I’ve been seeing a lot of news this week about web browser plugins getting exploited to plant malware on computer systems. A lot of people know to keep Flash up to date, and to keep Java up to date or uninstall it–at least I hope so by now–but there are two targets that people generally forget about: Shockwave and Silverlight.
Because so many people have them installed and don’t know it, and therefore never update them, they are ripe targets for attack.Silverlight is Microsoft’s failed attempt to compete with Flash. About the only thing that used it was Netflix, of all things, so if you ever watched a movie on your computer, you probably have it. For the longest time, Firefox would automatically get it, or try to get it, and I’d tell it no, or force it to uninstall. Microsoft stopped that bad behavior a while ago, but if you have Silverlight in your browsers, you can probably safely get rid of it now. Watching movies on computers is a bit passe now that Netflix-compatible devices are commonly attached to TVs, and even if you do, Netflix is moving to HTML5 which provides better security and compatibility. To uninstall Silverlight, visit this link. On a Mac, follow the instructions here. Yes, Mac users, you need to secure your web browsers too.
Shockwave is ancient technology from the days when Windows 95 was state of the art, but for some reason it never completely died. Adobe just left it to die instead–Adobe is terrible about fixing the vulnerabilities in it–and we’re the ones suffering from the neglect. So if you have it, get rid of it–its main use today is to give malware a nice information superhighway around the comparatively secure Flash plugin you have installed. Firefox users: Don’t get up in arms if you look at your plugins configuration and see something called Shockwave Flash; that’s the current version of the Flash plugin. Thanks loads for being clear, Adobe. For a reliable way to find out if your computer is–ahem–infected with Shockwave, visit this link from all of your web browsers and by all means don’t download the plugin! If you have the plugin, download the uninstaller from here.
Attackers will use the easiest method they can find to plant their malware on your computer, so if you close off these two vectors, you’ve gone a long way toward protecting yourself online.