Help File: Don't press F1 on the Web in Windows XP; a shortcut to iTunes Plus upgrades
Q: I heard what sounds like an urban legend -- that you shouldn't hit the F1 key if a Web site tells you to. Is that true?
A: That advice seems the sort of thing easily debunked at the myth-busting site Snopes.com, but it's true. Microsoft really does want Windows XP users to ignore Web prompts to press the F1 key.
A security advisory from the government's Computer Emergency Readiness Team (
http://kb.cert.org/vuls/id/612021) explains that hostile sites can have XP's Help Viewer application run malicious code if they can first get a user running the Internet Explorer browser to hit the F1 help shortcut key. So Microsoft's primary suggested workaround, until it can ship a patch, is this: "Do not press the F1 key when prompted by a Web site."
Using a browser besides Internet Explorer -- for instance, Mozilla Firefox, Google's Chrome, Apple's Safari or Opera's just-updated, eponymous browser -- will also eliminate this risk.
Although Windows 2000 and Windows Server 2003 are also open to this attack, Microsoft reports that Windows Vista and 7 are not -- something to think about the next time somebody suggests those newer releases offer no real benefits over XP.
more
