Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Vulnerabilities Page Removed

Posted by timothy on from the now-you're-on-your-own dept.

Henry V .009 writes "PivX Solutions has removed its (in)famous Unpatched IE Vulnerabilities page. Is Microsoft really getting better? From the site: 'Given Microsoft's recent positive actions together with the current rise in attacks against IE we have agreed to give Microsoft a good faith reprieve and have taken down our 'Unpatched' page. This was done in both a spirit of cooperation and for the good of the internet as a whole. As the ubiquitous browser that is utilized to access the internet, we all depend on IE too much to have crooks, social deviants, malcontents and crackers from messing with our lifestyles and our livelihoods. ENOUGH IS ENOUGH!'"

7 of 474 comments (clear)

  1. Google to the rescue... by wo1verin3 · · Score: 5, Informative

    Google cache

    1. Re:Google to the rescue... by AstroDrabb · · Score: 4, Insightful
      I think you hit the "nail on the head". Their blurb sounds just like someone who was paid. I bet MS even wrote it. From their blurb:
      As the ubiquitous browser that is utilized to access the internet, we all depend on IE too much to have crooks, social deviants, malcontents and crackers from messing with our lifestyles and our livelihoods. ENOUGH IS ENOUGH!'"
      This doesn't sound like it came from a security specialist. Usaully security guys want to find EVERY hole to make the system better. It is also funny how they put in the part about crackers, crooks and deviants. I guess anyone that wants to find security holes fall into this category? That part of the blurb is what makes me think some MS drone had a part in writing it. Oh, and "we all depend on IE too much"? What is up with that? Like MS didn't put that in there? I guess there are not a bunch of better browsers out there like Mozilla, MozillaFirebird, Opera, etc.
      --
      If Tyranny and Oppression come to this land,
      it will be in the guise of fighting a foreign enemy. -James Madison
  2. Don't worry folks, Microsoft isn't a monopoly! by Infonaut · · Score: 4, Interesting
    we all depend on IE too much to have crooks, social deviants, malcontents and crackers from messing with our lifestyles and our livelihoods.

    Any time one piece of software from one company can be responsible for such negative impact on our lives because of how poorly it was designed, while still remaining far and away the dominant product in its category in spite of superior software being readily available, that's a sign that the ill effects of monopoly power are at play.

    --
    Read the EFF's Fair Use FAQ
    1. Re:Don't worry folks, Microsoft isn't a monopoly! by NanoGator · · Score: 4, Insightful

      "while still remaining far and away the dominant product in its category in spite of superior software being readily available, that's a sign that the ill effects of monopoly power are at play."

      No, it's a sign that Mozilla needs a PR firm.

      Face facts: Lots of stuff that has been popular over has had a superior alternative. Newton/Palm. GameBoy/GameGear/Lynx/Nomad. Beta/VHS. USB/Firewire. Etc. You don't need a monopoly for that situation to be created.

      Now, in this case, we do have a monopoly that puts IE in front of the users. Worse, IE does the job quite well. If you asked the average user out there what could be done to make IE better, the answer would not be "Tabbed browsing!". Why? Because they've never heard of that!

      Cripes people. There are no commercials on TV about Mozilla or Opera. There are very few (if any) hints to Mozilla's existence on the mainstream news. You have to visit Slashdot to be blasted with Mo's zealotry. So tell me, how's anybody even supposed to know it exists?

      Spare us the MS blame game. There are things that competing browsers can do that they simply aren't. When those avenues are exhausted, you can draw one of two conclusions: 1.) Microsoft has an impenetrable monopoly on the browser market. or 2.) The market has decided they like IE better. In the first case, you can bitch and moan. In the second case you can improve Mozilla.

      --
      "Derp de derp."
  3. Re:This can't be serious by The+Man · · Score: 4, Insightful
    However... I'm sure people in the mechanic websites make fun of people like us all the time too because we phuck up our cars all the time.

    I'm sure they're justified in doing so, too. When I need something done to my car, I take it to a mechanic so that the work is done right. Likewise, when someone needs a web browser, I expect them to rely on software written by people who know what they're doing. I might ask a mechanic for reference customers, and consult the Better Business Bureau or local car club to make sure his work is of good quality. A sensible mechanic who needs a browser might check the Internet for references on a particular browser, also to make sure the work is of good quality.

    See any parallels here? There's no excuse for not doing one's homework. There are plenty of articles available and accessible to the lay computer user that describe the some of the many problems with IE. There's no reason for an intelligent user not to read them and make an informed decision. Quite frankly, as an expert in the field of software, I do not believe any intelligent user could make an informed, good faith decision to use IE. Therefore I conclude that most users are not intelligent, are not acting in good faith (ie they don't care about the quality of the products they use), or are too lazy to spend five minutes gathering information. Since the latter two are just subcases of the first, it's safe to assume that 90% of computer users are not very intelligent. This is independent of any expert bias - their use of IE is not foolish because they're expected to understand the problems with IE on a technical level, it's foolish because there's no need to understand those details in order to see that IE is not a quality product and is in fact unsafe to use. I don't need to understand intimate details about strengths of materials, bending moments, and energy absorbtion to know that a car is unsafe if its gas tank is likely to explode in a collision. In the same way, I don't need to understand the details of exploiting a buffer overflow to know that a browser which is known to compromise a user's personal information is unsafe.

    Flamebait? Call it whatever you like, but if people spent 1/10 as much effort making sure they had a safe, effective, reliable computing environment as they spend to ensure the same about other aspects of their lives - such as their cars - there wouldn't be an IE as we know it today.

  4. Re:This can't be serious by steve_l · · Score: 4, Insightful
    In a way it is extra pressure: if they don't think MS is doing enough then they can bring the site back. I'd also note that in Win2003 server, IE is locked down a lot more than ever before, to the extent of disabling ActiveX download outside of the trusted zone, cranking back the rights to sites in that zone and then adding *microsoft.com in. That way windows update works but most other active X support is gone. However, they have a lot to do, in ways that may break some things but would make the systems less vulnerable, not just to classic IE hacks but email scams
    1. Stop interpreting those spam-friendly http://2343455/ urls
    2. Stop interpreting scam-friendly http://ebay.com:url@123456/ urls
    3. Stop whining when browsing to a site that has AX disabled. A small icon is ok; a dialog box 'you are getting a worse experience is not.
    4. Make it possible and easy to fully uninstall outlook express. you cannot even delete this on XP; system recovery brings it back. Ugly manual hacks last until the next critical upgrade gets forced on the machine, at which point it reappers.
    5. Crank up the security settings for everyone who isnt using win2k3
    6. Rebuild IE with VS.net 2003 and set the 'check for buffer overflows' flag in the build.
    7. Stop integrating Windows Scripting Host with IE. Every IE install forcibly adds .js, .vbs and .wsh file extensions to the path and enables their execution. I have to rebind these to notepad on my machines.
    8. Give us a no-images options for the email zone.
    There are probably lots more of these things to do. All I see for the current user base is after-the-fact bug fixes rolled out intermittently, not attempts to address fundamental problems.

  5. Another PR effort at the expense of business by SgtChaireBourne · · Score: 4, Insightful
    I think this is a continuation of the attempt to squelch technical discussion especially regarding (embarrassing) security issues, and in particular agains full-disclosure. Microsoft would like to move to releasing patches once a month rather than once a week on wednesdays and a prerequisite for that is keeping the public out of the loop. In order to stay in business, MS must hinder customers from figuring out that Windows is not ready for the Internet, and won't be for years.

    As Schneier predicted, for Microsoft, the threat is bad publicity, and they are going to produce a security system that deals with the threat. Without some kind of disclosure, sysadmins cannot take stop gap measures to secure their systems. This is just another instance of rather than working on securing its products to a level needed for the Internet, the issue is being handled as a PR problem.

    Time to upgrade if you haven't already.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.