BBC says "Avoid Explorer"

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Tuesday November 26, 2002 @12:41AM from the no-disagreement-here dept.

twitter writes "Citing security flaws that lead to ads and spys on Microsoft infested computers the BBC in this article recomends avoiding Internet Explorer." Ain't it the truth? Mostly its about adware & spyware and other wretched bits of software that make the internet suck a little more each day.

11 of 529 comments (clear)

Min score:

Reason:

Sort:

Great idea but still an unrealistic solution by Max+Romantschuk · 2002-11-26 00:47 · Score: 4, Interesting

Working as a web developer I know that getting users to update their browsers is hard, let alone switch browser alltogether...

Unfortunately I doubt the problem as a whole can be solved by switching browsers. Rather I'd see stricter legislation tackle privacy issues.

--
.: Max Romantschuk :: http://max.romantschuk.fi/
Re:I use by Zapper · 2002-11-26 00:48 · Score: 3, Interesting

I've been using Opera6/Linux.
It's pretty good, fast, some nice features and who knows I might even pony up some dollars to remove the ads. I've got a slow PC, so it really shows up renering speed. Mozilla really sucked. Might have to give Pheonix a go when I can be bothered with the d/load.

--
So much to do, so little bandwidth.
--
Try Mozilla
Slight addition... by 26199 · 2002-11-26 00:54 · Score: 3, Interesting

"Never, ever click 'Yes' to a 'Do you want to download and install?' prompt unless you 100% sure the people who made it are trustworthy," he warns.

More importantly: unless you are 100% sure who made it. This is at least as much of a problem as whether the person you think made it is trustworthy...
Re:IE by BurritoWarrior · 2002-11-26 01:08 · Score: 5, Interesting

My mon doesn't know what .cz is, nor should she have to. Don't blame the users because IE is an insecure piece of junk. That is like saying "it doesn't matter that your car is a deathtrap, just avoid getting into a collision". And IE's insecurity has NOTHING to do with it being popular. It was insecure long before it had any market share.

As an aside, my mom also doesn't know what IE is. To get on "the internet" she click on that "little lizard thing" I set up for her.
Re:How about by DrXym · 2002-11-26 01:10 · Score: 4, Interesting

How can you be careful of where you browse if you've never visited a site before? And even if you have, who's to say that it doesn't run IIS and thanks to the latest MDAC problem or some other vulnerability that it hasn't been hacked and is infecting all its visitors?

Since hackers tend to go after the biggest fish, perhaps a better strategy (applied with other common sense measures), is to protect yourself by going heterogeneous. Pick a perfectly fine alternative browser such as Mozilla, run on a Mac or Linux and throw in a couple of other variables that automated exploits won't work for. It doesn't make you immune from attack but it certainly saves you from the latest exploit du jour. If you think you're safe sticking with IE, you should try taking the Anonymizer.com Snoop Test.

The same strategy applies for email. I reckon I get a macro / mime exploit virus in my inbox once a week, but thanks to the simple fact that I don't even run Outlook, I get a level of built-in protection reaching which so far has been 100%. Moz Mail still has vulnerabilities (every software does), but since it takes security seriously to begin with and is a much smaller target, it is considerably safer (and dare I say better and more usable) than Outlook. Using Outlook or IE is like waving a red flag to a bull.

I wonder how many people Santa will turn into unwitting victims this Christmas when they get a brand new PC with Outlook and IE installed on it.
However... by MtViewGuy · 2002-11-26 01:17 · Score: 3, Interesting

...The folks who write spyware and other programs tracking your Internet access haven't yet discovered Mozilla 1.x and Netscape 7.0 yet. Given that many web browsers need cookies to operate in certain sites, it won't be long before you see spyware running in Mozilla and Netscape 7.0 without you knowing it.

Besides, if you apply all appropriate patches from Windows Update, configure Outlook Express' Security functions NOT to allow downloading of attachments and install McAfee VirusScan 7.x, you can surf the Internet pretty securely with Internet Explorer 6.0 SP1.
Re:Yes, but now the webdesigners will have to foll by Anonymous Coward · 2002-11-26 01:21 · Score: 3, Interesting

Considering the BBCs site doesn't or didn't display right in Netscape how can they recommend avoiding IE?

I forget how many times I've complained about that.
unfortunately.. by zozzi · 2002-11-26 01:37 · Score: 5, Interesting

I reported a compliance bug with a web page whereby the authors used some proprietory tags which are not W3C compliant. I filed the bug under Mozilla too but the official reply was: "It's not a bug, we're following the standard and not accepting propr. tags". Unfortunately, rather than acknowledging their mistake and fixing it (heck I pointed out the line numbers, offered patches and gave them a URL showing these problem tags and a solution on how to fix them) here's their reply:
---
Thank you for your e-mail. In reply to your queries both Mygo and go mobile's website are designed for IE5 and upwards and this is Company policy.
We are aware that not everyone uses IE. However, IE offers certain features which other browsers do not. Using these, we are able to use a greater array of features which allow us to design better interfaces. 84.3 per cent of the internet population uses Internet Explorer. More than 98 percent of the hits on go mobile's website originate from IE.
---
I mailed them again telling them it's nonsense (browsers reporting themselves as being IE etc) and that there are alternatives to make it work for both but surprise surprise! no reply. Bugzilla contains a number of other websites suffering from this condition (inc. Microsoft, no surprises here).
Therefore Mozilla follow standards so page X won't work and page X authors follow market so they won't fix it. What does BBC recommend I do in this case?

--
---
What about the companies behind spyware? by job0 · 2002-11-26 01:38 · Score: 5, Interesting

Unfortunately a lot of people don't actually read the EULA. They just click through until the software is installed. Even if you do read it it's full of dense obscure legal language that mostly doesn't apply to you. Advertising software if implemented correctly can allow developers to make money from their software without requiring the end user to pay.

The problem is it's often not done properly. There are spyware apps like aureate that operate in stealth mode by passing themselves off as Windows system processes and making sure that they don't even show up the task list or binding themselves to winsock so that you delete or uninstall them your Internet connection stops working. Microsoft should be made to fix these holes in IE but I think some pressure should also be applied to the people that write these programs.
IE tested by Mr_Silver · 2002-11-26 03:14 · Score: 4, Interesting

If you think you're safe sticking with IE, you should try taking the Anonymizer.com Snoop Test.
I did. With IE. Here is what happened:
1. Your IP address
It picked up my IP address. Fair enough. I'm not running through an anonymous proxy.
2. Hidden tracking files (cookies)
It couldn't list any of my cookies.
3. Exposed Clipboard
This was a little scary. It picked up what was in my clipboard and displayed it.
4. Hack and Exploit Vulnerability
Sophos immediately popped up a message telling me it had detected 'Troj/Codebase-A' in my temporary internet files. A window appeared with some HTML telling me that file:///c:/winnt/win.ini had moved. But nothing else.
I couldn't open the click here links, the links below that didn't work and MSN wasn't giving out my contacts.
5. Browser and Operating System
Big deal. It got them from the HTTP_USERAGENT. I'm not totally paranoid - I don't mind people knowing what browser I use.
6. Geographical location
Middlesex, England, GBR. Well, 2 out of 3 isn't bad but not exactly something to get worried about. Wonder why it thought Middlesex though?
7. Your network
This took the piss. It's just a traceroute from them to the IP address that they determined in the first test. It's not much of a big deal.
I run Internet Explorer 5.50.4919.2200. Sure, I don't doubt that IE has it's problems - but the stuff that Anonymiser is shreaking about is generally not that big a deal and flagged only so they can sell their products.
(mind you the clipboard one was a little spooky)

--
Avantslash - View Slashdot cleanly on your mobile phone.
That's not the problem with Windows by Anonymous+Brave+Guy · 2002-11-26 11:47 · Score: 3, Interesting

The problem with Windows isn't single-user mode, it's the fact that it's vastly over-spec'd and everything is on by default.

If e-mail readers just read text messages and let you write them back, and web browsers just displayed HTML instead of automagically downloading and installing stuff, and you didn't default to running with any TCP/IP port you like available, and so on, then any single-user OS could still be secure.

The problem is the way power has spread without adequate control. They invented ActiveX, based it around a non-secure model, and then let web browsers use it, instead of just rendering HTML. Then they made the e-mail client accept HTML mails, using the same rendering engine, so now someone just has to send you a mail, rather than you actively visiting a site. They gave the e-mail client a preview pane, and switched it on by default, so now the software has a chance to do its damage not only if I actively do something like visit a particular web site, but even if I fail to actively switch it off.

The same story happens all over the place in Windows, and is behind nearly major security cock-up out of Redmond in the last several years. You'd think they'd have learned, but then they'd have had to unbundle IE.

--
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.