By Harry McCracken | Tuesday, March 2, 2010 at 3:07 pm
It’s a PC convention that dates to the 1980s: Press the F1 key, and you’ll pull up online help. Except Microsoft is now warning Windows XP users to ignore any Web site that asks them to press F1.
As Gregg Keizer is reporting over at Computerworld, a Polish researcher has discovered an XP (and Windows 2000) vulnerability that would let a Web page trick an unsuspecting user into pressing F1 and thereby launching a malicious program disguised as a Windows Help file. Microsoft has published an advisory recommending that users not press F1, and explaining how to disable Help altogether.
It’s a way more fascinating security hole than your average exploit, since it could let a bad guy make trouble for a Windows user at the particularly vulnerable moment when that person is seeking help. But it’s a sobering argument in favor of choosing a modern operating system–be it Windows 7 or Snow Leopard or Ubuntu–over a creaky old one that dates to the start of the last decade.