France Tells Its Citizens To Abandon IE, Others Disagree 406
Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.
love the recommendation (Score:5, Informative)
The link to the official French recommendation is here: CERTA-2010-ALE-001 [ssi.gouv.fr]
Quoting from it (rough translation): "while waiting for the editor [Microsoft] to correct this vulnerability, we recommend people use an alternate browser.
--
are you a startup founder looking for co-founders [fairsoftware.net]?
Importance of Competitive Choices (Score:5, Insightful)
We should applaud the recent work by the European Commission in demanding that Microsoft design their European version of Windows to allow users to choose the browser that they want -- thus, allowing them to never install Internet Explorer. The European Commission has been better advocate of free-market competition than the American Federal Trade Commission.
Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.
Re: (Score:3, Insightful)
Microsoft didn't driver browsers out of the market, Opera was "in the market" the entire time you're referring to.
Microsoft's (serious) competitors gave up, once that happened, Microsoft had no incentive to work on improving IE whatsoever. If Netscape had continued to put out products instead of doing their bullshit rewrite crap, none of this would have happened in the first place.
That's not to say Microsoft has no blame, but on the other hand if Netscape had stopped releasing products *regardless of the re
Re:Importance of Competitive Choices (Score:5, Insightful)
Microsoft didn't driver browsers out of the market, Opera was "in the market" the entire time you're referring to.
That's the "If" in "If Microsoft had succeeded".
Netscape gave up because their business model was completely undercut by the fact that Microsoft made IE mandatory on every computer sold. Opera survived as a niche, and Mozilla was born from Netscape's ashes, both of which are signs that Microsoft didn't succeed.
Re:Importance of Competitive Choices (Score:5, Insightful)
That said, if Netscape actually made a browser that was worth a damn during the reign of Internet Explorer 5 and 6, it might still be around today.
Keep in mind that Internet Explorer is STILL bundled on almost every new PC that's been released in the past ten years, yet competitors like Firefox and Chrome have taken significant market share from it. Why? Because Mozilla and Google finally put out a better product that was faster, more secure, and and cooler features.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
If it had really been a superior product, nobody would have been making a fuss. It wasn't.
Possibly you also believe that Windows' stranglehold on the desktop is due to the intrinsic virtues of the OS too?
Re:Importance of Competitive Choices (Score:4, Insightful)
If it had really been a superior product, nobody would have been making a fuss. It wasn't.
I'm sorry, do you *remember* Netscape 4? IE was a far superior product, on both Windows and Macintosh. (And on Macintosh it won the market fair and square, there being no "stranglehold.")
Re: (Score:3, Insightful)
I remember Netscape 4. In fact, I was using it semi-regularly (albeit on my Windows 3.1 computer) as late as 2003.
Although it wasn't quite as lightweight as Netscape 3 (which was undoubtedly their high-water mark), it was generally stable and ran just fine on a 486.
It had none of the security issues that Internet Explorer 4 invited by going above and beyond the definition of what a web browser should do.
If it crashed, it seldom took the whole system down with it as IE would always do.
It didn't take the ent
Re: (Score:3, Informative)
I'm sorry, do you *remember* Netscape 4? IE was a far superior product
Yes, but Opera was better than either at the time, and got nowhere.
And on Macintosh it won the market fair and square, there being no "stranglehold."
Not true: IE4 was bundled with MacOS as the default browser as part of a deal between Apple and MS. The crowds reaction to the announcement [youtube.com] this was clearly not what users wanted.
Notice:
1) The cross licensing deal (cross licensing is bad because it blocks new entrants [moneyterms.co.uk])
2) MS also bought this by promising to keep developing MS Office for Mac (i.e. they were trying to leverage the Office monopoly).
3) MS also bailed Apple put financially as par
Re: (Score:3, Interesting)
Honestly, if you believe that, then you skipped several versions of Netscape.
I only very grudgingly and unhappily moved to IE during that era because Netscape fell so far behind. I'd go so far as to argue that new releases of Netscape managed to fall behind even previous version of Netscape.
I'm glad that Firefox eventually resulted from that mess and provided real competition again, but let's be honest: IE (temporarily) won the browser wars by default, not because Microsoft strongarmed Netscape out of the
Re: (Score:2, Insightful)
Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.
You just disproved your own statement. A free market would allow a monopoly to continue it's anti-competitve behavior even to the detriment of the market. You're arguing for better regulation not a freer market.
[note: unless my definition of free market is off, which is quite possible]
Re: (Score:2)
[note: unless my definition of free market is off, which is quite possible]
Some people define it as free of artificial barriers to entry.
Re: (Score:2)
Your definition is "off".
Free market != laissez faire.
In a Free market there could not be a monopoly.
Re: (Score:3, Insightful)
In a Free market there could not be a monopoly.
In a free market there can absolutely be monopolies, and monopolies are not in and of themselves illegal.
In a free market everyone can decide to purchase services or products from the same vendor. That's not a problem. The problem come into play when the monopoly starts using their position in an uncompetitive manner, like by requiring system builders to install only your browser, and punishing them if they do otherwise. This behavior is perfectly acceptable in a fragmented market, but not in a monopolize
Re:Importance of Competitive Choices (Score:4, Insightful)
The reason monopoly matters, is it's a precondition for success at anticompetitive or abusive conduct.
Imagine a situation where somebody makes a threat against another person, specifically a threat to beat them up bare handed. If the person making the threat is an 87 lb., wheelchair bound person with a known heart condition, threatening a normally healthy adult who could evade the attack by simply walking away, what does the law say about the normally healthy person claiming they were so threatened they had to draw a pistol and empty it into their 'assailant'? Now, let's flip the situation - the person making the threat is a 245 lb. linebacker, he has already picked up a 2x4 with nails in it, and he is blocking the only exit. What does the law say now?
Monopoly is somewhat like that - it's a claim that the business had the power to be able to act badly successfully, when without that power, whatever it was doing doesn't need the law to stop it, because it would have failed, or done so much damage to the company that it wouldn't have been worth it. If a company with a 5% market share tells vendors "We won't give you a discount rate unless you don't bundle our competition." the vendor laughs and walks off. At 80% or more, apparently they give in. The law doesn't need to act in the first case - a threat that has no teeth resolves itself.
Re: (Score:2, Insightful)
If Microsoft had succeeded in driving all other browsers out of the market in 2000, then today, we would not have any other choice and would be forced to use a browser with a dangerous security risk.
This is a completely invalid argument and I can't believe you're at +5 already. The rabid anti-Microsoft/IE crowd is out in force today I suppose.
Even if every single browser other than IE stopped development in 2000, what bearing at all does that have on potential future development? Firefox was released in 2
Re: (Score:2, Funny)
Re:Importance of Competitive Choices (Score:5, Insightful)
I'm really confused...
That's because the real world comes in shades of grey. A free market cannot exist without some intervention of the state. Minimally a state has to defend against Viking raiders and to establish legal property relations.
Moreover the free market obeys the dialectic of things tending towards their own negation. That is to say the goal of participants in the free market is to eliminate the competition creating a monopoly in a market and thus to defeat the freedom of that market. Rather cruelly, this is when the state is once again required to step in move the goal posts. You've got to feel sorry for successful corporations, don't you?
Re:Importance of Competitive Choices (Score:5, Insightful)
In the theoretical free market, everyone has perfect knowledge of the values involved. For example, the person signing a mortgage knows everything relevant to the same extent as the bank issuing it. Obviously, that fits your shades of grey model. When a state, for just one example, makes efforts to require people with inside knowledge to reveal it to the people they are negotiating with, that is actually a move towards a perfect free market. Let me repeat that for the people who think they are capitalists but are really Mercantilists or something - State involvement is a fundamental method of getting and preserving free markets, not an anti-market force.
The theory behind antitrust law is the government has to step in when a monopoly is being abused, not merely because it exists. This can include both situations where a monopoly is damaging other businesses and, alternatively, where it is damaging the public at large.
Microsoft's influence over the hardware market might be considered an example of damage to other businesses - either established businesses such as Gateway or AMD, or possible startups we may have never heard from. This story, on the other hand, is about a case of possible damage to the public, and has little or nothing to do with the other possible abuses.
Many of the EU/Microsoft claims have involved damage to other businesses. They don't really prove anything about what Microsoft has done to the public one way or another - this claim has to stand or fall on its own. France's publicising the vulnerability is a move to provide more perfect knowledge, so it's arguably an effort towards a more perfect free market. In fact, it's up to the people criticising France to show how there's a flaw in the action - it's normally what a State should do, some would argue what a State is required to do, and moves things closer to a free market, unless there is a substantial falsehood in France's claim.
Re: (Score:3, Informative)
In the theoretical free market, everyone has perfect knowledge of the values involved.
Just to get our nomenclature correct. As I conceded in a post [slashdot.org] further down, "some people (myself included) are conflating the definitions of 'free market' and 'competitive market'" There's a little water under the bridge since I last sat in an Econ class (though Competition Law classes were more recent), so I can be forgiven for making this mistake. If memory serves me correctly what you are describing here is technical
Re:Importance of Competitive Choices (Score:5, Insightful)
Re: (Score:2)
US government market interventionism:
corporations -> lobbyists -> government -> "free" market
Re: (Score:2)
Fail.
Obviously, there is more than one definition of "free market". Though actually, I prefer "free enterprise", which once went hand-in-hand with "land of opportunity". Ah, the good old days...
Re:Importance of Competitive Choices (Score:5, Interesting)
Ah, yes, because Opera wouldn't have any market share otherwise.
Never mind that it's the number one browser in Ukraine, number one alternative to IE in Russia (and look like it will be number one overall in a few months), and in my backyard that I know about (post-Soviet EU memberstates) it is usually #3 browser hovering between 5 and 10%. Heck, in quite a few of them Opera Mini (the j2me one) is ahead of Safari...
Re:Importance of Competitive Choices (Score:4, Interesting)
Just because some anti-competitive behavior wasn't stopped long ago, doesn't make it right.
How is distributing IE with Windows any different than the distribution of Window Media Player, which was considered anti-competitive years ago?
Re: (Score:3, Insightful)
The problem wasn't that a browser is really important and everyone needs one; the problem was that Microsoft had integrated their browser into the operating system in such a way that the operating system itself could not work without it, effectively making it impossible to uninstall it even if the user preferred another browser. Part of what makes other browsers more secure than IE de facto is that they don't have their tentacles as deep into the system as IE does. I'm sure someone will shoot back that it's
Re:Importance of Competitive Choices (Score:4, Informative)
The EU doesn't want Windows to come without a browser. It wants Windows to come with *multiple* browsers, so that you can choose one in a nice little panel.
And this is not directly to protect the Windows users - this is to protect the competition in the market, which in turn will help *all* consumers. Or do you think non-Windows users weren't hurt by the dominance of the IE, after defeating Netscape?
All the web standards had been broken and a great majority of the sites required IE to be viewed correctly, which was kind of difficult if you used IE. This is changing now because of competition.
Re: (Score:2)
Competition policy moves a market towards a "free market" that is the whole point.
Free market != laissez faire.
When there are barriers to competition and lock-in it is not a free market. Basically when you enable more competition the market becomes more free.
Companies don't like a "free market", they prefer a dominant market position because it is more profitable.
Re: (Score:2, Interesting)
I wonder how much of this really has to do with security, versus the corporate and technological schism that is quickly developing between the EU and the USA.
It's difficult to say for certain, but in terms of population, economy and global political influence, the EU and USA are becoming very similar. There are indeed some power struggles going on now that they are reaching parity.
Take, for instance, the EU's handling of the acquisition of Sun by Oracle, two mainly-American businesses (although they do have
Re: (Score:2)
Examine European treatment of US corporations vs. European treatment of European corporations.
Examine US treatment of European corporations vs. US treatment of US corporations.
There are a few possible outcomes: It could, in fact, be that the EU is playing a game of "trade wars" with the US, and is shafting US corporations preferentially. It could be that, in general, a corporation's ability to achieve high levels o
Re: (Score:2)
EU "gets in the way" of European companies when their practices harm the market, so that suggests it isn't a case of "us vs. them", like you're trying to paint it.
Also, "in terms of population, economy and global political influence" they are already very similar; EU actually bigger in first two certainly. And I guess the third category depends mainly on whether or not you want to count US eagerness to go to wars.
I'm sick and tired of reading that crap (Score:5, Insightful)
Every single time EU regulates USA companies, some Americans come and say "They are just being hard on USA companies". But no. They have been very strict to other companies too (Just google about EU and Samsung, Siemens, ABB, Alstom, Saint-Gobain... The list really goes on. Go ahead, check by yourself [europa.eu]. They have been handing out massive fines here and there for anti-competitive practices.).
It's just that the media in USA doesn't pay that much attention to EU fining european companies. In addition, european countries in general have stricter regulation on national level so antitrust investigations on smaller european corporations are done at that level.
Re: (Score:2)
The answer is "no".
Re: (Score:2)
Interesting that it says "while waiting", do this for now. It did not say like the summary implies to abandon IE6 forever. This is still not good news for Microsoft, but it significantly alters what was said.
Personally, I'm getting tired of this Slashdot sensationalistic audience-baiting. It incites more traffic, and therefore more ad impressions I guess, but really how much longer is this going to last? Aren't we all getting tired of this approach? Personally, I know I'm browsing Slashdot less and less.
mod parent up (Score:3, Interesting)
It's worth noting they qualified the suggestion by saying "while waiting on Microsoft to fix the vulnerability". It ain't some global indictment against Microsoft like /. suggested.
IE and Safari improve the security of most power users by presenting easy targets whose code base is unrelated to other browsers.
Re:love the recommendation (Score:4, Interesting)
IOW, they are so unable and unwilling to upgrade from IE6 that ANY CHANGE WHAT SO EVER would be as equally drastic as another.
You could entirely replace their machine with a Mac and they would be no less traumatized than if you simply installed IE8 for them behind their back.
Re: (Score:3, Insightful)
"Hey, I heard you're running IE6. You know that's there's an alternative that's safer and free? It's called INTERNET EXPLORER NUMBER #(!&#* 8!!!!!"
Don't be so simplistic. Yes, I know it's free. There is a good chance that most people know it's free. However, things just aren't that simple. I work for a large company based in Australia (around 200k employees) and the SOE here is Win XP, IE6, Office 2002 (Yes, 2002). We have access from our licensing to upgrade to the latest office versions for free, but the real cost would be massive. We can certainly go out and upgrade our SOE to use IE8 which is free, but again the cost would be massive.
A free dow
Tear down (Score:5, Insightful)
"Don't Kill the Messenger: Blaming IE for Attacks is Dangerous"
Actually, IE is not the messenger, its the source of at least one know security hole that participated in this problem.
The article fails to explain how blaming the software with a known exploit is dangerous.
They assert it will create a "false sense of security" because there exist other methods of attack (other software with security flaws). Even if they did have support for other security holes, this reasoning is an absurd logical fallacy. Amazingly, the author doesn't even have support for the premise of the illogic it's based on an *implication* from a quote by McAfee CTO George Kurtz.
FTA:
The main thing to keep in mind is that these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.
This is completely absurd FUD. IE *was used*, it is insecure, and there is no fix (yet). These conclusions come right from this article and others.
Obvious conclusion: use different software. This conclusion is also supported by the long and consistent history of security issues with IE. I think, after reading this and other articles, it is more dangerous to continue to assert that IE is secure.
Re: (Score:2)
Re: (Score:2)
I truly believe that Firefox and p
Re: (Score:3, Informative)
but France and Germany are mandating switching as though it's some sort of panacea.
I'm not missing this argument. I disagree. Removing IE is not a panacea, nor is this what the announcement means.
Equating a logical, correct step for a more secure computer (removing IE) as a false panacea is the position in the PCWorld article only, and one that misses the more basic point. IE6,7 and 8, including on Win 7 all have this flaw, and there is no fix yet.
Strawman (Score:2)
I agree. This sounds like the old "criminals can pick weak locks so security is worthless" fallacy. Sure any door can be opened, but that doesn't mean you should just remove the door.
That said, even if it was true, I'd still want people to abandon IE. Anything that gets people on browsers that render stuff half-decently without gobs of extra code is good.
Even getting people to IE8 would be a big improvement.
Re:Tear down (Score:5, Funny)
The main thing to keep in mind is that these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.
This is completely absurd FUD.
It's not. What they say is exactly correct: hat these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.
FF has flaws too. An adequate defense would be to install McAfee© VirusScan Plus, McAfee© Total Protection, McAfee© Online Backup, McAfee© SiteAdvisor Plus and McAfee© Anti-Theft File Protection.
There! *NOW* you are protected!
Re:Tear down (Score:4, Funny)
Nice! Though I suppose you could save a little bit of time and just put a bullet through your harddrive...
Re: (Score:2)
Yep
More to the point, IE doesn't run on MacOSX; BSD.any.flavor; *nix.any.flavor
IE runs exclusively on M$ Windoz.all.flavors operating systems
IE6 just provides the easiest port of entry for bad guys into anyone's box, than any other version of IE.
For M$ to claim that IE8 is the most secure browser out there is like saying cigarettes cure lung cancer.
Simply put, M$ produces the most insecure products for any box that ventures out from your home and into the tubes of cyberspace. I'm not knocking their products
Re: (Score:2)
More to the point, IE doesn't run on MacOSX; BSD.any.flavor; *nix.any.flavor
IE runs exclusively on M$ Windoz.all.flavors operating systems
IE6 just provides the easiest port of entry for bad guys into anyone's box, than any other version of IE.
Emphasis mine. There seems to be a bit of a contradiction there. IE6 can't provide a port of entry on this Macbook Pro or the two linux boxes on the shelves next to my desk, because I don't run any version of IE on any of these machines. It only provides a point of e
The Part I don't Get. (Score:5, Insightful)
While Microsoft won the browser war they failed their objectives.
The point of winning the browser war was so Microsoft could change the direction of web standards, eg pushing Active X except for Java Applets. VB script vs Javascript etc. This failed miserably for Microsoft now they are putting time and effort into IE a Free OS Addon to the product and they are not getting anything really out of it. Except for this big push to make IE seem like this great browser they should just well use Firefox it is just as good if not better, we will keep IE going and as secure as possible for a while but will phase it out in about 10 years.
Staying #1 in the browser market where every version you are pushed to follow everyone elses standards is just a wast of your time and money, espectially when you have a slew of other people making good alternatives. Firefox, Chrome, Safari, etc... That really want to follow the standards. Let IE fall too 20% market share, this is OK.
Re: (Score:2)
WRONG!
That's just the sort of cogent, thoughtfully crafted counter-argument I've come to expect on Slashdot.
Re: (Score:2)
I'm sorry, but this is abuse.
You want room 12A, just along the corridor.
Stupid git...
Re: (Score:2)
The jokes on them.
I only test my websites in IE6 (IETester [my-debugbar.com]) to see how fucked up they look.
Then I LOL.
Re: (Score:3, Informative)
From the article referenced.
While research indicates that the Internet Explorer zero-day used in the attacks could be used on any version of Internet Explorer, even on Windows 7...
Re: (Score:2)
One reason I don't like to upgrade to newer versions of IE is because they seem to have HUGE memory leaks. Although I almost always use Firefox, I do need to keep IE around for certainly pain-in-the-ass poorly designed sites that require it. IE 7 takes FOREVER to open and close, especially if it has been left open a long time. There must be memory leaks large enough to drive a truck through. What is Microsoft's excuse for this?
Re:Tear down (Score:5, Informative)
Re:Tear down (Score:4, Interesting)
The MSRC also classifies them as vulnerable because it's possible (but REALLY hard) to craft an exploit that can get around DEP, ASLR, GS and Protected Mode and all the other IE/Windows security features.
The MSRC is very conservative in their vulnerability ratings even if it makes MSFT products look bad.
Re: (Score:3, Insightful)
You're right, people aren't upgrading - because that costs money and the mantra "If it ain't broke, don't fix it" trumps all when it comes to finances.
There are plenty of machines and tasks out there that Windows 2000 is still perfectly adequate for. Replacing Win2K with WinXP or later is a non-zero cost (both in labor and licensing) and may trigger many other software and hardware upgrades or replacements. IE6 is the last version available for Win2K and I'm sure many Win2K installations won't be replaced u
Everybody knows OTHERS are stupid... (Score:3, Insightful)
duh!
False sense of security (Score:5, Insightful)
PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.
Well, of course they'd say that - they are running a PC/Windows/Microsoft magazine, after all.
AppleWorld, on the other hand, has been blaming hacker attacks on Microsoft Windows for many years now - and the general population seems to agree with them, even though it does lead to a false sense of security in OSX.
Healty variety of browsers (Score:2)
It helps to force web developers to design their sites based on standards, not for the browser with the largest market share. I have many friends with Apple computers that use exclusively Firefox even when Safari on OS X is a very good browser. This helps a little to keep the overall security of the plataform up, since you can't be sure that all users of OS X also are users of Safari.
Re:False sense of security (Score:4, Funny)
PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.
Well, of course they'd say that - they are running a PC/Windows/Microsoft magazine, after all.
Well, yes, but what they're saying has some merit. I've known many a novice user that thought that because they used firefox they didn't need an antivirus program or common sense.
They told you they don't need common sense?
Actually not that bad of a suggestion. (Score:2)
Not because Microsoft sucks per say but because computer security is becoming a classic monoculture problem.
IE is such a valuable target because of the number of users.
The greater the variation in software the less valuable each exploit becomes.
Let's face it most people will not change so saying that everybody should change will probably get you 30%
A very real problem is there is only three browser engines at this time Geko, Webkit, and IE.
Re: (Score:2)
Minor correction: it is spelled "per se" (by itself).
Ekhem, Germany and France are in Europe... (Score:4, Interesting)
...you know, the place that already doesn't have browser monoculture. Therefore, your premise doesn't hold true - they don't want to shatter IE monoculture, create variation in the market. They just don't want people to use IE.
And especially in Europe, that's very much four engines, not three, with one or two places having Opera as number one browser, few other as number one alternative browser, and in many it has quite respectable usage share.
Re: (Score:3, Insightful)
The two faces to this argument are that IE on windows gets hacked left right and centre because it's popular, and that (picking a browser at random) KHTML is ONLY secure because it's very obscure.
OpenSSH has a massive user base, and is practically a monoculture in remote access on the *nix platform. An exploit would be extremely valuable ... Oh right, it turns out security is a physical property of a system, and not just some statistic.
Bottom line is that IE really has sucked all its life; and not just stat
Re: (Score:3, Informative)
Bottom line is that IE really has sucked all its life; and not just statistically.
Remember back in the days competing with Netscape, IE was actually good for the time. It wasn't until Microsoft held the browser monopoly that it remained stagnant, while the rest of the browsers moved ahead.
Re: (Score:2)
FYI:
http://en.wikipedia.org/wiki/Presto_(layout_engine) [wikipedia.org]
Don't switch? (Score:5, Insightful)
"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer. That's not going to be good for productivity. And finally, what if your replacement browser itself turns out to contain a vulnerability? Are you going to switch again?"
That's the sort of shallow, thoughtless attitude that got you stuck with IE6 in the first place.
Re: (Score:3, Insightful)
I guess having more than one browser installed is apparently something that would cause the universe collapse. It's not something that really takes much work either, if there's a known bug, use something else until it's fixed.
Re: (Score:2)
It sounds a little like this site I ran across that at first appeared to be a very extreme "right-wing conservative" website, but the more I read, the more I thought that it must be a very [b|s]ad sarcastic humor site or a poor attempt at astro-turf from the "other side." They go as far to say that anyone using Firefox or any open source software is a communist and/or a fascist and "God" hates them for it. Microsoft is the only appropriate software distributor, unless you want "God" to hate you too. They
Re: (Score:2)
"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer.
And I ask yet again, why does business use any mission-critical web-apps that can only deal with a specific browser (or worse, a specific version)
*sigh*
My employer's payroll department still won't answer this question. Idiots
Re: (Score:2)
It's cheaper to develop for only one and it should be the one with the most share. (Just my observation of the mentality.)
They're both right... or wrong (Score:2)
On the other hand, if they only suggest one alternative, then that only creates another monoculture.
Ultimately I'd like to so no one browser with more than 25% market share. Make the scum work harder for their exploits.
Wait a second.... (Score:5, Funny)
France and Germany agree on something?
The IE threat must be greater than previously imagined. Or...something.
Re: (Score:3, Interesting)
France and Germany were both bitterly opposed to the invasion of Iraq and said so numerous times as members of the UN. Rumsfeld dismissed them [bbc.co.uk] as "old Europe".
While China seems to be the boogeyman du jour for America, people should keep in mind that the Euro is competing very successfully [yahoo.com] against the greenback.
Re: (Score:2)
While China seems to be the boogeyman du jour for America, people should keep in mind that the Euro is competing very successfully [yahoo.com] against the greenback.
Don't be too sure about the Euro [theglobeandmail.com]
Another link with the famous Milton Friedman comment [nationalpost.com] about the Euro and a currency crisis.
It will be interesting to see what happens to Greece [eubusiness.com]
Re: (Score:2)
Nah, it goes like this:
France: Germany! Do as I say!
Germany: Yes, yes, dear god yes, just please don’t call us Nazis!
Same thing with the USA, UK and doubly so with Israel.
And then some German comes, and calls the government Nazi anyway! ;)
It drove them so far off the left that we can basically say that with the recent totalitarian tendencies, it “wrapped around”. ^^
(Talking about the p.c. media and politics reality here. Not about what the man on the street thinks. We’re pretty norma
Re: (Score:3, Funny)
nah, that's not that far fetched. Now if *England* and France agreed on something... Well, thats one of the signs of the apocalypse
Simple answers for simple people... (Score:2)
This just in... (Score:2, Funny)
Air-wall is the answer (Score:2)
Instead of doing all your web browsing on a computer that's connected to a network -- which is inherently insecure -- consider only using the internet on systems which are isolated from the network with an "air-wall."
This security solution is effective at preventing viruses, trojans, worms, clickjacking, DNS spoofing, and most other malware as well.
Next up: avoid cancer by not breathing.
I blame the IE 'mentality' (Score:5, Insightful)
I remember Steve Ballmer screaming 'Developers! Developers! Developers! Developers!' and that has been the IE 'menality' ever since. The mentality is "Give the developers (especially big huge companies like Microsoft, Adobe, Symantec, Google) complete control over the users' computers just by clicking 'ok' in Internet Explorer one time." That has got to be seen as a security hole. Every goddamn piece of software now wants to run as a service, check for updates, annoy the user, and prioritize itself. For example, once you install Adobe Flash, it is there.. on every web page.. despite whether the user might want to choose not to load the annoying flash for that particular web page. I am not complaining just about flash - just about the lack of options to make installed software optional. Why can't I have an option to 'right click, show flash' on all my flash animations? and for that matter.. all other software that wants to open by default without giving me an option to save?
Here's how I would make IE more secure in a general sense:
1. Program the 'stop' button as the highest priority. IE is useless if it decides it has to load an entire complicated web page (or malware site) before I can click 'stop' and cancel all of it.
2. Put options in IE to disallow resizing of IE windows by script, removing of toolbar buttons, preventing the user from resizing windows, and using 100% of system resources to process a web page.
3. Remove the ability for a 'Windows popup button' to prevent the user from stopping a script. How asinine is it that a web page can merely repeatedly pop up system messages forcing the user to click ok before allowing the user to click stop? IE screws this up royally with Java helping.
4. Put a 'cookie tracker' right inside Internet Explorer.. Allow the user to control whether a site can modify a cookie. Notify the user (at the bottom status bar - not in his fucking face) that 'a cookie was created or modified' when visiting a web page. User might get suspicious when his favorite porn site tries to modify the 'gmail' cookie.
5. Never allow web pages to stop me from right-clicking. Fuck you. It's my computer.
I'm sure there's a whole lot of other things I could say that Microsoft will continue to ignore..
Re:I blame the IE 'mentality' (Score:5, Informative)
And you all laughed (Score:4, Funny)
When I said this was all an elaborate ruse to Market Chrome.
Clearly I'm the only one here parano^H^H^H^H^H^HSensible enough to see whats plainly in front of us.
Take Microsoft vs Google. Google's brand name is made up of 50% vowels, 50% consonants, whereas Microsoft is 33-67. This is a clever method designed to make you think that Google is fairer and wishes to have an equal representation of all letters. However, this is just plain deceiptful, because "Chrome" is only 33% vowels wheras "IE" (we'll abbreviate it) is 100% vowels, thus making up for the lack of vowels in "Microsoft". There are also even spreads across such MS products as "Office" and "Live". Apple has felt the need to keep up with the proper representation of vowels by throwing in a single lowercase i in front of every one of their new products. Good on them.
So I know what you're thinking: What do vowels and consonants have to do with ACTA and Net Neutrality? Absolutely nothing! But they DO have a lot to do with the recent attacks made against Google. As you can recall, its been recently discovered that the attacks originated in China. Surprising to some people, English has not been fully adopted yet, and many Chinese citizens still speak Mandarin and that other language no one can remember. All traditional chinese languages use characters, not letters. (To those who program or are DBA's, a letter is what normal people call a char). Now, what is Mandarin missing that English has? You guessed it; VOWELS. It's clear and obvious that Google is behind all of it. What the end goal is, I'm not entirely sure, I'm still trying to connect the dots.
What's important about this article is that its happening in FRANCE. This is a bit of a PR stunt for France. You see, everyone hates Microsoft, and everyone hates France. This hurts the French industries of exporting Cheese, Wine, and arrogant behavior. So France is hoping that by declaring they hate Microsoft as well, everyone will look on them in a better light. WE MUST NOT ALLOW THIS. If people start liking the French more, Baguettes will be everywhere. And I mean everywhere. Breakfast lunch and dinner. Baguettes at home, baguettes at work, baguette soup, baguette sandwhiches. Don't get me wrong I like a baguette every now and then but if we let them get a single foothold on the breadmarket they will take it over completely. There is nothing stronger then the relentless pursuits of a French Bunmaster.
So please, everyone, I beg of you. Keep using IE8, if you already do. Not because its secure, because it isn't. Not because of Google, no matter how evil they secretly are...
But because the standard loaf shape of bread is under attack, and if we don't come to defend it, no one will.
Re: (Score:3, Funny)
I was surprised when I looked at poster name in this one and didn't see BadAnalogyGuy...
Re:And you all laughed (Score:5, Funny)
Re: (Score:3, Informative)
You forgot to mention that a avian-dropped baguette was responsible for knocking the LHC offline... but was that good or bad?
Mixed Message (Score:5, Interesting)
Don't Kill the Messenger: Blaming IE for Attacks is Dangerous
Don't obfuscate the message. Blaming IE for being susceptible to attacks is entirely valid.
So is blaming Mozilla, Chrome, Opera, Konquerer, and Safari when they are vulnerable.
It's all nice and tidy to say "The attackers are to blame." But we don't have control over them. We do have control over which software we use. And if we continually abandon less secure software for more secure alternatives, we will have a continually improving software ecosystem. That will not always mean abandoning IE (well, it may not always mean abandoning IE -- seriously, someday IE might be the most secure option -- stop laughing, it could happen, hypothetically), but it does mean always abandoning whoever fucked up most egregiously most recently. Feedback works.
Switch!!! (Score:2)
... blaming IE for attacks is a dangerous approach that could cause a false sense of security.
Because a false sense of security is better than no sense of security at all.
This is exactly why I let my kids play with (Score:5, Insightful)
the toys we know have been painted with paint with high amounts of lead in it.
After all, if I took those away from them I'd just be giving myself a false sense of security since it's likely there are some other toys with lead in them that I don't know about.
Same reason I smoke, sure I know smoking causes cancer but not doing it would just give me a false sense of security given there are numerous other things that also cause cancer.
PCWorld (Score:2)
"PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security."
Yeah, of course they would argue this. They get major advertising dollars from someone affected by such recommendations.
Are the changes that different from Win2k and XP? (Score:2)
Are the internals of Windows 2000 and Windows XP so different that Microsoft can't put IE8 on Win2k?
I mean, it seems like that's the obvious solution, and Win2k's on extended support still, so... and XP only identifies itself as NT 5.1 (Win2k is NT 5.0).
Always amuses me to see "You should upgrade to IE8!" then click the "Upgrade" button and say "Just click Download to get IE8!", scroll down, and then it says "IE8 is not available for your operating system". You'd think Microsoft's update site could've done
Re: (Score:3, Insightful)
Well, that plan wouldn't sell any new copies of Win7, now would it?
IE8 Not vulnerable? Microsoft seems to think it is (Score:3, Insightful)
But, although IE6 has been the source of the attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.
Someone needs to do a lot better research when writing these articles or posting them to Slashdot or both.
THIS is blatantly wrong:
Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well."
Heck, simply reading Slashdot would have turned up this:
Slashdot Article on this [slashdot.org]
Or this from Microsoft themselves which states even Microsoft believe no such thing.
Microsoft Admits IE7 and IE8 are vulnerable to this too [microsoft.com]
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.
I posted something similar about this days ago on yet another similar topic, but was laughed at by the MS/IE zealots who claim Microsoft said only IE6 is vulnerable... so, since they cant read obviously, there it is again... with the relevant section BOLDED this time.
C'mon folks, these RCEs are not new stuff, and seem to exist in EVERY version of IE since the beginning of time till now with "patches" that never fully address the issue (hence, as MICROSOFT themselves noted, this issue is... well... still an issue... even for IE7 and IE8).
Their lame (see story link above) answer that people should upgrade to IE8 as if that was the solution to this problem is idiotic. Yeah, people should upgrade to IE8 (if their machines can actually run it - some of my clients have older, slower machines and no budget to replace them)... but Microsoft should also be working on actually fixing all the RCE exploits and buffer issues in the IE line.
Regardless, my point is, with so much coverage over this (on Slashdot alone), you'd think the "Story Approvers" or author would have gotten that glaringly misleading (and incorrect) point correct. Oh well.
Running 2 revisions out of date? (Score:4, Interesting)
Sorry, but if you get exploited running IE6, I have absolutely NO pity for you. You're just plain stupid, and your stupidity most likely has caused you to infect other systems probably more than once. You're like a driver who plows down a couple margaritas before you go out driving on a Sunday afternoon.
Locks and burglars (Score:5, Insightful)
Of course if a burglar breaks in my apartment thank to a defect of my lock and steal my fornitures I blame the burglar for the theft.
But I change my lock afterward.
Re: (Score:2)
"Why would a website like PCWorld recommend it's users NOT to ban Internet Explorer? "
"It seems like me this is just Microsoft propaganda,"
You just answered your own question.
Paper computer mags are targeted at noobs who still get their info from dead tree media, and they are not in the business of attacking their advertising base!
Re: (Score:2, Insightful)
It's not really in their interest for people to use more secure browsers.
Re: (Score:2)
If you are getting pounded that hard, don't use your main Windows install on the internet.
You can download free VMWare browsing appliances and effortlessly browse using another OS, or load an expendable Windows installation in Portable VirtualBox that can be replaced with a complete backup copy (install Portable Vbox, install Windows, .rar a copy for safekeeping), or load Linux in a VM.
All easy to do, all free, so no excuse for a geek not doing them as needed.
Re:It'll never work... (Score:5, Informative)
Wrong... the problem is in ALL versions of IE from at least 6 upwards on ALL operating systems from at least XP upwards. Microsoft themselves admitted that.
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.
Microsoft Advisory [microsoft.com]
Why are people still perpetuating the myth that this does not affect IE7 or IE8 when Microsoft themselves claim it does?!?!?! Just curious.
Re: (Score:2)
The attack wasn't patched in IE7 or 8, and is even vulnerable in IE8 on Windows 7.