washingtonpost.com  > Technology > Columnists > Fast Forward

Fast Forward by Rob Pegoraro

For Windows Users, 'Browser Hijacking' Is Only the Latest Threat

By Rob Pegoraro
Sunday, February 29, 2004; Page F07

The ongoing Internet-security freakout for anybody using Windows keeps getting worse. Every other week yet another part of the online world gets a warning label slapped on it -- downloads, e-mail attachments, instant-messaging file transfers and now Web pages themselves.

"Browser hijacking" is as bad as it gets: Like the Blaster worm, this form of trickery can take over your software silently and invisibly.

_____Live Online_____
Monday, 2 p.m. ET: Rob Pegoraro will be online to talk about his latest columns on Verizon Wireless's BroadbandAccess service and e-mail technology.
_____Recent Columns_____
3-Point Shopping For a Computer (The Washington Post, Nov 21, 2004)
Firefox Leaves No Reason to Endure Internet Explorer (The Washington Post, Nov 14, 2004)
Photos Plus Music Equals an Expensive iPod (The Washington Post, Nov 7, 2004)
Fast Forward Archive
_____Personal Tech_____
Full Section
Fast Forward
Web Watch
Ask the Computer Guy
_____Free E-letter_____
Sign Up Now: In his Fast Forward weekly e-letter, Personal tech editor Rob Pegoraro keeps you posted on the latest gear and gadgets (Delivered every Monday).

_____Message Boards_____
Post Your Comments

Typically, users discover what has happened only after the actual hijacking: Their Internet Explorer home page and Web searches have been switched to strange sites, a flock of pop-up windows follows them around, their lists of favorite sites have become a catalogue of porn purveyors -- and none of these changes can be undone without tedious debugging.

These attacks differ from "spyware" invasions, which can have similar effects, in that victims never took the conscious step of downloading a program and then running its installer.

In some cases, the only mistake a user made was to click an "OK" button to allow what they thought was a change in home-page settings or an addition of a Web toolbar -- not knowing that the site would do much more than that.

This can be an understandable error when you look at the ways sites attempt to fool users; the sleaziest sites won't include a "no thanks" button in their pop-up alerts and will prevent users from closing these windows. (If that happens to you, hit Ctrl-Alt-Del, select Internet Explorer from the list of active programs, and click the "End Task" button to bail out.)

Often, though, the problem can be attributed to going online with an out-of-date copy of Windows, allowing a hijacker's site to exploit old vulnerabilities to worm its way into the PC.

(I've yet to see any reports of Mac or Linux browser hijacks.)

None of this has to happen. Beyond the usual precautions of running an up-to-date antivirus utility and firewall program and regularly downloading Microsoft's critical updates (windowsupdate.microsoft.com), two of the biggest security flaws behind browser hijacking can be fixed with a pair of quick downloads.

A third can be remedied by installing a newer, better browser, and your risk drops to nearly nothing.

CONTINUED    1 2    Next >

© 2004 The Washington Post Company