Slashdot Mirror
Uber-patch for Internet Explorer
malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."
What does the "uber patch" do, install Mozilla?
I thought this was the bug that couldn't be fixed because it was worked so deep into the OS.
...Steve
I just installed it... and it deleted IE!!!!
Worked perfectly, I'd say....
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
Boy, Microsoft sucks. This patch doesn't even address future, yet-to-be-discovered vulnerabilities.
--
Mod up a post Rob doesn't like and you'll never mod again
Could you have been any LESS enthusiastic about that blurb? What, have your hopes for "armageddon courtesy of your pals at Microsoft" been obliterated? Sorry to hear it.
Anyway, this is a really good indication on the part of MS...perhaps an indicator of more initiative on these problems in the future. I definitely think that this is the type of thing that they need to continue if they wish to salvage their reputation at all...
I downloaded the 2.15 mb patch. I try to run it, and I get a prompt that I need IE5 Service pack 2 installed. That's it, it doesn't supply a link, it doesn't try to download it, nothing. Microsoft rushed this one out.
Just when I thought that I knew the difference between a Service Pack, Security Rollup Patch and a cumulative Hot Fix they go and release a Security Bulletin like this one.
BOSTON SUCKS!
I wouldn't install it considering the timing of all this news about the FBI's keystroke-logging Trojan. A "Windows Update" would be the perfect vehicle for the Feds to sneak their code onto machines, and it wouldn't surprise me a bit if they were in cahoots with Redmond just like they were in years past with the big Telcos.
how long this patch was developed. Suddenly when the hole is "announced" wammo! a patch in 3 days. Maybe Microsoft doesn't want to reduce it's "features"
We had to destroy the sig to save the sig.
It said Requires Windows 95 or better, so I installed Linux. Now what?
Bush Lies Watch
For those of us with less than a few hundred MS clients (read: fewer clients that would make usefull something as heinous as SMS push upgrades) the issues are still very clear:
1). It takes too much time to keep up on MS software patches.
AND
2). Once you know what you need you still have to go box to box to box to patch (in *most* cases).
Granted the 'uber-patch' will help, but it still means I need a couple more inters to walk from machine to machine and interrupt users. IMO, patch managment tools should be MS's #2 priority (right behind 'getting it right the first time').
Cheers,
-- RLJ
This does not appear to be a service pack, and the target builds listed for the hotfix are only IE 5.5 SP2 and 6, so you'll need to head here to get yer SP and then install the hotfix (get directly to it from here).
It seems unlikely that the SP2 for 5.5 includes this as of right now, although it will eventually (I know sometimes I'll download an SP and take a few days to actually install it). Check your versions before you plunge your box into browser hell =)
Here's the direct download URLs, so you don't have to wade through MS's crufty site:
c 23/6/W98NT42KMeXP/EN-US/q313675.exe c pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
for IE6:
http://download.microsoft.com/download/IE60/secpa
for IE5.5:
http://download.microsoft.com/download/ie55sp2/se
These updates have not yet appeared on Windows Update.
"Microsoft thanks Jouko Pynnonen of Oy Online Solutions Ltd for reporting this issue to us and working with us to protect customers. " Hmm Lots of Kudos to Jouko, but what about the Millions of other users who have been screwed by M$ over the years??? Microsoft Protecting their customers??? From what....M$?????
If you choose not to decide, you still have made a choice. RUSH
... Mac OS X and OmniWeb, that is. OW 4.1 will be out in about a week with gobs of speed and bug fixes.
Long live the Uberpatch.
MSIE is a thing to be overcome, and I have overcome him.
I find it very annoying to try to install Microsoft patches. I work in a place where I am responsible for several windows installations. When I install a M$ OS, in order to patch it, i have to:
1. Start IE (click through internet connection wizard)
2. Open the windows update website
3. Download an activeX application to determine what updates I need
4. Download and install the updates (often, more than 5!) one at a time, rebooting in between each one!
It's so much easier to swivel my chair around to my redhat box and do a simple 'up2date -i'.
I wonder if there's any particular reason why Microsoft makes it so difficult? Do they actually like their security holes?
They already applied their uber-patch to the DOJ and it *worked*!
100s of beautiful security fixes... and 3 ugly ones.
Consumers (not just slashdot ubergeeks) will have to sit up and take notice at this one, I think. It's getting a bit more coverage / product placement, and isn't being couched in esoteric terms (MS has a tendency of releasing patches that have descriptions which underplay the effects of not patching, or else are so laden with jargon that the layman cannot quite process them). It really is an "uber patch", and it really is MS saying, "We've been releasing insecure software for awhile. In fact, we're still doing so, as evidenced by the three bugs that you don't even know about that we're patching. Please install this patch or else you're screwed."
I think consumers can weather something like, "Apply this patch in order to ensure that your copy of internet explorer appropriately identifies content header types and reconciles them with dialogue saving and automated execution routines." because it just looks so *foreign*. Approached from a non-computing background, it looks like something very small and unlikely to affect anyone. This patch, though, looks a bit more like "Oops. Our browser sucks for security. Install immediately."
Hopefully this will draw peoples attention to:
1) The importance of frequent patching
2) The lack of security in MSIE
3) The problems associated with bundling a browser into core OS functionality (bit more unlikely).
Of course, the spin is still there, but:
Who should read this bulletin: Customers using Microsoft® Internet Explorer.
Impact of vulnerability: Run code of attacker's choice.
Maximum Severity Rating: Critical
Recommendation: Customers using IE should install the patch immediately.
Affected Software:
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
...is still pretty cut & dry. Anyone with even half a brain should realize that if a gaping hole in a consumer product existed through *2* releases (like having a 2000 and a 2001 Honda both explode in flames under appropriate conditions), that product may not be the best built out there.
Right?
Of course, I'd be much more pleased if people were being notified via a big ol' link on msn.com, and through a mail from the beloved "Hotmail Staff". What, are they scared of leveraging a monopoly to insure the security of their users?
-l
Of course, I had just finished putting that patch on a bunch of workstations here at the office, now that this new one is out I have to put it on every friggin machine.
As of 3:46 PM EST "the patch" isn't on the "Windows Update" page.
/. for telling me where to get it.
I guess they don't want you to fix it!?!?
Thanks
Signed:
Fanboy Jones
Get your Unix fortune now!
I had two users today get the Nimda.E variant via email. It had an interesting header that was included from an html formated email's iframe . . .
I'll leave out the actual format of the email's html. But what happened was Windows tried to run sample.exe right after previewing. No popup box, no nothing. And this was using Outlook Express 5.0 It was a good thing that the virus software saw the executable as a Nimda. If they had sent a format.exe that would have been it for the two user's data.
Microsoft said that only 6.0 was affected?
Or is this something different than what they have supposedly patched?
What if it was the reverse. The DOJ gives MS leniency, but calls in a favor with the FBI to announce some "Magic Lantern" spyware, and suddenly open projects become very popular....
...naw. ;-)
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
You stole that comment from a fairly famous rec.humor.funny posting... Software Requirements
Twoflower
--
Twoflower
I downloaded the 6.0 patch, ran it, and it exited with the message "This program requires Internet Explorer 6.0 to be installed.". I'm running IE6 on Windows NT Server 4 in vmware.
:)
Boy am I glad that no MS bugs can hurt my linux box. Even if I get owned by a malicious web page, I can just restore my vmware Windows system image.
Boy, I was getting tired of all those pesky security holes in IE. I'm glad Microsoft went and fixed them all up. Wait a minute... the uber-patch only runs under Linux?
Use Ctrl-C instead of ESC in Vim!
How to uninstall
Uninstall is not available
A cheer for code you can verify yourself before you trust it to secure your computer for you.
Goat sex free since 2001
upgrade to our new monolithic scheme
stay with the old app, that will soon no longer work because we are purposly chaning all the protocols and good luck with the security holes we're leaving you with
i honestly like some ms products, but their policies and carelessness are just too much sometimes...
I believe sex is highly over rated... unless it involves me
Reminds me of a pair of pants my neighbor had. So many patches there wasn't any original fabric left.
Give me my freedom, and I'll take care of my own security, thank you.
still doesn't beat open source bug to patch turn around time, but still 3 days isn't bad. i recall some M$ bugs not being fixed for quite a long time. all in all, it doesn't excuse M$ for sucking so bad.
E.
-
This Post has been brought to you by the letter "E".
It's also important to note that it's not just users of IE as their browser that are affected by this bug. Lots of Windows programs took a shortcut (Eudora being a prime example) and used MSHTML.DLL as the rendering engine for their application. Any application that displays HTML and uses MSHTML.DLL and has IE5.5 or IE6 should install this patch IMMEDIATELY.
Some people take their .sig way too seriously
Michael exaggerated this exploit beyond belief:
If Microsoft suddenly changes how their browser handles downloaded files, tens of thousands (perhaps hundreds of thousands? any webpage which downloads files) of webpages "designed for IE" will have to be rewritten.
Good grief! Can somebody link to the tens of thousands of "designed for IE" webpages that are currently incompatible as a result of this patch?
In fact a proper "fix" of this hole probably involves de-integrating their browser and local file handling to some extent.
Eerrr.. a proper "fix" of Michael's previous article probably involves a higher level of computer literacy, and less impulsive urge to write expository essays that sound dramatic, but are wrong.
If the patch works as it should... ;)
1. Corrects the way it handles the Content-Disposition and Content-Type header fields in an HTML stream.
2. Patches a vulnerability to a newly discovered variant of the "Frame Domain Verification"
3. Prevents a site from misreporting the name of files that users attempt to download.
More details can be found here
X
Well, it's certainly a good thing that there are so many people looking at the source to produce a patch...
er....
Never mind.
--saint
Why does a fix to a program that nobody here uses, written by a company that everybody here hates matter?
The news article about Magic Lantern, which you apparently failed to read when it was posted to Slashdot, contains the following text:
"When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: 'Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process.'" (my emphasis)
So unless the FBI has gotten a court order against the 84.8% of web surfers who use Internet Explorer, this is pure FUD.
Sheesh.
2462 is from Windows XP beta. You will need XP final to insall these patches.
kawai
Maybe they should be doing this at regular intervals. Have monthly patch collections. Quarterly.
Perhaps hourly wouldn't be overkill.
This came out exactly a month after the last UberPatch, MS01-55. Shall we see MS02-0? as the next one on January 13/14? Probably.
I don't know if it's a good thing or not. On the one hand, it allows me time to plan to patch each machine I'm responsible for at work. On the other hand, it allows a window of opportunity for exploitation.
Then again, I'm all for having Bill Gates come and patch every single machine personally.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Reminds me of a pair of pants my neighbor had. So many patches there wasn't any original fabric left.
Just like any large software project, including the Linux kernel, KDE, Mozilla, you name it.
Yesterday you bashed MS for not going public about anything, and now you bash them for patching the program. Short of open sourcing everything, is there anything they could do that would appease this croud?
They might not get it right on the first try, but they do fix their bugs, and i think this was fairly timely, especially given the size / scope of IE.
I only counted 3 in what you just said. Maybe you are not ready for enterprise?
Snoozer.
for IE5.5 for IE5.5:s ec pac23/5.5_SP2/WIN98Me/EN-US/q313675.exe
http://download.microsoft.com/download/ie55sp2/
Note, that is for IE 5.5 SP2 if you have SP1, or plain vanilla 5.5, you will first have to upgrade, so you may want to wait till a full release with the patches is available. SP2 is 17MB download.
Anyone know what the equivalent version is if you have the AOL version of IE? (not that I do) but you can imagine AOL will be slowed to a crawl if every single user must get an upgrade first to SP2 or IE6, then get this patch. When - oh - when will AOL finally become browser neutral or go entirely to Netscape/Mozilla?
Work for Change & GET PAID!
Warning: mild flamebait.
Remember Michael's over-the-top misinformed rant about this 3 days ago?
I'm surprised he posted this fix, kinda points out how far off base /. was
a short 3 days ago. Hey, I'm no M$ fan and I kinda expect some opinion on /.
posts ... but there comes a point when it turns into yellow journalism and becomes childish M$ name calling.
The patch that blew up this approach for us was MS01-50. It had two critical patches to apply at the same time, and the system tried to apply both at once, when you needed a reboot for each. Guess who was "volunteered" to re-patch the machines.
*sigh* It's Friday afternoon. Time to go home. No more f*cking patches to do.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
"IE is the best browser out there. Check ANY review. " Maybe it's just my opnion, but I the opera http://www.opera.com is better. It's faster and in my experience far more stable on NT and in 2000. Most reviews to date ignore or are unaware of opera's existence. Give it a try. I do however agree with your overall point, people to need be a little less biased on slashdot. Just dont step too far pointing it out with dubious statements like the above as it will only result in the people your talking to ignoring you as ignorant. Though I'm not sure they won't simply because they disagree. The line between troll and zealot is kind blurry.
Patch early, patch often...Unless you're Microsoft
Quickly scrolling down through the various posts, I see quite a few messages complaining about having to install this patch on multiple machines in the office now...Boo hoo!
Good grief, Microsoft's new slogan should be damned if you do, damned if you don't.
"Anybody who tells me I can't use a program because it's not open source, go suck on rms. I'm not interested." (LT 2004)
Now Microsoft will get Slahdotted. One more reason for them to hate us. *sigh*
There are 01 kinds of cars in the world. The General Lee, and everything else.
heh.. funny, I count 4 as well..
/. = 1
linux = 2
perl = 3
mysql = 4
Viola..
Jay
"What's this script do? unzip ; touch ; finger ; mount ; gasp ; yes ; umount ; sleep Hint for the answer: not everyth
AOL has a pretty efficent updating mechnism. Probably won't be an issue.
Of course, I don't use IE.
How many gaping security holes has Mozilla had?
The BEST is all in how you measure it, non?
Although realisitcally this isn't so much a flaw in IE, rather it is a flaw in the tight integration of IE and windows. How many of the major Microsoft security problems it the last couple of years can be directly tied to the integrations between the operating system and the applications? Frankly I can't think of many that aren't directly attributable to that.
It all boils down to the usual sacrifice of security for convenience. A computer in a 6 foot thick block of concrete at the bottom of the ocean is very secure and nearly unusable. Microsoft has chosen to focus more on convenience and their security must pay the corresponding price.
This sig has been temporarily disconnected or is no longer in service
(and I'm mostly a Linux geek), I have a question for my Windows PCs (I'm half-and-half, behind a Linksys router):
:)
If I go install this "uber-patch", what can I expect it to fix, and what can I expect it to break? (15000 bugs in the code, 15000 bugs; fix a bug, add some more, 16000 bugs in the code...)
What is your Slash Rating?
Some review may say that IE is the best, but is it worth to live with such a sucky and unsafe platform just to have the "better" web browser? god dammit, browers and pages are so damn bloated with little gadgets, shitty javascript, shitty applets and all sorts of annoyances that it makes me kinda disgusted when I need to visit commercial sites. I do use the good old netscape (sometimes the bloated new one), java off, javascript off, it makes my life less miserable than being forced to close 10.000 pop-up cappies. Unfortunately these days people are doing sites that cant be navigated without some sort of javascript/java/flash and stuff, and it really sucks. I may look like an old dinossaur, but I think the content matters much more than the form.
``If a program can't rewrite its own code, what good is it?'' - Mel
great, another thing to download when i set up a new box. I am currently setting up a couple w2k boxen. after setting them up I have to windows update and reboot some 3-4 times (depending on dx8.1 install or no). on big hefty machines w/ scsi and raid, reboots take forever. why can't there be a patch called "Bring to current" or whatever that takes all the service packs and security updates and lays them down in one pass. specifically for bringing new installs up to date. I still remember hating how the default NT 4 install had ie 3 (2?) that couldn't even read MS's site to get a newer version to read MS's site. what a pain in the ass.
tgif
ej
Hopefully, next month Microsoft will release the UberPatch-Patch. A patch to address the security flaws in the recent UberPatch which was released to address the security flaws in IE
This comment does not represent the views or opinions of the user.
Comment removed based on user account deletion
By doing so, I can't get to Hotmail, can't sign in to Passport, and most importantly, can't access Windows Update.
Hey, anyone astroturfing for Microsoft! Your own security recommendation means people can't access your sites. I am NOT turning on active scripting(i.e. disabling a security measure) so I can get the fix.
You guys need to make your site work without Javascript. Sheesh. How can anyone take you seriously?
No, Thursday's out. How about never - is never good for you?
We just got UpdateExpert(formerly called SPQuery). It's pretty sweet and much less of a pain than SMS - it doesn't require any client software, for one thing.
Of course, it costs money - there's always a downside
(about $1600.00 for a 3-year subscription for 50 clients, I think)
Ok, for us crusty corporate types that have IE 5sp2, are we vunerable to these security bugs? My company uses mozilla that has been tweaked for our browser, but they are on windows machines. I still haven't got a IE free windows machine without crashing it. And upgrading these 2500 client machines will cost a chunk of change and time for our small IT department. This sucks we work hard to keep MS from costing money, but still sell to thier customers.
"Get them before they get....
i had thought that the service pack would upgrade my browser. nope.
Aren't there other issues with IE 5.5 SP2? Like not being able to run standard plugins and java?
___
Cognitive Overflow
more than yo
By this logic, which I feel is a common path for businesses to take, using Internet Explorer and letting webmasters know that you do will harm our freedom to choose our client software in the future.
I don't understand why no one else has come forward and stated that they feel this way. For this reason, I refuse to use the software except in situations where it's seriously inconvenient to do otherwise.
I don't mean to be alarmist. If the web is only accessible from IE, a project will be started to supply a proxy for other browsers which interprets the data from the web server and converts it to nice, standardized HTML. This could get kludgy, and is the worst case scenario I see.
All you sysadmin who thought you were going
home early today... think again!
not that I know from personal experiance ;)
Hollow words will burn and hollow men will burn.
Under capitalism man exploits man. Under communism it's the other way around.
Hey, I just tried updating my system through Windows Update. I wasn't prompted for anything, and I haven't updated my NT 4 box for about a week. Does this mean that I already got the patch a week ago, or has Microsoft not put it on Windows Update yet?
If it's just not in Windows Update, shame on MS. That is the only place I go for updates. I don't waste my time wading through all of the other crap on MS's website.
/me strokes debian woody..
One of the things the MS did right in concept, but screwed up in implementation was the critical update notification system. Essentially you install this little program (probably spy-ware) that periodically checks what updates are installed on your machine, and what updates are available from MS. When a new patch comes out a window pops up and tells you that that are new updates. You can even configure this thing to download them first in the background and then have it pop up a window when its ready to install the updates. Sounds like a pretty good idea right? Just one problem with it. It doesn't actually check to see if you have or even use a certain app before deciding if you need an update. On a couple machines I run I have the Critical update notification running, they kept wanting to install an update for windows media player on those machines. These two machines don't even have windows media player installed. Infact they aren't in the list of allowed binaries, so even if they were installed you couldn't run them. But yet this thing kept insisting to install the update. Anyway the point here is that Microsoft has gotten better as far as updates are concerned (espcially for home end end users who would never check for updates on their own) but the system still needs help, Unless of course they left it broken on purpose to get more people to install 'optional' software. I did end up having to install Windows Media Player (although it is still not an allowed EXE) to get update notification to STFU.
Slashdot is an anagram for Has Dolts, and I am Dolt number 468543
For years I used Netscape and loved it, up through about 4.0 (4.5-7 are bad, bad, bad). I even used 4.7 for a long time, before finally deciding that I just couldn't live with the shitty rendering, slow reaction time, and general bugginess. So I tried IE, just to see how bad it was.
And it was amazingly fast, clean, and surprisingly not crashy, considering it was Microsoft's. Slowly, I started to accept that IE was the best browser out there. And I used IE, and netscape actually disappeared from my computer.
Sure, I tried Mozilla, and Netscape 6.0 and 6.1. Quite honestly, they're crap. They're slow, not particularly stable, and ugly. But mostly they're just slow, fucking slow. It's not just loading the program, it's also in large part that I open a page and Mozilla takes about three times as long to render as IE.
But when I read that security page the other day, I found a new program to try. So I tried it: Opera. I last used Opera on a mac a couple of years ago, when it was small, shitty, buggy, and lacking features, like security. So I wasn't really expecting anything.
Opera is fucking brilliant. It's fast--it's actually faster both to load and to render pages than IE. It gets rid of a lot of the useless shit that IE throws up--like dialogs to go from secure to insecure. It has security, it has a full feature set (at least, all the stuff I use, like plugins and java and working pages). It lets me use the keyboard more than IE.
And the best part: it lets me block out pop-up windows. You have no idea how amazing a feeling it is to go to a site that throws pop-ups at me like mad and watch them, well, not load. No idea until you try it. It even pretends to be IE for pages that require IE.
I have had one page fail to load correctly--a credit card account page. But considering it loads wrong half the time in IE, it's not too bad. Still, I'm keeping IE around (and patched it) in case I find something glaringly wrong with Opera, but until that time, I'm happy with this.
Oh, did I mention it sits in _half_ the memory footprint of IE, and about a third of Mozilla?
Check it out. Opera. It's not Open Source, but then again, if we're talking about IE, we're talking about windows, so...
Jeff
I was just a CS undergrad at UC Berkeley. The year was '96. Netscape dominated the market. Eric Brewer (founder of Inktomi) and his group of grad students continually found security flaws in Netscape. They received a lot of press. Netscape looked bad.
It's no different with IE now. It's possible that Mozilla really is less flawed than IE, but I guar-an-tee that if it had 85% of the market, we'd be hearing about security problems all the time. I'm not a MS apologist, I just want to shed some light.
Note that the segment you highlighted did not say "YES" - why do you suppose they didn't say yes?
How come when something is wrong w/ the security of a MS product, it is posted under the MS topic, and when they do soemthing right it is posted under security... is there some sort of bias showing through here?
Ben
Pynnonen (the guy who found the exploit) has posted a new message to Bugtraq. If the servers reply is crafted correctly it can cause the program to be downloaded executed with *no* dialogs. See the posting for more details. Still no exploit given though.
-K
For all the reasons that you state, I:
Flamebait is typically written to elicit strong emotional response and name-calling from the target audience... this falls under the "troll" category which gives a more subtle feeling of disturbance, saying something usually inaccurate or incorrect in a seemingly reasonable manner to generate lots of "discussion". Let's go point-by-point:
Seeing as michael's story was neither misinformation nor an over-the-top rant (read the story), this plays on the popular opinion that slashdot gets a lot of stuff wrong all the time, as well as our obvious anti-Microsoft bias, to pretend that it was in fact an over-the-top misinformed rant.
Did they provide information about when a patch was available? At the time, they did not, so this is hardly misinformation. Whether they release a patch today or three months from now, "no information" is still "no information".
Correct me if I'm wrong, but I believe "M$" is childish name calling. "If it agrees with me, it's opinion, otherwise it's bias": This just about sums it up. There is nothing wrong with bias; there is no way to avoid it, claiming something is unbiased is a great indication that something is trying to be intentionally misleading. I read slashdot because the bias mostly agrees with my own. Perhaps your time would be better spent looking for a more agreeable forum, instead of trolling on this one.
Don't think of it as a flame---it's more like an argument that does 3d6 fire damage
Since Microsoft anounced it's policy of attempting to keep the lid on the security holes that exist within it's software, I would assume that 'known' means ones that they are willing to reveal to us.
So the word 'all' preceeding 'known' has no meaning since Microsoft itself admits to witholding the true extent of the damage its software can do to your system through security holes.
I consider this another decietful marketing attempt to make consumers feel safe about their products despite their worse than poor track record. They may not be outright lying, but there planting the seeds for others to do it for them. How many sysadmins will now send out an email saying that "IE will be free from all security bugs by installing this patch"? Of course that is a lie.
Does anyone know if this patch supports Windows 95?
IE 5.5 is available for Windows 95, but Microsoft recently "retired" Windows 95.
Has anyone tried it?
If it's not supported, does anyone else find it a little peculiar that MS would wait until just after the end of 95's "lifecycle" to release this patch?
Perhaps a way of ensuring that people stop using 95 and have to upgrade?
Unix is mysterious, and ancient, and strong. It's made of cast iron and the bones of heroic programmers of old -
... just sign up for Passport and MS will let you download it!
Irrelevant. The purpose of Slashdot, as I see it, is to provide a forum for people to debate and discuss technical issues. Slashdot is not a news magazine or site like Register or Wired.
/.
Besides, I read the Register first, and then vent on
No statement is true, not even this one.
What happened? That bloody search-from-the-address-bar thingy had turned itself on. Oh well, I say, just go to Options -> Advanced -> Do Not Search From The Address Bar. I do this, type in "asdfa sdfsdfsa dfwer" (note the spaces) and POW: search-from-the-address-bar turns itself back on.
Much the same thing happens if you change the option and then restart IE.
WTF?
I just visited Windows Update with IE 5.5 SP2 and under "CRITICAL UPDATES AND SERVICE PACKS" it said there were no updates. What is the point of Windows Update if it's not up to date?
rooooar
it usually takes them a few weeks to get stuff on windows update, which blows, but thats microsloth incompentence for you.
Lawyers, MBA's, RIAA? A jedi fears not these things!
Cute!
Tried installing the 6.0 UberPatch on 2 separate boxes now, both running W2kPro sp2 with IE 6.0 installed with VS.NET beta2.
(IE v. 6.00.2462.0000 to be exact)
The installation quits with an error telling me I must have IE 6.0 to install.
Also seen as mentioned above similar effect on 5.x versions other than 5.5 with that version install.
Leaves me not exactly feeling warm and fuzzy about whether the actual patch will really patch the holes it's supposed to or not!
No Comment.
Correct me if I'm wrong, but I believe "M$" is childish name calling.
M$ is a name for a string variable in a language that Bill Gates and Microsoft popularized on early 8-bit home computers. This language was Basic. This code works on Applesoft Basic (the Basic interpreter included with Apple II) and QBasic (the Basic interpreter included with MS-DOS until about 7.1). I haven't tried it on Visual Basic.
Will I retire or break 10K?
Supposedly ie 5.5sp2 and ie6 do not run java. However, I have ie 6 as included with XP. If I go to http://java.sun.com/applets all the demo applets run just fine.
Shrug
I know this new scientific/medical theory will needed to be proved many times, but my most recent proof for it works.
For every new update Microsoft releases, the end user will need to re-install Windows within a 24 hour peroid. Those who continue in this pattern will eventually become brain-dead and will forget the difference between tcp/ip and an icecream shop. The only cure comes from cirtain "open-source" OS's, such as GNU/Linux and BSD.
Any changes to this theory will be welcome. It will be submitted to my proof math book soon.
My mistake. I was under the impression that slashdot was not a technology. Silly me ;)
Snoozer.
Check out http://www.guninski.com/browsers.html.
So Microsoft *really* wants me to quit smoking, eh?
Tuus crepidae innexilis sunt.
So I installed the patch and have noticed a LOT more IE crashes afterwards.. Nice..
Come on, its only 2MB.
What kind of "Mother of all patches" do you call that.
It should be at least 30MB, maybe even more.....
They got snakes out here this biiiig?
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
Comment removed based on user account deletion
Either that or the fruit flavored nicotine patches to stop smoking
make Linux, not Microsoft. sin(beast) = -0.809016994374947424102293417182819
And how many releases has the Solaris/AIX hole been around for? IIRC, something like 5 years!
OK, so I read a MIME type, and it says that it's image/x-JPEG ... I pass it on to my file handler, telling it it's safe to process.
My file handler looks at it, and oh! It's name is sucker.jpg.exe. It's an executable, and my file handler was told it is safe to execute...so I'll just spawn it and...
oops
What's this Submit thingy do?
Feeling better already ;-)
int func(int a);
func((b += 3, b));
Slashdot is a group, and a group can have diverse opinions. Unless you can produce examples of the same individual adopting both these views, there is nothing inconsistent to cry about.
Per-site JS management is a big deal because I can enable javascript on the few sites that I trust, and disable it everywhere else. You have no idea how blissful it is to browse without worrying about popup ads.
...between instaling a keylogger on someone's computer and retrieving data from it.
Thanks to ex post facto, they won't legally be able to use data logged before the date of the court order.
What's this Submit thingy do?
So, sure, you update to 5.5 so you can be patched. Oh...it installs MS Outlook Express. Express changes the regular Outlook as part of the update - now Outlook won't run properly without it. Greattt....and now I have a big blue E on my desktop.
Your IT guy runs the most recent fix, then it's discovered that the other criticals were not checked for.
Download more patches - wait! The Nov. 13 patch WON'T install now. Greaattt...
Is this a clever MS ploy to break up their monopoly by encouraging the use of other browsers?
Taking the current speed of someone discovering yet another hole in IE (bugs/day), I would say Microsoft should consider this 'über-patching' a weekly routine.
And we are not talking about holes as in "Oops, I sense a draft coming from somewhere", but really huge chasms of sloppy programming, big enough for Bin Laden to hide in.
Über-patch or not, I consider IE a worthy browser when the releases start to be safe and stable out-of-the-box, and when MS stops considering 'security', 'privacy' and 'standards-compliance' as curse words. (Subtle hint: Ain't gonna happen)
// Ego sum Nucivorax, me clamare audi.
so many of those virii are propagated by stooopid people clicking on email attachments, the main problem is psychological, teaching people not to click on wierd looking emails... btw i use ie, its fast and reliable. But mozilla rox too....
I would just like to say at the outset that I am not a raving nut. But I have puzzled at the unusually close relationship between Microsoft and the Bush administration. And consider the following disclaimer from the End User License Agreement (EULA) at passport.com:
.NET Passport will disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to:
.NET Passport Web Site, or the public.
.Net databases will surely contain? And is there a person on the planet who believes that MS wouldn't use its users privacy as a bargaining chip to extract a favourable deal from the gov't? (Not that they ever had any respect for it before, of course.)
. . . d. Act under exigent circumstances to protect the personal safety of users of Microsoft, the
With the recent terrorist activities and the sweeping new anti-terrorist legislation, any "exigent circumstances" could be said to be met as a matter of course. So what guarantees do we have that MS and the gov't doesn't have a secret agreement in place to continuously sift and profile all the data (OUR data) that the
My win2k machine has been up for about 16+ days. Me and my frinds are going to see how long this boxes can hold up w/o getting knocked over.
/.ers have seen that come and go :)
My linux machine has uptime of 108 days. (I am sure
Thanks
Yeah income based would be better. I was just throwing ideas out there.
An Education is the Font of All Liberty
Sure, here you go.
The last one is especially nice, because it's a very objective review against Mozilla - showing while IE gets things "mostly right", Mozilla does it to the spec. Which has pretty much been their goal from the beginning, whereas IE's goal is to take over market.
Mozilla is also better than IE for another reason: Good PNG support.
Dacels Jewelers can't be trusted.
...which is why I use Opera v6.0 on Windows. =P
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
How many MB of downloaded patches have been required to fix all of these security holes? It sure seems that at least once a month (if not more) I need to download a critical update for either IE or Office. I just got done three days ago with a 13MB "security patch" for Office. Then today another 2.5 MB for IE. I did something similar last month and the month before. Beyond that it's just a blur.
Anyone have an idea of how many MB or GB of patches have been required so far? This sure is getting tiresome.
Merry Christmas Windows users!!! (A free patch from Microsoft!)
Most of the security updates from microsoft do not come from the windowsupdate site till its too late... :-)
A better place to look is
MS HotFix & Security Bulletin Service
--
Time is on my side
Like somebody else said, "Release early, release often...unless it's Microsoft. Then, deride them for not getting it right the first time."
Vintage computer games and RPG books available. Email me if you're interested.
AOL version of IE is the locally installed version it uses the IE engine much the same way that Galeon uses the Mozilla engine
This must be Thursday, I never could get the hang of Thursdays.
IE itself is the ultimate trojan horse!
The trolls and other people who don't care, the people who're just here to ruin the experience for everyone, use IE on Windows.
Simple when you think about it, really. And it makes sense.
Oh, I know; I have no proof. But hell, it'd be funny, wouldn't it?
Stating on Slashdot that I like cheese since 1997.
Download - Execute as Administrator - Reboot - Done.
:)
And it didnt have to "de-integrate" the browser from local file aceess either. Mike
And you are nuts if you put one behind the firewall where any old Outlook or MSIE flaw will put a keylogger, sniffer or what ever. What's the point of a nice little firewall when some goon can soap his way through the browser?
I suppose you just have to be wild and crazy to use M$ at all. Look at what your money buys: a poor security model with intentional bypasses, monthly crashes, Magic Lantern, WMP sound, Digital Rights Management (now patented!), remote kill switches, and the opertunity to pay again and again. What a bargain, but spending is good for someone else's economy so party on, fanboy!
Posted using Mozilla, running through a secure shell from a 650MHz Athlon to my punny little 150 MHz Pentium laptop on my lap in my bed. Try that with M$ garbage. What MSIE won't run in 24MB RAM? What Billy G won't let you run coppies of it on more than one machine at once? Where did you want to go yesterday?
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
I don't know... I'm sick of the long arm of Microsoft too, and I've been trying to find an alternate browser, but Mozilla just doesn't cut it. I've *tried* to give it a chance time after time hoping it improves, but I have had HORRIBLE stability problems on EVERY machine I've installed it on (all Win2k except one WinXP box and two Linux boxes). Additionally, I'll puke before I will allow my browser to decide to open an extra "pane" on the screen when I use Google, which is every few minutes for me. WTF with the Google anti-feature?!
I already tried doing that...
"User Agent"="Mozilla/4.0 (compatible; Konqueror/2.2; Linux)"
Doesn't do a thing. Bummer !!
hehe, I love AC's. You whole argument is shot, assuming you are the same person as above. IE5 is what was requested, and that is what I showed.
Sorry if you can't handle you are just plain wrong, I'd rather be a sad man that's right - then a poor fool who won't admit when wrong.
The fact is IE had to work to come to standards compliancy because of competition of Opera and Mozilla. You want lightweight and standard you use Opera, you want full feature and standard you use Mozilla. End of story. IE is only for the drooling Mom'n'Pops of America in reality. They are the ones who are behind. The fact that IE6 has a 'main point' of being standards compliant is proof of this. IE's share is slipping, Mozilla and Opera are on the rise. You know why? Because it works the way it is supposed to.
YHL, HAND.
Dacels Jewelers can't be trusted.
Try a recent build, much much much more stable (since 0.9.4 - on my laptop I had some weird issues with it, but otherwise it's been very solid) and it is pretty speedy since 0.9.2 - Opera is still the choice for quick browsing though, but I just can't get past the interface.
;)
As for the search pane, yeah - I am with you, that irritated the living hell out of me.. till I disabled it 2 minutes later
Dacels Jewelers can't be trusted.
Except that those projects are always undergoing version changes, which requires addition and possibly change of existing code.
How many patches are there to KDE 2.2? And IE 5.5?
XML is like violence. If it doesn't solve the problem, use more.
fixes all problems with IE, present and future alike. www.98lite.net/ieradicator.html
Preserve old classics: copy your collection onto all hard drives.
Agreed, they should had a button "Disable this feature forever" in this pane. I was relieved later to discover that it could be disabled in the "Preferences" menus.
Actually, I think that if you send out an e-mail virus that patches IE automatically and then propogates itself, that would work quite well, despite the fact that you've been screaming and shouting for people never to open e-mail attachments. Just remember to use a subject line like "free porn!" ;)
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
But I hardly think that's the case. Most MS-bashers are just following a loud-mouth because it makes them belong to some group, be popular in some weird way.
For the people who got bullied by MS, agreed, you have a point, for the rest of them (imho a majority): they should grow up.
Never underestimate the relief of true separation of Religion and State.
Isn't this like PHB's reading Dilbert... and not getting it, either?
How many of those were IE for Mac? Until the advent Mozilla, that was a pretty reasonable choice. Things like fixed-position HTML objects actually worked.
Probably the Uber-Patch installs Linux in a VM and runs IE under that. (-:
Got time? Spend some of it coding or testing
Got time? Spend some of it coding or testing
Waht effect does this have on IE 5.5 in releation to the removal of the Netscape PlugIn architechture? I don't want to install this "patch" if it removes my ability to use NS plugins.
KangarooBox - We make IT simple!
Good Morning folks, Why not use a good browser like Opera 6,and forget about MS Explorer. It has a few short commings but if you havent tried it, do so. I think you will like it.
You go, Mr. Seth! Nobody will probably see this response at this point, but I'd mod you back up to where you started at least if I had mod points. Just about the whole thread was about "spyware", which leads pretty quickly to civil liberties and your comments regarding the WoD were extremely prescient.
I wish more techies would understand politics well enough to understand that we're well on our way to the classic police state of mid-20th century fascism or communism...all in the name of a culture war that hates hip intelligensia that aren't into traditional "values" (e.g., conservative forms of xian worship). If you think this is an overstatement, read the DEA's explanation/history of the WoD on their website. See, http://www.usdoj.gov/dea/deamuseum/home.htm).
And I wish moderators here would stop modding down strongly argued opinions they disagree with as "off-topic", especially if they don't really have enough background info to understand the thread to begin with...
Not holding my breath, though...
Slap a EULA on spackle.
I'll add a sig just as soon as I clean up this room...
Comment removed based on user account deletion
When I run it, I get a message "This update required IE 6.0" with an OK button.
I immediately verify that I am running 6.0 (which I am), and try again... Same result.
So I decide to try the 5.5 SP2 version... This one states that I have to have IE 5.5 SP2 installed...
The really sad part is that in order for me to call Microsoft and inform them that the patch doesn't work, I have to pay $35.00 on my credit card.
Oh well... Another Micro$loth fsck-up.
The day Microsoft creates a product that doesn't suck, it will be known as the Microsoft Vaccuum Cleaner!
After installing the patch for i.e. 6.0 and rebooting, all my jpegs are now messed up when viewed in the browser. Apple quicktime viewer was the program I had set up to open jpegs previously (when not using the browser). Thank you Microsoft! Anyone else have this problem?
how many fucking reboots to apply THIS one?
I swear, every goddamn time I go to Microsoft's update website, it's threee reboots minimum. IE service pack update, SP update, critical updates, application compatability update, security update.
I thought that with NT, reboots would never be needed (that's what they were saying back in the 3.0 days) - and of course, the "rare" occasions where a reboot was necessary, they promised to fix those in 4.0. Well, now I'm running Win 2000, and I feel like I'm rebooting more often than I did with Win95.
Don't worry, I run Linux at home. 2000 at work where it's mandatory, lest the jack-booted IT thugs hunt me down as a "terrorist".
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
%systemroot%\\Windows Update Setup Files\\*
Also you can activate (in advanced setup) a full
download, which exactly is what I've done for IE6.
Not that I'd need IE for browsing, but I have my
box to be available for the cstrike scene, too.
My primary browser is lynx2-8-4 by the way. Opera is broken (even more than Konqueror, except for memory issues).
My Karma isn't excellent, damn it! (And
With Cookie Crusher, whenever there's a cookie, you get the following information and selection choices:
- domain/subdomain the cookie is from
- the cookie's name
- the cookie's content
- the cookie's expiry date
- an option to always/never accept JUST that cookie, or JUST that domain/subdomain, or ALL subdomains and the domain
Just to give a more complete explanation, here's what its documentation writes (long, written in layman's, but probably invaluable to anyone that thinks this is a GOOD IDEA and wants to have complete documentation on exactly how it works):I warned you it was long. If you're still here, then you probably like how Cookie Crusher works -- go tell the Mozilla team and mod this up! Oh, and apologies if your browser doesn't like some of the quotation marks/apostrophes above -- the help file "helpfully" had angled quotes.
[insert witty comment here]
I find it amusing how much /.ers debate and contradict themselves. Whenever the W3C makes a bad move (as they did in their privacy DTD a while back) everyone goes and says how BAD and EVIL the W3C is, but then whenever they talk about how much BETTER browser X is than browser Y, they talk about how COMPATIBLE it is with the very same people's DTDs.
/. (and SlashCode) uses a LOT of depreciated code (and the site isn't HTML 3.2 OR HTML 4 compliant!).
The other thing I find amusing is the fact that
[insert witty comment here]