Preston Gralla

How to protect yourself against the Chinese Google hack

January 15, 2010 2:51 PM EST
Worried about the security hole in Internet Explorer that was used to launch attacks by China against Google and others? There are ways to help close it and limit your exposure to similar threats --- and it won't take more than a few minutes. Here's how to do it.

Microsoft has confirmed that an IE vulnerability was at fault for the Google attacks. In Microsoft Security Advisory (979352) it spells out details and in a company blog, Mike Reavey, director of Microsoft's Security Response Center (MSRC) provides more information.

The security advisory notes that IE 5.01 running on Windows 2000 was not vulnerable to the attack, but that IE6, IE7 and IE8 on Windows 2000, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2 are all at risk.

As of yet, you can't completely close the security hole. However, there are ways to limit your exposure, notably using Protected Mode in IE on Windows Vista and Windows 7, and enabling Data Execution Protection (DEP). Changing your IE security zone to "High" will help as well. Here's what Reavey has to say:

Protected Mode in IE 7 on Windows Vista and later significantly reduces the ability of an attacker to impact data on a user's machine. Customers should also enable Data Execution Prevention (DEP) which helps mitigate online attacks. DEP is enabled by default in IE 8 but must be manually enabled in prior versions.

Customers can also set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones or configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. You can find details on implementing these settings in the advisory.
Unfortunately, though, he doesn't detail how to do that. It's all relatively straightforward to do, though. Here's how.

Turning on Protected Mode

Turning on Protected Mode in IE 7 and IE 8 is exceedingly simple. Select Tools --> Internet Options, and click the Security Tab. Then check the box next to Enable Protected Mode, as you can see in the screenshot below. You'll have to restart IE for it to take effect.

IE protected mode


Changing your Security zone to high

It's also quite simple to change your IE security zone to high. Select Tools --> Internet Options, and click the Security Tab. Then move the slider to High. You won't need to restart IE for this setting to take effect.


Enabling DEP

DEP ie enabled by default in IE8. To turn it on in IE7, and to ensure that it's on in IE8, select Tools --> Internet Options and click the Advanced tab. Scroll down until you come to the Security section. Check the box next to "Enable memory protection to mitigate online attacks" then click OK. You can see it, below. You'll need to restart IE for the new setting to take effect.

Enabling DEP in IE

As for IE6, I don't have a copy, so can't tell you how enable DEP from my own first-hand experience. However, according to About.com, right-click My Computer, select Properties, then choose the Advanced tab. Under Performance, select settings, then select the Data Execution Prevention tab. Next, select the option to "Turn on DEP for all programs and services except those I select." Click Apply then click OK.

Microsoft has also released a tool that turns on DEP. To use it, go to this page and follow the instructions.

Will taking all these steps keep you safe from the Chinese Google-style attack? Not completely, but it will keep you safer than if you don't do it. At some point, though, expect a patch from Microsoft fo fix the problem.