Slashdot Mirror
Corporate Servers Spreading IE Virus [Updated]
uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via
several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?
http://www.mozilla.org
You heard the man.
Go get Firefox Firefox now!
And I also wonder how many people will actually heed the call and switch their browser.
However, I doubt Microsoft will do anything for at least two months. Hopefully by then a major news source will pick up the story and everyone will hear it.
The MSN search engine is infected.
You can download the trojan from here:
http://search.msn.com/msits.exe
They don't mention that much names.
I however think that besides nda policy or whatever, they should give the names of the sites that should be avoided for security reason.
I'd personally advise the corporate DNS maintainer to redirect these to somwhere safer.
Trolling using another account since 2005.
Opera also offeres a very decent alternative to both IE and Mozilla/Firefox.
I spent ages trying to think of sig, but never did
I think I'll just have to be content that great browsers like Firefox are available for me to use, because obviously the masses are never going to be interested.
With these unpatched IE flaws in the wild, IE users don't even have to do something silly to get infected. But I suppose you could argue they are already doing something silly!
Homme petit d'homme petit, s'attend, n'avale
The disaster we all knew was going to happen. Not just some uber1337 script kiddie releasing a buggy worm that crashes the computers it attacks but organized crime attacking the net infrastructure.
But as bad as this may be this might also mean that finally more and more people and institutions will come to the conclusion, that a global infastrcuture depending on one product from one company simply isn't the way to go. Especially if this company has such a horrid track record when it comes to security.
...that enough people buy spam goods to pay for organized crime.
Since the article is very vague, what happens is that once they compromise the IIS server, they modify each site on the server to write a document footer to every page. The document footer calls a DLL placed in the %windir%\system32 directory. The DLL writes a line of JavaScript to each page which redirects the user to a remote server to download the malicious code.
This time, however, the flaws affect every user of Internet Explorer, because Microsoft has not yet released a patch. Moreover, the infectious Web sites are not just those of minor companies inhabiting the backwaters of the Web, but major companies, including some banks, said Brent Houlahan, chief technology officer of NetSec.
"There's a pretty wide variety," he said. "There are auction sites, price comparison sites and financial institutions."
The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties.
"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.
WHY NOT? I've been trying to think of a reason NOT to list the sites infected, but I can't think of a good one. "To prevent further abuse"???? Wouldn't giving the public NOTICE about these sites help prevent more infections by having people NOT go to those sites?
creation science book
US-CERT and Internet Storm Center. Less talk, more information.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
I know its not fashionable around these parts, being closed source, but Opera (www.opera.com) really is the bees knees. On my machine it renders faster, everything is snappier than mozilla/firefox and has more features than you can shake Darl Mcbride at. Its not free, true, but costs about the same as a pop-up blocker for Internal Exploder Plus, Operas built in mail client is wonderful Not that Im badmouthing firefox, I have that too, I just like Opera even better
I've always wondered how my coworkers who "only" go to major sites like Yahoo and Ebay, pick up all sorts of spyware and adware.
It has just been brought to our attention at the root of the problem this site
flinging poop since 1969
http://www.microsoft.com/security/incident/downloa d_ject.mspx
/.) that a patched PC is safe.
Linked to from their home page, has been for quite a few hours. Gives more information, including an inference that the server portion is self propogating, and that (contract to
Read reviews of shopping cart software
Christ man, how many times do people have to be told to use Firefox or another alternative, more secure browser? IE's browser development efforts have been long gone, and it shows in both features/functionality as well as security.
He'd rather have me wipe spyware and adware from his machine than deal with it. It's a symptom of having w3schools.com graduates making web sites in Frontpage that only work on front page.
Of course, now IE doesn't work at all, so he runs AOL through his broadband connection to surf the Internet.
And yes, I have since stopped wiping adware/spyware from his machine. I told him if he wasn't going to buy a machine that didn't get the stuff, or use a browser that was secure, he can deal with it himself.
I'm in the hole of the broadband donut.
I think this is the one I caught at work.
x .html ;)
s tem32\Automove.exe
o ws\Curr entVersion\Run
No security restrictions in IE will stop it.
I caught it here:
http://www.yetanotherhomepage.com/j7xx/j7x
There's a reason that this one isn't a link.
I killed mine like this (Windows 2000):
Delete these:
C:\Winnt\System32\Swin32.dll
C:\Winnt\Sy
C:\Winnt\System32\Trans.exe
And this:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wind
[Adstartup] C:\Winnt\System32\Automove.exe
Seek and destroy Swin32.dll in the registry
Take out all of the CLSIDs it occurs in.
It's never too late to have a happy childhood.
The reason the article is vague is because it's mixing up several recent stories...
The redirection to Russian sites is the old "Paypal needs you to re-register, click here" scam, which goes via a site that secretly installs a key logger (IF you have an unpatched IE and IF you have no firewall).
The "IE problem that Microsoft hasn't fixed yet" is a separate, unrelated problem.
ZDNet is going way downhill in their attempt to get more readers...
Replying to my own post: :)
:)
If there was a public health risk - such as biohazardous material - even in a private storefront - the city or state would close off the area and warn people not to go there. Yes, you might have people wanting to go anyway, but they've been warned.
I know the analogy isn't all that great, but it's the best I can do right now.
creation science book
I was wondering where I got this from. I spent 4 hours removing Malware from my computer the other day. Since I don't tend to visit pr0n sites at work, I had know idea how I was so badly infected until now... Ad-aware, spybot, and Nortons did not find the evil software. My process list was filled with MANY unkillable process with random names. Every time I killed one, it would start again with a new name. I found the executables on my drive and deleted them, they would RE-CREATE themselves!! Also, it looked like one of the installed viruses(?) would download new Malware! I was wondering, is this a virus? is it spyware? It was hard to classify as far as I could tell and it SUCKED.
Word to me.
I don't buy it.
If your goal is to have the problem fixed, then name names, contact the affected companies so they can fix it (or have their contracted webmasters fix it) and move on.
The whole thing stinks of FUD tactics, and the last line in the article seals it for me: Puleeeeeze
--
In the future, people will just "firewall" off offending countries until they start policing and clean up their act. Sort of like UN sanctions but online :)
;P
Besides... AKs aren't allowed over here
WTF is that? So it can infect the rest of the world?
This reeks of criminal negligence IMHO, they know of a crime, and they wont tell how or who will do it to you..
"/Dread"
Stop using IE.
Its simpler than it seems. Microsoft will not fix these fundamental problems unless they see users moving away en mass to another brower platform.
This "virus" is not detected by antivirus software, according to the article. Does anyone know why? I run eTrust on my IIS boxen. (yes, I have a few, no I didn't put them there, no, they shouldn't be there, but our dev team wants ASP) Etrust is a fine product, but supposedly this offending code isn't detected. That bothers me a little, but this leads to another question.
Why isn't spyware classified as viral code? I realize it doesn't spread in the same manner as a virus, but it a) installs itself uninvited b) causes the PC and its software to behave erratically and c) makes my job needlessly more difficult. It bothers me that virus scanners aren't picking up spyware.
Anyway, to bring this back on topic, this situation requires a server side fix. I'm sorry, I can't tell every customer to switch browsers. I can't even get my internal users to switch. Most can't, because of some oddly coded piece of software that only runs in IE. My point is, my boxen might be infected right now. Not caught by AV software, how am I supposed to determine whether this thing lives on my server?
There is no reasonable defense against an idiot with an agenda
:wq
"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.
So does anyone know what sites are infected? I'm sure most of us would like to avoid them...
So many places say "this site best when viewed with IE." IANAL, but it seems irresponsible for a site to recommend IE, especially if site handles sensitive materials such as financial services or downloadable software. If IE includes known vulnerabilities, can sites be held liable for making that recommendation?
Any thoughts from the more legally minded amongst us?
Two wrongs don't make a right, but three lefts do.
The original post mentions a "combination of two unpatched IE security holes", but both the US-CERT and Internet Storm Center only mention javascript and not a specific browser as being able to be compromised by the infected IIS servers.
My question is, how do we know this is an IE-only problem? I ask this because I have several friends whom I'm trying to convince try an alternative browser for security reasons but I don't want to be that guy we all know who goes off about "IE exploits" that turn out to be nothing of the sort.
The list might be just a touch long!
How many IIS servers are there out there?
The worst case assumption is that they are all compromised! If everybody starts sending "the list" back and forth, the bandwidth may be excessive!
It won't be long before Javascript is considered a complete security risk and it's the web developers who are going to suffer. Despite the rantings of sysadmins who don't touch web development it is actually a very useful language to supplement HTML.
Javascript menus and first pass form validation, anyone?
Im serious.
:)
:P
The reason most people still use IE is because they dont know that its what allows all of those problems to occur. They simply dont know its as easy as installing firefox. Nor have they even _heard_ of it. I tell everyone who complains that firefox will halt the march of the spyware, but wont evict the current infestation.
In fact, its gotten to the point where i keep a pre-written email around that spells out how to fix infected windows PCs.
It walks them through firefox, adaware, spybot, AVG and windows update.
It also says in the email. "The reason you are getting infected is because you are browsing porn sites while using IE." Makes a lot of them turn red.
Hmm, should I paste the email in here?
no
It takes education to get people to switch. Show them Firefox is a good browser. I converted a friend of mine, by no other means than showing him the incredible amount of spyware on his machine, and explaining to him IE was the cause.
:-)
Then I installed Firefox for him, he was very impressed with the speed of Firefox, and he is a happy surfer now
Life is good, and another person won over to using superior software.
The linked article was crappy, but thanks to Lars T for pointing out the US-CERT and SANS disucssions on the topic.
What You Should Know About Download.Ject
Corporations
Home users
And make sure IIS dudes applies all former patches!
Dillo is light on features but good on old hardware for people who don't want to resort to lynx.
Unlike opera its Free Software and it has a stricter privacy policy then mozilla.
Its no good to MSW users though...
Agreed. He works for NetSec, and his best solution is "don't use the Interwebnet.com thingy today, honey"? How about switching your wife to *gasp* a different browser?
Also, it's neat that they mention banking sites as prime targets for this attack, but the one site it's safe for his wife to visit is a banking site. Consistency ahoy!
...that my mother has been running Gentoo on her desktop machine for three weeks now.
Just yet another "security" problem than I won't have to care about. Ahhhh.
Help more people switch to mozilla/firefox. Mozilla hacker Blake Ross has started a weekly brainstorming effort for firefox marketing ideas on his weblog. Go thither and chime in. I just did.
Go on, paste it.
A copy of that would save me (and others) the effort of writing our own.
It's never too late to have a happy childhood.
I have thought for years that Ziff-Davis were Microsoft Shills. [I don't mean all MS software is bad, I just mean Ziff-Davis seemed impervious to facts in their reviews]
If ZDNet is saying to stop using IE things must be bad.
I have tried to depart from IE 2 or 3 times but failed. As soon as I type this message I make the move for good. Hello Mozilla.
Sam
blog.sam.liddicott.com
...the uneducated user. Let's face it: the internet has been sold as this great tool and all you need to get on it is a PC and a phone line, cable, or whatever. If you preach the need for basic education, you are some kind of geek (how often have you heard, "I don't want to know all that, I just want to get online!") and if you make even the slightest suggestion that some people just don't belong online due to their own lack of common sense, you are some kind of elitist (try telling people to use the BCC option of their e-mail client instead of CC'ing everyone in their address book and see what kind of reaction you get). As a previous poster said, it is, once again, unpatched systems that are causing the problem. And here's the chorus now, "I didn't know! No one told me! It's not my fault!" And we, of course, will pick up the pieces.
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
I really wish I could switch to Mozilla (ok, Firefox). My co-workers are switching to Firefox. My users are switching to firefox. But I can't, because I have no idea how to implement my pet project as a mozilla-type plugin.
All it has to do is read in a dictionary file, then catch the 'new page loading' event, perform morphological analysis on the page, and edit the page as it loads to include ruby tags and/or something to display definitions in the toolbar. That's it! It's fairly computationally intensive and sometimes the right html to insert at a given point is a bit of a guessing game, but it's not rocket science. But HOW THE FORK DO I DO IT IN MOZILLA??
PS Yes I have rtfm and no I cannot implement the analysis algorithm usefully in javascript and yes I do have to insert ruby tags, as well as regular javascript that talks back to the plugin, into the page on the fly.
Considering the amount of research that seemed necessary to get it working in the minefield of IE, I expected that I would be quite capable of figuring it out in mozilla, but it just seems to be an order of magnitude harder.
I would be grateful for advice (eg a pointer to a similar project). Or failing that, remarks on the lines of 'if u cant use mozilla u r lame u lame wind0z3 lu20r hehe l8trz' would also be fine.
Whence? Hence. Whither? Thither.
I was infected by stratics.com They use a third party pop up ad services and one of the ads is what installed the malware. It installed Lycos and STI on my machine, plus other junk.
It ended up embedding itself everywhere in my registry. After an hour of deleting all registry entries and even uninstalling IE6 and then reinstalling it, My search section of IE was still Lycos and banner ads would show up in it.
The only option i had left was to format and reinstall micosux windcrap.
...is if they infect the Windows Update servers. You go there to fix the vulnerabilities in IE and *BAM* you're infected with the same vulnerabilities you're trying to fix.
Another thought - if any bank or institution that you use is running IIS, write them and ask them to certify that they are not infected. Let them know that if they do not guarantee that their servers are not compromised by this exploit, you will be transferring your account to an institution which uses servers that don't have such an abysmal security record.
http://www.f-secure.com/v-descs/padodorw.shtml
Seems like a nice keylogger. It also installs another trojan. Virus vendors seem to be getting on the ball. Also the site which distributes the payload is currently dying under the load. The virus is apparently bit too succesful for it's own good.
There's apparently a newly discovered exploit in IE that can compromise an IE user's machine THROUGH AN IMAGE ON A WEB PAGE.
So any server that allows posting of graphics (eBay, many discussion forums, etc) can be "infected". Even those running Linux. The only solution is to stop using IE and pray that Firefox, Mozilla, Opera, etc. exploits are few and far between. Article on graphics exploit here.
First off, I note that this uses vulnerabilities in two of my most favorite pieces of software; IIS and IE. Two of the most security-hole laden software that Microsoft has ever released. Is anyone here really surprised?
Secondly, this puts the lie to the most common Microsoft trolls here every time a new virus/trojan outbreak occurs:
1. Viruses are spread by clueless lusers that click on e-mail attachments. No luser inteeraction seems to be needed here, just browse on by your favorite corporate web-site!
2. If everyone kept their systems patched, there would be no way that viruses like this could spread. Microsoft has known about the IE vulnerabilties used in this case for months now and still hasn't released a patch! To be fair, the article also says that Researchers believe that attackers [may] seed the Web sites with malicious code by breaking into unsecured servers, so an IIS vulnerability that has previously been patched might be part of the problem here, but that still leaves no excuse for the unpatched IE vulnerabilty!
3. Virus writers always use disclosed patch descriptions to determine how to write new viruses; none of them are capable of finding and exploiting vulnerabilties on their own. Note that the article says this may be spread by using a previously unknown vulnerability in Microsoft's Web software, Internet Information Server (IIS).
4. Up-to-date anti-virus software is sufficient to stop these exploits. The article says: the malicious program uploaded to a victim's computer is not currently detected as a virus by most antivirus software.
Nothing else needs to be said.
Here is a suggestion, do your project in perl like rikai
I can't operate without the google toolbar, which has no complete mozilla equivalent. There are many sites which people can't do without which use Internet Explorer. Many tools that work only with the browser. Apart from that, Firefox is the ideal browser at the moment.
___
internet, productivity blog
And describe how you see their face while they read your e-mail, and also why you send an email if you can see their face
Ok, the article states: To prevent further abuse, the list is not published. The exploit is server side, not client side according to reports. Admins of the servers must have been warned and hopefully have cleaned the server already by now. So the public at large is not under threat from their high-profile site. Then not publishing the list is logical under the following reasoning.
What if it is a Zero day exploit on IIS. There is no fix yet. Admins are struggling to clean the servers, but have no clue if what they did to prevent whatever is going on, actually works. Criminals all over the world will be searching for clues on what the exploit is and will want to actively exploit it as well. We don't know what is going on, so it might be possible to put a nice little rootkit undetectible on the server and later use it for interesting purposes. By not naming the sites they are putting an extra, albeit thin, layer of protection around the sites. The list of websites for criminals to target, will be much longer than it could have been if each and every site that was affected would be named on the internet. Most sites are (hopefully) clean right now, so the public is not at risk, but until we know what goes on, the server sure is.
Use Adsense for Charity
I wonder if they would agree to do the same with those infected servers, spreading IE virus.
Not to mention that most of those servers shall be Windows NT and 2000
The Internet Storm Centre has good information about what will be on your box if you're already infected. I think they're in \winnt\system32\inetsrv
Sorry about the duped links but more fixes, less FUD please. Yes, evil empire blah blah blah, but how about we tell people how to fix the problem instead?
fucking ban microserf s/w;-)
Rikai is a completely different kind of project that works completely differently, it's server based.
To make a jBrowse-like plugin in perl would surely be very hard... Is there a way to use perl to script firefox? If there were, that might be very useful; I'd have a better chance implementing the logic in perl than in javascript.
Whence? Hence. Whither? Thither.
Skip the Macintosh, install Linux to him and he'll be happy as a clam.
Honestly, I've not really made the switch myself. The main reason is actually kind of petty, hotkeys. I've become very used to things like shift-clicking a link to bring up extra pages or hitting ctrl-enter after typing in a word to add the http://www. and .com to it. I've been working with IE for long enough that it's second nature to use those keys. Yes, I'm sure that other browsers have ways to do these things, but one gets used to not having to think browsing the web, so learning new keys feels like a fair burden.
My second problem is games. ^_^ I play Robo Runner, an online game similar to Robo Rally. Yes, there are some browser modifications to run this via Mozilla, but it doesn't work straight out of the box, something which is probably even more inexplicable to the average user who never messes with their settings.
Meh, mainly it's laziness. IE works. I haven't had spyware in ages between my anti-virus program and occasionally running Ad-Aware. Probably helps that I (almost) never blindly click yes to dialog boxes which pop up...
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Parent: Hopefully by then a major news source will pick up the story and everyone will hear it
reply: You mean like CNN?
next time remove your foot from your mouth before commenting (or cut down on the coffee)
You got it. Feel free to distribute this email widely. Use it as much as you want. You dont even have to give me credit.
r el eases/0.9/FirefoxSetup-0.9.exe
m ir rors - for spybot. VERY high traffic here, so be warned.a re/ for adaware.
p
:)
--
Okay, here we go.
First, you need to download a decent web browser. The #1 cause of all that spyware is Internet Explorer allowing websites to automatically install things. (its from all that porn browsing you do.)
Try firefox. Its only 5 megs to download, and its the most simplistic web browser available. You will get no popups. Its very popular, even among non-computer-obsessed folk. My mom uses it.
http://ftp.mozilla.org/pub/mozilla.org/firefox/
Now, I assume you are getting wacky popups and stuff, even when not webbrowsing.
You need to install some spyware killers.
I reccomend Spybot and adaware. These two are will rip through your pc, killing spyware dead. Blam. It may kill some software you like, but its for the better. There will be something out there that can replace anything you have to get rid of. Oh no, no more gator cursors. Whatever. Deal with it, or dont get online ever again.
http://www.safer-networking.org/index.php?page=
http://www.lavasoftusa.com/software/adaw
If those sites arnt working, you can always try "spybot download" and "adaware download" in google.
Then, on top of THOSE. (I know, I know) You need to run a virus scan proggy. Try AVG, its free and better then McAffe
http://www.grisoft.com/us/us_dwnl_free.ph
and last, but almost definitely not least, Windows Update.
Open up IE (you have to use IE for this) and go to www.windowsupdate.com Have MS scan your computer and install all the security stuff. Then reboot. This may take a long, long time, but it is the most crucial step.
comprehensive enough?
--
no
It does say a patched PC is safe, but you need Windows XP Service Pack 2 RC2 in order to be safe.
However, it does say that Windows 2000 Servers with IIS 5.0 without an already released patched are the infecting machines.
Reports indicate that Web servers running Windows 2000 Server and IIS that have not applied update 835732, which was addressed by Microsoft Security Bulletin MS04-011, are possibly being compromised and being used to attempt to infect users of Internet Explorer with malicious code.
Uhm, because I send it to people in the office, who I then walk over and talk to? Its easier to communicate some information via email, like urls.
no
I can't help but chuckle every time these come out because all I hear in my head is the line,"All viruses are created after the exploit has been announced."
Keep those 0-day exploits coming, boys.
+++ATHZ 99:5:80
as I quiety tap the nails of the coffin.
-
Importing Favorites is easy.
;)
Either let it import them during installation (it will prompt you), or go to the File menu and click on Import...
I'll assume you're having just a bad day.
My problem is finding "Compose ONLY in plain text" in Thunderbird. If it's there, I can't find it.
It's never too late to have a happy childhood.
They wont mention the names of the sites in the article to prevent further abuse of the exploit or some such, but what are we to do to avoid the exploit if we don't know which sites are infected already?
What good is publicly acknowledging that there are some major sites that are infected if they wont tell us which? Are they worried about the large sites' reputations? What about all the users that are going to be infected because they weren't made aware of which sites to avoid with IE?
I'm on a company system and don't have priveleges to install Firefox, and I doubt I'm the only one.
Well, that's got to be a first. An attack that uses a legitimate feature of Javascript and doesn't rely on an IE hole, but instead relies on the gullability of the user. I guess it's an old thing with email trojans, but malicious Javascript initiated web trojans are new.
On the other hand, it means that Firefox and Opera users on Windows aren't safe, although any Mac or Linux user is. Strike one against the article for inaccuracy.
On a side note, IE on Windows XP SP2 does block Javascript auto downloads. It's a bit of a pain sometimes, but I guess that's the only Windows browser that isn't vulnerable.
..will use this as an excuse to mandate control over the Internet.
Dont encourage them.
check this out: http://texturizer.net/firefox/extensions/ I dont know how to write an extension, let alone yours. But it might be an idea to look around for an extension that does what your plugin does, or at least something similar and work from there? It looks like your project would be ideal for an extension
http://www.virtualconcepts.nl/
this is just generic, I don't know your familuy situation exactly, but for what it's worth,the advice is to stop fixing their computers and let them drag the boxes to the shop and pay for it to be cleaned. I'd say in a business situation the same thing if that apploies to anyone else. The concept is stolen from the way the experts advise to deal with a family member who is an addict to booze or drugs, called "tough love". Right now you are acting like an "enabler" by fixing it when it gets hosed, leaving them with the impression that "it's not that bad", when it really IS that bad, they can't see or admit to the elephant in the living room, so just stop being an enabler.
Microsoft browser monopoly is good for us. Yup, good for us. Sigh.
Best Community for Gaming and Gadgets!
Non-IE users *ARE* safe. The redirect might work, but that's irrelevant since the payload in the (now-offline, totally overloaded server) does not load up unless you are using IE. It actually served multiple payloads, and one of those abused yet-unpatched IE hole.
So mozilla etc are still safe.
Why isn't spyware classified as viral code? I realize it doesn't spread in the same manner as a virus, but it a) installs itself uninvited b) causes the PC and its software to behave erratically and c) makes my job needlessly more difficult. It bothers me that virus scanners aren't picking up spyware.
It will be soon - hopefully - as the distinction is getting harder to notice. For example, some of the CWS (CoolWebSearch) malware variants will replace your Windows Media Player executable with a trojan.
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
I've been flamed so many times for telling people to use BCC I can't begin to count
Surely it has got to be:
"FireBillGates"
Very very few. I've got firefox installed on my family computer. Despite them getting infected with adware and spyware through IE, none of them want to use firefox. I've asked them many times, and even gone to the point of deleting IE, but their resillence to use anything else forced me to put it back on (amongst other reasons).
Do your family also find locks on the house door inconvenient ? Or maybe, if they found out that the locks they had were ineffective, wouldn't change them because they like the colour or shape of the key ?
This just another tradgic example of people always choosing the "easy" option of convenience over the "hard" option of increased security.
Oh well, hopefully your family will learn sooner rather than later that you can't ignore security when connecting to the Internet. Hopefully they will lose all their files so the lesson hurts.
And, to show that you know what you are talking about, after a few days of pain, offer to restore their data from the surrepticious backups you took while they weren't watching.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
1. His wife might not understand computers, so he has to explain it simply.
2. His wife might use IE, and since HE'S AT WORK, he can't go home to switch it for her.
3. He probably doesn't have time to walk her through it, because she's clueless.
4. He probably knows his bank is running on Apache and is therefore immune to this attack.
Should have been
Sadly, security has lost out to "convenience".
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Looking at the stats on my web site, which receives over 1000 unique visitors/day on average (and almost all of them are Windows users because I distribute Windows software)... here are this year's proportions:
Jan: IE 73%, Mozilla 12%
Feb: IE 76%, Mozilla 15%
Mar: IE 75%, Mozilla 16%
Apr: IE 75%, Mozilla 16%
May: IE 71%, Mozilla 19%
Jun: IE 71%, Mozilla 20%
And for some historical reference, in July of 2003 I saw: IE 78%, Mozilla 11%.
The waves of viruses spamming Americans (and Netizens in general) for the last months and years have been perpetrated largely by organized crime gangs. Americans pay a bundle in taxes (and compromised freedoms) each year for an FBI to protect us from that kind of predation. If John Ashcroft's Justice Department won't protect us from the Microsoft monopoly that offers fertile ground for these attacks, it should at least protect us from the crooks that sow it. But of course that doesn't fit Ashcroft's apocalypse agenda. He's got to go, and the rest of his inJustice Department's inverted priorities with him.
--
make install -not war
Last time I checked, cars weren't free.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
If it's a security flaw it has to be reported to users or potential users doesn't it? California is a big place, and there has got to be more than one person running windows and explorer there, so someone needs to be notified, so that makes it "news" and as such a ton of laws protect that. And since when does running a news story that's stamped with a date change anything? If on such and such a date such and such happened to be true, I don't see how anyone can be sued for reporting it. We've seen tons of other exploits reported on before, including sites affected, going back for years and years. I think there's high level pressure going on here someplace why the sites aren't mentioned. It was the first thing I noticed when I read this story yesterday evening, the story was weird because of it and I looked at several places, none of them have the normal info you see with a security news story. Any reporter could just use words like "potential" "alleged" "on going investigation", "this is a preliminary report, security analysts are digging in deeper to determine the validity of the claims" and etc.
Not reporting it is just way too suspicious to me.
IE has secuirty holes? Since when?
Seriously, this is the first 'fix' I suggest to friends/family after exorcising the evil spyware/malware from their PC(s).
SpywareBlaster is yet another handy idiot-proofing tool.
I work at a bank. A lot of the applications used internally are web apps that require IE... Mozilla/Opera aren't an option because those apps require MSJVM (Microsoft Virtual Machine - no joke), Active X or other proprietary MS technology.
I'm not talking simple forms here, this for Foreign Exchange transactions.
Certificates, multiple passwords, encryption...all moot
WindowsUpdate is an obvious one.
Microsoft support - try to search the knowledge base.
Here's a non MS one.
It amuses me that you can't search MS's knowledge base to fix IE if IE is dead. On the other hand, Windows is probably dead if IE won't run.
It's never too late to have a happy childhood.
Any1 has a .reg file which will force all links (from website, messenger, apps) to open up in firefox? Or is there a no-hack solution to this prob? Thx
I've got McAffee VirusScan 7.03 installed. Under Scan Settings->Advanced you are able to scan for 'Potentially Unwanted Programs' and 'Joke Programs'. It would be my guess that this would do the job.
Steve.
To pay my cable bill online. They don't have the site setup to correctly identify Mozilla. It thinks it's an old version of Netscape. Haven't tried it with Firefox yet, come to think of it... I don't use Composer or Mail and News, so I could definitely make the switch from Mozilla 1.7 to Firefox.
It's a perfect time for being wasted.
A perfect time to watch the stars.
- Burden Brothers, "Beautiful Night"
I forgot to mention, that's the same combination as my luggage!
2. Go to Control Panel | Internet Options | Advanced | Multimedia, and uncheck "Show pictures". (FDA warning: I have not verified that this setting prevents this image exploit from infecting your system, since I don't know of any infected servers. But it will at least force you to use the alternate browser we installed in Step 1.)
3. Switch to the Security tab, and move Internet into "high". This will disable most forms of scripting. However, It also disables the Windows Update site. You can add windowsupdate.microsoft.com to a list of trusted sites (it will give you the instructions when you try to visit it in this mode), but I'd be very careful with that, since I do not doubt that the Windows Update site is very high on the crackers' lists of sites to infect. (Wouldn't that be ironic?)
FWIW, I don't know whether setting Internet zone security to "High" disables the automatic Windows update feature or not. I'll tell you as soon as there's a critical update to be notified of.
Actually that email leaves a lot to be desired...you've gotta tell them how to properly setup and run adaware and spybot. Updating definitions, etc. Adaware is especially useless at removing most spyware without changing the scanning options, and usually requiring a reboot.
Downloading and installing the programs is easy enough for most people, but properly updating, configuring, and running them is much more difficult.
http://thechubbyferret.net - Ferret pictures and informative links.
"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said.
Uh, use a different browser...remind me to never buy anything NetSec says (whoever they are)or sells henceforth.
http://www.microsoft.com/security/incident/downloa d_ject.mspx
because if it is, there are indeed patches.
Reason, free market capitalism, and individualism
Basically: create an XPCOM component in C++ (if JavaScript or Python are too slow for you) which performs the computation. Mark your XPCOM interface as scriptable, use the typelib compiler to expose it to javascript then pass in the browser DOM so it can be edited by your component. Then write an extension to catch "page loaded" and pass the DOM to the loaded XPCOM component. I think that should work.
MS wants MS-IE and MS-Outlook(-Express?) used and gives them away so it can make $$$$$^9 selling the server apps (MS-IIS and MS-Exchange) and lock out competition by embrace-extend-extinguish.
...if you want to be able to browse safely on the Internet.
w ww.pivx.com/larholm/unpatched/
:(
That's the advice I give to my friends after I saw this page:
http://web.archive.org/web/20030603192725/http://
(too bad that page now no longer host that information
There are more holes in IE than a piece of Swiss cheese, and Microsoft doesn't seem to be concerned if that will cause you to be accused of collecting child porn.
Full details of securing a WIndows workstation can be read here. HTH.
Dude, this is WAY too complicated. Here's MY recommendation:
1. Throw away Windows PC.
2. Buy a Mac.
There, isn't THAT better?
(Mods: flame away if you want, but I know *I'm* switching - just waiting WWDC to see what computer I'm getting - iBook, eMac or... whatever they announce at WWDC - I'm hopelessly hoping for a iMac G5/1.4GHz)
http://www.google.com/search?q=%22217.107.218.147% 22&hl=en&lr=&ie=UTF-8&start=20&sa=N&filter =0
Personally I'd rather know the list so I don't get infected, but then again I use netscape so....
Believe me, if I started murdering people, there would be none of you left.
Hell no, I use Linux. I don't have MS Office or tons of games but god damn it, I haven't had a virus, spyware, or trojan since I switch.
Maybe it's not as you want is, but a similar plugin already exist: http://moji.mozdev.org/
Studying this source might be useful for your own project.
Where's "3. Profit!"? Oh, that's right, you spent it all on "2.".
I read this on CNN yesterday. My reaction: hogwash! We're told a vague story with no specifics. This smells like a Homeland Security press release to stir up more fear and terror. I don't own duct tape, and I'm not about to wrap it around my monitor.
I can't operate without the google toolbar, which has no complete mozilla equivalent.
Um, what exactly is the mozilla google toolbar (http://googlebar.mozdev.org/) missing that you can't do without?
Remember, it doesn't need popup blocking (Mozilla does that itself).
According to the original source at Internet Storm Center, there are 2 different infections going on. M$ IIS servers are vulnerable to an exploit that is undetectable by current virus scanners. However, visitors to infected servers are safe, because a separate method of infection is used there: a common JavaScript exploit, and a common trojan horse is downloaded. The trojan horse IS detected by current virus scanners, it's a "known" trojan horse.
I love Mozilla. Been using it since the 0.x days, and it's just been getting better and better.
I work for a large state agency, and we have all of our systems fully patched and updated, but since we're a W2K shop we're still vulnerable to this, since it's an unpatched exploit.
I've been wanting to roll out Mozilla to our entire organization and force it as the default browser, but one thing has been stopping me: PROFILES.
If a hard drive dies, or if we need to reimage somebody's system, moving the profile from one machine to another is nearly impossible. This is partly by design (random directory name as part of the profile directory structure), and Mozilla.org has published a way to transfer the profile, but (for me, at least), sometimes is works but most of the time it doesn't.
We still have Netscape 4.80 installed on our systems, and profile management is a snap. Copy their directory out of the Users directory to the new system, run Netscape, it'll start to create a new profile, point it to the directory, and you're done. Keeps the preferences and everything. Of course, Netscape 4.80 sucks when it comes to rendering most modern web pages, especially those that are "best viewed with IE."
If ANYBODY has a way to easily transfer Mozilla profiles between systems without a lot of hacking, please post a response. If I just needed bookmarks copied, that's one thing. But mail settings and preferences, plug-ins, prefs -- everything needs to go.
If anybody at Mozilla is reading this, easy profile management is one way you'll win over big companies. And some might even be willing to pay for it, if they don't have to worry about IE all of the time.
Do you insult people to their faces or only in e-mail?
"The reason you are getting infected is because you are browsing porn sites while using IE." Makes a lot of them turn red.
Most poeple would turn red, even innocent people. Take a read of the article. It isn't just porn sites. Actually, it doesn't even mention porn sites. Typos and even banking sites are mentioned. I'm hope you intended it as a joke, but you might consider why you feel the need to falsely accuse people of viewing porn.
True this particular exploit didn't affect Mozilla/Firefox, but it is certainly possible that something similar might in the future.
So, with that in mind, what new security features would help make Mozilla/Firefox even safer and better?
These come to my mind:
- A trusted site list to which I can easily add the current site, and indicate whether it can load images, run scripts and/or download applets.
- An option that will pop up a dialog asking for permission if an untrusted site tries to do any of the above.
- Some type of "zone" concept similar to IEs so that internal (company) sites can have more privileges than external sites.
- Capability of central administration and control (in a business setting) so that users can easily be protected from themselves in a business or large network environment.
Thoughts? Can some or all of this be easily implemented as Firefox extensions?If Mozilla/Firefox is clearly a better, more secure solution, it will gain marketshare rapidly.
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
See also XHTML Ruby support
that the page for reading the responses included a large banner ad for Microsoft that claimed they take your security seriously and saying, "visit microsoft.com/it/security/IT today.
No one ever had to evacuate a city because the solar panels broke!
My Firefox google toolbar works perfectly (not "feeling lucky?" by default).
that I just installed Firefox on two of my reletaives computers. Both of which REALLY like the idea not getting popups or spyware. They liked the look of it, liked the importing all their settings/bookmarks. Made the switch just in time I guess..now let's hope that mods read more than the title before modding me a troll/flamebait ;-)
Jisho - A Japanese English German Russian French Dictionary for the rest of us.
It also says in the email. "The reason you are getting infected is because you are browsing porn sites while using IE." Makes a lot of them turn red. :)
While that used to be true, I have noticed a lot of my clients that I know are not browsing porn site and that I acnnot find any porn in their cache are getting infected with spyware and adware. I think (no proof of this yet) that the ads that are served by all the usual suspects are the culprit!
And if you read the article here, corporate sites were hacked and used to spread this. So, no, browsing porn sites is not the problem; browsing the web with IE is the problem.
Microsoft just isn't ready for the Enterprise. Perhaps in a few years. Plus there all those nasty rumours about stealing the TCP/IP stack from BSD.
From Microsoft:
Microsoft
*Important* Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk.
Facing this right now. Can't convert totally because of the dang CRM being tied to IE's DHTML DOM. So our only hope is to lock it down for CRM use and use Moz/Firefox for browsing.
Do you really believe a terror story with no specifics? Ashcroft loves you.
Base: An up to date host file. This can probably block 95% of web nasties, regardless of source, yet is overlooked by most people.
Second: Proxomitron. The second browser-independent tool, it's a relatively little-known local proxy that filters the crap (including more ads than virtually every other solution) from a webpage before feeding it to your browser. Also handily removes most of the ActiveX and Javascript that causes these exploits. I simply cannot recommend it enough. In addition, it's fully configurable, and there are plenty of people out there who will write custom filters to get rid of any sort of ad that slips through.
Third: Firefox. I hesitate to suggest Opera because I don't feel it's as high a quality a product, and is closed-source, meaning it could be almost as susceptible to this stuff as Internet Explorer, should the bad guys aim their sights on it.
Fourth: In-browser plugins such as Adblock, which probably won't do much to stop this particular problem, but are nice to have around regardless.
Better and more widespread use of https, and have a way so that pages must be validated quickly and automatically, perhaps even with a md5 checksum type arrangement as a backup, before they can be downloaded and displayed.
That and just a complete rethink of OS and browsers and "the internet". For another example for another problem, I'd like to see a totally non-commercial email system, no commercial email used in it whatsoever, and your email addy was treated as importantly as your physical address at your home, or like your telco number. You'd have an option, email like it is now, or be inside a commercial free and registered email system that cost folding money per year per email addy and refused any email into it from outside, or any emailto leave the system. A large but closed system where every email addy was tied to a real human being with a real name with a real IP for verification. You could still try to use the wild wild west anarchy chaos email system we have now, but also opt in to the closed, verified and much more secure and hassle free email system.
Same thing with the net, anarchy and chaos with hacks, attacks and bogusness, or only visit sites that are verified and secure and conformed to some decent standards that have those issues as of paramount importance, as opposed to blinkenlights eye candy insecure.
I tell you, I just detest that I even have to run javascript to view some pages, I usually skip them. I'm not running an active x machine, but I feel the same way about that too, it's useful, but so easily used for bogusness that it's rapidly lost any universal advantage, IMO.
As to moz and firefox, I don'tknow on firefox but I don't see a way to disallow small invisible webbugs on moz. That would help. Maybe it's there and I just don't see it though,could just be me I admit, all I see is deny by domain. I want deny for a variety of reasons, size and visibility being a big one. Or conversely, just the ability to chose a single image to view, select it, the page doesn't jump away to refresh the whole deal just that particular image loads. And no downloading images in general but failing to display, I mean it can see an object and only allow it to be downloaded on a case by case basis if you choose that option. Nowadays when you click on an URL you have no idea what you will be downloading unless you view source in advance, which is nuts.
Ummm, most people probably haven't been told. You must not be involved with user support. If you stopped someone on the street and asked them what Firefox is most people would have no clue. They might know what Internet Explorer is but they probably wouldn't have a clue that there is an alternative for getting on the intraweb.
FoundNews.com - get paid to blog.,
We recently completed another round of checking our systems for proper patches. The nice thing about this is since there are no patches, we can just take it easy and let the breeze blow through our hair. Okay ... not really.
We are a Netscape/Moz shop. We have a few users that must use IE for specific sites. Despite that, we still approach this sort of thing with a sense of urgency.
It's Friday and I shouldn't be so cranky, but:
/. would be touting the invulnerability of Windows and IE simply because they are not the focus of attacks, meaning the effort is not worth the results. The script kiddies would be using Linux tools against Linux.
;)
I'm a lifelong Windows user who reluctantly switched from Netscape to IE a long time ago when I got tired of Netscape crashing. I have anti-virus and anti-spyware/adware/etc. I have FireFox 0.9 installed and don't use it. I apply all patches. I surf pr0n and hack sites. I have a hardware firewall. I've never been infected or compromised. The security bulletin people have linked to was actually originally published in April.
The attitude that Microsoft should inheritly protect us from these problems is short-sighted, but since someone has to do it, MS responds with XP SP 2. It is time for us to take personal responsibility for our systems. A visit to CERN shows a number of Linux vulnerabilities, some critical (DHCP).
I wish I could reverse the percentages of web server software and browsers used for a year, but keep the same attitudes. In a world of 90+% Linux desktop users (where only technically advanced people ran Windows with IE) and Linux servers running with default configurations (blame the admins, not the software),
The bad guys go where the money is. Last year the phishing scams that is simply an e-mail/website asking for your account number and PIN resulted in a four billion dollar (US) loss to the banking industry. That was not platform specific.
Here's a quick fix: Let's go back to a text only web. No flash, no javascript, no java, no footers, no web bugs, no css, etc. Guess what? No vulnerabilities! Oops. No pr0n. Umm... Never mind.
Even though Mozilla is the default browser, IE will open in that instance. Please, please, please - If I can change this tell me how!!!!!!
Yesterday I had an enlightening experience. As I waited for my wife to have a procedure done, I listened to a couple of blue haired ladies talking about a laptop that a 40 something lady had in the waiting room. They were talking about viruses and spyware and other things that cause Irrital Bowl Syndrome. They were so ignorant as to how spyware and malware gets installed. They thought that some guy hack in and installs it when they dial up AOL. Other wild theories were thrown out but I didn't bother correcting them.
Unfortunately, this is very representative of a good portion of computer users. They're scared shitless and completely ignorant. It's no wonder viruses, trojans, adware and malware are so successful.
Back to the original HTML specifications, where the web page displayed information. Not acted like a programming environment, advertisement space, or doggy-door for intrusive programming.
Can't beat alternative browsers for main stream problems.
Googling around a little, I came across this message in several places.
The interesting bit is the text file linked to at the end: spy.txt
Always go to other people's funerals, otherwise they won't come to yours.
Cool Web Search is also a trojan gained from various web sites that exploits problems with ActiveX and MS JVM. It's a total pain in the ass to remove, or even discover what version of it you have since neither Spybot nor Adaware clears all versions off.
Remember: All a user has to do is surf to one of these scumbag sites (by accident or on purpose) with their freshly, fully patched IE and... BOOM!
"Did you know that your computer may be infected with SPYWARE?!" - Actual quote from these scumbags.
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Right on the "What you should know" page, prominently indicated, is says:
"Important: Customers who have deployed Windows XP Service Pack 2 RC2 are not at risk."
Flout 'em and scout 'em,
and scout 'em and flout 'em;
Thought is free. - Shakespeare [The Tempest]
MS will put a bounty on the virus creator and claim that IE, once patched for this exploit, is utterly secure. Most people will believe them; a small number will not and seek alternatives. All will be normal again until the next exploit, at which time (GOTO start of paragraph).
Now I can send them a copy of your post, which I'm doing at this moment. Much appreciated.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
My sister called 2 days ago with a variant called 'CoolWWW', which has resisted every attempt by Spybot S&D, Adaware, Grisoft AVS 7, and Webroot spysweeper.
It uses a different DLL naming convention, but unfortunately, she lives 6 hours away, so I'm trying to fix her PC by proxy, since she is utterly clueless about computers.
long time ago I used to help people fix their cars for free when I had some spare time. One lady I did a complete 4 wheel brake job for. Couple weeks later she comes back to me mad as a wet hen because her engine didn't run well, it had developed a carb problem and it was "all my fault because it ran fine before I worked on it". It didn't matter to her that the brakes got zero to do with it, it was still my fault to her way of thinking.
I do NOT fix peoples cars now, or even offer advice beyond telling them (anyone, this is true facts now) to just buy older cars without ridiculous computer crap on them and just replace the engine or transmission or whatever when it gets completely worn out. Much cheaper and better for them and less hassle for me.
Microsoft needs to provide an uninstaller for Internet Explorer. Big Microsoft customers need to demand this. If you have responsibility for thousands of PCs, beat on your Microsoft rep for an IE uninstaller. If a dozen or so Fortune 500 companies start asking for this, it will happen.
I'm currently trying to un-hijack the browser on my boss's home PC (fully and completely patched), and let me tell you, I've never seen a more rotten situation. Search bars that appear on the desktop after all windows are closed. Pop-up and pop-under ads. A portal page as your search page. Multiple toolbars that don't seem to serve any real purpose. Ad-Aware seems to clean it out, and then they're back again after I close the browser window and re-open it a few times.
Now I read that the 835732 vulnerability is back. If MS can make such user-friendly products, why can't they make them secure? What other software company has a track record this poor?
I'm really enjoying this thread, to be honest. I'm befuddled what all the hype is about because I simply don't have to worry about it on any of my computers. I just get to sit here and chuckle that these dark-clothed Russian hakerz can't crack me Mac!
Seriously, though, I'm wondering what it's going to take before Microsft is REALLY able to fix their security problems. Maybe when Bill Gates' bank accounts are gutted or we experience some sot of 'net attack we haven't imagined yet brings part of the country to its knees because everyone uses M$ software but can't buy a clue about security. I read about this shit every day and honestly believe nothing is going to be done about it because a) Microsoft really can't fix their security holes and b) 99.9% of users simply cannot comprehend dealing with this problem. You can't put this into the users' hands because they just DO NOT understand what's going on! Hell, my parents have a hard time figuring out Ebay and turning on a computer. How the heck are they supposed to disable scripts, plug-ins, install host files and/or proxies, run Windows Update every freakin' day AND run two different spyware/malware programs to keep these scumbags on the net from sending out spam and logging keystrokes?
I'm sorry, but this problem is going to get exponentially worse over the next few years. I see NO solution to what's going on unless there is some sort of bizarre migration to Macs or Linux boxes which seem to be immune to everything I read about.
SEO's use IE's google toolbar for pagerank, a vital piece of information for optimizing websites.
Mozilla's Google toolbar is not endorsed by Google and therefore does not have pagerank.
(There's something about IE giving Google browsing habit in exchange)
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
People around here have a good sense of humor, and I'm going to have to edit that email now that the state of spyware has changed in the past few days.
no
I assume you are assuming that all surfers have up to date virus checkers installed. Not Likely I say!
"Holy Buffer Overflow - it's Batman and Robin (aka IIS+IE)"
Nice cooperation of Microsoft products.
This sould show you how true interoparability works.
Now, automate this entire list into a single exe file. Then, and only then, will you get wide-spread fixes. No one wants to run down a check-list. They would rather just call their computer nerd friend/relative to do it for them.
;)
Heck, you could even have the exe mail itself to everyone in the user's address book.
--Dave
ibid
> I like Firefox but I have to disagree. I spend alot of time implementing technologies I've never worked
:)
.
;)
> with before so I spend alot of time scouring the web for information. I find the Opera broswer superior in
> this case. Here are the reason I prefer Opera.
I use Opera primarily, as well, but I will counter some of your points here anyway.
> Having Find In Page on the tool bar. (Yes, you can hotkey is from other broswers I know)
Aside from the Find As You Type feature (which I think is what you're describing, and which Opera sort of does with links a la CTRL+J), the google search bar is also a Find In Page bar. You just click on the "G" icon to the left of the search field, and it gives a pull-down choice of search engines. One of these engines is "Find In This Page".
> Google on the tool bar (Yes I know Firebird has it)
Yeah, you can also add such a thing to regular Mozilla. Or you could just do it the classic Opera way and set up hotkeys so you'd type "g search for this phrase" in the URL field, and it'd come up with the search in google. Oh, and Mozilla also has a google side bar.
> The ability to layout all the tool bars just as I like them. (tabs at the bottom!)
Multizilla, *the* choice for the discriminating tabbed browser fan (hint: It has session management and unclosing and everything else). It supports tabs on the bottom. There is also an extension for Firefox before v0.9 that offers similar functionality but also lets you put tabs on the *sides*, as Opera also does. This is actually my preferred way of working in Opera (because I usually
Also, Firefox gives you some control over placement of buttons. It's nothing compared to Opera, though. Only Konqueror comes close with respect to layout of toolbars and widgets. I'm not surprised that both are Qt based, since my own Qt coding experience tells me that Qt is insanely cool with respect to layout of widgets.
> z-axis of tabs are maintained based on the last time the user used each tab. If I have 5 tabs open while
> working and I'm working with the 3rd and 5th tab and I close the 3rd tab I like the 5th tab to be showing,
> not the one adjacent to the tab just closed.
Multizilla. "Edit --> Preferences --> Multizilla --> Tab bar --> Close tab will switch focus to the --> Previously selected tab". Oddly, it's greyed out right now, but I remember playing with the setting in the past.
> The print preview button. It helps print webpages that print like... You know what I'm getting at
Yeah? Click the little down arrow next to the printer button. Then click "Print Preview".
> The New button on the toolbar to open new tabs
"Edit --> Preferences --> Multizilla --> Tab bar --> Enable New Tab Button"
> Many more options dealing with popups.
Such as what? Mozilla and Firefox both allow you to block or unblock popups on a *per-site* basis. Opera does not. Mozilla (et al) pretty much has the same fine-grained javascript controls (block raising/shaking windows, etc..) as Opera. Mozilla was the *first* browser to have "intelligent" blocking, which is a clever way of saying "block popups unless it came from a mouse click". Mozilla will show an icon on the status bar and/or play a sound when it blocks a popup. Multizilla (and possibly Firefox by default) can force popups to open in a new tab instead of a new window. If anything, Opera is slightly *behind* with respect to popup blocking!
> Mouse gestures
OptiMoz. Easy to train new gestures. Default gesture for switching between tabs is better than in Opera. Firefox also has an extension for this ("All In One Gestures", I think it's called). As an aside, KDE's gesture system is pretty cool. You can apparently map gestures to keypresses in any particular application now. It's still a little buggy in the setup, though.
See my reply here
if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
Okay, before everyone's heads blow off:
1. it is possible to both patch against the vunerability on the server side (rollup 835732, actually one patch, not a bunch as the post suggests).
2. You anti-virus program *will* figure out what is going on. Symantec and the like have updated their signatures today.
3. If you have XP, you can use the SP2 RC2 patch to make yourself safe.
So it isn't a pretty picture, but it isn't exactly the end of the universe as we know it.
Here's the link you asked for:
What a farse: the largest OS by orders of magnitude is hurting its own customers, and nobody seems to pick up on it! (I'm talking about your average home-user). This should be a prime opportunity for other OS's to move in and use M$'s inherent insecure approach to their advantage!
Mozilla Backup is what you need. It can be used to easily transfer a profile from one machine to another. (Supports Firefox, Thunderbird, and Mozilla)
link!
It may look like I'm doing nothing, but I'm actively waiting for my problems to go away.
--Scott Adams
I'm wondering if you could recommend any bad sites that I could take people to. Often when I try to convince people to switch to Mozilla/Firefox, they choose a site that happens to be built for IE, and I immediately lose their interest.
Washing your hands makes you safer from disease. It doesn't help you much when the guy behind the counter at Burger King doesn't wash his, though.
Ok, so you do all these things to make up for the holes in windows. Fine. That protects you, more or less.
At the same time, millions don't, and they get infected. Their infected system send the rest of us spam, ping attacks, and all manner of malicious traffic.
Microsoft got the exclusive license for all the soap machines and now they're not filling them. You can bring your own handiwipes, but you can't eat restaurant food. Or something.
Because the patch has been available for two months. Any site administrator who hasn't deployed that patch (see link on MS' page), deserves what they get. What's more, they're incompetent and deserve termination (of job, not life.) This issue is only "critical" because some people in power are retarded, nothing more. Truly, I have no sympathy for the site if they're infected becuase they're stupid--it's the unfortunate IE user who get's hosed on the matter.
Dude, that link appears to be in your signature, not in your post. Nice try though.
This news has now made front page at news.bbc.co.uk under the heading "People urged to avoid Internet Explorer until Microsoft fixes a serious security hole."
LISTEN UP Mozilla/Firefox/Opera people. Get your marketing divisions off their asses. You will most likely NEVER EVER get another chance like this. If you don't do something now, before MS responds, you deserve to to stay marginalised to the end of time.
/. Where the truth
We won't list the sites that are reported to be infected in order to prevent further abuse
Oh, fuck you and your "abuse prevention." The web sites that were compromised got what was coming to them. I have utterly no interest in protecting those sites at the moment. I am entirely interested in being able to tell my mother which sites she should probably not browse to. Yet they won't tell us what these sites are because somebody else might "further abuse" them? Who gives a fuck what happens to those sites at this point? They've definitely lost my trust, and nobody else should ever trust them either.
They could publish the list of sites that are affected... that they know of. How many dothey *not* know of yet?
The problem has a two-fold solution. One of those is securing the corporate sites. The average user can't do anything about that. The other is replacing IE. The average user *can* do that.
And, IMO, should.
That was only ONE of the options given.
http://www.google.com/search?q=%22217.107.218.147% 22&hl=en&lr=&ie=UTF-8&start=20&sa=N&filter =0
/. puts spaces in long urls...
Because
Seems everyone here has jumped all over using alternate browsers but they haven't said much about how this thing got started and spread: sites that use Microsoft's Internet Infection Spreader (IIS) as their web server. Interesting that the perps only made a subtle change to the sites to re-direct traffic silently to their own server that then installs the exploit so that most people won't even know where they got the infection and the people who run the site won't even know that they've been cracked.
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
The nerds will rebuild, and will be filthy rich. Women will throw themselves at us.
IT General: We have won again. That is good! But what is best in life?
IT Warrior: The open source, fleet processor, code on your screen, grease in your hair!
IT General: Wrong! Conan, what is best in life?
Conan: To crush your enemies, see them driven before you, and to hear the lamentation of the women!
IT General: That is good.
More than 35 according to this page.
And still they won't believe.
I should have known better than trying to provide specific hotkeys while at work without the browser in front of me. {wrinkles brow} I could have sworn I tried those and they didn't work. But that could have simply been from when I tried out Opera. Honestly, I'm not sure anymore. I apologize for being misrepresentive. As penance, as soon as I get home, I will spend no less than 30 minutes learning how to use the Mozilla browser, assuming it takes that long.
Deal?
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
It was half-jokingly suggested, but also seriously considered after the whole Firebird/Phoenix shitstorm with those DB people.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
by anonymous coward!
it doesnt seem to be faster than ie, and when its loading the page tends to jump around quite a bit as it loads images. ie tends to pause for a second but then dump a neat non-jumpy page to the screen for me. in my environment it doesnt seem faster at all, but im only using my amazing powers of observation so no actual test to back this up...
the small icons are too big and i cant see a way to get the menu, icons and address in the same row like i can in ie. i prefer a minimal interface so i get the most real estate. i also dont like tabbed browsing, i prefer to use the taskbar and multiple instances of the browser. firefox lets me do both, thats good.
f11 works to full screen, but i cant seem to auto-hide the control panel (which on ie gives me the ultimate in real estate) - back in the day i used to use netscape but i seem to remember switching to ie when i discovered that full screen mode.
ive only just strted looking at this one so perhaps i havent found how to do some of the things yet, but what annoys me about most browsers ive tried is that i cant customise my interface the way i want to.
What year is this, 1995?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
it always asks you first (in a stern fashion), and if you're not logged on AS administrator on a windows box, it won't put it in any other user's profile... it contains the damage.
Of course, I wouldn't be surprised if the XPI contained some win32 code that attempts to install other software on the machine using Administrative rights if the user has it...
Just goes to show, don't run as a privledged account... use Run As... for stubborn things like Quicken or certain games.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
NetSec's Houlahan advocated drastic action.
"I told my wife, unless it is absolutely necessary and unless you are going to a site like our banking site, stay off the Internet right now," he said.
Hahahahahah. Tool.
http://mozilla.org/products/firefox/
They would have been forced to issue a recall a long time ago. Ok, quite a lot of recalls.
im just wondering about one comment you made about ie automatically downloading things. by design it wont automatically run applications, it takes a dumb user to accept whatever. surely someone can accept malicious spyware using any number of browsers?
running a few pc's here at home i note my pc never gets any crapware (adaware agrees) while my sister in laws gets infested cause she doesnt know what to refuse. surely she would still get the same questions asked by firefox?
ill have to go looking for a page that tries to install a date/time manager or some crap to test this now on both browsers...
regedit.exe
Open HKEY_CLASSES_ROOT\http\shell\open
Remove the "ddeexec" subkey (subfolder).
Go into the "command" subkey (subfolder).
Change the (Default) string to this value:
"C:\path\to\mozilla.exe" -nosplash -url "%1"
Make sure to use the full path to mozilla or firefox. Also, keep the quotes.
To test, go to the run menu and type in an http:// URL. It should pop up a new mozilla window to the webpage.
Do the same thing for HKEY_CLASSES_ROOT\https and HKEY_CLASSES_ROOT\ftp to get the HTTPS and FTP protocol handlers as well.
Mail (mailto: links) is a little trickier. Use this guide for assistance.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Microsoft's website on how to fix this for the corporate sites is pretty simple - keep your system patched. Is that too much to ask?
It used to be that CERT would be all over these situations. Now on the occasion where I do get an e-mail advisory from them, it's old news. What has happened to this once-useful organization?
The bbc story is here.
...through the course of a day.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
http://www.google.com/search?hl=en&lr=&ie=UTF-8&sa fe=active&q=cross-zone+scripting+exploit+test+tool
The content on this page causes my a/v software to spawn an alert. A friend who's in a better-firewalled environment is not seeing his browser throwing an a/v alert.
What we're trying to decide right now is if the problem is at my end or at his end - is it that my a/v product sees things his does not, or that his firewall is protecting him from things mine is not?
My first step was to turn down all the bells and whistles in IE. I continue to see the payload try to get sucked over.
Thanks again to the team at Microsoft for providing us with such productive uses of our time.
How about a Mozilla plugin to warn users prior to loading a page from a site hosted on an IIS server?
Just add this simple rule to squid.conf:
deny_info ERR_BAD_BROWSER
acl BadBrowser browser MSIE
http_access deny BadBrowser
I stuck that in this morning as a quickie fix. Later on I will redo it to allow specific browsers and deny all others. I might even modify it to redirect to the FireFox download page instead of displaying an error.
-- Will program for bandwidth
doesn't allow scripting languages in webpages to reference internal URL handlers. The potentially dangerous URL handling starts and ends in the URL bar of the browser. (Apple made a mistake in expanding this functionality in Safari...)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
I regularly get half a dozen virus-laden emails a day from SBC Yahoo's email system even though they CLAIM they check for viruses.
They also claim they have removed virus-infected attachments from various emails but my AV shows the attachments are STILL THERE and STILL INFECTED. This is much worse than their AV just missing a few viruses - it is actively claiming to do something it isn't doing.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
I like the new acronym that zdnet made up - "RAT" for "Remote Access Trojan"... but then what other kinds of trojan are there?
Even if you were to uninstall "Internet Explorer" from the Add/Remove Programs applet or delete the "Internet Explorer" folder in Program Files, it would not affect applications reliant on Internet Explorer web services.
The Explorer.exe shell requires MSHTML.DLL and other IE web services/files that are all located in the SYSTEM32 folder. Windows would never allow you to remove them, even with System File Protection turned off, as it would be unable to load its own shell.
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
This part works
To test, go to the run menu and type in an http:// URL. It should pop up a new mozilla window to the webpage.
HOWEVER
as far as from within a windows folder, still launches IE.
"... Meanwhile, the average Internet surfer is left with few options. Besides choosing the highest security settings for Internet Explorer, Windows users could download an alternate browser, such as Mozilla or Opera...."
Finally, some good advice. How many times do you read about Outlook and IE vulnerabilities and the that author omitts the obvious... stop using those damn products!
...I would like to thank ALL you Windows/O.E./I.E./I.I.S. users out there for your noble sacrifices as targets for every little viri writer/wanker out there.
Your selfless efforts to protect all us Mac OS users from their evil efforts brings a tear to my eye!
Thank you all!
Guaranteed! This comment 100% Anthrax free!
Wonderful browsers, both of them.
Firefox has the neat ability to actually FORCE websites to use my fonts easily accessible (considered a plus by some) and Opera feels faster out of the box.
I would love to say Opera is the best, but the best browser is one that can actually SAVE PAGES DECENTLY. (Sorry, Opera zealots. Hundreds of files in a top level folder is not "organisation").
Peace out, and word to your mother...
and stuff...
Jason
THSsMCHshrtrTHN160chrs -- And I don't even like to SMS!
They may be "scared shitless and completely ignorant" - but there are two types of ignorant people: stupid-ignorant people who throw their hands up in the air, and say "oh, well - nothing I can do about it" or fret over the problem, and intelligent-ignorant people who say "Damn, why is this happenning?", and then seek out sources of knowledge, using the internet, library, bookstore, friends, etc - to come up with an answer, a solution, and then learn (thus losing the ignorance of the problem) - so that they have a future more enlightened and knowlegable view of computers as a whole.
Unfortunately, most computer users fall into the stupid-ignorant category. Furthermore, it not only affects their daily computer usage patterns and "knowledge", but their entire life. These people seem incapable of using logic and reason in a manner which increases their knowledge base on any subject. These are the people who don't seem to understand that you need to change your oil and shocks on your car, or that timing belts need to be replaced (lest it breaks causing massive damage to the valves in your interference-style engine - big bucks for the machine shop). These are the people who buy brand new houses in brand new subdivisions with brand new HOA agreements (for brand new ultra-high prices) - then get angry because the HOA fines them for having grass an inch higher than it should be (one would think they would have read and understood the terms of their contract, and what they were getting into) - oh, yeah - and the house is built like a cardboard box that can have a golf ball knocked through it...
I don't pity these people - I openly laugh at them. I have tried to educate them, but the knowledge that I try to impart upon them just sails between their ears - you can damn near hear the hollow echo of the wind from their heads, as you gaze at the empty and far-away expression they wear on their faces.
Hell, even sheep look more intelligent at times...
Reason is the Path to God - Anon
Sorry, I've tried. Its impossible to get people to switch from IE to firedonkey because it is slow, counter-intuitive, and offers nothing. Why would someone want to switch to something worse? I have only ever managed to convince one person to use moz and have them stick with it.
On the other hand, *everyone* except a single M$ zealot I have shown opera to has switched. Nobody buys it obviously, but as bad as I feel about that, I would rather have them running illegitimate opera than IE.
F.U.
'Zilla rules.
Opera drools.
Go to LitePC.com and try 2000/XPlite. It'll let your remove IE while retaining shared files such as shdocvw.dll.
>>"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.
That's great an all, but what about protecting the users, which can mount to millions of IE users being infected, because they aren't willing to say..."This week don't visit: eBay, Bank of America, etc., etc."
I'd say its more important to protect the uninformed masses of millions of IE users that they need to not visit 25-50 websites for a week, or switch web browsers, then it is to protect those 25-50 websites.
Monopolies, since they have no competition, drag their feet. They chug along at their own pace. But when they start having serious problems with their products, it's already too late. They have a cumbersome task of fixing them. The end result is customers seeking an alternative. Monopolies literally create their own competition due to negligence and lack of motivation. This holds true for Microsoft.
If you're talking about .HTML documents in a folder somewhere, you need to associate the filetype with mozilla (a similar process, but can also be accomplished under "Tools (menu)...Folder Options (menu option)...File Types (tab)" in a windows folder.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
> The blame doesn't rest with stubborn users who refuse to switch.
Wrong. The blame doesn't rest with the ignorant masses who don't even know there is a choice. But those who DO know there was a choice and choose IE are more to blame than Microsoft when they get owned. Life in a Free Society breaks down unless people are expected to accept responsibility for the choices they make. They knew the risk and accepted it. That means they are responsible for the results and should be bled like cattle when they bring their PC in to be fixed and the techs should sleep the peaceful sleep of the just when they go home at the end of the day after dealing with these fools. If this attitude becomes widespread, perhaps they will make wiser choices in the future.
Democrat delenda est
The CNN article says that the infected websites are running (you guessed it) MS IIS.
We are the 198 proof..
The nerds will rebuild, and will be filthy rich. Women will throw themselves at us.
If you see women throwing themselves at Nerds, the second coming is about 5 seconds away.
Here's hoping that Slashdot karma is redeemable for entrance into heaven. Otherwise I'm screwed.
--LordPixie
really, that's about it. You help people until it becomes impossible to help them, then send them on their way to learn on their own. They can either do it themselves or go pay someone to do it, that's the two choices they got. The big thing to me is, you don't take abuse from people you are helping for free. A misunderstanding, a clarification, sure, but abuse? Not happening.
Blue Oyster Cult was first known as Soft White Underbelly. Props to grandparent, parent goes back to rawk skool. ;-)
Corruptissima re publica plurimae leges.
it wasn't a hardware failure, it was users failing to follow good computer advice, chronically. A hardware failure I can understand,it's happened to everyone, and not everyone is a tech there or could figure it out, but chronic non safe computing over and over again just because "you" insist on it, then "you" fix it. First coupla times free, after that, tough love, on your own then. The first time is swell, you didn't know. The second time is "please pay attention, I'll do this again,fix everything and spic and span it, and this is what you should do different, and etc..", the third time, to me, tell them they are on their own. Tough Love. They are still your relative/friend/co worker whatever, but comes a time you got to cut your losses.
Yes, obviously people are visiting sites they shouldn't and not keeping their software up to date. If only we could educate the stupid users.
It makes no difference the type of software anyone uses. If apache was as popular as IIS, there would be all kinds of problems with it.
Did I miss anything?
This is the perfect situation for a class action suit. Simply visiting a site puts a person in a situation where they are caused some type of harm.
I can't wait for the headlines: If you use Microsoft products, you are liable to be sued!
The Windows Experience.
Derek
As others have mentioned, the new IE patch for this weakness is here and here. If you don't have time for that, you can try a temporary but standard Microsoft workaround over here.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
And will you be downloading that software with Mastercard or Visa?
:D
I'll be using Bittorrent, thanks
1. Get Firesomething extension for Firefox 0.9
2. In the dialog box, remove "Mozilla" vendor and add "Microsoft". Remove all prefixes also and add "Internet". Remove all names and add "_Explorer" (substitute the underline for a leading space). Enable the "single name mode". Apply.
3. While you are at it, get the Luna Blue 0.4 theme from http://www.intraplanar.net/projects/lunablue/
4. Adjust the icons so they look really like explorer. The order should be back, forward, STOP, RELOAD, home, separator, favourites, history, separator, mail, print
5. Do as stated above, rename the shortcut to "Internet Explorer" and change the icon to the blue "e"
6. Never again worry about worms.
Dear aunt, let's set so double the killer delete select all
The list of affected web sites should be posted ASAP to warn the public and to pressure the affected sites to get their act together a little better.
And if you don't want to go through all that, might I suggest backing up any important files and switching to Linux? It may be a big download (Fedora is around 650 MB, yes), but you don't have the security holes or the yoke of the Microsoft Collective on you.
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
Mike Myers lives on :)
= Don't Use Microsoft Browser!
Andrew Yeomans
check the links on the right of the BBC story. finally mainstream press seems to be 'getting it.'
http://news.bbc.co.uk/2/hi/technology/3840101.stm
Of course, mentioning the patch that was released in April would make it sound like you were trying to actually help.
Once again, are you really helping, or just being an asshole?
You know, we finally got Michael to stop forcing his opinions onto every Microsoft related story. Don't you start. You're embarassing yourself and Slashdot with this juvenile "I told you so" taunting.
This sig intentionally left blank.
Is there a way to put all these blocked hostnames into our local DNS server (Bind 9 on Linux) so that all the users here at my company can benefit without having to manually add them to the host file on each and every windows box?
MoZuki???
Firefox &
Every time a new version of Opera comes out, I duly install it on my PC and give it a whirl. And I end up sticking with Firefox.
Opera is ClutterWare. It's user interface sucks big time. And in my testing, it's nowhere near as standards-compliant as Firefox.
Give me lean, clean, amd mean fiery foxes any day.
The full text of the book "Rapid Application Development with Mozilla" is available in PDF form from here.
You'll find it helpful.
groovus-bookmark
Let's face it. Installing Opera / Netscape / Mozilla isn't exactly rocket science, even on Linux for a newbie. (of course, if one is on Linux, there's no problem, though I recommend NOT volunteering to beta-test IE for Linux should MS ever make one)
If NetSec's CTO isn't up to the job of installing a new browser on his box, that company is in even more trouble than the average Net user.
Anybody see any sites implementing this exploit at a "proof of concept" level?
Tech Public Policy stuff
Well, I guess the profit comes from all that time he can spend just working, instead of losing productivity dealing with the latest Windows horrors.
But if your time is worthless, I can see why you wouldn't want to switch.
I somewhat unrelated news mozilla's bugzilla system ners to the 1/4 million bug milestone.
Nuf Said
GPLv2: I want my rights, I want my phone call! DRM: What use is a phone call, if you are unable to speak?
Instead of sending the credit card numbers to somebody in russia, The next version of the virus should just send them to gates@microsoft.com Wouldn't that just make life easier on everyone anyway?
Once a worm gets through a vulnerable browser to a system, it uses every possible exploit to spread to the other parts of the network and affects even users with secure browsers. So, to save the web we need all the web users to switch from IE to a more secure browser. There's no use just telling it again and again on slashdot for the simple fact that the majority of the web users aren't slashdot readers. I still see people using version 4 browsers, IE 5,5.5 et al...wtf? Does that mean these guys will never upgrade their browsers? Then the only choice to have a safer web for all.. I believe, is is to install linux in their computers.
And don't forget OFFICE UPDATE if they're using Outlook through Microsoft Office. The reason people are getting viruses through Outlook is that it's a completely different site than Windows Update. Go to the Windows Update site and click "Office Update" at the top. Then use it to patch Office.
"Javascript and HTML are inherently insecure. With the Longhorn Windows 2007 Operating System we are offering some advanced new features that will enhance your browsing experience.
We hope the public has learned about the dangers of the standard web from these exploits, and embraces these new standards.
Transmission ended."
You can check a site's vulnerability though at Netcraft's What's That Site Running? It will tell you if a site is running Microsoft-IIS or something different.
I have mine set to max.
kerneld32.dll is really ok, wow, cool
Cowboy Neal m'boy!
You've never written better. In two short grafs you sum this one up better than anyone could have done - bloody brilliant.
To tell the truth, what's left to discuss? Microsoft is shit - anyone still disagree? Put up your hands and say 'aye!'
This is the ultimate irony, the ultimate poetic justice, the ultimate karma for a company that never cared about quality or about product. They wanted to be in on the personal computer revolution, so they traveled to Albuquerque, wooed Jobs, finagled Mac prototypes, bought a source code Unix - and when the web came, did a skip with Spyglass to make IE not to make a good product but to keep Netscape out of the market. Who amongst us could think of wasting five billion dollars just to keep those Mosaic dudes out of our back yard? Who would have even entertained such a thought? Look at IE today. Has it gone on? No. Who cares about the DOJ trial in Redmond? Maybe a cleaning lady at most. Netscape got the count to ten and they're gone. No reason to pursue IE development anymore, and guess what? It stopped all right. Look at DR-DOS - OEMs petitioning Gates for years to improve MS-DOS and did he care? No. But when DR-DOS was poised to enter the market, what does Gates do? Writes that notorious memo 'is there anything we can do about this?' Borland takes over the compiler market and they have Quattro Pro too. WP is still strongest in the world. What does Gates do? Initially nothing. Microsoft compilers are so bad they can't even use them internally. But WP and Borland become too much of a threat, so what does Gates do? Does he own up and say 'sorry, my products are shit, we're going to fix that now' or does he improve them just enough to crush the competition?
[Remember when he wrote in his infamous letter about wanting to hire ten programmers to write the best software ever?]
Gates tells the world 'I'm so sorry so very very sorry my software has hurt you all and now we're going to write trustworthy code.' And OK, that day will never be seen, but it's a long jump from code that can't be exploited to code that is good, that is driven on by a zeal to be excellent. That sentiment is verboten in Redmond. It doesn't have a place. And finally things are looking good - oh excuse me, I mean bad. No really, we're discussing it here over a dinner and we think it's bloody beautiful.
There's justice in the world after all. Try to make a good product, really try, have that as your #1 goal, and things like this won't happen - not to this degree, not normally. Position yourself with the ethics of Gates - IT mongrels in the extreme - and it's bound to happen sooner or later if there's any justice in the world.
I've got my fingers crossed. I have a profession I am proud of, and it's going to be good to feel that pride and satisfaction again.
Cowboy dude, thanks for a great story.
man, I forgot about rust! You are correct, up there, cars just dissolve, and you can't take a nut off two in a row, one of them busts. Yep, remember it well, all my first wrenching was on rusty junkers. Such a long time now though I plum forogt. I grew up in michigan so I know about rust buckets and "winter cars", you stick your good car in the garage and driver some old bomb you don't care in the winter. I live in georgia now though and cars just don't rust much. I got a 75 chevy van got over 300 thou on it. It don't burn oil yet but it leaks it out the front seal. Only rust on it is where I had a small fender knock and it crumpled a little, just the crumpled part is rusty, I banged it back out some, done. Never been much of a body guy, if it runs and the doors and windows work I don't care really.
;)
I don't like computerised stuff because a lot of it fails all at once and you got to get towed back. I like cars that start to go and give you a warning to get something fixed. It's bad enough I got HEI, had that go on me once,no notice, late at night, just stopped working driving down a semi main drag. PITA. Only time I needed it towed back. Never had to get towed with any of my point engines that I can recall. I just like cheap and simple, parts on new cars are ridiculous expensive and there's 5 times as many of them to do almost the same job. Some stuff about new cars I like, most I don't though.
Of course, I admit I am a curmudgeon... and a crank.....
Keep a vi open in another X-window and paste the cookies in there. =)
Lost at C:>. Found at C.
MOJI
Crazy Browser is that affected? isn't this IE based and if so might be vunerable too?
Blarney Quality Restaurant, Plants
Seeing is believing. That's MPlayer running through AAlib.
On a more serious note, here's Lynx and Links looking at SlashDot. Still quite useful. Not so special for seeing the latest from Cassini or Rutan, but more than enough for 95% of your browsing needs. Links can be compiled to (if run under X) display images.
Got time? Spend some of it coding or testing
...EMACS as "Eight Megs And Constantly Swapping". Now your keyboard or mouse might have more RAM, and your 'phone certainly does. The march of progress?
Got time? Spend some of it coding or testing
...the instructions are here.
Got time? Spend some of it coding or testing
Or a website, for that matter...
I'm kidding, I love lynx. This is the only browser I allow my kids to use. That way I know they won't see any pr0n.
I would gladly engage you in a conversation about what constitutes a lie, however there is a larger point:
Clearly you have never had to provide support to the average Internet Explorer user.
This disqualifies you from making comments on the techniques employed by those who do.
argh
Can y'all be a little more specific with the how/what/where this drive-by supposedly comes from?I use a program called No! Flash (version 1.5) to turn on & off java/flash.gifs/sounds/etc at will. There's only one javascript on that site and here's what was inside:
[Fuck Beta]
o0t!