Slashdot Mirror
Uber-patch for Internet Explorer
malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."
What does the "uber patch" do, install Mozilla?
I thought this was the bug that couldn't be fixed because it was worked so deep into the OS.
...Steve
I just installed it... and it deleted IE!!!!
Worked perfectly, I'd say....
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Probably a 22MB script to remove Outlook and anything fun (read, not microsoft)
today is spelling optional day.
Guh, I suppose we get the added bonus of a magic lantern leading our way now...
Do you think the states' refusal to settle is putting MS on their best behavior?
Boy, Microsoft sucks. This patch doesn't even address future, yet-to-be-discovered vulnerabilities.
--
Mod up a post Rob doesn't like and you'll never mod again
for once, michael reports good news about MS.
/.'s next trick, JonKatz will post a relevant article, and /.'ers won't bash him.
for
i'm amazed that i survived - an airbag saved my life.
It probably breaks about 15-20 other things in the process and passes them off by calling them features. It also probably bloats the program even more, prompting people to buy new machines, since theirs are now slow, and low and behold, MS has sold some more copies of XP! Woohooo.
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
Damn its being to look like Enlightenment patches
Has anyone noticed that up until a few weeks ago, slashdot only posted one or two stories from the register per year and that lately, /. has basically become a US Register mirror?
Could you have been any LESS enthusiastic about that blurb? What, have your hopes for "armageddon courtesy of your pals at Microsoft" been obliterated? Sorry to hear it.
Anyway, this is a really good indication on the part of MS...perhaps an indicator of more initiative on these problems in the future. I definitely think that this is the type of thing that they need to continue if they wish to salvage their reputation at all...
WTF is going on ??? httpd died again?
I downloaded the 2.15 mb patch. I try to run it, and I get a prompt that I need IE5 Service pack 2 installed. That's it, it doesn't supply a link, it doesn't try to download it, nothing. Microsoft rushed this one out.
Just when I thought that I knew the difference between a Service Pack, Security Rollup Patch and a cumulative Hot Fix they go and release a Security Bulletin like this one.
BOSTON SUCKS!
I wouldn't install it considering the timing of all this news about the FBI's keystroke-logging Trojan. A "Windows Update" would be the perfect vehicle for the Feds to sneak their code onto machines, and it wouldn't surprise me a bit if they were in cahoots with Redmond just like they were in years past with the big Telcos.
how long this patch was developed. Suddenly when the hole is "announced" wammo! a patch in 3 days. Maybe Microsoft doesn't want to reduce it's "features"
We had to destroy the sig to save the sig.
These seroius bugs seem o pop up almost on a weekly basis. Soon crackers will find holes in the patches upon patches.....
..........FULL STOP.
Glad they did, however the problem with this is that they'll be doing it alot. Fix the inherent problem and just stop patching it. Once you start patching a program constantly you know that there is a problem with your design. It's time for Microsoft to go back to the drawing board and produce a browser that focuses on stability and security as much as it does usability. If it's insecure it might be usable but who's going to use it minus the mindless masses.
It said Requires Windows 95 or better, so I installed Linux. Now what?
Bush Lies Watch
hey, that hurts, a typo in the title:
it's "Über-patch", not "Uber-patch",
don't forget the umlaut.
With all the crap that you see posted here, why would you EVER use M$ IE When there are so many free alternatives avail? www.debian.org www.mutt.org www.mozilla.org
...Just download and install it. It's totally safe, I promise.
For those of us with less than a few hundred MS clients (read: fewer clients that would make usefull something as heinous as SMS push upgrades) the issues are still very clear:
1). It takes too much time to keep up on MS software patches.
AND
2). Once you know what you need you still have to go box to box to box to patch (in *most* cases).
Granted the 'uber-patch' will help, but it still means I need a couple more inters to walk from machine to machine and interrupt users. IMO, patch managment tools should be MS's #2 priority (right behind 'getting it right the first time').
Cheers,
-- RLJ
I was getting served stories from Aug 17th right before it went down. The stories were set up with "reply" active, but i didn't get a chance to see if it would work before the whole thing went down...
Agreed. Zeppelin kicks all ass and makes Bill Gates seem extremely insignificant in the scheme of things.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
This does not appear to be a service pack, and the target builds listed for the hotfix are only IE 5.5 SP2 and 6, so you'll need to head here to get yer SP and then install the hotfix (get directly to it from here).
It seems unlikely that the SP2 for 5.5 includes this as of right now, although it will eventually (I know sometimes I'll download an SP and take a few days to actually install it). Check your versions before you plunge your box into browser hell =)
Here's the direct download URLs, so you don't have to wade through MS's crufty site:
c 23/6/W98NT42KMeXP/EN-US/q313675.exe c pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
for IE6:
http://download.microsoft.com/download/IE60/secpa
for IE5.5:
http://download.microsoft.com/download/ie55sp2/se
These updates have not yet appeared on Windows Update.
"Microsoft thanks Jouko Pynnonen of Oy Online Solutions Ltd for reporting this issue to us and working with us to protect customers. " Hmm Lots of Kudos to Jouko, but what about the Millions of other users who have been screwed by M$ over the years??? Microsoft Protecting their customers??? From what....M$?????
If you choose not to decide, you still have made a choice. RUSH
... Mac OS X and OmniWeb, that is. OW 4.1 will be out in about a week with gobs of speed and bug fixes.
Long live the Uberpatch.
MSIE is a thing to be overcome, and I have overcome him.
I find it very annoying to try to install Microsoft patches. I work in a place where I am responsible for several windows installations. When I install a M$ OS, in order to patch it, i have to:
1. Start IE (click through internet connection wizard)
2. Open the windows update website
3. Download an activeX application to determine what updates I need
4. Download and install the updates (often, more than 5!) one at a time, rebooting in between each one!
It's so much easier to swivel my chair around to my redhat box and do a simple 'up2date -i'.
I wonder if there's any particular reason why Microsoft makes it so difficult? Do they actually like their security holes?
They already applied their uber-patch to the DOJ and it *worked*!
100s of beautiful security fixes... and 3 ugly ones.
Consumers (not just slashdot ubergeeks) will have to sit up and take notice at this one, I think. It's getting a bit more coverage / product placement, and isn't being couched in esoteric terms (MS has a tendency of releasing patches that have descriptions which underplay the effects of not patching, or else are so laden with jargon that the layman cannot quite process them). It really is an "uber patch", and it really is MS saying, "We've been releasing insecure software for awhile. In fact, we're still doing so, as evidenced by the three bugs that you don't even know about that we're patching. Please install this patch or else you're screwed."
I think consumers can weather something like, "Apply this patch in order to ensure that your copy of internet explorer appropriately identifies content header types and reconciles them with dialogue saving and automated execution routines." because it just looks so *foreign*. Approached from a non-computing background, it looks like something very small and unlikely to affect anyone. This patch, though, looks a bit more like "Oops. Our browser sucks for security. Install immediately."
Hopefully this will draw peoples attention to:
1) The importance of frequent patching
2) The lack of security in MSIE
3) The problems associated with bundling a browser into core OS functionality (bit more unlikely).
Of course, the spin is still there, but:
Who should read this bulletin: Customers using Microsoft® Internet Explorer.
Impact of vulnerability: Run code of attacker's choice.
Maximum Severity Rating: Critical
Recommendation: Customers using IE should install the patch immediately.
Affected Software:
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
...is still pretty cut & dry. Anyone with even half a brain should realize that if a gaping hole in a consumer product existed through *2* releases (like having a 2000 and a 2001 Honda both explode in flames under appropriate conditions), that product may not be the best built out there.
Right?
Of course, I'd be much more pleased if people were being notified via a big ol' link on msn.com, and through a mail from the beloved "Hotmail Staff". What, are they scared of leveraging a monopoly to insure the security of their users?
-l
Of course, I had just finished putting that patch on a bunch of workstations here at the office, now that this new one is out I have to put it on every friggin machine.
As of 3:46 PM EST "the patch" isn't on the "Windows Update" page.
/. for telling me where to get it.
I guess they don't want you to fix it!?!?
Thanks
Signed:
Fanboy Jones
Get your Unix fortune now!
I had two users today get the Nimda.E variant via email. It had an interesting header that was included from an html formated email's iframe . . .
I'll leave out the actual format of the email's html. But what happened was Windows tried to run sample.exe right after previewing. No popup box, no nothing. And this was using Outlook Express 5.0 It was a good thing that the virus software saw the executable as a Nimda. If they had sent a format.exe that would have been it for the two user's data.
Microsoft said that only 6.0 was affected?
Or is this something different than what they have supposedly patched?
What if it was the reverse. The DOJ gives MS leniency, but calls in a favor with the FBI to announce some "Magic Lantern" spyware, and suddenly open projects become very popular....
...naw. ;-)
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
You stole that comment from a fairly famous rec.humor.funny posting... Software Requirements
Twoflower
--
Twoflower
this is a call to all carnivores. troll these insufferable twits to hell, where they will be forced to eat naught but fluffy bunnies for all eternity. trolling is fun. meat is good. all hail meat. and trolls.
I downloaded the 6.0 patch, ran it, and it exited with the message "This program requires Internet Explorer 6.0 to be installed.". I'm running IE6 on Windows NT Server 4 in vmware.
:)
Boy am I glad that no MS bugs can hurt my linux box. Even if I get owned by a malicious web page, I can just restore my vmware Windows system image.
Boy, I was getting tired of all those pesky security holes in IE. I'm glad Microsoft went and fixed them all up. Wait a minute... the uber-patch only runs under Linux?
Use Ctrl-C instead of ESC in Vim!
How to uninstall
Uninstall is not available
A cheer for code you can verify yourself before you trust it to secure your computer for you.
Goat sex free since 2001
upgrade to our new monolithic scheme
stay with the old app, that will soon no longer work because we are purposly chaning all the protocols and good luck with the security holes we're leaving you with
i honestly like some ms products, but their policies and carelessness are just too much sometimes...
I believe sex is highly over rated... unless it involves me
Slashdot was not available for almost an hour this afternoon. The last posted story was about a switch to Banjo around 6:30pm tonight. Anybody know what that was all about?
still doesn't beat open source bug to patch turn around time, but still 3 days isn't bad. i recall some M$ bugs not being fixed for quite a long time. all in all, it doesn't excuse M$ for sucking so bad.
E.
-
This Post has been brought to you by the letter "E".
LOL
Only 'flamers' flame!
It's also important to note that it's not just users of IE as their browser that are affected by this bug. Lots of Windows programs took a shortcut (Eudora being a prime example) and used MSHTML.DLL as the rendering engine for their application. Any application that displays HTML and uses MSHTML.DLL and has IE5.5 or IE6 should install this patch IMMEDIATELY.
Some people take their .sig way too seriously
Michael exaggerated this exploit beyond belief:
If Microsoft suddenly changes how their browser handles downloaded files, tens of thousands (perhaps hundreds of thousands? any webpage which downloads files) of webpages "designed for IE" will have to be rewritten.
Good grief! Can somebody link to the tens of thousands of "designed for IE" webpages that are currently incompatible as a result of this patch?
In fact a proper "fix" of this hole probably involves de-integrating their browser and local file handling to some extent.
Eerrr.. a proper "fix" of Michael's previous article probably involves a higher level of computer literacy, and less impulsive urge to write expository essays that sound dramatic, but are wrong.
I've posted 5 trolls already, have you done your civic duty to stamp out dumbass censorship on the net? Personally, I don't care if they want to nibble on grass clippings all day, but they REALLY shouldn't have been so open about their anti-troll policy. They Have Been Trolled (by me, now). Post back when you've got a few troll links to post on their site.
HAND.
"Stop chasing me...my belly is full of chocolate!!!"
There are 01 types of people in this world. Those that understand binary, and me.
If the patch works as it should... ;)
1. Corrects the way it handles the Content-Disposition and Content-Type header fields in an HTML stream.
2. Patches a vulnerability to a newly discovered variant of the "Frame Domain Verification"
3. Prevents a site from misreporting the name of files that users attempt to download.
More details can be found here
X
I tried to install the patch...and received the following error:
This update requires Internet Explorer 6.0 to be installed.
I'm running v6.00.2462
Go figure.
Well, it's certainly a good thing that there are so many people looking at the source to produce a patch...
er....
Never mind.
--saint
Why does a fix to a program that nobody here uses, written by a company that everybody here hates matter?
This is why i use Opera 6.1
The l337 56k users like me use it lol.
Its way faster then IE..
And it aint no MS software.
Godbless
-Chris "xero" Erickson
The news article about Magic Lantern, which you apparently failed to read when it was posted to Slashdot, contains the following text:
"When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: 'Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process.'" (my emphasis)
So unless the FBI has gotten a court order against the 84.8% of web surfers who use Internet Explorer, this is pure FUD.
Sheesh.
Well, just tried the patch and now the hidden keyboard logger activates just fine with a remote key.
Glad to see they got it working, wonder if it was the DOJ techs or the MSFT techs who fixed that baby?
-
--- Will in Seattle - What are you doing to fight the War?
Maybe they should be doing this at regular intervals. Have monthly patch collections. Quarterly.
Perhaps hourly wouldn't be overkill.
This came out exactly a month after the last UberPatch, MS01-55. Shall we see MS02-0? as the next one on January 13/14? Probably.
I don't know if it's a good thing or not. On the one hand, it allows me time to plan to patch each machine I'm responsible for at work. On the other hand, it allows a window of opportunity for exploitation.
Then again, I'm all for having Bill Gates come and patch every single machine personally.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Yesterday you bashed MS for not going public about anything, and now you bash them for patching the program. Short of open sourcing everything, is there anything they could do that would appease this croud?
They might not get it right on the first try, but they do fix their bugs, and i think this was fairly timely, especially given the size / scope of IE.
I only counted 3 in what you just said. Maybe you are not ready for enterprise?
Snoozer.
for IE5.5 for IE5.5:s ec pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
http://download.microsoft.com/download/ie55sp2/
Note, that is for IE 5.5 SP2 if you have SP1, or plain vanilla 5.5, you will first have to upgrade, so you may want to wait till a full release with the patches is available. SP2 is 17MB download.
Anyone know what the equivalent version is if you have the AOL version of IE? (not that I do) but you can imagine AOL will be slowed to a crawl if every single user must get an upgrade first to SP2 or IE6, then get this patch. When - oh - when will AOL finally become browser neutral or go entirely to Netscape/Mozilla?
Work for Change & GET PAID!
Warning: mild flamebait.
Remember Michael's over-the-top misinformed rant about this 3 days ago?
I'm surprised he posted this fix, kinda points out how far off base /. was
a short 3 days ago. Hey, I'm no M$ fan and I kinda expect some opinion on /.
posts ... but there comes a point when it turns into yellow journalism and becomes childish M$ name calling.
The patch that blew up this approach for us was MS01-50. It had two critical patches to apply at the same time, and the system tried to apply both at once, when you needed a reboot for each. Guess who was "volunteered" to re-patch the machines.
*sigh* It's Friday afternoon. Time to go home. No more f*cking patches to do.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
It's interesting because it points out that this article disproves the statement another article made only a few days ago. Namely, that this bug could not be fixed because of a fundamental problem in the OS.
"IE is the best browser out there. Check ANY review. " Maybe it's just my opnion, but I the opera http://www.opera.com is better. It's faster and in my experience far more stable on NT and in 2000. Most reviews to date ignore or are unaware of opera's existence. Give it a try. I do however agree with your overall point, people to need be a little less biased on slashdot. Just dont step too far pointing it out with dubious statements like the above as it will only result in the people your talking to ignoring you as ignorant. Though I'm not sure they won't simply because they disagree. The line between troll and zealot is kind blurry.
Patch early, patch often...Unless you're Microsoft
Quickly scrolling down through the various posts, I see quite a few messages complaining about having to install this patch on multiple machines in the office now...Boo hoo!
Good grief, Microsoft's new slogan should be damned if you do, damned if you don't.
"Anybody who tells me I can't use a program because it's not open source, go suck on rms. I'm not interested." (LT 2004)
Now Microsoft will get Slahdotted. One more reason for them to hate us. *sigh*
There are 01 kinds of cars in the world. The General Lee, and everything else.
heh.. funny, I count 4 as well..
/. = 1
linux = 2
perl = 3
mysql = 4
Viola..
Jay
"What's this script do? unzip ; touch ; finger ; mount ; gasp ; yes ; umount ; sleep Hint for the answer: not everyth
AOL has a pretty efficent updating mechnism. Probably won't be an issue.
Of course, I don't use IE.
eAndroid, like, sucks.
How many gaping security holes has Mozilla had?
The BEST is all in how you measure it, non?
Although realisitcally this isn't so much a flaw in IE, rather it is a flaw in the tight integration of IE and windows. How many of the major Microsoft security problems it the last couple of years can be directly tied to the integrations between the operating system and the applications? Frankly I can't think of many that aren't directly attributable to that.
It all boils down to the usual sacrifice of security for convenience. A computer in a 6 foot thick block of concrete at the bottom of the ocean is very secure and nearly unusable. Microsoft has chosen to focus more on convenience and their security must pay the corresponding price.
This sig has been temporarily disconnected or is no longer in service
What the hell?!?!? I saw this post with my very own eyes at 5: insightful. How is it down to 2 when there are the following? And how could it have made it to 5 in the first place?
/. editors. Bunch of juvenile little fucks.
Moderation Totals: Troll=2, Insightful=2, Informative=1, Overrated=1, Total=6.
Fucking
Your mother's pussy is now infected with my crufty cum wads.
the Ubermoron.
(and I'm mostly a Linux geek), I have a question for my Windows PCs (I'm half-and-half, behind a Linksys router):
:)
If I go install this "uber-patch", what can I expect it to fix, and what can I expect it to break? (15000 bugs in the code, 15000 bugs; fix a bug, add some more, 16000 bugs in the code...)
What is your Slash Rating?
Some review may say that IE is the best, but is it worth to live with such a sucky and unsafe platform just to have the "better" web browser? god dammit, browers and pages are so damn bloated with little gadgets, shitty javascript, shitty applets and all sorts of annoyances that it makes me kinda disgusted when I need to visit commercial sites. I do use the good old netscape (sometimes the bloated new one), java off, javascript off, it makes my life less miserable than being forced to close 10.000 pop-up cappies. Unfortunately these days people are doing sites that cant be navigated without some sort of javascript/java/flash and stuff, and it really sucks. I may look like an old dinossaur, but I think the content matters much more than the form.
``If a program can't rewrite its own code, what good is it?'' - Mel
As of 1:35 PST the link is broken... well done MS.
great, another thing to download when i set up a new box. I am currently setting up a couple w2k boxen. after setting them up I have to windows update and reboot some 3-4 times (depending on dx8.1 install or no). on big hefty machines w/ scsi and raid, reboots take forever. why can't there be a patch called "Bring to current" or whatever that takes all the service packs and security updates and lays them down in one pass. specifically for bringing new installs up to date. I still remember hating how the default NT 4 install had ie 3 (2?) that couldn't even read MS's site to get a newer version to read MS's site. what a pain in the ass.
tgif
ej
About friggin' time!
Hopefully, next month Microsoft will release the UberPatch-Patch. A patch to address the security flaws in the recent UberPatch which was released to address the security flaws in IE
This comment does not represent the views or opinions of the user.
Comment removed based on user account deletion
By doing so, I can't get to Hotmail, can't sign in to Passport, and most importantly, can't access Windows Update.
Hey, anyone astroturfing for Microsoft! Your own security recommendation means people can't access your sites. I am NOT turning on active scripting(i.e. disabling a security measure) so I can get the fix.
You guys need to make your site work without Javascript. Sheesh. How can anyone take you seriously?
No, Thursday's out. How about never - is never good for you?
We just got UpdateExpert(formerly called SPQuery). It's pretty sweet and much less of a pain than SMS - it doesn't require any client software, for one thing.
Of course, it costs money - there's always a downside
(about $1600.00 for a 3-year subscription for 50 clients, I think)
Ok, for us crusty corporate types that have IE 5sp2, are we vunerable to these security bugs? My company uses mozilla that has been tweaked for our browser, but they are on windows machines. I still haven't got a IE free windows machine without crashing it. And upgrading these 2500 client machines will cost a chunk of change and time for our small IT department. This sucks we work hard to keep MS from costing money, but still sell to thier customers.
"Get them before they get....
If I didn't detest MS so much, I'd feel sorry for them.
i had thought that the service pack would upgrade my browser. nope.
Aren't there other issues with IE 5.5 SP2? Like not being able to run standard plugins and java?
___
Cognitive Overflow
more than yo
By this logic, which I feel is a common path for businesses to take, using Internet Explorer and letting webmasters know that you do will harm our freedom to choose our client software in the future.
I don't understand why no one else has come forward and stated that they feel this way. For this reason, I refuse to use the software except in situations where it's seriously inconvenient to do otherwise.
I don't mean to be alarmist. If the web is only accessible from IE, a project will be started to supply a proxy for other browsers which interprets the data from the web server and converts it to nice, standardized HTML. This could get kludgy, and is the worst case scenario I see.
All you sysadmin who thought you were going
home early today... think again!
The baby seal troll is going down quite well...
http://coke.rotten.com/babyseal/babyseal.jpg
not that I know from personal experiance ;)
Hollow words will burn and hollow men will burn.
Under capitalism man exploits man. Under communism it's the other way around.
Why is it that on /. threads "patch early and often" is part of the open source religion, but when MS does the same thing it's somehoe proof they're evil? Don't get me wrong--I think MS is guilty of a LOT of things, but can't we agree to limit our bashing to those things they do that are actually wrong?
Microsoft: We are your merchant. We are your church. We are your state.
...and that 14 inch black rubber cock that's trying to wriggle up your pant leg
Hey, I just tried updating my system through Windows Update. I wasn't prompted for anything, and I haven't updated my NT 4 box for about a week. Does this mean that I already got the patch a week ago, or has Microsoft not put it on Windows Update yet?
If it's just not in Windows Update, shame on MS. That is the only place I go for updates. I don't waste my time wading through all of the other crap on MS's website.
/me strokes debian woody..
One of the things the MS did right in concept, but screwed up in implementation was the critical update notification system. Essentially you install this little program (probably spy-ware) that periodically checks what updates are installed on your machine, and what updates are available from MS. When a new patch comes out a window pops up and tells you that that are new updates. You can even configure this thing to download them first in the background and then have it pop up a window when its ready to install the updates. Sounds like a pretty good idea right? Just one problem with it. It doesn't actually check to see if you have or even use a certain app before deciding if you need an update. On a couple machines I run I have the Critical update notification running, they kept wanting to install an update for windows media player on those machines. These two machines don't even have windows media player installed. Infact they aren't in the list of allowed binaries, so even if they were installed you couldn't run them. But yet this thing kept insisting to install the update. Anyway the point here is that Microsoft has gotten better as far as updates are concerned (espcially for home end end users who would never check for updates on their own) but the system still needs help, Unless of course they left it broken on purpose to get more people to install 'optional' software. I did end up having to install Windows Media Player (although it is still not an allowed EXE) to get update notification to STFU.
Slashdot is an anagram for Has Dolts, and I am Dolt number 468543
So you might prefer this
Veggie faggot!
Wow, I think I'll stick with real OS's like *nix and MacOS X.
For years I used Netscape and loved it, up through about 4.0 (4.5-7 are bad, bad, bad). I even used 4.7 for a long time, before finally deciding that I just couldn't live with the shitty rendering, slow reaction time, and general bugginess. So I tried IE, just to see how bad it was.
And it was amazingly fast, clean, and surprisingly not crashy, considering it was Microsoft's. Slowly, I started to accept that IE was the best browser out there. And I used IE, and netscape actually disappeared from my computer.
Sure, I tried Mozilla, and Netscape 6.0 and 6.1. Quite honestly, they're crap. They're slow, not particularly stable, and ugly. But mostly they're just slow, fucking slow. It's not just loading the program, it's also in large part that I open a page and Mozilla takes about three times as long to render as IE.
But when I read that security page the other day, I found a new program to try. So I tried it: Opera. I last used Opera on a mac a couple of years ago, when it was small, shitty, buggy, and lacking features, like security. So I wasn't really expecting anything.
Opera is fucking brilliant. It's fast--it's actually faster both to load and to render pages than IE. It gets rid of a lot of the useless shit that IE throws up--like dialogs to go from secure to insecure. It has security, it has a full feature set (at least, all the stuff I use, like plugins and java and working pages). It lets me use the keyboard more than IE.
And the best part: it lets me block out pop-up windows. You have no idea how amazing a feeling it is to go to a site that throws pop-ups at me like mad and watch them, well, not load. No idea until you try it. It even pretends to be IE for pages that require IE.
I have had one page fail to load correctly--a credit card account page. But considering it loads wrong half the time in IE, it's not too bad. Still, I'm keeping IE around (and patched it) in case I find something glaringly wrong with Opera, but until that time, I'm happy with this.
Oh, did I mention it sits in _half_ the memory footprint of IE, and about a third of Mozilla?
Check it out. Opera. It's not Open Source, but then again, if we're talking about IE, we're talking about windows, so...
Jeff
/. is a website, not a technology.
Noun: Viola
1. Any of the numerous plants of the genus Viola
2. Slightly larger than a violin, tuned a fifth lower
Interjection: Voila
1. There you are
wonder if you're the real kevin mitnick..
I was just a CS undergrad at UC Berkeley. The year was '96. Netscape dominated the market. Eric Brewer (founder of Inktomi) and his group of grad students continually found security flaws in Netscape. They received a lot of press. Netscape looked bad.
It's no different with IE now. It's possible that Mozilla really is less flawed than IE, but I guar-an-tee that if it had 85% of the market, we'd be hearing about security problems all the time. I'm not a MS apologist, I just want to shed some light.
It's über-patch.
ü ü ü
You americans.
Note that the segment you highlighted did not say "YES" - why do you suppose they didn't say yes?
-t
How come when something is wrong w/ the security of a MS product, it is posted under the MS topic, and when they do soemthing right it is posted under security... is there some sort of bias showing through here?
Ben
IE versions below 5.5 SP2 are unsupported and are likely vulnerable to many security holes that have been patched for the newer revs.
from the MS website:
* The first vulnerability involves a flaw in the handling of the Content-Disposition and Content-Type header fields in an HTML stream. These fields, the hosting URL, and the hosted file data determine how a file is handled upon download in Internet Explorer. A security vulnerability exists because, if an attacker altered the HTML header information in a certain way, it could be possible to make IE believe that an executable file was actually a different type of file -- one that it is appropriate to simply open without asking the user for confirmation. This could enable the attacker to create a web page or HTML mail that, when opened, would automatically run an executable on the user's system. This vulnerability affects IE 6.0 only. It does not affect IE 5.5.
let me ask you, if you are running IE 5.5, and you open this readme.txt file instead of saving it to disk does it download and run the windows calc.exe?
Pynnonen (the guy who found the exploit) has posted a new message to Bugtraq. If the servers reply is crafted correctly it can cause the program to be downloaded executed with *no* dialogs. See the posting for more details. Still no exploit given though.
-K
For all the reasons that you state, I:
Flamebait is typically written to elicit strong emotional response and name-calling from the target audience... this falls under the "troll" category which gives a more subtle feeling of disturbance, saying something usually inaccurate or incorrect in a seemingly reasonable manner to generate lots of "discussion". Let's go point-by-point:
Seeing as michael's story was neither misinformation nor an over-the-top rant (read the story), this plays on the popular opinion that slashdot gets a lot of stuff wrong all the time, as well as our obvious anti-Microsoft bias, to pretend that it was in fact an over-the-top misinformed rant.
Did they provide information about when a patch was available? At the time, they did not, so this is hardly misinformation. Whether they release a patch today or three months from now, "no information" is still "no information".
Correct me if I'm wrong, but I believe "M$" is childish name calling. "If it agrees with me, it's opinion, otherwise it's bias": This just about sums it up. There is nothing wrong with bias; there is no way to avoid it, claiming something is unbiased is a great indication that something is trying to be intentionally misleading. I read slashdot because the bias mostly agrees with my own. Perhaps your time would be better spent looking for a more agreeable forum, instead of trolling on this one.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
Since Microsoft anounced it's policy of attempting to keep the lid on the security holes that exist within it's software, I would assume that 'known' means ones that they are willing to reveal to us.
So the word 'all' preceeding 'known' has no meaning since Microsoft itself admits to witholding the true extent of the damage its software can do to your system through security holes.
I consider this another decietful marketing attempt to make consumers feel safe about their products despite their worse than poor track record. They may not be outright lying, but there planting the seeds for others to do it for them. How many sysadmins will now send out an email saying that "IE will be free from all security bugs by installing this patch"? Of course that is a lie.
Does anyone know if this patch supports Windows 95?
IE 5.5 is available for Windows 95, but Microsoft recently "retired" Windows 95.
Has anyone tried it?
If it's not supported, does anyone else find it a little peculiar that MS would wait until just after the end of 95's "lifecycle" to release this patch?
Perhaps a way of ensuring that people stop using 95 and have to upgrade?
Unix is mysterious, and ancient, and strong. It's made of cast iron and the bones of heroic programmers of old -
... just sign up for Passport and MS will let you download it!
It's hard for me to believe that, just because of the recent press on IE's huge problems, MS busted ass to quickly create a modo patch for it. They didn't give a damn before, so why do they now?
I'm not saying I honestly think Magic Lantern is in the patch. I'm just pointing out that there must be some other motivation for MS to do this...
What happened? That bloody search-from-the-address-bar thingy had turned itself on. Oh well, I say, just go to Options -> Advanced -> Do Not Search From The Address Bar. I do this, type in "asdfa sdfsdfsa dfwer" (note the spaces) and POW: search-from-the-address-bar turns itself back on.
Much the same thing happens if you change the option and then restart IE.
WTF?
Otherwise, you're just another opinion.
I just visited Windows Update with IE 5.5 SP2 and under "CRITICAL UPDATES AND SERVICE PACKS" it said there were no updates. What is the point of Windows Update if it's not up to date?
rooooar
You know, i have this crazy idea.
/.
If every single person who bitched about how Microsoft is ruining the world spent HALF the time doing something productive and proactive to help the open source/linux projects, Microsoft would no longer be in the position to ruin the world.
Those who can, do.
Those who can't, bitch about Microsoft on
I wonder if the appropriate legal process would be to go ahead and install Magic lantern, but not turn it on until a court order is issued?
it usually takes them a few weeks to get stuff on windows update, which blows, but thats microsloth incompentence for you.
Lawyers, MBA's, RIAA? A jedi fears not these things!
I'm using Eudora and Mozilla on my box, and I just checked and sure enough there is a copy of MSHTML.DLL
in the system32 directory from 1997. Should I update it? And if so, where can I get this particular dll without all the other BS? Thanks!
I'm pretty far from the right wing and don't believe in legislating anything but I'd like to clear some disinformation up. "what I can do with my body (if I were female, that is)". Since when does a woman have 4 arms, 4 legs, 2 hearts, and 2 brains? Ding, Ding, Ding wrong she never does. Just because some people think they are above being responsible for pregnancy (short of rape) in this day and age of ubiqitious contraception of which I am wholeheartedly for does not mean they are justified in their beliefs. People should not have sex until they are ready to face up to the consequences of raising a child, getting an STD, etc. Sheesh, but at least I agree with most if not the rest of your tirade.
An Education is the Font of All Liberty
I suggest that you pretend that you are a computer newbie and visit your first computer store. How many different browsers do you find on the software shelves? And IE comes installed "for free"! To the newbie it is obvious which browser MUST be best!
And how do browser reviewers decide what to review? Why they are guided by which varieties appear on store shelves!
I rest my case! I distrust the judgement of newbies and reviewers equally!
Opera or Mozilla may well be wonderful browsers, but hardly any ordinary computer buyers will ever know.
Cute!
Tried installing the 6.0 UberPatch on 2 separate boxes now, both running W2kPro sp2 with IE 6.0 installed with VS.NET beta2.
(IE v. 6.00.2462.0000 to be exact)
The installation quits with an error telling me I must have IE 6.0 to install.
Also seen as mentioned above similar effect on 5.x versions other than 5.5 with that version install.
Leaves me not exactly feeling warm and fuzzy about whether the actual patch will really patch the holes it's supposed to or not!
No Comment.
Correct me if I'm wrong, but I believe "M$" is childish name calling.
M$ is a name for a string variable in a language that Bill Gates and Microsoft popularized on early 8-bit home computers. This language was Basic. This code works on Applesoft Basic (the Basic interpreter included with Apple II) and QBasic (the Basic interpreter included with MS-DOS until about 7.1). I haven't tried it on Visual Basic.
Will I retire or break 10K?
Supposedly ie 5.5sp2 and ie6 do not run java. However, I have ie 6 as included with XP. If I go to http://java.sun.com/applets all the demo applets run just fine.
Shrug
I know this new scientific/medical theory will needed to be proved many times, but my most recent proof for it works.
For every new update Microsoft releases, the end user will need to re-install Windows within a 24 hour peroid. Those who continue in this pattern will eventually become brain-dead and will forget the difference between tcp/ip and an icecream shop. The only cure comes from cirtain "open-source" OS's, such as GNU/Linux and BSD.
Any changes to this theory will be welcome. It will be submitted to my proof math book soon.
My mistake. I was under the impression that slashdot was not a technology. Silly me ;)
Snoozer.
Check out http://www.guninski.com/browsers.html.
Is there a real Kevin Mitnick?
Or is his real name 'Zoltan the Ferocious' or something. Like that tool 'Emmnuel Goldstein' who pretends he's Eric Corley when in court to keep his mom from finding out.
Opera is a pretty nice browser.
Mozilla is a big experiment in how many people can be involved in what should be a tightly managed project.
In other words, it's a cluster fuck.
So Microsoft *really* wants me to quit smoking, eh?
Tuus crepidae innexilis sunt.
So I installed the patch and have noticed a LOT more IE crashes afterwards.. Nice..
Come on, its only 2MB.
What kind of "Mother of all patches" do you call that.
It should be at least 30MB, maybe even more.....
They got snakes out here this biiiig?
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
Comment removed based on user account deletion
Either that or the fruit flavored nicotine patches to stop smoking
make Linux, not Microsoft. sin(beast) = -0.809016994374947424102293417182819
And how many releases has the Solaris/AIX hole been around for? IIRC, something like 5 years!
OK, so I read a MIME type, and it says that it's image/x-JPEG ... I pass it on to my file handler, telling it it's safe to process.
My file handler looks at it, and oh! It's name is sucker.jpg.exe. It's an executable, and my file handler was told it is safe to execute...so I'll just spawn it and...
oops
What's this Submit thingy do?
Feeling better already ;-)
int func(int a);
func((b += 3, b));
Slashdot is a group, and a group can have diverse opinions. Unless you can produce examples of the same individual adopting both these views, there is nothing inconsistent to cry about.
Per-site JS management is a big deal because I can enable javascript on the few sites that I trust, and disable it everywhere else. You have no idea how blissful it is to browse without worrying about popup ads.
...between instaling a keylogger on someone's computer and retrieving data from it.
Thanks to ex post facto, they won't legally be able to use data logged before the date of the court order.
What's this Submit thingy do?
For all we know, somewhere in some US military base, the words "All your base are belong to us" is flashing on Pvt. Payne's monitor. All because he had to get his quick fix of pr0n...
So, sure, you update to 5.5 so you can be patched. Oh...it installs MS Outlook Express. Express changes the regular Outlook as part of the update - now Outlook won't run properly without it. Greattt....and now I have a big blue E on my desktop.
Your IT guy runs the most recent fix, then it's discovered that the other criticals were not checked for.
Download more patches - wait! The Nov. 13 patch WON'T install now. Greaattt...
Is this a clever MS ploy to break up their monopoly by encouraging the use of other browsers?
Taking the current speed of someone discovering yet another hole in IE (bugs/day), I would say Microsoft should consider this 'über-patching' a weekly routine.
And we are not talking about holes as in "Oops, I sense a draft coming from somewhere", but really huge chasms of sloppy programming, big enough for Bin Laden to hide in.
Über-patch or not, I consider IE a worthy browser when the releases start to be safe and stable out-of-the-box, and when MS stops considering 'security', 'privacy' and 'standards-compliance' as curse words. (Subtle hint: Ain't gonna happen)
// Ego sum Nucivorax, me clamare audi.
You're a genius!
I read this, then used windows update and it said no new patches. So do you have to be '1337' to get this patch, I mean god forbid the masses getting this patch.
so many of those virii are propagated by stooopid people clicking on email attachments, the main problem is psychological, teaching people not to click on wierd looking emails... btw i use ie, its fast and reliable. But mozilla rox too....
I would just like to say at the outset that I am not a raving nut. But I have puzzled at the unusually close relationship between Microsoft and the Bush administration. And consider the following disclaimer from the End User License Agreement (EULA) at passport.com:
.NET Passport will disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to:
.NET Passport Web Site, or the public.
.Net databases will surely contain? And is there a person on the planet who believes that MS wouldn't use its users privacy as a bargaining chip to extract a favourable deal from the gov't? (Not that they ever had any respect for it before, of course.)
. . . d. Act under exigent circumstances to protect the personal safety of users of Microsoft, the
With the recent terrorist activities and the sweeping new anti-terrorist legislation, any "exigent circumstances" could be said to be met as a matter of course. So what guarantees do we have that MS and the gov't doesn't have a secret agreement in place to continuously sift and profile all the data (OUR data) that the
Did Adequacy ripoff that "Hacker" article you're bragging about in your sig from this antionline article? A lot of it seems to be almost word-for-word.
My win2k machine has been up for about 16+ days. Me and my frinds are going to see how long this boxes can hold up w/o getting knocked over.
/.ers have seen that come and go :)
My linux machine has uptime of 108 days. (I am sure
Thanks
Give us an example where current-ish IEs are worse in compliancy than current-ish Mozillas?
Don't know about the newest versions, as I tend to develop for the 5.0 area.
Mozilla being more html compliant used to be the case, but it hasn't been for a while now.
This has been known to the public for that long. You should really check you info before posting. Ever hear of something called bugtraq? It sure wouldn't seem like it according to your totally incorrect statement.
How many MB of downloaded patches have been required to fix all of these security holes? It sure seems that at least once a month (if not more) I need to download a critical update for either IE or Office. I just got done three days ago with a 13MB "security patch" for Office. Then today another 2.5 MB for IE. I did something similar last month and the month before. Beyond that it's just a blur.
Anyone have an idea of how many MB or GB of patches have been required so far? This sure is getting tiresome.
gotta be the least funny "+5 funny" mod ever.
Merry Christmas Windows users!!! (A free patch from Microsoft!)
Like somebody else said, "Release early, release often...unless it's Microsoft. Then, deride them for not getting it right the first time."
Vintage computer games and RPG books available. Email me if you're interested.
AOL version of IE is the locally installed version it uses the IE engine much the same way that Galeon uses the Mozilla engine
This must be Thursday, I never could get the hang of Thursdays.
IE itself is the ultimate trojan horse!
The trolls and other people who don't care, the people who're just here to ruin the experience for everyone, use IE on Windows.
Simple when you think about it, really. And it makes sense.
Oh, I know; I have no proof. But hell, it'd be funny, wouldn't it?
Stating on Slashdot that I like cheese since 1997.
Download - Execute as Administrator - Reboot - Done.
:)
And it didnt have to "de-integrate" the browser from local file aceess either. Mike
And you are nuts if you put one behind the firewall where any old Outlook or MSIE flaw will put a keylogger, sniffer or what ever. What's the point of a nice little firewall when some goon can soap his way through the browser?
I suppose you just have to be wild and crazy to use M$ at all. Look at what your money buys: a poor security model with intentional bypasses, monthly crashes, Magic Lantern, WMP sound, Digital Rights Management (now patented!), remote kill switches, and the opertunity to pay again and again. What a bargain, but spending is good for someone else's economy so party on, fanboy!
Posted using Mozilla, running through a secure shell from a 650MHz Athlon to my punny little 150 MHz Pentium laptop on my lap in my bed. Try that with M$ garbage. What MSIE won't run in 24MB RAM? What Billy G won't let you run coppies of it on more than one machine at once? Where did you want to go yesterday?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I don't know... I'm sick of the long arm of Microsoft too, and I've been trying to find an alternate browser, but Mozilla just doesn't cut it. I've *tried* to give it a chance time after time hoping it improves, but I have had HORRIBLE stability problems on EVERY machine I've installed it on (all Win2k except one WinXP box and two Linux boxes). Additionally, I'll puke before I will allow my browser to decide to open an extra "pane" on the screen when I use Google, which is every few minutes for me. WTF with the Google anti-feature?!
I already tried doing that...
"User Agent"="Mozilla/4.0 (compatible; Konqueror/2.2; Linux)"
Doesn't do a thing. Bummer !!
Try a recent build, much much much more stable (since 0.9.4 - on my laptop I had some weird issues with it, but otherwise it's been very solid) and it is pretty speedy since 0.9.2 - Opera is still the choice for quick browsing though, but I just can't get past the interface.
;)
As for the search pane, yeah - I am with you, that irritated the living hell out of me.. till I disabled it 2 minutes later
Dacels Jewelers can't be trusted.
fixes all problems with IE, present and future alike. www.98lite.net/ieradicator.html
Preserve old classics: copy your collection onto all hard drives.
Twas the night I tried to update
And all through Windows update
Not a critical download, not even a service pack.
As I sat back in my chair
What did I hear?
A Uber patch update for IE!
I quickly clicked the linked and open the page.
What did I see?
I line that said "Maximum Security Rating: Critical"
As I quickly click go
The download started, but I thought I heard Microsoft say,
"Merry Christmas to all, and to all a wonderful nightmare!"
Agreed, they should had a button "Disable this feature forever" in this pane. I was relieved later to discover that it could be disabled in the "Preferences" menus.
Actually, I think that if you send out an e-mail virus that patches IE automatically and then propogates itself, that would work quite well, despite the fact that you've been screaming and shouting for people never to open e-mail attachments. Just remember to use a subject line like "free porn!" ;)
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
But I hardly think that's the case. Most MS-bashers are just following a loud-mouth because it makes them belong to some group, be popular in some weird way.
For the people who got bullied by MS, agreed, you have a point, for the rest of them (imho a majority): they should grow up.
Never underestimate the relief of true separation of Religion and State.
Isn't this like PHB's reading Dilbert... and not getting it, either?
How many of those were IE for Mac? Until the advent Mozilla, that was a pretty reasonable choice. Things like fixed-position HTML objects actually worked.
Probably the Uber-Patch installs Linux in a VM and runs IE under that. (-:
Got time? Spend some of it coding or testing
Got time? Spend some of it coding or testing
Waht effect does this have on IE 5.5 in releation to the removal of the Netscape PlugIn architechture? I don't want to install this "patch" if it removes my ability to use NS plugins.
KangarooBox - We make IT simple!
Good Morning folks, Why not use a good browser like Opera 6,and forget about MS Explorer. It has a few short commings but if you havent tried it, do so. I think you will like it.
You go, Mr. Seth! Nobody will probably see this response at this point, but I'd mod you back up to where you started at least if I had mod points. Just about the whole thread was about "spyware", which leads pretty quickly to civil liberties and your comments regarding the WoD were extremely prescient.
I wish more techies would understand politics well enough to understand that we're well on our way to the classic police state of mid-20th century fascism or communism...all in the name of a culture war that hates hip intelligensia that aren't into traditional "values" (e.g., conservative forms of xian worship). If you think this is an overstatement, read the DEA's explanation/history of the WoD on their website. See, http://www.usdoj.gov/dea/deamuseum/home.htm).
And I wish moderators here would stop modding down strongly argued opinions they disagree with as "off-topic", especially if they don't really have enough background info to understand the thread to begin with...
Not holding my breath, though...
Slap a EULA on spackle.
I'll add a sig just as soon as I clean up this room...
Comment removed based on user account deletion
old news.
When I run it, I get a message "This update required IE 6.0" with an OK button.
I immediately verify that I am running 6.0 (which I am), and try again... Same result.
So I decide to try the 5.5 SP2 version... This one states that I have to have IE 5.5 SP2 installed...
The really sad part is that in order for me to call Microsoft and inform them that the patch doesn't work, I have to pay $35.00 on my credit card.
Oh well... Another Micro$loth fsck-up.
The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!
OK....so there is a patch to plug the gaping hole in the dyke (reminds me of little boys with fingers for some reason).
Download the patch. Then find out that you need IE 5.5 SP2 installed. OK....go download the SP2 update.
Hmmm...it's only 500K. Run it and I find it then connects and downloads another 8+ meg, with no provision to save the pack for use on other machines). Look around a bit...no full install available anywhere.
Figure I might a well try it on one machine. It tells me the install fails and then reboots the machine without asking.
The install then restarts asking if I want to d/l again. Yeah...right....on a slow modem. Sure Bill! I think I'll wait till it comes out on an MSDN DVD.
BTW....SP2 supposedly broke QuickTime support since IE SP2 no longer supports Netscape-style plugins. Wanna bet this was deliberate.
Good thing I use Opera for my primary browsing.
After installing the patch for i.e. 6.0 and rebooting, all my jpegs are now messed up when viewed in the browser. Apple quicktime viewer was the program I had set up to open jpegs previously (when not using the browser). Thank you Microsoft! Anyone else have this problem?
how many fucking reboots to apply THIS one?
I swear, every goddamn time I go to Microsoft's update website, it's threee reboots minimum. IE service pack update, SP update, critical updates, application compatability update, security update.
I thought that with NT, reboots would never be needed (that's what they were saying back in the 3.0 days) - and of course, the "rare" occasions where a reboot was necessary, they promised to fix those in 4.0. Well, now I'm running Win 2000, and I feel like I'm rebooting more often than I did with Win95.
Don't worry, I run Linux at home. 2000 at work where it's mandatory, lest the jack-booted IT thugs hunt me down as a "terrorist".
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
%systemroot%\\Windows Update Setup Files\\*
Also you can activate (in advanced setup) a full
download, which exactly is what I've done for IE6.
Not that I'd need IE for browsing, but I have my
box to be available for the cstrike scene, too.
My primary browser is lynx2-8-4 by the way. Opera is broken (even more than Konqueror, except for memory issues).
My Karma isn't excellent, damn it! (And
With Cookie Crusher, whenever there's a cookie, you get the following information and selection choices:
- domain/subdomain the cookie is from
- the cookie's name
- the cookie's content
- the cookie's expiry date
- an option to always/never accept JUST that cookie, or JUST that domain/subdomain, or ALL subdomains and the domain
Just to give a more complete explanation, here's what its documentation writes (long, written in layman's, but probably invaluable to anyone that thinks this is a GOOD IDEA and wants to have complete documentation on exactly how it works):I warned you it was long. If you're still here, then you probably like how Cookie Crusher works -- go tell the Mozilla team and mod this up! Oh, and apologies if your browser doesn't like some of the quotation marks/apostrophes above -- the help file "helpfully" had angled quotes.
[insert witty comment here]
I find it amusing how much /.ers debate and contradict themselves. Whenever the W3C makes a bad move (as they did in their privacy DTD a while back) everyone goes and says how BAD and EVIL the W3C is, but then whenever they talk about how much BETTER browser X is than browser Y, they talk about how COMPATIBLE it is with the very same people's DTDs.
/. (and SlashCode) uses a LOT of depreciated code (and the site isn't HTML 3.2 OR HTML 4 compliant!).
The other thing I find amusing is the fact that
[insert witty comment here]