The ongoing Internet-security freakout for anybody using Windows keeps getting worse. Every other week yet another part of the online world gets a warning label slapped on it -- downloads, e-mail attachments, instant-messaging file transfers and now Web pages themselves.
"Browser hijacking" is as bad as it gets: Like the Blaster worm, this form of trickery can take over your software silently and invisibly.
Monday, 2 p.m. ET: Rob Pegoraro will be online to talk about his latest columns on Verizon Wireless's BroadbandAccess service and e-mail technology.
Sign Up Now: In his Fast Forward weekly e-letter, Personal tech editor Rob Pegoraro keeps you posted on the latest gear and gadgets (Delivered every Monday).
Typically, users discover what has happened only after the actual hijacking: Their Internet Explorer home page and Web searches have been switched to strange sites, a flock of pop-up windows follows them around, their lists of favorite sites have become a catalogue of porn purveyors -- and none of these changes can be undone without tedious debugging.
These attacks differ from "spyware" invasions, which can have similar effects, in that victims never took the conscious step of downloading a program and then running its installer.
In some cases, the only mistake a user made was to click an "OK" button to allow what they thought was a change in home-page settings or an addition of a Web toolbar -- not knowing that the site would do much more than that.
This can be an understandable error when you look at the ways sites attempt to fool users; the sleaziest sites won't include a "no thanks" button in their pop-up alerts and will prevent users from closing these windows. (If that happens to you, hit Ctrl-Alt-Del, select Internet Explorer from the list of active programs, and click the "End Task" button to bail out.)
Often, though, the problem can be attributed to going online with an out-of-date copy of Windows, allowing a hijacker's site to exploit old vulnerabilities to worm its way into the PC.
(I've yet to see any reports of Mac or Linux browser hijacks.)
None of this has to happen. Beyond the usual precautions of running an up-to-date antivirus utility and firewall program and regularly downloading Microsoft's critical updates (windowsupdate.microsoft.com), two of the biggest security flaws behind browser hijacking can be fixed with a pair of quick downloads.
A third can be remedied by installing a newer, better browser, and your risk drops to nearly nothing.