France Tells Its Citizens To Abandon IE, Others Disagree 406
Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.
Re:love the recommendation (Score:2, Interesting)
I wonder how much of this really has to do with security, versus the corporate and technological schism that is quickly developing between the EU and the USA.
It's difficult to say for certain, but in terms of population, economy and global political influence, the EU and USA are becoming very similar. There are indeed some power struggles going on now that they are reaching parity.
Take, for instance, the EU's handling of the acquisition of Sun by Oracle, two mainly-American businesses (although they do have operations in the EU). Regardless of your thoughts on the matter, the EU's involvement has indeed delayed the acquisition, and is having an affect on the viability and value of Sun.
Microsoft is, of course, another one of the large, mainly-American companies that is involved in Europe. Likewise, we've seen them put under far greater scrutiny than we've seen them put under in the USA. And now several major EU players are suggesting that Microsoft's flagship (albeit shitty) software be avoided.
It makes me wonder whether this is really about doing the right thing, which of course is avoiding IE, or whether it's about sticking a thumb up the arse of a prominent American business.
Ekhem, Germany and France are in Europe... (Score:4, Interesting)
...you know, the place that already doesn't have browser monoculture. Therefore, your premise doesn't hold true - they don't want to shatter IE monoculture, create variation in the market. They just don't want people to use IE.
And especially in Europe, that's very much four engines, not three, with one or two places having Opera as number one browser, few other as number one alternative browser, and in many it has quite respectable usage share.
Re:love the recommendation (Score:4, Interesting)
IOW, they are so unable and unwilling to upgrade from IE6 that ANY CHANGE WHAT SO EVER would be as equally drastic as another.
You could entirely replace their machine with a Mac and they would be no less traumatized than if you simply installed IE8 for them behind their back.
Re:Wait a second.... (Score:3, Interesting)
France and Germany were both bitterly opposed to the invasion of Iraq and said so numerous times as members of the UN. Rumsfeld dismissed them [bbc.co.uk] as "old Europe".
While China seems to be the boogeyman du jour for America, people should keep in mind that the Euro is competing very successfully [yahoo.com] against the greenback.
Mixed Message (Score:5, Interesting)
Don't Kill the Messenger: Blaming IE for Attacks is Dangerous
Don't obfuscate the message. Blaming IE for being susceptible to attacks is entirely valid.
So is blaming Mozilla, Chrome, Opera, Konquerer, and Safari when they are vulnerable.
It's all nice and tidy to say "The attackers are to blame." But we don't have control over them. We do have control over which software we use. And if we continually abandon less secure software for more secure alternatives, we will have a continually improving software ecosystem. That will not always mean abandoning IE (well, it may not always mean abandoning IE -- seriously, someday IE might be the most secure option -- stop laughing, it could happen, hypothetically), but it does mean always abandoning whoever fucked up most egregiously most recently. Feedback works.
Re:Importance of Competitive Choices (Score:1, Interesting)
Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.
How about we define "free market" before we continue. Well, according to Wikipedia, "A free market is a market without economic intervention and regulation by government except to regulate against force or fraud." The fact that the US government does not interfere in the market (by attacking Microsoft) makes it less of a free market?
As a disclaimer. I hate M$ and want it to die (I have strong FOSS beliefs). I just fear the government more than M$. Why? Because they have a monopoly on force. And that is scarier than any mega corporation.
Re:Importance of Competitive Choices (Score:5, Interesting)
Ah, yes, because Opera wouldn't have any market share otherwise.
Never mind that it's the number one browser in Ukraine, number one alternative to IE in Russia (and look like it will be number one overall in a few months), and in my backyard that I know about (post-Soviet EU memberstates) it is usually #3 browser hovering between 5 and 10%. Heck, in quite a few of them Opera Mini (the j2me one) is ahead of Safari...
Re:Importance of Competitive Choices (Score:4, Interesting)
Just because some anti-competitive behavior wasn't stopped long ago, doesn't make it right.
How is distributing IE with Windows any different than the distribution of Window Media Player, which was considered anti-competitive years ago?
Running 2 revisions out of date? (Score:4, Interesting)
Sorry, but if you get exploited running IE6, I have absolutely NO pity for you. You're just plain stupid, and your stupidity most likely has caused you to infect other systems probably more than once. You're like a driver who plows down a couple margaritas before you go out driving on a Sunday afternoon.
mod parent up (Score:3, Interesting)
It's worth noting they qualified the suggestion by saying "while waiting on Microsoft to fix the vulnerability". It ain't some global indictment against Microsoft like /. suggested.
IE and Safari improve the security of most power users by presenting easy targets whose code base is unrelated to other browsers.
Re:Tear down (Score:1, Interesting)
Ya, You're protected! Viruses can NEVER run on your computer now, because there are no clock cycles or memory locations left for them to run on!
Virus protection is a broken band-aid. The whole idea of it originally was to protect against a few viruses -- not the 750,000 that we have today. Case in point: I do some 3D animation on the side for fun. I have a scene in Maya that takes four minutes to render a frame. I turn off my virus protection, and it takes a minute and a half. Virus protection takes so much of your system resources that it nearly makes your computer useless.
And yes, IE is the problem (or at least one of the biggest problems). I manage 45 computers, and I've been a network admin for twelve years. My experience with spyware, adware, viruses, and the like is this. I've had users get inundated with them time and time again. I'm talking ten or fifteen viruses and hundreds of spyware programs. I clean it off, and they get it back. I scrape it off again, and they get it back. I scrape it off yet again, switch them from IE to Firefox, and the problem disappears. And yes, it is IE8.
Explain that away, IE fanboys. IE is the biggest security hole in the computer industry. I could have probably gone with just about any of the other major players like Opera, Chrome, and Safari, and gotten the same results. Microsoft should be taken to task for false advertising if they're claiming that IE8 is the "most secure browser on the market".
Now, I don't like to complain about something without offering something positive. If anyone is wondering, I've taken to installing Firefox and making them use it, and also I don't give out admin privileges. Everyone on my network runs as a normal user. If the software demands admin privileges, we replace it with something that doesn't. The other thing that I do is I use entries in the hosts file on each individual machine to block known bad websites. I've managed (knocking on wood) to make virus problems nearly nonexistent. I consider antivirus to be a last-line defense. Oh, and I also have users flogged for opening unknown email attachments. (Interestingly enough, the captcha word for this post is "repress". LOL)
Re:Importance of Competitive Choices (Score:3, Interesting)
Honestly, if you believe that, then you skipped several versions of Netscape.
I only very grudgingly and unhappily moved to IE during that era because Netscape fell so far behind. I'd go so far as to argue that new releases of Netscape managed to fall behind even previous version of Netscape.
I'm glad that Firefox eventually resulted from that mess and provided real competition again, but let's be honest: IE (temporarily) won the browser wars by default, not because Microsoft strongarmed Netscape out of the market, but because Netscape reached a point where they couldn't even release a browser as good as the last browser they released. It takes a special kind of mismanagement to get that far gone.
The EU regulation didn't do jack (Score:2, Interesting)
This is absolutely silly. The EU didn't somehow save us from Microsoft, and they didn't give us any competing browsers. We got those from the private sector, and government regulation didn't do jack.
Did the EU give us Firefox/Mozilla? No. Opera? No. Safari? No. Konqueror? No. Chrome? No. And there have been many other browsers that have been developed as well. All by the private sector, and a number of them were under development before the EU started regulating everything.
And more importantly, did any of you out there switch to Firefox because the EU told you to? Or was it because the EU told Microsoft they had to make IE uninstallable that you suddenly switched to Firefox? I'm pretty sure no one did that. We all went out and downloaded Firefox, in many cases before the regulation took hold, because it was a better browser than IE 6. It complied to standards, had many useful plugins, and most importantly had tabs. It was a better product hands down, and it quickly started gaining marketshare. The reason Netscape got destroyed earlier was because it was not superior to the Microsoft product (at best it was equal, though I'm not convinced it was) and it had a worse business model that at one point included charging a fee for the browser. Obviously that was the wrong business model to choose, as evidenced by the fact that there are over a half a dozen competing browsers now, and all of them are free downloads. The browser just wasn't a peice of software people were willing to pay for.
Frankly, this worshipping at the shrine of the EU and its regulation is just plain boneheaded and wrong. Even if governmental regulation was a good thing (something I vehemently disagree with in almost all cases), using this as an example is stupid. Especially since this wasn't a monopoly. If it were, Microsoft could have charged a fee for IE after driving its competitors from the market (in a real monopoly the monopoly holder always gets to jack up the price when there is no competition), but obviously Microsoft couldn't do that. It would have been overtaken by Mozilla almost immediately, because it was also a free browser. In some markets, competition simply forces the price to zero, and that's what happened here. There were no monopolistic barriers to competition; just a temporary lack of a browser with good enough features and a decent business model. And once that browser (Firefox) appeared, no one minded downloading and installing it onto their OS, despite the fact that they already had IE.
PS - A little known fact is that Netscape almost totally dominated the browser market before IE jumped into the fray. In fact, many sites were designed to work exclusively with Netscape, and even required a user agent string [wikipedia.org] beginning with "Mozilla" to run. In effect, if anyone had a monopoly, it was actually Netscape at the beginning, when they even had a monopoly on content. IE in the early days actually had to spoof the user agent string and pretend to be Mozilla just to get the site to work with it. IE was the underdog and fiercest competitor, which is why it won in the end. It had nothing to do with monopoly.
Re:Tear down (Score:4, Interesting)
The MSRC also classifies them as vulnerable because it's possible (but REALLY hard) to craft an exploit that can get around DEP, ASLR, GS and Protected Mode and all the other IE/Windows security features.
The MSRC is very conservative in their vulnerability ratings even if it makes MSFT products look bad.