I'm not trying to make trouble just get a better handle on what's going on & how I can prevent exposure of my HD contents. You see my laptop is not just pleasure but I work for a bank & in the security dept. and have some sensitive info on here. It would look pretty silly if the assisant to the VP of security gets hacked?? I think someone should say more than if there's an attack we'll act. The prudent thing is to step forward & give an intelligent thought out answer to what steps will be taken & how fast we'll see an update 'if' the worse case senerio happens...I should mention that I'm already afraid of this happening on a weekend when the shop is closed for updates...
Well firstly this exploit only crashes IE and currently can't do anything to your HD. If there is any possibility that remote code could be executed then it could effect your HD, in which case avast would I'm sure be covering that threat.
Secondly I would stop using IE, the browser is an integral part of the OS so if that is exploited, effectively you have exploited the OS. ActiveX and BHOs are virtual magnets for adware and spyware, it is so simple for them to be installed with IE. Opera or firefox or any other non-ie based browser would be fine. Hopefully in the fullness of time MS will get around to patching this vulnerability (just in time for the next to replace it,
).
Anti-viruses by there nature are reactive, they react to threats but in order to do that they need samples of the code (0-day stuff). Some AVs use heuristic detection, that can be extremely complex in trying to first guess what might be harmful. That in itself can cause problems, so it is difficult to say anything other than they will act in light of newly detected threats.
The person behind the keyboard is a first line of defence before any AV ever gets a look in, this type of exploit would be unlikely on a web site with reasonable security as it too would first have to be hacked to implant the code, etc.
So how do you get to those sites that have either been hacked or faked to look like a valid site, clicking links in web pages or emails when you can't check the authenticity of the site.
You don't open attachments in unknown email, the same should be true of links in emails.
If your laptop is for work and home, surely the VP of security has some security policy relating to there use. If you have some sensitive information on it then that info should be in a folder which can be protected either by password or encrypted. You should also have a back-up/recovery strategy.
Most viruses inherit the user privileges so if you have admin privileges then it too has admin rights. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.