washingtonpost.com  > Technology > Columnists > Fast Forward

Page 2 of 2  < Back  

For Windows Users, 'Browser Hijacking' Is Only the Latest Threat

Step one is to stop sites from throwing pop-ups at you in the first place. Not only will this make the Web vastly more pleasant, it will eliminate the ability of a would-be hijacker to badger you until you accept a software download or home-page switch.

The easiest pop-up blocker to adopt is the free Google Toolbar (toolbar.google.com); you do, however, need to run Internet Explorer 5.5 or newer to get this feature. Or install any other browser -- IE is the only one around these days that still lets in pop-ups. (I'll get back to this in a moment.)

_____Live Online_____
Monday, 2 p.m. ET: Rob Pegoraro will be online to talk about his latest columns on Verizon Wireless's BroadbandAccess service and e-mail technology.
_____Recent Columns_____
3-Point Shopping For a Computer (The Washington Post, Nov 21, 2004)
Firefox Leaves No Reason to Endure Internet Explorer (The Washington Post, Nov 14, 2004)
Photos Plus Music Equals an Expensive iPod (The Washington Post, Nov 7, 2004)
Fast Forward Archive
_____Personal Tech_____
Full Section
Fast Forward
Web Watch
Ask the Computer Guy
_____Free E-letter_____
Sign Up Now: In his Fast Forward weekly e-letter, Personal tech editor Rob Pegoraro keeps you posted on the latest gear and gadgets (Delivered every Monday).

_____Message Boards_____
Post Your Comments

Step two is to update the Java software on your machine. Java lets you run entire programs in a browser window and, when done right, it's not risky. Its developer, Sun Microsystems, designed it with tight limits on what a Web-based application can and can't do. But these limits must be enforced by a "virtual machine" program that runs on your own computer, and the one Microsoft developed contained a couple of bugs that hijackers abuse.

If you've been keeping your computer's software current with Windows Update, you should have a fixed version of this Microsoft virtual machine. But the better option is to download and install Sun's own, free Java virtual machine (www.java.com), which is both safer and more up-to-date than Microsoft's aging software.

Step three is to get away from something called ActiveX. Developed by Microsoft to compete with Java, it allows a similar sort of Web interactivity, but without any of Java's fail-safe limits: An ActiveX program in a Web page can do anything that a regular Windows program could do on your hard drive.

This can have legitimate uses. For instance, Windows Update uses ActiveX to scan for out-of-date components in your copy of Windows, and an ActiveX installer makes it easier to add Sun's Java software to Internet Explorer.

But ActiveX is exceedingly dangerous overall, since it relies on users to make the right call when they are presented with a "do you trust this publisher?" alert from Internet Explorer. Once they click "yes," the ActiveX program can do whatever it wants.

Updates to IE have limited ActiveX's reach, and an upcoming "Service Pack 2" revision for Windows XP will add still more restrictions. But it's wiser to use an ActiveX-free browser for everyday Web activity, reserving Internet Explorer for Windows Update and the occasional site that, because of its authors' inattention, works only in IE.

For most people, the best IE replacement is a free copy of Mozilla (www.mozilla.org), the descendant of Netscape. If you don't mind using a preview release, however, the faster, simpler and also free Mozilla Firefox will be a better fit (www.mozilla.org/projects/firefox/).

If your computer has already been infected, your antivirus program should clean it out. But you may need to resort to such specialized hijack-removal software as Hijack This! or CWShredder (both at http://www.spywareinfo.com/~merijn/downloads.html).

Whatever software you take with you on your Internet travels, you also need to bring some common-sense skepticism. Pushy salesmanship by a strange site deserves the same reception that an aggressive telemarketer would get in the real world: "No."

Living with technology, or trying to? E-mail Rob Pegoraro at rob@twp.com.

< Back  1 2

© 2004 The Washington Post Company