  Free Anti-Virus  Spyware & Adware  Phishing- Email Con

Virus Defenses  Anti-Virus Proposal  Virus Alert  Virus Hoax?  Free Anti-Virus  Spyware & Adware  Phishing- Email Con

Virus Defenses  Anti-Virus Proposal  Virus Alert  Virus Hoax?  Free Anti-Virus  Spyware & Adware  Phishing- Email Con

Virus Defenses  Anti-Virus Proposal  Virus Alert  Virus Hoax?  Free Anti-Virus  Spyware & Adware  Phishing- Email Con

Virus Defenses  Anti-Virus Proposal  Virus Alert  Virus Hoax?  Free Anti-Virus  Spyware & Adware  Phishing- Email Con

Virus Defenses  Anti-Virus Proposal  Virus Alert  Virus Hoax?  Free Anti-Virus  Spyware & Adware  Phishing- Email Con

Virus Defenses  Anti-Virus Proposal  Virus Alert  Virus Hoax?  Free Anti-Virus  Spyware & Adware  Phishing- Email Con