Slashdot Mirror
BBC says "Avoid Explorer"
twitter writes "Citing security flaws that lead to ads and spys on Microsoft infested computers the BBC in this article recomends avoiding Internet Explorer." Ain't it the truth? Mostly its about adware & spyware and other wretched bits of software that make the internet suck a little
more each day.
Phoenix and it fookin rocks.
They should recommend avoiding Windows if their problem is security.
BTW, being Explorer unseparable from Windows, avoiding Explorer is avoiding Windows. Am I right, Bill?
It would be one step in the right direction...
Still too many webdesigners want to make sites that look flashy and work only in Explorer...
They never figured out they can make the same stuff work in many browsers if they would only try and learn something about web design itself instead of designer tools...
So till that's solved a lot of people will use Explorer because their favorite site is badly designed.
Working as a web developer I know that getting users to update their browsers is hard, let alone switch browser alltogether...
Unfortunately I doubt the problem as a whole can be solved by switching browsers. Rather I'd see stricter legislation tackle privacy issues.
.: Max Romantschuk
its a known fact. They're also trying to do with the customer's knowledge with messenger version 5. hell.. users are calling it a "downgrade". when is microsoft gonna learn that its all about empowering the user... not crippling him i don't say their products aren't good.. after all u can;t survive with 100% marketing, 0% product. what are they gonna lose if they declare Internet Explorer as an open source project? They aren't selling it as a seperate product anyways
|/________
|\A|ALYS|
Well, no it isn't actually. The BBC is reporting what Mr Clover said. Not at all the same thing as "the BBC recommends".
Sigh.
instead of abandoning IE, which is a decent web browser, be careful (not paranoid, but like anyone who's been on /. for more than ...5 minutes won't click on a goatse.cx link) about where you actually browse.
Looking for people to chat about multicopters, coding, music. skype: gtsiros
Subject says it all. Get it here.
Wasnt there a story about the bbc website using spyware to see what you were looking at on slashdot recently.
epicstruggle
"Im drowning here, and you're describing the water!"
"Avoid the BBC"
Rubbish. The Internet is getting better everyday. Pop-ups are becoming less common (especially using Moz), businesses are using better business models and delivering things on time, email filters are working more effectively, and the world is speeding towards most home users having broadband (and therefore more sites providing more content).
Life is good as a netizen.
--------
where is the beef? its mouldy at the bottom of the fridge. mmmmmmmmm beef mould
And although you can't really remove Explorer from windows, as long as you don't use it and have another browser as default, it can't be opened without user intervention or having certain software installed (like spyware).
And yes, with all the security flaws that are known (or unknown) in Explorer, I can't recommend it to anyone who values privacy and stability.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
The easiest way to avoid parasite programs, he says, is to stop using Internet Explorer because it is targeted by many of the adware and spyware companies.
I've never ran accross a site that "forced" its software on me. I've ran accross "gator" a few times which tries to install without my permission, but I still have to hit OK. This article has a hint of FUD.
As with anything, if people used common sense probably 95% of problems could be avoided. By common sense I mean NOT going to suspicious sites (you can usually tell by the URL.. something that has "geocities" or ends with ".cz" is probably going to be more dangerous than amazon.com for instance). Let's face it, there is always going to be some security holes in the most popular and widely used browser. Even if that browser ever becomes Mozilla (which I doubt will happen any time soon- I run Mozilla but speed wise it just doesn't compare with IE).
Unfortunately, we can't rely on common sense because it really isn't all that common. It would be nice to have a "sandbox browser setting" for people who don't trust themselves to practice safe browsing. Here's an idea- they could click on a little icon of ralph wiggam playing in his sandbox (remember, he doesn't go into the deep end). This automatically forces the most stringent security settings (disabling activeX, scripting, etc.) and double prompts each time you go to download something "Are you sure? Are you really sure?". This probably wouldn't be too hard to add to IE.
"Never, ever click 'Yes' to a 'Do you want to download and install?' prompt unless you 100% sure the people who made it are trustworthy," he warns.
More importantly: unless you are 100% sure who made it. This is at least as much of a problem as whether the person you think made it is trustworthy...
Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?
And as far as IIS goes, Apache hasn't had a spotless security record.
Some people decide they'll be on the safe side by "Condoming Up" and turning security all the way up.
But when they get rashes of popup ads, and sore security holes, they realize that IE is a tired lay that not only lacks the finesse and technique of younger variants, but leaves you wanting your money back.
Even though you didn't pay anything... Bastards. You just wanted to surf the net with IE, and BANG!!! Next thing you know you have a Windows infection.
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
The BBC isn't actually saying to avoid explorer, it's the Mr. Clover they interviewed. There is a differance, you know ...
---
"The chances of a demonic possession spreading are remote -- relax."
I understand that this security/usability patch will correct virtually all the problems with IE to which the BBS objects. Of course, it's a pretty complete patch...
Are we calling for a return to Lynx? Or should we grow up and learn to live peacefully?
So people stop using IE, then another browser (say, opera) takes over as the dominant browser, so spy/adware starts to be targetted at opera users.
Do we then avoid opera?
The problem is that there are morons out there developing spy / ad / malware, not which browser someone happens to use.
Sometimes they come attached to software you download from the web - the details are often included in the license agreement small print that most users click through without reading.
Which means you caused the problem not IE or windows.
And sometimes they don't even need your permission to download, but just hop on your hard drive, totally unannounced, because you are browsing the wrong webpage.
Too bad they don't go into more detail here about whether this is a general issue with malicious websites for most browsers, or actually expoloiting some hole in IE.
A few companies are now exploiting holes in Windows messenger to sneak adverts on to the screens of unsuspecting users.
Windows messenger _IS NOT_ part of IE. It is a seperate component that is unfortunatly automatically turned on. I do wish MS was better about what services were on by default, though I usually go in and turn off most services when I install windows, which I recommend. This is not a "hole" in the sense of a bug though, you _CAN_ turn it off.
While this article may have some basis, it really seems to be pointing at user stupidity. Don't browse some site, Read the EULA's and don't just click OK on a popup.
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
I remember back when I was in school. No one but academics and a few others had ever really heard of the internet.
Then I remember reading an article about some BBSes that were offering internet access via some sort of gateway technology. At first I thought this was a grand idea, and wanted in on it, mainly because I was no longer at school, and wanted to be able to email friends still in school and use usenet and gopher.
Mosaic had just hit the emerged as a fledgling proof of concept, and as I read more about the internet in even the trade press, I started to get that quezzy feeling that you get everytime something good comes to an end.
I knew it was all over for the internet when my roommate came home and told me all about this great new technology called the internet, and how it was the latest craze.
I wasn't around for the dawn of the internet, but I wonder when it started to suck, the first real indication it was going to become some commercialized, overused, underutilized resource for the masses.
I also, coincidently, remember the first person to show me mosaic, that barely stayed running (early, early version). He was sitting in my dorm room, so excited, telling me how he was going to make money designing these sites. "How is this any better than Gopher?" was my foolish question.
Cheers,
Ian
Whole article: -1 (Common Sense)
-braxton
Oh boy, the MS FUD team is working hard this morning. It is not a decent web browser. The only reason most people use it is because of Microsoft's absuse of monopoly power. IE is a rather poor browser, for many reasons including the fact that it doesn't really browse the web. It is primary geared towards mark-up that Microsoft created without public review on the process. Therefore, not Web. As for people who want to browse the Web, they should get a browser that adheres to Web standards. You'll find Opera and Mozilla to be excellent choices on virtually any platform.
... ...
Aside from that, IE is chock full of rendering errors on even simple elements, has very poor JavaScript, comes bundled with 8-year-old Java technology, is loaded with security holes, has nothing by the way of tabbed browsing, no built-in pop-up blocking, a horrid caching mechanism, slow as hell and hogs memory,
Why bother.
OBTW - this was on NS7, not IE...
It is good to see that more and more major parties are realizing the serious problems with certain MicroSoft software. It's buggy, so it should be fixed. There are serious bugs, so they should be fixed ASAP. MicroSoft is known to not always do this. Worse, many MicroSoft programs have bugs with serious security implications, and your average luser doesn't know, much less care about those. This is a real threat to everything on the Internet.
However, I can't help but wonder who's next. MicroSoft operating systems are unsurpassed in the number of virii they support, and MicroSoft's software has traditionally been qualitatively inferior to competing products in many cases. However, this does not mean that this is a MicroSoft-only issue. I know that MicroSoft's Windows, Internet Explorer, Office, and the whole ActiveX system are full of holes, but how do they compare to, say, the GNU system, Linux, Xfree86, Mozilla, Koffice, and Java? Many of those seem to be more securely designed, but I don't think any of them have had the extensive testing from crackers that MicroSoft's products have. How can we recommend avoiding one product, if we don't have a better alternative?
Please correct me if I got my facts wrong.
...The folks who write spyware and other programs tracking your Internet access haven't yet discovered Mozilla 1.x and Netscape 7.0 yet. Given that many web browsers need cookies to operate in certain sites, it won't be long before you see spyware running in Mozilla and Netscape 7.0 without you knowing it.
Besides, if you apply all appropriate patches from Windows Update, configure Outlook Express' Security functions NOT to allow downloading of attachments and install McAfee VirusScan 7.x, you can surf the Internet pretty securely with Internet Explorer 6.0 SP1.
Listen, a lot of people on this site and some IT old-timers are about the only people that are not using IE unfortunately.
_ __
The vast majority of people are stuck with Windows and IE because that is what comes on their $999 box they bought from Best Buy and all the warnings in the world will not change that.
If AOL had the balls to use their own freakin' browser instead of IE then maybe the web designers would wake up after being hit with that clue-by-four. Until then...IE will be dominant.
_______________________________________________
ACK
Considering the BBCs site doesn't or didn't display right in Netscape how can they recommend avoiding IE?
I forget how many times I've complained about that.
Then, you install Phoenix or Opera, or whatever you want and be all happy.
Dawn of the Dead
I fail to see what Internet Explorer has to do with the latest rash of Messenger Service spam coming in from the Internet. Instead, it is just a general Windows problem that will affect you no matter which browser you use. The only solutions are to disable the messenger service and/or block incoming connections to udp/tcp 135, 137, 139, and 445. I think that even XP has this service turned on by default if you have a network adapter. But, maybe I am way off base and they are talking about some other kind of spam??
which is why you should use mozilla (1.2 latest (pre-release) works fine for me), and not netscape.
NS6/7 is just mozilla with AOL crap attached to it and the "disable popups" pref removed - 'cos AOL doesn't like its lusers to be able to turn off popups.
and rightfully so.
Active X was pegged from the start as the dangerious hole that it is, and now IE is so tied in with the base OS that people like my mother are screwed over time and time again by these people and programs[1].
MS in make our lives so much easier has forgotten that not everyone is altruistic as they are. Or maybe everyone is....
[1]Don't say give her Linux. Trust me, if I could I would have already, just not practial for her or me.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
The thing is, Explorer's no "worse" than anything else out there. It's just incredibly more popular, and not just because it comes with Windows, as IE is the leader on the Mac as well. It's the same phenomenon we see with Windows virii: people who write spyware and virii target the most popular platforms. If >90% of Internet users ran Mozilla then we'd see the same things written for that browser. It's not due to any special vulnerability in the browser. Getting people to switch to something else is only a temporary solution, a band-aid that doesn't treat the underlying illness. The BBC should instead be educating people as to what is safe web behavior, as that transcends issues of operating system and browser.
Karma: Good (despite my invention of the Karma: sig)
Some time ago there was a story about the IE only UK government gateway size. Fortunately, this is no longer the case.
---
Thank you for your e-mail. In reply to your queries both Mygo and go mobile's website are designed for IE5 and upwards and this is Company policy.
We are aware that not everyone uses IE. However, IE offers certain features which other browsers do not. Using these, we are able to use a greater array of features which allow us to design better interfaces. 84.3 per cent of the internet population uses Internet Explorer. More than 98 percent of the hits on go mobile's website originate from IE.
---
I mailed them again telling them it's nonsense (browsers reporting themselves as being IE etc) and that there are alternatives to make it work for both but surprise surprise! no reply. Bugzilla contains a number of other websites suffering from this condition (inc. Microsoft, no surprises here).
Therefore Mozilla follow standards so page X won't work and page X authors follow market so they won't fix it. What does BBC recommend I do in this case?
---
Unfortunately a lot of people don't actually read the EULA. They just click through until the software is installed. Even if you do read it it's full of dense obscure legal language that mostly doesn't apply to you. Advertising software if implemented correctly can allow developers to make money from their software without requiring the end user to pay.
The problem is it's often not done properly. There are spyware apps like aureate that operate in stealth mode by passing themselves off as Windows system processes and making sure that they don't even show up the task list or binding themselves to winsock so that you delete or uninstall them your Internet connection stops working. Microsoft should be made to fix these holes in IE but I think some pressure should also be applied to the people that write these programs.
Not only does MS 'phone home' with your private information, it is arrogant in the extreme to declare in its EULAs that they, NOT you, should determine what should or should not be on your own PC and IF you want to patch a security hole in media player 6.4 you have to agree to such nonsense.
It's no wonder WinXX users are abandoning MS emass in favor of true security and freedom from oppressive EULAs and license fees.
Running with Linux for over 20 years!
Criticising the BBCs use of Real is actually bad for their use of Ogg. Within the BBC, using Real is a 'Not Microsoft' option. They don't want to be forced to use WM[A|V] and all the Microsoft streaming software. Management feel more comfortable with a commercial offering at the moment. If it comes to their attention that there are many complaints about Real, they will try to replace it with Microsoft. Ogg needs to prove itself alongside Real first.
For anyone who remembers, the internet used to be about content and freedom of information. Now it is about serving up some ads for wallstreet. The hope for an uncluttered, uncommercial internet is more than likely lost forever.
The internet is a big enough place -- I can avoid (much like a pretty girl with a bad sexual disease) any site that is to ignorant to ensure that it functions with the latest versions of all major browsers.
If only 10% of the people used browsers other than IE -- could you imagine a storefront locking out that many "perspective" customers? (And if they do -- well then they are to ignorant to deserve survival.)
(+1 Funny) only if I laugh out loud.
Still too many webdesigners want to make sites that look flashy and work only in Explorer...
I know a lot of people say this, but is it actually true. I use both Mozilla and IE and very rarely notice any differences.
It works in Opera, at least for me on windows. TBH theres not much point having that ticker anyway since the entire page is full of news ;-)
The rest of the page/site works in every browser i've tried.
no sig.
It's a case of "if it aint broke, don't fix it". From Joe's point of view, it isn't broke - so he won't do anything about it. He's not experienced all this stuff that people talk about, so why change?
Until something nasty comes along, wipes his "My Documents" folder and then totals his operating system - he'll happily use Internet Explorer.
People don't protect their home until they've been burgled, the don't protect their car until it's been stolen. It's all reactive - not proactive.
Until these 1001 security issues stop becoming potential exploits and become actual exploits hitting hundreds and thousands of users a day - then no-one is going to change.
(disclaimer: I know Code Red could be put into this category, but then again, it didn't wipe anyones personal files did it?)
(another disclaimer: This is a combination of mine and other comments from my original thread here ... ignoring the AC who obviously didn't get my point)
Avantslash - View Slashdot cleanly on your mobile phone.
As long as Internet Exploder is the ONLY browser to come with that shiney new PC everyones getting, then recommending that people DON'T use it is a total waste of time. People look at the prospect of tying up their modem for a 8-10MB file, and they basically think 'It won't effect me'.
I have enough trouble convincing my Mom and sister to update their AV software weekly, and that's only a few hundred kbytes.
-- You can't idiot-proof anything, because they're always coming out with better idiots.
Considering the BBCs site doesn't or didn't display right in Netscape how can they recommend avoiding IE?
If you're using NS4 then personally I believe you should expect problems. I'm all for cross-browser compliance, but there really is no reason to be using a 5-6 year old browser with substandard (to put it mildly) CSS support.
I design for standards compliant browsers, NS4 is not, therefore visitors who insist upon using this take their chances. Even Redhat have removed it now, which is a good thing - if only Netscape would remove the download link...
Code, Hardware, stuff like that.
I'm using mozilla with the internet explorer skin. It works great, though there's a little hack you have to do to get the home button back into the main toolbar.
:-).
Mozilla is a better browser than i.e. in a lot of ways (tabs, standards compliance, etc.), but the big one for me is that i.e. is essentially an ad delivery systerm. So there's not much we can do to selectively block cookies, or graphics from specific servers, or pop-ups, etc. And I don't like the prospect of being at the mercy of unscrupulous companies who wish to make changes without my knowledge or consent. (Actually, what I'd really like is a way to get rid of i.e. entirely on w2k/xp.)
That explains mozilla, but why the i.e. skin? Well, the default mozilla skins are not exactly beautiful. And my wife is highly resistant to change of any kind when it comes to her computer, and with the i.e. skin I was able to switch her w2k machine to mozilla without even a word of protest. Of course, at this point she's so used to tabbed browsing and the pop-up blocker that she wouldn't switch back anyway. And me, I don't have to worry about some exploit using i.e. to take her computer down.
Actually, I even use the i.e. skin on my linux box. Just for the perverse fun of it, I guess. I also have a nice wallpaper from w2k of a diver against a blue sky. It's very spiffy, though naturally I GIMPed out the little windows logo first
Hmmm, that's an expert opinion and it was strong. The author, Mark Ward, quoted Mr. Clover as a computer expert, someone who knows what they are talking about. The overall opinion was that Windoze was an easy to take over piece of junk and IE should be avoided. Note the lack of comforting words from M$ shills and other whores who would simply blame the user. The article concludes:
Fears about adware and spyware are not just for privacy fetishists and cyber-libertarians. Much of this surreptitious software is badly written and can crash your computer, others simply slow down your machine and make web use a chore. But the real danger is the fact that many of the loopholes in Windows that these programs exploit are being increasingly used by virus writers. If you do nothing to close these holes then one day you may lose much more than information about your online habits.
Can there be a stronger general denunciation than that? It ammounts to, "keep using this slow painful junk with and you will lose your work." That's an amazing article to see in the mainstream press.
Friends don't help friends install M$ junk.
Actually, if you want to ensure you're being safe, you have to educate yourself. This goes with all things in life, not just computers. Expecting someone to do the work for you leaves you open to exploitation. I absolutely abhor this attitude:
"I don't know much about computers, but I don't want to get a virus or have something bad happen to me, EVER. And if something does, well, it's YOUR fault, because you didn't make it safe enough."
Tough shit. Anyone who's been using computers since before the 90's usually has an inherit, built-in mistrust of them. They've dealt with system crashes, computer viruses, and the like, and know the reality is that you're dealing with a very complicated machine, and there are a hundred things that could go wrong at any moment. It's this new-fangled entitlement that the Internet-age has brought upon us that really pisses me off. Entitlement without responsibility.
To use your analogy, if your Mom never learned how to drive, or was a bad driver, she should probably avoid roads at the very least, avoiding cars altogether might be better. Yes, Internet Explorer has loads of security holes. And some cars are more dangerous than others. Not everyone on the road is your friend. Make system backups. At least we have that luxury in the computer world.
........unless you behind a proxy that uses windows authentication.
.net authentication.
You'll have the safest browser possible, since it won't be able to connect through the proxy server.
The bug's only been in mozilla for ohh 3 years, lets hope m$ doesn't make
thank God the internet isn't a human right.
I'll tell you what happened: nothing. Lazy Web designers have always been so concerned with making a site look "just right", that they need to use some little trick that only works in one browser or another... then to make the site look "just right" in some other browser requires a whole lot of replacement markup and probably a some swapping javascript, if not a completely different set of pages.
I'm even lazier. I could care less about "just right". I use style sheets, my site looks fine in Lynx. Admittedly, I am not using lots of sliced up graphics and javascript, but that's because I am not very sophisticated: I code by hand.
Personally, I think designers should make up their minds and either use Flash for complete presentation control or style sheets and vanilla (X)HTML to reach as wide an audience as possible. All the crap I see in "View/Source" makes me cringe.
I've got a bad attitude and karma to burn. Go ahead. Mod me down.
Anything from Mozilla.org. Just find one that makes you feel warm and fuzzy, hug it and squeeze it and call it George.
Personally, I like Phoenix.
It would be nice to have a "sandbox browser setting" for people who don't trust themselves to practice safe browsing.
It's not that origninal a wish but it's competing with other wishes. I'm sure that you, like M$, know about the java "sandbox" concept and unprivalidged user accounts and all that. The problem is that M$ intends not follow good design practices so that they can sell your desktop as advertising real estate. That's why IE and Outlook run as root and the new M$ EULAs all demand that M$ be alowed to view the contents of your computer and put whatever they please there. That's why M$ worms are so easy to write and cost the rest of us so much money in workarounds, "security" patches, and what not that never works. That's why the BBC author recomends avoiding IE and hints at all of the above.
Friends don't help friends install M$ junk.
Your suggestion is ludicrous, "be careful where you browse"?
That is NOT a solution. People can't be careful where they browse because of the nature of how the web works. Suppose you are doing some research on something obscure, so you are googling along trying to find info on it. How the fuck are you to know whether you should trust any of the sites linked to by google? You can't! Your browser simply has to be secure and not do things it shouldn't do.
Duh!
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I've been building pcs for many people on the side, and here's the biggest complaint i get when i try to push mozilla on them:
"Why doesn't the back button on my intellimouse work with it? It works with explorer."
And just like that, 20 or 30 people have turned off mozilla for just THAT reason. To them, it's just some browser that takes longer to load, puts an icon in the taskbar, and in which the back and forward buttons don't work. And it's no use trying to convince them of all the benefits.
BBC actually only quotes a guy who says don't use IE. There's a slight difference.
Don't get me wrong though, IE sucks. I only use it from work to read books on safari.oreilly.com. Believe it or not their site doesn't render correctly in Mozilla. I've emailed them and they say that they're working on it, so hopefully it won't be long.
My Karma was at 49, then they switched to words. All that work for nothing!
I did. With IE. Here is what happened:
1. Your IP address
It picked up my IP address. Fair enough. I'm not running through an anonymous proxy.
2. Hidden tracking files (cookies)
It couldn't list any of my cookies.
3. Exposed Clipboard
This was a little scary. It picked up what was in my clipboard and displayed it.
4. Hack and Exploit Vulnerability
Sophos immediately popped up a message telling me it had detected 'Troj/Codebase-A' in my temporary internet files. A window appeared with some HTML telling me that file:///c:/winnt/win.ini had moved. But nothing else.
I couldn't open the click here links, the links below that didn't work and MSN wasn't giving out my contacts.
5. Browser and Operating System
Big deal. It got them from the HTTP_USERAGENT. I'm not totally paranoid - I don't mind people knowing what browser I use.
6. Geographical location
Middlesex, England, GBR. Well, 2 out of 3 isn't bad but not exactly something to get worried about. Wonder why it thought Middlesex though?
7. Your network
This took the piss. It's just a traceroute from them to the IP address that they determined in the first test. It's not much of a big deal.
I run Internet Explorer 5.50.4919.2200. Sure, I don't doubt that IE has it's problems - but the stuff that Anonymiser is shreaking about is generally not that big a deal and flagged only so they can sell their products.
(mind you the clipboard one was a little spooky)
Avantslash - View Slashdot cleanly on your mobile phone.
biological systems point the way here...monoculture, not morons, is the problem
monoculture of any crop (be it corn, pigs, or internet browsers) leads to a situation in which disease can easily propagate across the entire population.
One of the fundamental principles of organic farming is to cultivate a genetically diverse population, thereby limiting the scope and potential damage of any particular disease vector. Consumers of software would be well advised to practice the same concept
I know it's offtopic, and that seems silly to ask and all, but I'm actually being quite serious. :) I see the term used and I was wondering what it means.
Thanks in advance!
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
That's how I've always seen it used...
Your monitor is staring at you.
Let's say everyone stops using IE and starts using another browser. What do you think the bad guys are going to do, find another hobby? No, they'll target that browser. Just as nobody burglarizes an empty house, no one targets a browser with miniscule market share. Increasing the market share of another browser will just turn attention to that browser.
The other question is this: is IE inherently insecure? More than Lynx, yes. But users want features (yes, it's true...not all the bells and whistles in a "modern" browser are forced upon us) and features add complexity which increases the potential for holes.
For true security, just telnet to port 80.
If opera is crashing, try (if you're not already) the statically linked qt version. Stability problems are often caused by interactions between the installed qt on your machine and the one that opera was compiled against. The statically linked one does not suffer from this problem. If you are using the statically linked version, then I got nothin' for ya.
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
I've been a web developer and designer for over 5 years, and I code and test for nothing but Internet Explorer. To code for other browsers as well would take at least 2-3 times as long. My clients generally are willing to accept the tradeoff that 1% of the web population will be unable to see their site, and most of those users are using IE3.
It's simply a matter of maximizing their investment.
$50k for 99% of the users
$100k for 99.7% of the users
You pick.
It's the quoted opinion of the interviewee, not that of the corporation.
Especially when there are still quite a few bugs preventing Mozilla from loading BBC web sites properly.
Will I retire or break 10K?
I was, like, starting to read the article using Internet Explorer. And then my computer went like beep, beep, beep. And then I got redirected to msn.com. Seemed like a really good article. Bummer.
That's a very bold statement.
Mozilla, the big one
Phoenix, it's smaller brother
K-Meleon, the smallest of them all
Mozilla comes with nice mail program too.
J.
I wonder if it could be possible to write a spyware in XUL? Just build a sidebar applet that stays hidden, perhaps? I actually have no idea, but could XUL be just as bad security breach as ActiveX? (Or whatever it is called this week)
J.
You did the right thing for a first step, but you didn't say if you left the service or not.
I don't know what "Mygo" is, but I assume it is some kind of wireless content provider (too lazy to Google). Regardless, if there is an alternative service, quit Mygo (and make sure you contact them to let them know you did and why). Even if there is not an alternative, quit anyways and sign up again if you can. The statistic that someone quit because of their web page will still be there.
Sure, you are a drop in the bucket, but the bucket doesn't have to be very big to get a company's attention. An upper-level management guy is probably responsible for tracking the reasons for people leaving their service. Even a few can probably get him thinking that maybe "Company Policy" needs to be changed.
The guy who responded to you is a low-level support guy who probably knows that it wouldn't be that hard to standards-compliant with their site. But he/she has been told "we don't lose any money by being IE-only (assumption), supporting other browsers would cost more (fact), so we are IE-only!" Only by proving that it *is* costing them money will they change.
Look at the tomato! Isn't it sad? He can't dance! Poor tomato!
Avoid Internet Explorer because people are targeting it. Use something else because it's more obscure.
Now tell me. Does that make sense? Are you actually safe, or do you just feel safe?
Of course, most of them were fixed before the article on The Register was even written.
Mozilla, fast, standard complient, per site image blocking, pop-up blocker, per site cookie blocker, tabbed browsing, what more could you want? (oh yeah its themeable too, make it look like IE even).
The Anti-Blog
Lots of people have access to the Windows source code, albeit under non-disclosure. See the various licenses at http://www.microsoft.com/licensing/sharedsource/
/. seems to be filled with people that LOVE to bash Microsoft and harp on how *nix and it supporting software is so much more secure. What you fail to take into account is that these &^%$^#$ writing ad-ware and spy-ware are going to target the community with the largest user base. Are you surprised to hear that it is Microsoft??? Hence the largest amount of time in the hacker community is spent on Windows, Explorer and Office. If even HALF the amount of time was spent on hacks for your beloved *nix systems and supporting software that is spent hacking MS your glass walls would come crashing down because MAJOR security holes would be found and exploited. I need only point to recent hacks in Apache.... So BEWARE your tower is not quite as secure as you think it is. You are simply being ignored.
This article basically says to avoid spyware and adware in general. No shit. This isn't news.
They recommended that you don't use IE because that's what most of this nasty software is targeting, not because it's a buggy piece of MS shit. It stands to reason that the most popular browser is going to attract the most amount of attacks. Again. No shit. This isn't news.
Enough of the anti-MS propaganda, it's truly getting ridiculous.
...who are intentionally using spyware on their web site.
vk.
Internet Explorer for Mac OS X (and Mac OS 9) doesn't suffer from the same problems as its Windows counterpart since it's not an "integrated" component of the OS; it's just an app. Doesn't mean it's not crap, sometimes.
Many Windows technologies that cause the vulnerabilities in IE/Windows are very limited or don't exist with IE/Mac. In particular, ActiveX control support is there, but appears mostly broken. Java support is strongest in this browser (it seems), but many Java pages don't render things properly since MS doesn't appear to tie their browser properly in OS X's strong Java implementation (1.3.1).
IE/Mac is just as annoying with pop-ups, but that's why I use OmniWeb, where I can disable JavaScript that generates pop-ups with one preference settings.
IE is still the most compatible browser, but only because many webmasters are drones to Microsoft's web tools--and shouldn't be. The pages they create work best--and in some cases, ONLY--with IE.
Vos teneo officium eram periculosus ut vos recipero is.
I wonder about the accuracy of those numbers. I run Linux at home, and a Windows/Linux mix at work, on about six machines, but all of them run Mozilla, which reports itself as IE6 on WinXP. Even the P133 with Win98 and IE4.x(?) because I spoof the user agent string with Proximitron. (Mainly because of idiot web designers like you're replying to.)
How accurate are these numbers really likely to be?
... to say "all browsers have bugs! Therefore IE is no worse than other browsers!"
People seem to keep chanting that like a mantra. That's as stupid as saying "some old grannys are murderers, so young men are no more dangerous than old grannys!"
Once the warm feeling of tolerence and equality has worn off, you gain nothing. Oh well, all browsers are equally insecure, so I'll just use any old browser. Which is stupid; clearly IE is more insecure. It has more bugs and more security holes. Saying warm fuzzy sounding things gives you no tools for choosing which browser to use.
Why is it most people confuse Internet with web? The www is simply one facet of the Internet even though most folks only use the www and email but even so, the dstinction still should be recognised or the Internet *will* stagnate as feared.
Resistance is futile. Reactance buggers it up.
Better yet, Mozilla ought to use the text in the ALT attribute. At least in the context of an IMG element, the TITLE attribute is redundant. Since ALT is required for IMG elements anyway, why would you use <img width=80 height=60 src="foo.png" alt="foo" title="foo"> when <img width=80 height=60 src="foo.png" alt="foo"> conveys the same information?
(I was wondering where the tooltips for the icons at the top of every /. page had gone. Mozilla must be the only browser that doesn't render ALT attributes as tooltips.)
20 January 2017: the End of an Error.
Actually, what I'd really like is a way to get rid of i.e. entirely
Nice.
So you'll basically never be able to update that box then?
Update your machines, people!
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
Unix have firewalls to prevent programs getting into the system.
Windows have firewalls to prevent programs getting out of the system.
Ciryon
This got me thinking... It should be quite easy to program a small process to query the system, get the names of the services you're running and then, with a cron job, visit predefined security sites, grep them for mentions of said services and warn you when a new vulnerability you may have is discovered (when a service you have running is mentioned on the front page of a site). Perhaps make an html page with links to the news articles that mention the service. There may be something out there that does this... I'll search for it, and if there isn't I will program something myself.
--
Overcaffeinated. Angry geeks.
LRC, the best-read libertarian site on the web
I do not trust Microsoft to use Windows Update responsibly. Neither should you. They have a nasty habit of bundling critical security updates with invasive software such as the DRM system built into Media Player 9, and/or demanding the right to root access to your computer, such as the EULA in w2k sp3. Personally I think coercing people in this way should be against the law. Hell, it probably is. Not that that ever stops Microsoft.
Soon they'll kill off manual updates altogether to protect this channel into peoples' computers. Anyone who finds this as disagreeable as I do is encouraged to investigate linux. It has undergone massive improvements in the last couple of years and it rapidly becoming a viable alternative for most ordinary computer users.
I agree with you completely. I'm not a commercial web designer and I have no intention of becoming one specifically for the reason that I don't like sacrificing good design for crappy products.
I have designed a couple of websites for voluntary organisations, though, and they both degrade nicely to Netscape 4. Although NS4 has horrendous CSS support, I found that one of the many NS4 bugs causes it to ignore style sheets if several different media are specified. eg.
<link rel="stylesheet" type="text/css" media="screen,print" href="stylesheet.css"A real problem with this article is that is says "avoid IE" but doesn't give an alternative. I know to use Mozilla (and am in fact doing so right now), but many people reading this article are going to wonder what the alternatives are (of course many people are going to think they are ok because they use "Windows" to access the internet, and "not IE, whatever that is"). Without presenting the safer alternatives, most people who read this are going to go "oh well, I'm not going to stop going to eBay, so I'm going to have to continue using IE".
-no broken link
besides the obvious and very effective ability to block unrequested windows, you can add your own css to all the pages you view.
u bleclick."] *,
[ width="468"][height="60"]," 600"] /* i find this a bit much, but someone might like it.
8 "]:hover,d th="120"][height="600"]:hover
l ay: none !important;
/home/john/.mozilla/default/9zo2x54t.slt/chrome
:)
This is great as it allows you to make a banner add blocker.
This is what i use(i didn't come up with it but i can't remember who did so i can't give them credit for it, even though they deserve some):
create a txt file call it userContent.css
add the following to it:
[src*="ads."], [src*="ads/"],
[src*="doubleclick"],
[href*="do
[href*="rd.yahoo.com"] [src*="yimg.com"],
[width="60"][height="468"],
[width="120"][height=
{
-moz-outline: medium dotted red;
-moz-opacity: 10%;
}
[src*="ads."]:hover, [src*="ads/"]:hover,
[src*="doubleclick"]:hover,
[href*=".doubleclick."] *:hover,
[href*="rd.yahoo.com"] [src*="yimg.com"]:hover,
[width="60"][height="46
[width="468"][height="60"]:hover,
[wi
{
-moz-outline: medium dashed red;
-moz-opacity: 100%;
}
*/
[type="application/x-shockwave-flash"]
{
disp
}
Ok this should make your browsing more enjoyable.
place the userContent.css into you user chrome directory.
for linux it will be in your home directory, on my system(obviously yours will vary for the username etc..)
for windows(sucks to be you
It will be in your windows\profiles\i_forget_the_path\chrome directory.
It's incredibly popular because of windows. It's the leader on the mac because it's the leader on windows, which is what the majority of web surfers use.
Yes, people who want to exploit things target the most popular platforms.
It helps to realise that looking at things in a purely technical sense is quite meaningless in reality.
Even if Outlook & Outlook Express have the same number of security problems as less popular mail clients, that doesn't change the fact that there is far less risk in using something less popular.
IE is a risk. Using Opera instead, FOR NOW, negates a lot of that risk. IF everyone used Opera, yeah, we'd be in the same boat... but we aren't.
There *is* a difference. ALT tags are a boon to making websites ready for Lynx and text-only browsers for the disabled. So if you have a graphic button that says "Home", consider these two variants:
<img src="home.png" width="100" height="20" border="0" alt="This button takes you to the homepage">
and
<img src="home.png" width="100" height="20" border="0" alt="Home">
and
<img src="home.png" width="100" height="20" border="0" alt="Home" title="This button takes you to the homepage">
The first tag (which is what you suggest) would be a little awkward in a text browser, since "This button takes you to the homepage" would show up (when "Home" would do).
The second would look idiotic in Mozilla, since the tooltip would just say "Home" (well, duh), but it would work in Lynx and other text browsers.
The third is ideal, because everyone gets what they need -- Mozilla's tooltip would say "This button takes you to the homepage", but the text browsers see just "Home".
Cheers,
Ethelred
Everyone wants to be Ethelred. Even I want to be Ethelred.
Anyway, the worst Mozilla has contained security-wise so far is DoS. Sure it should be fixed, but there is not really a danger. The worst thing that could happen is a crash.
Internet Explorer, on the other hand continues to feature real bad security holes that let an attacker run code and take over the machine.
Just imagine a Code-Red like Virus that inserts malicious code on webservers to also take over IE-using clients....
I have a weird problem with Mozilla on my home machine that no one has been able to give me a reason for. I've installed and uninstalled it a few times just to make sure nothing broke during the install (everything looked smooth) and whenever I start Mozilla or Mozilla mail half of the buttoms are blurred over, the address bar is a bunch of rainbow colored lines, the screen for it doesn't redraw properly... It's crazy broken.
Other browsers work ok (Except that with Opera all of the text is broken, odd sizing that doesn't work on most websites and continually breaks things) and Mozilla mail has the same set of problems as the browser. It works fine on my box at work which is the exact same OS configuration (RH 8.0 fully patched) so I can't figure out WHY mozilla won't run properly... Sigh, maybe I can upgrade when a new version comes out...
Kintanon
Check out JoshJitsu.info for Brazilian Ji
And I pick a competent web designer, which clearly excludes you.
To code for other browsers as well would take at least 2-3 times as long.
What a load of crap! I can only hope that making such an idiotic claim leads you to a job more suited to your talents, such as one that involves asking your clients, "would you like fries with that?"
The problem with Windows isn't single-user mode, it's the fact that it's vastly over-spec'd and everything is on by default.
If e-mail readers just read text messages and let you write them back, and web browsers just displayed HTML instead of automagically downloading and installing stuff, and you didn't default to running with any TCP/IP port you like available, and so on, then any single-user OS could still be secure.
The problem is the way power has spread without adequate control. They invented ActiveX, based it around a non-secure model, and then let web browsers use it, instead of just rendering HTML. Then they made the e-mail client accept HTML mails, using the same rendering engine, so now someone just has to send you a mail, rather than you actively visiting a site. They gave the e-mail client a preview pane, and switched it on by default, so now the software has a chance to do its damage not only if I actively do something like visit a particular web site, but even if I fail to actively switch it off.
The same story happens all over the place in Windows, and is behind nearly major security cock-up out of Redmond in the last several years. You'd think they'd have learned, but then they'd have had to unbundle IE.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
If, at any point, every Mozilla user in the world updates to a patched version, you will have a point. Until then, you do not. The problems which the author cites with Internet Explorer are all patched; the problem is people who do not apply patches. The same is true of Mozilla. I do not know why Slashdot's moderators are so allergic to this fact, but their bias will prove very damaging to unsuspecting Mozilla users.
If guns kill people, then CmdrTaco's keyboard misspells words.
We respectfully disagree.
Love and hugs,
Steve and Bill.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
The worst what can happen with Mozilla is a crash, with IE they can take over the machine
You are showing your bias in thinking these bugs are "the same".
The only updates that ever seemed to show up there were IE or Windows Media Player updates. Granted, they've started showing device driver updates and such, but it's still marginal at best.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
I've never used IE. I had always used Netscape until I started using Mozilla around M18. I've also only on rare occasions seen something that didn't work right, and it was usually something stupid anyways.
--
"Karma can only be portioned out by the cosmos." - Homer Simpson [1F10]
www.webassociates.com
They crashed Mozilla on my Mac (OS X). The irony is that they're a web hosting and web design company, and their corporate website is evil incarnate.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
I've never ran accross a site that "forced" its software on me. I've ran accross "gator" a few times which tries to install without my permission, but I still have to hit OK. This article has a hint of FUD.
There are two examples that come to mind, although I cannot remember their URLs (so I'm hoping someone else will follow me up). One installs software that adds special effects to your cursor. It runs as a daemon and you can see an icon for it in your tray. It appears in the Add/Removes Program dialogue, but it is a hassle ot remove nonetheless. Another similar piece of software adds skins to Internet Explorer itself (Slashdot has even carried ads for this very product). Both install automatically and without any user interaction (although you may get a trust message for the first of these). This, by the way, is with default security settings in IE.
IE is horribly fully of security holes, even to the point where some (stupid) companies offer products that depend on them! They can do this because they know Microsoft cannot patch these wholes without horribly crippling Internet Explorer (without ActiveX, it's nothing -- and even then, it's still stupid).
Let's face it, there is always going to be some security holes in the most popular and widely used browser. Even if that browser ever becomes Mozilla
These types of security holes are not possible. Mozilla has no more priveledges than the user herself. The typical user logged into most any box cannot, without exploiting some vulnerability in the operating system, run a piece of software that trashes the entire disk, and have the operation completed successfully. Why? Because the user and the software the user runs do not have the same privs as the operating system. Mozilla runs 100% in user-space. It is not part of the operating system and it is not trusted by the operating system. Internet Explorer on the otherhand, is part of the operating system, ergo is fully trusted.
If you find an exploit in Mozilla, you can only harm the user's data. If you find an exploit in Internet Explorer, you can delete the hard disk. Big difference.
(which I doubt will happen any time soon- I run Mozilla but speed wise it just doesn't compare with IE).
You were making accusations of FUD?
Why bother.
I have seen various types of malware that may not cause damage other files but they can stop IE from working properly (lots of crashes). The trouble is that spyware from company A may not work correctly if spyware from company B is present. Both probably have to close a relationship with IE so changes there can cause problems.
And here I thought Internet Explorer for Windows was the ONLY browser that DID render the ALT-attribute as a tooltip.
"I tend to think of OS X as Linux with QA and Taste", James Gosling, creator of Java
A friend recently had her computer die suddenly. She also has a laptop (much newer than the desktop).
...
I looked the desktop over and I think the power supply is dead, but didn't have a spare. I suggested to her that I could set the laptop up in place of the desktop and then she could get the desktop fixed at her convinience instead of "in a rush" (her desktop was her main machine).
After spending a few minutes setting up her docking station, plugging in the monitor, printer and scanner, she two things:
"wow! Its like having my desktop without my desktop" which was of course the idea and I was glad she saw it. And
"Now all I need to do is install Gator" which just made me cringe.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.