Users of IE are being urged by experts to use alternative..

Our "pub" where you can post about things completely Off Topic or about non-silent PC issues.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Users of IE are being urged by experts to use alternative..

Post by xan_user » Tue Dec 16, 2008 7:13 am

Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

http://news.bbc.co.uk/2/hi/technology/7784908.stm

Matija
Posts: 780
Joined: Sat Mar 17, 2007 3:17 am
Location: Croatia

Post by Matija » Tue Dec 16, 2008 7:31 am


andyb
Patron of SPCR
Posts: 3307
Joined: Wed Dec 15, 2004 12:00 pm
Location: Essex, England

Post by andyb » Tue Dec 16, 2008 12:41 pm

I got an e-mail forwarded to me earlier explaning that they should NOT use IE-7. This e-mail would have been sent to all 6,000 employees. I imagine that hundreds of other businesses would do the same.

As much as I despise IE's total lack of security and its propensity to install anything for any reason at any time without so much as notifying the end user is a disgrace, but that most people have poor security and internet awareness. Its like the age old problem of people and guns, guns are deadly, but they dont kill people - people do. IE can be perfectly safe to use if you are shrewd, likewise you dont need AV and Firewall software. The problem is when you mix these thing up with someone who looks at the wrong porn sites (as opposed to the right ones), and kids.

The more people who end up using more secure browsers than IE the better for everyone. Ideally everyone should have decent security, use a more secure browser, tweak the browser even further, and be far more cautious on the internet.

Personally I would like to see no-one use Antivirus or Firewall software and everyone use IE, I would get more business, which would suit me just fine. :)


Andy

Nick Geraedts
SPCR Reviewer
Posts: 561
Joined: Tue May 30, 2006 8:22 pm
Location: Vancouver, BC

Post by Nick Geraedts » Tue Dec 16, 2008 1:23 pm

andyb wrote:As much as I despise IE's total lack of security and its propensity to install anything for any reason at any time without so much as notifying the end user is a disgrace, but that most people have poor security and internet awareness. Its like the age old problem of people and guns, guns are deadly, but they dont kill people - people do. IE can be perfectly safe to use if you are shrewd, likewise you dont need AV and Firewall software. The problem is when you mix these thing up with someone who looks at the wrong porn sites (as opposed to the right ones), and kids.
When was the last time you used IE7? On a fresh install, Internet Explorer will ask you if you want to install a plugin (or even enable one that's already installed but inactive). Likewise with downloading files - you'll get the information bar at the top of the window telling you that something tried to download stuff to your computer.

Firefox has had it's share of fairly serious vulnerabilities as well. Just look at the security holes that have crept up into OSX - heck, Apple is recommending that people use an anti-virus on OSX! Windows and IE are the biggest targets in this day and age. That's the only reason why they get more attention from everyone (both good and bad).

This latest vulnerability aside, IE7 is not the problem here (of the other unpatched vulneratbilities, they're low-risk spoofing problems). It's the stupid people who will blindly click on the "Ok" button without looking at what it is first.

Tobias
Posts: 530
Joined: Sun Aug 24, 2003 9:52 am

Post by Tobias » Tue Dec 16, 2008 1:29 pm

andyb wrote: IE can be perfectly safe to use if you are shrewd, likewise you dont need AV and Firewall software.
Me and my colleagues talked about it briefly, everybody laughing about it, shrugged and went back to work developing our application. As soon as any of the salesreps phoned in, they were advised to go with FF for a little while :) Aye, dangers lie mostly in habbits, but a little help isn't to much to ask for, is it?

xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Post by xan_user » Tue Dec 16, 2008 1:31 pm

Nick Geraedts wrote:
andyb wrote:As much as I despise IE's total lack of security and its propensity to install anything for any reason at any time without so much as notifying the end user is a disgrace, but that most people have poor security and internet awareness. Its like the age old problem of people and guns, guns are deadly, but they dont kill people - people do. IE can be perfectly safe to use if you are shrewd, likewise you dont need AV and Firewall software. The problem is when you mix these thing up with someone who looks at the wrong porn sites (as opposed to the right ones), and kids.
When was the last time you used IE7? On a fresh install, Internet Explorer will ask you if you want to install a plugin (or even enable one that's already installed but inactive). Likewise with downloading files - you'll get the information bar at the top of the window telling you that something tried to download stuff to your computer.

Firefox has had it's share of fairly serious vulnerabilities as well. Just look at the security holes that have crept up into OSX - heck, Apple is recommending that people use an anti-virus on OSX! Windows and IE are the biggest targets in this day and age. That's the only reason why they get more attention from everyone (both good and bad).

This latest vulnerability aside, IE7 is not the problem here (of the other unpatched vulneratbilities, they're low-risk spoofing problems). It's the stupid people who will blindly click on the "Ok" button without looking at what it is first.
BBC article wrote:"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
I had to use IE just yesterday as many, many sites with silverlight content are broken if using FF.

Melluk
Friend of SPCR
Posts: 68
Joined: Wed Apr 30, 2003 2:02 pm
Location: The Netherlands

Post by Melluk » Tue Dec 16, 2008 2:51 pm

BBC article wrote:"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
andyb wrote: IE can be perfectly safe to use if you are shrewd, likewise you dont need AV and Firewall software.
Andy, you don't need seatbelts as long as you are careful not to drive in to anyone/anything.


:)

andyb
Patron of SPCR
Posts: 3307
Joined: Wed Dec 15, 2004 12:00 pm
Location: Essex, England

Post by andyb » Tue Dec 16, 2008 4:32 pm

When was the last time you used IE7? On a fresh install, Internet Explorer will ask you if you want to install a plugin (or even enable one that's already installed but inactive). Likewise with downloading files - you'll get the information bar at the top of the window telling you that something tried to download stuff to your computer.
Earlier today on a customers laptop, IE was broken due to malware and possibly viruses.

I have never personally used IE7 for more than a few minutes because its crap, and I only ever use it on customers machines to see that its working and has not been infected.
Firefox has had it's share of fairly serious vulnerabilities as well. Just look at the security holes
I am sure it has, but I have only ever seen FF infected with something bad twice (it also infected IE). I have no proof at all that any PC I have had to fix was infected whilst using FF, its always IE. Also none of the FF problems have had me running for the hills, have they had that effect on you.? Did I miss any that are really really bad.
This latest vulnerability aside, IE7 is not the problem here (of the other unpatched vulneratbilities, they're low-risk spoofing problems). It's the stupid people who will blindly click on the "Ok" button without looking at what it is first.
Already mentioned.
Me and my colleagues talked about it briefly, everybody laughing about it, shrugged and went back to work developing our application. As soon as any of the salesreps phoned in, they were advised to go with FF for a little while Smile Aye, dangers lie mostly in habbits, but a little help isn't to much to ask for, is it?
I have used PC's that are 6-years old, never been patched, have no AV or Firewall, and are used on the internet whilst using IE for years - no infections, no problems. Just because it is not likely does not mean that it is impossible.

BTW If you want to take a single sentence and concentrate on that whilst ignoring the others it just makes you look silly.
Andy, you don't need seatbelts as long as you are careful not to drive in to anyone/anything.
I am always more worried about an idiot driving into me - at which point you would have a firewall to stop those pesky people hacking into your PC over the internet whilst your not even browsing the net.

Most peoples PC's are infected by general stupidity, porn-surfing the wrong websites and kids.
I had to use IE just yesterday as many, many sites with silverlight content are broken if using FF.
Most websites that dont work properly with FF are broken anyway. If the web developers are stupid enough to make webpages to Microsofts standards and not the real "standards" that FF adheres to then you can do what I do dont us it. If I find a website that doesnt work on FF they wont get any trade from me, or a return visit, I just wont use that website at all.

I know someone who works for an enormous Bank as a web developer, it has taken years to get the idiots in charge to even let them install FF on a PC for testing - but only so long as its NOT attached to the network. As you would expect the banks webpage has a notice on it saying "ONLY USE Internet Explorer", if you are are running Linux or OSX bank elsewhere. Some websites (banks) actually have code built into them to detect the browser you are using and then allow/deny access.


Andy

xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Post by xan_user » Tue Dec 16, 2008 7:02 pm

Microsoft Issues Emergency Security Patch For IE

http://www.informationweek.com/news/int ... nd+threats

The company on Saturday warned that 1 in 500 Internet Explorer users worldwide may have been exposed to malware hosted at both legitimate Web sites and porn sites that exploit an unpatched vulnerability.
Stephan Chenette, manager of security research at Websense Security Labs, said in a phone interview that he's seeing a lot more legitimate sites being infected than porn sites. "I would characterize the severity as quite critical," he said. "It has quickly become the exploit of choice among attackers."

Tobias
Posts: 530
Joined: Sun Aug 24, 2003 9:52 am

Post by Tobias » Wed Dec 17, 2008 1:57 am

BTW If you want to take a single sentence and concentrate on that whilst ignoring the others it just makes you look silly.
Did I?

First of all, I'm not a native English speaker, it is an acquired language for me. I'm sorry if my way of expressing myself is a bit quirky or grammatically incorrect. As what I wrote is obviously prone to missconception, let me try again...

First off, your entire first post has two messages:
1) Yes, FF is slightly more secure than IE (even if it could be better)
2) But even more importantly is the user habbits/knowledge

In my response I agree fully with you saying that neither of the computer savvy .NET developers I work with thought nothing of this, shrugging it off with a "nothing new under the sun".
The sales people that phoned in and was worried and asked "So if I stay away from all gaming-related sites I should be fine, right?", was told that they should consider using the more secure FF for a while.

And to summarize, I intended to state that "Yes, good habbits are the best, but in lack thereof any help one can get is good".

However, since you already had said all this just above, I just thought I should give a supportive example. And yes, I do know how habbits help, I've not installed a windows update since XP SP1 was released and I've never used AV :) You have a funny way of treating those who agree with you, but then again, it may be my crappy English...

maf718
Posts: 247
Joined: Sun Jul 13, 2008 7:25 am
Location: England

Post by maf718 » Wed Dec 17, 2008 6:13 pm

Tobius, fwiw, as a native English speaker I would just like to say that I grasped that you were agreeing with andyb immediately, your English is good.

However....if you follow up a quote from somebody with
Me and my colleagues talked about it briefly, everybody laughing about it
you can see why someone *might* get the wrong impression, and thus reverse the whole meaning of your post.

(I should probably shut up because this is nothing to do with me, but I hate to see disagreements between people where none is intended.) :)

And btw I've updated IE anyway even though I don't use it (normally).

Nick Geraedts
SPCR Reviewer
Posts: 561
Joined: Tue May 30, 2006 8:22 pm
Location: Vancouver, BC

Post by Nick Geraedts » Thu Dec 18, 2008 2:16 am

andyb wrote:I am sure it has, but I have only ever seen FF infected with something bad twice (it also infected IE). I have no proof at all that any PC I have had to fix was infected whilst using FF, its always IE. Also none of the FF problems have had me running for the hills, have they had that effect on you.? Did I miss any that are really really bad.
I've seen several infected computers where the users never used IE for anything. Updates were handled by Automatic Updates, and they used Firefox or Opera as their main browser.

There have been some pretty serious vulnerabilities in Firefox - right from the source. It's kinda upsetting that most of those are rated Critical for "The Safest Web Browser". They're also using security data from 2006 to backup their claims that FF is more secure than IE. If you look at the numbers for 2008, the two are neck and neck in terms of vulnerabilities and time-in-the-open.

I've worked at places where the IT crew insisted on not installing the latest security updates because they were scared that it would cause problems for the current setup. One workplace only got around to installing XP SP2 over a year after it was released - a full year! Microsoft does some pretty stringent testing of their products and has one of the best support systems in the software industry.

@Tobias - Why have you not updated your system since XP SP1? It's like telling someone not to check the tire pressure or the oil in their car...

xan_user
*Lifetime Patron*
Posts: 2269
Joined: Sun May 21, 2006 9:09 am
Location: Northern California.

Post by xan_user » Thu Dec 18, 2008 5:11 am

Just to be fair...:lol:

Mozilla Fixes Security Bugs In Firefox Browser

http://www.crn.com/security/212501064

I have seen a few infected PCs with user that only use FF before as well. (not from this latest threat.)

AZBrandon
Friend of SPCR
Posts: 867
Joined: Sun Mar 21, 2004 5:47 pm
Location: Phoenix, AZ

Post by AZBrandon » Thu Dec 18, 2008 6:25 am

I was about to post the report of 8 fixes issued for Firefox, 3 classified as critical too. Notorious bank robber Willie Sutton, when asked why he robbed banks answered "because that's where the money is." IE has been a target for so long because it had all the marketshare. Now that other players are getting more numerous, they are increasingly becoming targets too. No surprises here. If Windows had never existed and Mac + Linux controlled all the worlds computers, all exploits would be written for those platforms. It's not like nobody's ever been able to hack a *nix based operating system before.

Post Reply