 |
Technote: |
iRider is NOT vulnerable to a potentially serious security problem discovered in the Microsoft Internet Explorer program in late June, 2004.
A trojan horse called BankHook.A or img1big.gif can, if present in the Internet Explorer application, potentially monitor your web surfing activity and record passwords or other sensitive information. iRider doesn't load the component associated with this trojan horse (known as a "BHO") and so it's not possible for it to monitor your surfing activity in iRider.
However, if this trojan horse has infected your computer — something that's very unlikely but still possible — and you run the Internet Explorer application, the associated BHO component will run and can monitor actions or keystrokes that are performed inside Internet Explorer, even on secure sites. To disable the harmful BHO component in Internet Explorer, a free program called BHODemon can be used. It shows any Internet Explorer BHO-type add-ons that are installed and can disable them.
Important safety precautions
All web users using any browser should follow a few safety precautions to avoid security risks. Please take the time to go through these easy steps:
1) Visit Microsoft's Windows Update site to download and install any critical updates. Bookmark the Windows Update site and visit it monthly.
2) Make sure your Internet Options restrict the freedom of ActiveX controls and Active Scripting:
In iRider, choose the Tools menu Internet Options command, then click on the Security tab.
Under "Select a web content zone...", click "Internet" to select it, then click the "Custom Level" button.
Under "Download signed ActiveX controls", click either "Prompt" (recommended) or "Disable". Prompting will allow browser add-ons in ActiveX format to download only after prompting you for approval. Disabling them will disallow any ActiveX add-ons from downloading. Note that several useful components use ActiveX, such as Macromedia Flash, Apple's Quicktime, RealPlayer, Windows Media Player, etc. If you choose to Prompt before downloading ActiveX, you need to remember to observe any warning message that appears while you're browsing and click "No" unless you're sure that you're on a trustworthy website. The warning will look like this:
Note that the name of the download, in this case "Macromedia Flash Player 7", and the name of the company and authentication authority, are displayed.
iRider and other web browsers and Internet tools display security warnings like this in many circumstances, and one should always take time to heed such warnings and, if in doubt, decline any download or other operation. Malicious websites try to install software on your computer via this mechanism, but it's easy to prevent this if you click "No".In the same window, under "Download unsigned ActiveX controls", click "Disable". Under "Initialize and script ActiveX controls not marked as safe", click "Disable".
Click the "OK" button.
Back in the Internet Options Security tab, under "Select a web content zone...", click "Local intranet" to select it, then click the "Custom Level" button.
Under "Download signed ActiveX controls", click either "Prompt" (recommended) or "Disable", observing the same recommendations noted above for the "Internet" zone.
Under "Download unsigned ActiveX controls", click "Disable". Under "Initialize and script ActiveX controls not marked as safe", click "Disable".
Scroll down to the entries near the bottom of the list, and under "Active scripting" choose "Disable".
Click the "OK" button.
Click the "OK" button in the Internet Options dialog box.
4) Be very careful when downloading programs from the Internet, either from a website or using a file sharing program such as Kazaa. Many free programs, including Kazaa itself, make money by installing "Ad-Ware" or other software designed to present unwanted advertising or do malicious things. It can be very time-consuming to remove such software after you've installed it.
5) Beware of browsing untrustworthy websites (e.g., sites offering free "adult" content) and, if you're entering a sensitive information (e.g., your online banking password), make sure you're on your trusted site by checking the browser Address Bar.
6) As always, be careful when opening a link sent to you in an email message and don't open attachments sent to you in email unless you're absolutely sure they're safe. Any unsolicited message, even apparently from someone you know, may be suspect. If a link in email requires you to log-in to a site with a password, you should not do so — if you want to log into the site, open the site through your usual bookmark or by entering the site's address manually.