I hope no one is still running Internet Explorer 6; if you are Microsoft has a countdown and awareness campaign to get you and your grandmother to upgrade. For those that are fairly up to date, be informed you are not because Microsoft released Internet Explorer 9 today. If you are feeling risky and are running Windows Vista or Windows 7 you can download Internet Explorer 9 from Microsoft’s official download site (not the millions of Google results for it’s download location). There are issues with certain sites so ensure you test this before deploying in production:

Microsoft also set up a domain dedicated to the new browser: www.beautyoftheweb.com. Unfortunately, that site isn’t hosted under the microsoft.com domain, nor does it have an SSL certificate to confirm that it belongs to Microsoft. Using this site to distribute the browser goes against the advice of downloading software only from known vendor websites. Copycat malicious sites claiming to distribute IE 9 will probably appear shortly, if they aren’t around yet.

Internet Explorer 9 includes a number of security improvements that make the upgrade worth your consideration. These include application reputation capabilities that are part of the SmartScreen feature thathelps protect the user against socially-engineered malware. The browser also supports the notion of Pinned Sites, which implements “secure launch” capabilities to safeguard users’ sessions with important websites. Internet Explorer 9 also improves its resistance to exploits by embracing support for DEP/NX, ASLR and SafeSEH memory protection capabilities. The new browser also improves the messages its users see when they download files and programs; the messages are designed to make it easier for the users to assess the risk of opening such files.

Till next time,

Jorge Orchilles

Microsoft was doing so well cleaning up their reputation post-Vista era until they released Service Pack 1 for Windows 7 and Windows Server 2008 R2. Even SANS Internet Storm Center has an article dedicated to identified issues with the service pack. Here is my advice:

Unless you have not installed the recent patches via Windows Update or are reinstalling from scratch, hold off on installing the Service Pack for Windows 7. Windows Server 2008 R2 users may find a few benefits to updating but as always BACKUP your data before installing the service pack!

If you are ignoring my advice and want to install the service pack there are a few things you should do before. First, backup all your data! Second, verify you do not have the hotfixes that Microsoft claims may block or cause the Service Pack install to fail: 2406705, 979350 or 983534

To determine if the hotfixes are installed there are two simple methods:

1. Go to the Windows Update pane (Start menu and type Windows Update) then click on View Update History.
2. Open a command prompt (Start menu and type cmd) then type:

• wmic qfe list full > patchlist.txt
• notepad patchlist.txt

If you do have any of those hot fixes installed. Follow these instructions.

Good luck,

Jorge Orchilles