Slashdot Mirror
Dept. of Homeland Security Says to Stop Using IE
LWATCDR writes "I have been saying this for a long time but now it is offical. From Yahoo News:
'The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.'" In related news, rocketjam writes "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
"In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."
This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer. You gotta love this. You just cannot make stuff up like this!
Cheers!
Erick
http://www.busyweather.com/
What's next, a recommendation that everyone stop using Microsoft Windows?
New: Microsox Windlls FU SP7 w/Ubernet Exploiter (a free pile of bugs in each release!)
I have been saying this for a long time but now it is offical.
<Shakespeare mode=Hamlet>: There needs no ghost, my lord, come from the grave to tell us this.</Shakespeare>
Really. How long before the Whitehouse figuratively grabs Tom Ridge by the lapels and tries to throttle him. Such harsh treatment for a huge dono^H^H^H^Hemployer. Oddsbodkins, what next, the GWB DoJ was soft in pursuing the danger of monopoly exploitation of the browser market?
A feeling of having made the same mistake before: Deja Foobar
Horray for the Department of Homeland Security! LWATCDR is not the only person that has been saying "get off of IE" for a long time.
Now the pressure is on Microsoft to get their shit together and make IE more secure, or risk losing their commanding lead in the web browser department. Even my dad, who would rather not use a computer than have to start using different programs, has asked me to put FireFox on his system. And my dad's boss, who is quite possibly one of the most computer illiterate people in the world, has expressed interest to him in moving the whole office off of IE onto another browser.
It really says something for how widespread this news is. If I was MicroSoft, I would be scared at this point.
Been there, done that, got the t-shirt.
We did this story on Sunday...
However, in CowboyNeal's defense, both articles cited here were published after that story on Sunday, and we now have the news of Microsoft's rather weak reaction claiming that CERT didn't mean what we all saw them say and Mozilla's reaction that downloads are up since the first reports. Still, that's a Slashback, not a new story.
resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers
Duh. All our friends at Microsoft need it too.
*grin*
*grin*
Free XBox, PS2
I didn't listen to them when they asked me to duct tape and plastic wrap my house, I didn't listen to them when they raised the alert level 5 different times, I didn't listen to them when they told me to trust them, but I am glad that other people do... Perhaps this will do double duty! It will fix websites that cater to IE only so that they work with the currently "broken" Firefox so that I don't have to refresh or cross my fingers to get it to work.
"According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
I hope that this also translates into a large spike of donations to the mozilla organization. Firefox and T-bird are teh moh scheezi, and i started using mozilla years ago.
I've donated about $150 over the years, how bout y'all?
do() || do_not();
the courts have ruled that Msft's bundling and pushing IE with every OS purchase is good for the consumer. Let business be free to manipulate their customers! It's good for the economy.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Now that everyone and his brother are using Mozilla Firefox, I guess that I will have to go back to using Opera again. At least the ads do not take up as much space as they used to.
Who would have thought it? The government saying something intelligent; about 5 years too late, but better later then never.....
Now all us computer nerds will lose our counter culture edge. Plus you'll no longer be able to detect a fellow geek merely by his browsing choice. I guess we'll have to go back to tossing off random Kevin Smith quotes and seeing who catches on.
Firefox, you need to do yourself a favor. Flawless pop-up blocking, the beauty of tabbed browsing...real standards implementation...the list goes on and on. Now, if only Windows would be declared a national security risk...
Don't be a looter...and yes, I know that it's spelled with an "A" instead of an "E".
1) Create product that a smaller portion of the population uses, thus keeping the effectiveness of attacks on your product less desirable than the other 2) Give your product away for free, open sourced, and up to date with all the latest standards, oh, and make it more secure (novel idea, really) 3) ??? (wait about five or six years for a government agency to declare your competitor's product unsafe enough to get the CERT all riled up) 4) Profit, or How Mozilla Pays M$ Back for The Whole Killing of Netscape Thing
Viva la revolutione!
...whew. That's as much as the most popular SourceForge project.
And I thought my charts spiked after I started mirroring CVS... crikey.
The Army reading list
Hopefully people switching to FF will mean that more bugs will be squatched from it. Perfect timing for that 1.0 release.
wow!!
I am the Alpha and the Omega-3
farq no, baby! FAIL THAT!
Recently I was cleaning rather obnoxious spyware off of my sister's laptop. To prevent further infection, I was asking her to install Firefox. I said it'll block popups. Still reluctant. Tabbed browsing? Nope. More secure? Nu uh, still stubborn. Stop the spyware? No. (She's getting irritated at this point). CERT Recommended to stop using IE? Still won't let me install it.
*pause*
She then asks if our mother uses it. I said yes (thanks to me).
"Ok, install it."
Homeland security be damned, it's the MOTHERS we need to convert.
For those considering installing Firefox on Win2k PCs they don't have 'administrator' accounts on, I can report that it installs and works perfectly well from a 'power user' account. Perfect for those considering an installation on a work PC.
You should probably find out if IE uses any work-related proxy-server and change that setting manually in Firefox once the install is complete.
Happy browsing!
Imposing Libertarian views on everyone online since 1992.
Homeland Security says to stop using IE but in the Air Force we're still using it and I haven't heard any plans to switch to something else. It's good to know that the DoD is listening to the security measures of the other departments.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
"...inserts Java scripts into certain websites.."
Java is scriptable now? I thought it was dying?
Slashdot sucks
I guess this means we'll start seeing more exploits for Firefox (or attempted exploits; ie, bugs).
-- My HARDWARE, My CHOICE.
that the Department of Homeland defense was evil and wrong in everything it does and says? ;)
Not 4 months ago MSN.com (obviously slanted) was trumpeting around "BROWSER WAR IS OVER!!!" and proclaiming that IE was the clear victor (though they never gave the conditions that made it a victor, they just sensationalized and re-iterated the same shit over and over in different wording in True Fox News Style(tm))
MS to "win the browser war" just in time to have their browser shot down every time they turn.
They had better wake up to this, too... These days, "internet" is about 85% of what computing is about. MS with all their attempts to blur the lines between your computer and the internet, and their flagship web application is poo.
do() || do_not();
I'll beleive it when I see a decrease in IE use on my webserver logs. Or maybe on netcraft. Would be a sweeet thing to see!
It's vibrators next.
For you as well as her.
The Department of Homeland Security...recommended for security reasons using browsers other than Microsoft's Internet Explorer.
Well, no shit sherlock.
..that the hackers will start targetting Mozilla/FireFox now as it might become the dominant browser out there.
They will always target the browser having the most user base as the probablity of exploit becoming successfull increases.
I use Mozilla for most things, though on my Mac I increasingly use Safari, for the simple reason that I feel that Mozilla's rendering engine needs work. Gecko is slower at rendering pages than the engine powering Safari. Maybe had I a more recent computer I wouldn't notice the difference so much, but for many people this could be a sticking point. Some people I have spoken to still feel Mozilla and Firebird lose out against IE for just this reason. Other than that, I like the browser (Mozilla that is), and I am using the most recent release.
Jumpstart the tartan drive.
Finally they have the Homeland Security has smarted up about something. I have read several articles that IE has yet to patch holes in their software they have known about for several years, and those holes are not the ones exploited by the recent trojan. Hmm... can anyone say "Recompile your browser in Windows and give it the IE identification (when you go to websites) and install Mono"
I've been posting news articles like this one around the workplace, but man, is it hard to get anyone to listen. If HQ won't even listen to this headquarters's own IT department, why should they listen to someone in R&D?
Bah. Anyone have any advice on this?
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
The only really safe browser! Not so good for browsing porn sites, but since you want to download the images anyway, maybe lynx is good for that too!
I Am My Own Worst Enemy
as mozilla numbers go up, couple of days ago I found a download request for a very suspect xpi file while browsing a ****z site
time for some security headache?
Microsoft released a fix for this issue today. Basically it disables the ADODB.Stream object. However, it requires a regedit to implement. I imagine a hotfix is forthcomming. Still, Firefox and Mozilla don't suck at all, so people should at least use this as an excuse to give them a try IMO.
There is nothing inherently safe about liberty. That's why so many people died protecting it.
This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer.
Translation: After all those horses get out of the way, we'll have your barn door fixed in a jiffy.
A feeling of having made the same mistake before: Deja Foobar
Should I pick one from this list? http://secunia.com/advisories/11978/ Hmmmm....
"You know Myra, some people might think you're cute. But me, I think you're one very large baked potato."
I've been interested in switching browsers for awhile now -- particularly since my windows is borked and despite owning it legitimately (won in a contest) it think it's pirated and refuses to get any IE security patches.
But a few confusion points are holding me back. Likely holding back a lot of folks who might switch, so if you know, dive in and lay down some evidence...
1. Which of the two browsers is simpler / less bulky, Mozilla, or Firebox? I don't want something slow loading, bloated with features, and overcomplicated. You know, IE.
2. Can either of them merge with Windows the way IE does? Running URLs from the Run box, for instance. I don't want to accidentally launch IE by the old methods.
3. Does Mozilla still have that stupid "download manager"? How do I turn it off? Every time I wanted to save a file that thing would pop up when I just wanted the simple windows of an IE download that go away when done.
Obviously, I am t3h n00b. But that means I'm the audience you need to sell on the idea of ditching Microsoft the most -- and I plan to pass it on to friends, coworkers, etc.
The Department of Homeland Security recommends not to use George Bush anymore - because of serious security leaks and erratic behaviour.
People in this thread keeps saying that M$ is under pressure and this is the best news since sliced bread. Well, I see this a wee bit different. Now, Mozilla is under pressure!
Once Mozilla gains sufficiently market shares, we will see exploits for that browser more and more often. And yes - there will be exploits. IE is not compromised so often just because it's poorly written, but because it's so popular that hordes of script kiddies are trying out every possible hack.
Not that it stopped hordes of travellers anyway.
Maybe people will choose to take charge of their own computer security like I've ranted about for years now.
Use Evolution instead of Outlook? Bewa
Yeah...monopolies are great! See...you can um, build a browser that doesn't really follow any w3c standards. But since you're a monopoly, it doesn't matter and it forces everyone to code for your browser instead of by the standards. And then...you don't have to worry about that pesky competition and the innovation that is created by competition. That silly innovation could lead to very secure browsers all around.
Oh wait...now it's all tumbling down. Who would have guessed being a monopoly and then not even following any standards but marching to the beat of your own drum would end up hurting you?
Yet...I still wonder how this will affect Microsoft. Do they even care?
"He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
A support article by Microsoft suggests a solution to the holes in their product, specifically the one where an address can be spoofed and displays a different url than the one you're actually at. Solution: Don't click on links! :)
"The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself."
After making the switch to Mozilla Firefox and using it for two days, I'm hooked. I downloaded the All-in-One Gestures extension, and I can't for the life of me figure out how I ever lived without it. It's a whole new paradigm in browsing. This is another milestone in the MS exodus towards open source and Linux. Disclaimer: I do not work for Mozilla... just a satisfied user.
When I become an Evil Overlord: My ventilation ducts will be too small to crawl through.
Well, if you really want to be counter culture, just wait a few months, then start using IE again after the bulk of computer using Americans move over, that will really shock your friends, it can be like a cult
yes actually they do, because they follow the recommendations of the w3c.
Ralph Nader to get on National Television and Proclaim that "Internet Explorer is unsafe at any speed"
This comment proudly posted through Firefox.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
This kind of thing could be serious for Microsoft. Their strategy is 'thick client' - the browser and other features are integrated into the operating system. If security issues remain while the browser becomes a fundamental part of future Windows use, their are in trouble.
If we all stop using Internet Explorer, the terrorists have won!
"Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
Let's see what we have here.
- First sentance tells us that Microsoft isn't going to try to attack the credibility of CERT because that'd be unlikely to get anywhere.
- Second sentance is trying to blame "the media" for misreporting the story, but the media's working from a primary source that has a section heading called "Use a different web browser". I don't know how you're "misrepresenting" that when you take that as a suggesting to download any browser that isn't Internet Explorer which means Mozzila, Opera, Netscape or any other compeitor out there. They want CERT to take back the recomendation to just stop using IE... that's the only kind of "clarification" that's possible here.
Microsoft clearly wants a CERT retraction. But do they stand any chance at getting one?
I use IE on most of my PCs because it's fast. Not just fast to launch (that's obvious) but faster at loading pages and faster at scrolling.
In the Real World, Pentium II systems are the norm. Not everyone has a watercooled P4 monster. Heck, in most of the machines I see and work with, you're lucky to have a real video card. There's nothing like a PII/350 with onboard video using shared PC100 RAM. Sooo slooow.
Back to IE, it's *much* faster than even the latest builds of Mozilla and FireFox. With config tweaking and other incantations, the gap narrows a bit, but IE still wins.
I would love Mozilla, *IF* it was faster.
I didn't listen to them when they asked me to duct tape and plastic wrap my house, I didn't listen to them when they raised the alert level and color five different times, I didn't listen to them when they told me to trust them, but I am glad that other people do... Perhaps this will do double duty! It will fix websites that cater to IE only so that they work with the currently "broken" Firefox so that I don't have to refresh or cross my fingers to get it to work.
'Bout time a message of this magnitude got pushed out into mainstream visibility.
The CERT advisory specifies:"Such a decision (remove IE) may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX."
OK, tranlation, less popup, less flashing colors, less annoying mouse cursor with trailing text, and no more auto-install of spyware. hmmm, I don't see a problem here.
1) IBM is our friend
2) Apple is no longer just for coddled sheep
3) Sun is dying
4) Sun is embracing linux
5) Sun is no longer embracing linux
6) SGI is dying
7) ???
8) We might be watching the beginning of the end for Microsoft. Not just in this, but the whole pile of events over the last couple of years. If Microsoft loses relevance, and market share, and withers away...
Who Is Going To Be The New Evil Empire????
I want to know who to unconditionally hate next!!
do() || do_not();
there was a big show about MS and intergrating their browser in the OS and how everyone thought it was unfair tactics and a monopoly? and by everyone I mean netscape.
revenge is so sweet, isnt it netscape? oh wait. nevermind
...and paid the fee for an "annual subscription". This way we get each new benchmark release on disc -- along with the latest semi-stable version of the experimental software (firefox, etc).
MEK
Credo quia impossibilis -- Tertullian
Its about time somebody in the government saw that IE is a piece of crap.
Anyone want to place bets on whether some clever MS lawyer is preparing to argue that any antitrust action related to the browser bundling should be tossed out, because the feds are now encouraging people to use browsers written by the competition? After all, if the government acknowledges that there is legitimate competition, then clearly, MS must not be abusing its desktop monopoly, since so many people are now downloading those free alternatives... right?
As an alternative... imagine if DHS came out and said that a flaw in GM vehicles aided terrorists, and people should purchase Ford and Chrysler vehicles until the flaw is repaired. Do you think GM would immediately start demanding financial compensation for lost sales and market share from the federal government?
Now, extend that to MS, despite the fact that IE is, effectively, free. If the whole thing still seems unbelievable, insert Robert Heinlein's quote about corporations thinking they have an unassailable right to make a profit above all else here. I'll bet good money MS is already preparing the legal briefs for some kind of retaliation.
Someday, you're going to die. Get over it.
Adventure, excitement; a Jedi craves not these things.
sudo eat my shorts
Cool, will that mean that some of the idiot web designers will actually start taking non-compatibility complaints seriously? Like those ladened with Javascript that works nowhere else but with IE. Take Expedia.com, where the calendar pop-ups only work with IE or Priston Tale web site where the side menus don't appear if you don't have IE (I already supplied a fix which was ignored) - actually this one should be lumped with the GIS2 web site for excesive use of Flash.
Maybe pigs will fly first?
Just one note Mozilla has one big advantage over Opera and Safari for MS base corportate networks: it supports NTLM.
Jumpstart the tartan drive.
I'd like to take this opportunity to emphasize the negatives of an unhealthy competitive market.
When monopolists crush the competition, and you have one company with 95% marketshare, that company gets lazy.
It produces shitty products, slows development (compare development now with when they were trying to crush netscape), all the while making monopoly profits.
Thankfully, the GPL seriously reduces the barriers to entry, because it would be DAMN hard to get either Gecko/Mozilla or KHTML/Konqueror/Safari relicensed and 'shut-down', or integrated into the MS lineup.
Mark my words, if there was no one else but Opera, MS would think long and hard about crushing it.
Monpoly bad, folks, m-kay?
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
I've now moved my family over from IE to Firefox - before I wouldn't really have been able to do it as they would have complained when something didn't work the same, but now I have a great reason (stopping our computers getting compromised), and they're all behind it.
My daughters actually prefer it now - citing the way that they don't get pop-up ads any more.
It's good - I think by the time Microsoft come out with a patch they'll be so used to Firefox they won't want to go back to IE.
Horray for the Department of Homeland Security!
This is the same Homeland Security that advised Americans to duct tape their windows to safeguard against a biological or chemical attack, no? I'm not sure they are really all that well-regarded by anyone with half a brain anymore. I would have been a lot happier to see some other organization -- one with more credibility -- come out with this warning.
Now the pressure is on Microsoft to get their shit together and make IE more secure, or risk losing their commanding lead in the web browser department. Even my dad, who would rather not use a computer than have to start using different programs, has asked me to put FireFox on his system. And my dad's boss, who is quite possibly one of the most computer illiterate people in the world, has expressed interest to him in moving the whole office off of IE onto another browser.
I'm not doubting what you are telling us, I would just caution against believing that this sudden urge to shore up their security is a long-term thing. First, people are lazy. They may say that they want to switch to a different browser, or lose 10 pounds by the end of summer, but that doesn't mean they are going to put forth any effort to do so. And even if they do make the switch to another browser, there are so many webpages that are "optimzed for IE" (i.e., won't render correctly with any other web browser) that I suspect many of those will switch back.
It really says something for how widespread this news is. If I was MicroSoft, I would be scared at this point.
I suspect MS is more "irked" right now than scared. I think it's too early to tell whether this story has any "legs". I strongly suspect that it's going to last for a few days and then will fall off the map. Microsoft has survived bigger problems in the past with no lasting effects. I'm really doubtful that this will have any measurable impact on them in the long term.
Call me a pessimist, but that's how I see this one.
GMD
watch this
I mean, how can an internet browser have security holes? Honest to god you must be some monumental retard to let that happen.
in girum imus nocte et consumimur igni
Mozilla Tech Support: 1-800-843-4564
And yes, I am a gentoo user, in fact I'm able to post this message 7.3% faster than a Debian user because I have optimized binaries.
Hi all. Yes Firefox is great. So is Mozilla. For me - I was happy to pay $20 (student price - just fake student #) for Opera. In my opinion, faster and much more intuitive than Firefox. Before you flame me: yes (*YES*) Firefox is great, so is Mozilla.
End of plug.
... this just in: a snowstorm warning from Hell!
Good, it means that they'll rewrite it, just like when Gartner said to stop using IIS. It's funny how little you hear about IIS 6.0, and that's a good thing. Even this combined problem targets IIS 5.0.
We must all switch to Opera before we loose our identity. Nerds will be reconized by heir use of mouse gesters while surfing the web.
You're right, but remember that they cannot run anything unless they have a brilliant and ingenious way to transform jpegs and boldface text into an infection.
NO ACTIVE X. That means no sneaky little programs in your system.
The open source movement is well on top of issues like this... always have been.
Also, politically speaking, the open sourcers and black hats are cousins on different sides of a moral question. Virus writers and spyware jockeys don't go out and try to attack open source. They know what they are up against. They prey on the weak.
Remember, Open Source is dragging Microsoft down on a mayonnaise sandwich budget. They know who not to mess with.
Now if we could only get Homeland Security to start talking about OUTLOOK EXPRESS, then I would dance a jig.
It has begun and already underway..
As for me folks, I have been an IE user for the last seven years of my life, and as of today, I am downloading FireFox and pledging my support. Its time we all gave Firefox(or other Browsers) a chance.
Remember, we dont have to run IE just because it came with the desktop. There are obvious better choices out there, free, secure and looking far better.
Rapid Nirvana
Homeland Defense keeps messing with the terrorist threat alert level. I ignore it all the time. But when something happens, they'll inevitably say "HA! WE TOLD YOU SO!!!", when in actuality, they throw so much shit against the wall that sooner or later, something will stick.
...
Anti-MS basher types are always quick to say "THIS IS IMPORTANT!!! IT'S THE END OF MICROSOFT'S REIGN!!!". They've been saying it for so long, it's noise. But should the day ever come that Microsoft suffers, the basher will say "HA! WE TOLD YOU SO!!!". In reality, there's so much shit tossed against the wall
You know who you are
We still have SCO.
*breathes sigh of relief*
http://www.livejournal.com/users/cixel
For some odd reason, no one cares how bad IE is. I am sure a lot of people here will provide anecdotal evidence of this news switching their friends and family. However, I have never had a hard time convincing people IE and Windows have serious flaws. The people I have spoken to believe I am credible (or so I think!) and I don't think that now that the DoHS is recommending against IE that anyone will listen. They will believe you when you describe the problem, but they don't understand it.
The average Joe just does not care how much windows or IE suck. They probably have 20-30 spyware and adware programs installed and probably more than a handful of resident virii. And they don't even know! Most people will just read the news and wish they understood it, or wish they knew someone who could help them deal with it. Ultimately, all this news means is:
A) Average Joe has to figure out all this on his own, find an alternative browser, learn how to install it, and learn how to use it.
B) Average Joe has to hire someone to do this for him.
C) Average Joe has to call every family member and or friend he knows who might be even the slightest bit more computer literate than he is in hopes of finding help.
D) Average Joe moves on to the next news story about people dying in Iraq and resigns himself to yet another of the world's problems that he can do nothing about.
E) Average Joe just cracks open a beer.
But the stark reality of this Microsoft world is that people don't understand and are afraid of their computers. Many people don't even know what a browser is. They think Internet Explorer is the internet... etc.
Anyways, I am hopeful that the recent CERT news and DoHS news will challenge people to make a change, but I've seen too many catastrophic flaws discovered in Windows to be hopeful. It seems each time people just resign themselves to inferior software.
What if the whole world drove Ford Pintos and no one realized they suck? A thousand auto mechanics would be shouting, "Pintos suck and are dangerous" and no one would listen. Because Pintos would be crammed down the throat of every car buyer and would be just about the only car on most people's block. People just don't understand cars, and don't realize that they don't have to suck. What an odd world that would be.
NMCI: Yesterday's technology next week.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Any decrease in IE use as seen by your logs is not a true picture.
Some of us Moz/FF/Op users set up our browsers to masquerade as IE, because -some- sites still seem to insist on it...
When an election is at stake, even BushCo will do something for the people. Now if "homeland security" only included accurate electronic voting...
--
make install -not war
Netcraft confirmed in a report today that the beleagured Pop-Up Advertisement industry is citing Mozilla and Firefox as the driving force that has snuffed out their livelihood and threatens to drive them into extinction....
:-D
(c'mon, someone else can do this better than me)
In other news.... when parasites and popups are no longer possible, what sorts of nefarious crap will the nefarious-mongers do next?
do() || do_not();
Wow. A *correct* troll.
(In awe.)
CERT gave the warning on July 10. BBC reported this on June 14. I tried to submit 5 different revisions of this story on June 16. I thought it was important to get the word out because I would like to have known about this if I was running windows (I did on my old laptop).
Old News for Nerds. Stuff that mattered.
Wow. Think how much worse this'd be for Microsoft if IE was a core part of the operating system!
- mark
-----
I tried an internal modem, but it hurt when I walked.
Here's my piece I did on the topic about a week before the CERT announcement:
http://www.dmiessler.com/reading/ie.html
dmiessler.com -- grep understanding knowledge
Although things have improved recently, there are still the occaisional sites which only work w/ IE. Maybe this will kick the ass of lazy web developers to write sites that work better w/ a range of browsers. I welcome this news!
What changed under Obama? Nothing Good
This has information on plugins like: Adobe Reader, Java Plugin, Macromedia Flash Player, Macromedia Shockwave Player, QuickTime, RealPlayer 10, Windows Media Player, etc.
Paul "Say no to feeping creaturism"
Charles Barkley: That's cold, Obi-Wan.
-Peter
The best part is that since IE isn't going to get any significant updates, Mozilla/firefox have a lot of time to catch up in terms of marketshare before Longhorn is widely deployed. It looks more and more likely that the browser wars are coming back!
I see crap that is overlapping, stretched out, and just plain out of place here when I use FireFox.
I do not for a second believe that there is anything in IE that could not be fixed. However, MS has continued to refuse to implement even the simple stuff, like pop-up blockers. And there is no reason why they should. The view from the bottom line dictates to spend only that money needed to keep market share and profits. Therefore it is very reasonable to give deep discounts to institutional customers, but would be silly to waste money on improving the product merely to meet end user needs, especially when those changes could negatively impact profit in other areas.
We all need a kick in the ass to become responsible. MS has never received that kick, so all it design decision, like the deep integration between the kernel and services, between data and presentation, arbitrary changes in protocols and standards, are geared to protect market share rather than customer service.
The admonishing to stop using IE, or modify the defaults to make it more secure, are not practical. To protect market share MS has encourage Industry, Government, and Academia to use those very features that endanger the user. To redesign those web sites to work with other browsers, if at all possible, would require massive efforts. Efforts that likely would not find sufficient funding.
Make no mistake. This is a result of irresponsible behavior of a person or group of persons that prize money over all else. These problems have been know for a long time. There has been plenty of time for MS to design IE properly. There has been plenty of time for Windows to be designed properly. In fact they completely squandered the opportunity to make NT better, and then implement the better OS into the consumer version. MS could have worked on open standards that would let all browsers work instead of pushing IE only sites. Instead they chose the side of evil.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
You just need learn to love the big brother. It may take time, but in the end, you will love him. We will take care of that.
Now, how many fingers?
“Wait for Hurd if you want something real” –Linus
sorry, couldn't resist.
Make Firefox look just like IE with the IE skin. The latest version works with firefox 0.9.
It's easy to bash Microsoft, but I think we should give credit where it is due. After all, Microsoft has acted very quickly to fix this problem; users who have patched their version of IE can no longer access the Department of Homeland Security's webpage.
Reality is defined by the maddest person in the room
Methinks that Windoze has been declared a security risk already. M$ claims that IE can't be separated out of the OS because it is an integrated section of the OS. They keep spouting this mantra in all of the anti-trust/competition lawsuits. Well, lets take M$ at their word. If DHS/CERT is saying that the IE component is a security risk and not use it and you CAN'T remove it from the OS without breaking it, then by extension that would make the OS just as culpable (as we all know that it is) and a security risk. I hear a penguin a'callin.....
Did the favor of installing mozilla on every computer in our office. Unfortunately the people in my room are so stuck in IE that they still use it instead of mozilla. I downloaded the most recent version of firefox, but it pains me to see the people around me too ingrained into clicking a blue e that they can't look at a different logo in the corner of their screen. It's a sad, sad world.
-The Royal Jugglist
This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer. You gotta love this. You just cannot make stuff up like this!
If Microsoft really wanted to have a decent browser they should do a DELTREE and then begin again from scratch. Tons of security packs, etc. is just layering software bugs on top of software bugs. At least now I can say the US Gov't is against IE too(!) and resume my Mozilla web browser knowing that I'm only missing out on the IE software flaws.
Do you want to watch us shoot ourselves in the foot again today? - MicrosoftAfter you stop using our [Internet] Explorer don't get any idea to stop using our Windows - Microsoft
Once Mozilla gains sufficiently market shares, we will see exploits for that browser more and more often. And yes - there will be exploits. IE is not compromised so often just because it's poorly written, but because it's so popular that hordes of script kiddies are trying out every possible hack. [emphasis mine]
No, it's not just because IE is poorly written, although that is a big factor. There are several fundamental differences between IE and Moz that make IE more vulnerable (well, there's more than just these , but these are the important ones):
First of all, when an exploit is discovered in Moz we can fix it right away. When an exploit is discovered in IE we're told not to click on any hyperlinks for the next few months.
Second, Mozilla will never truly take over the market while IE is bundled with 'doze and 'doze rules the desktop. Too many people will simply use what's already there.
Finally, a substantial portion of those looking for exploits will continue to look for them in IE for the two reasons given above and because Microsoft is somewhat dispised and, I'm guessing, attacking Microsoft is more "prestigious" among crackers than attacking Mozilla. "Oh, you found a vulnerability in Mozilla. Add it to the bug tracker." vs "Wow! Another vulnerability in IE! Dude! u r l33t!"
I got hit last night by spyware using these IE security holes. It installed itself automaticly without asking. A new "tool bar" just suddenly appeard in IE. When I rebooted, Windows instantly went to the blue screen of death. I was eventually able to fix it by booting into safe mode and doing a system roll back. I bet Dell's technical support is swamped with calls about this junk.
Homeland security is finally smartening up. First they tell everyone to stop using IE, next they'll be saying duct tape does NOT protect you against the terrorists!
I've switched to Firefox (and Thunderbird!), but it seems to me that it's possible to go into IE preferences, disable cross-domain frames, JavaScript, and ActiveX controls, and come up with something that's pretty safe, and roughly comparable to Mozilla.
I'm a big Microsoft fan, but their reaction to these latest attacks against them has me confused.
Best Buy can have you arrested
Sorry to say, until the big 2 (Fox News / CNN) and the evening news picks this up, it's just more of the same: a bunch of techies preaching to the choir.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
...we'll have to go back to tossing off...
Why do you think we'll believe that you stopped tossing off?
my question is, if 1) there's no patch yet for IIS servers to defend against the attack, and 2) the microsoft update servers are all IIS, then how can we know that microsoft update hasn't been hacked? hmm? (oh the humanity!)
Have a friend which uses Linux do the following for you:
dd if=/dev/zero of=flash.bin bs=512k count=1
Then put the file flash.bin on a floppy disk and flash your bios with it. Problem solved. Flash works.
Some useful advice from DHS - if not years too late!
What will be the "recomended ones"? Mozilla/Firefox? Konqueror/Safari? links/w3m?
Maybe the nicest effect of that variety of recommended browsers and so many people saying "don't use IE" will finish making web er... "designers" to go to the real standards instead of things that are IE specific.
Now those people must go a step forward, first recomending to avoid Outlook (uses IE rendering engine, an IE vulnerability could be triggered with a simple mail message), and then Windows (if is for unsolved vulnerabilities and bad security record it takes all the prices), maybe first the 9x/Me family.
I love the Firefox, have been using it since Phoenix days... It's great browser, and I've gotten a few of my friends to switch, especially when seeing the browsing features, let alone the security advantages, of which, I confess, I know little about. It's one of those "well, this is more secure, so use it."
/.ers that can school me on the finer points of Firefox security, so please, explain it's security advatages in layman's terms, and how they can remain secure from a determined hacker.
But the thing is, now that more people are flocking to it, Firefox could become a target. The script kiddies will start looking for flaws in Firefox and attempting to exploit them. I mean, why go to the trouble of writing any type of malicious code unless you're going to impact the greatest number of users?
I'm not saying that Firefox has many, if any, known security issues (too lazy to research that right now), but if they're out there, they're sure to get exploited once it becomes attractive to do so.
I know that there are many
Thanks in advance.
Riiiight... see, if you do that, your family might kick you out of the basement. Not that I would know or anything. Nosiree.
How did this mindless crap trollery get moderated up to 2?? JEEZUS WEPT.
I'm using Firefox right now and Slashdot is rendering fine.
Can't these people simply disable the ActiveX functionality in IE in the Security settings? Is this REALLY that much harder than downloading and installing a new browser?!
use lynx
Snowden and Manning are heroes.
If the Department of Homeland Security's U.S. Computer Emergency Readiness Team is worried about security then maybe they should be recommending OpenBSD as well.
Like that would ever happen.
You know, there's a million fine looking women in the world, dude. But they don't all bring you lasagna at work.
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
"because it really is the best mail/contact/calendar (integrated PIM) available for Windows."
That's the sad part - I have been yelling loudly at the Mozilla people (every one of them I can find!) to bust ASS on the Calendar - but instead, they gruffle about the default theme for Firefox. Sigh.
Otherwise, Outlook is a clumsy pain in the ass. It's a dreadful IMAP client, and it still has the PST headache (Outlook 2003, too) - blah.
We have 2 users that *refuse* to get off Outlook. =/
And by thier inability to spoell wile doing so.
www.timcoleman.com is a total waste of your time. Never go there.
Isn't this the same department that told us to stock up on duct tape?
For immeditate release:
The Dept. of Homeland Security recommends that if a Web Application requires MS I.E. and you cannot use Mozilla or competitor please follow the following instructions in case of accidentally browsing the Internet with this software:
1) Cover the Computer (Tower or Desktop) with Plastic.
2) Place Duct Tape over the window on the Monitor Screen when a Pop-Up or insecure page loads. Once you have closed I.E. and ran virus checks you may contact Homeland security for permission to remove the Duct Tape and resume normal computing operations.
....move along....nothing to see here....
> If the open source people are on top of things, why does it seem that there is always a new OSS expliot every week?
You've missed the point - the notifications are what show that OSS folks are on top of things. As soon as a vulnerability is known, it's published, along with a workaround so people can defend against it until it's patched.
Compare/contrast with closed-source companies that try to hide evidence of exploits until they're fixed, and preferably, until well after the servicepack that fixes it has been released (with ALL NEW FEATURES! to get their customers to upgrade). Customers never know there was a problem, which is NOT the same as saying there wa no problem to begin with.
Good PR != good vulnerability management.
You can almost see the little TM symbol next to the Advanced Security Technologies, reassuring us that Microsoft is busily developing corporate-speak acronyms to protect our systems.
Of course my experience using and supporting products with the "improved security" underlying those acronyms is that I get nagged all the time about apparent bugs that are actually "features." Outlook Express and Outlook, for example, protect users from attachments that could be harmful by ... (drumroll) ... hiding the attachments. What moron decided that was a good idea? I guess the calls to the help desk saying "Everyone else got that attachment except me" help keep me at work, but I'm still not impressed. And my boss can't sync his Palm with Outlook without being warned that an external program is trying to access his address book. Microsoft omitted the "allow this particular program to do this and never pester me about it again" button, so I get complaints about this "feature" every couple months.
While Microsoft now tries to clean up this mess by asking CERT to "rephrase" their warning (wait a couple days - they will), I'll keep suggesting my users switch away from their products. It's been a good solution so far.
Mozilla security hole gives hackers access to all your files! News at 11!
Of course we won't read about it here. As soon as one of the other browsers has a large user base, they will become just as insecure as IE.
Gadget News at Gizmo.com
Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
So the press misquoted CERT? I've read the text and almost everything I've seen is a quote, albeit summarized occasionally.
I think it's absolute comedy that when MS plays hardball, it's just business as usual, but when things swing the other way they can't stop complaining how they aren't getting a fair shake.
Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
Translation: We are currently researching ways to extort CERT into issuing a new statement saying our browser is the most secure as long as you don't use the default settings we chose for you. Fact: IE is the most secure browser when completely blocked by a firewall.
Kinda like the Microsoft Bob cult that meets in someone's basement down the street. Weird geek types, that's for sure.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Hmmm...
Because of all the unresolved vulnerabilities in all of Microsoft's operating systems offerings, I wouldn't be surprised if the Department of Homeland Security next recommends using some other operating system. I myself use Mac OS X, and I have never ever suffered any ill effects from malware. And whenever anyone sends me an attachment in some proprietary format known to be a malware carrier (such as Excel or Word) I always ask the sender to try again in some safer format (such as text).
s/less/fewer
The Dept. of Homeland Security has set the national IE Exploit Threat Level to: Taupe
"Me fail English, that's unpossible." --Ralphie
I objected and got called "Ayatollah of web-compliance" :-)
In Soviet Washington the swamp drains you.
Due to the recent increase in usage of our competitors products, the Microsoft Security Response Team has made the following Prescriptive Guidance available for you:
Select "1" to download an increased dosage of your daily crack intake
Select "2" to increase your excersise by practice-nodding in addle minded agreement
Select "3" if you wish to make (receive) a charitable (bill) Donation (and) to (Melinda) your (foundation) favorite (now) non profit group (senator).
boycott slashdot February 10th - 17th check out: altSlashdot.org
Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines
Did anyone RTFM from the Yahoo link. It says at the very bottom that Mozilla is vulnerable too. I use Mozilla myself but it appears that the real culpret is ActiveX which you can install on Mozilla. I don't think this plug in will work on platforms other than windows so it's really a platform issue.
a link (http://www.kb.cert.org/vuls/id/323070) to the US-CERT pub recommendation. It is also interesting to note that the suggestion to "use a different web broswer" is the last offered (see section III. Solution).
Not certain how many of you have any interaction with DHS, but they are not exactly in a position to say something is insecure. Some of their processes and the methods for how they collect (Critical) Data has some serious security flaws. Wish I could elaborate more, but a security Vulnerablity in IE should be the least of their worries.
the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers
I'm sure the spike in downloads has absolutely nothing to do with the recent release of new versions of Firefox & Thunderbird...
Things to do today: See list of things to do yesterday
Now THAT, my friend, is a shared moment.
Could people offer some input on alternate browsers, their strengths/weaknesses, features, prices (if any), etc.?
Also, I do a good amount of web/intranet programming, so any information relating to development issues in regards to these would be appreciated
Cheers,
Morp
'The unexamined life is not worth living' - Socrates
I believe Juanita
... is Microsoft going to sue the Department of Homeland Security for defamation too?
If someone says he and his monkey have nothing to hide, they almost certainly do.
Now the Dept of Homeland Security is telling us to not use i.e. or 'id est'? How will us slashdotters offer clever analogies (i.e^H^H^H e.g. buggy whips)?
I guess this this means we should use e.g. now.
Is IE targeted because it is widespread? Perhaps. But that does not mean Mozilla is just as insecure.
It's not just that IE is widespread, but its a design issue. If the usage numbers were inverted, IE would still have more exploits because it has some extremely poor design concepts behind it. First, it is directly hooked into the OS. If an exploit executes on the browser, then it is a very short leap for it to execute on the OS. Second, IE has a promiscuous plug-in model that allows nasty malware to execute without enough checks or controls.
What drug was the IE design team engineers taking when they decided to to let (or at least failed to prevent) untrusted program execution? The drug is named "Market-share". They were trying to turn on as many features as possible to capture every possible market. Microsoft made an early design decision to tout features over correctness. It is a fatal defect that now is probably nearly impossible to correct.
Now that MS is re-starting IE development, they should probably do what the Mozilla team was forced to do years ago. When Mozilla first inherited NS-Navigator 4.X, they looked at it and decided to ditch most of it. They started clean with new design concepts. I think MS is going have to do the same thing. The current design of IE is fattaly flawed. It will have to be rebuilt from the ground up with a new security model.
It is bad PR for Microsoft and we are all exited about people now starting to install Firefox and Opera. But what in the world makes us believe Microsoft will just sit and watch?
Sooner or later MS will provide some kind of fix for the security holes. Then there will be a version of IE coming which has tabbed browsing and all the other niceties in Firefox and Opera. That new IE will enter the desktop conveniently through Windows Update. That day people will be happy that IE is safe and they will go back to using it. Just because they are used to it and they do not need to bother finding and installing some other strange program.
Today Firefox and Opera are attractive because they offer better features and improved security over IE. What makes us believe it will always be like that? And are features and security good enough to battle the desktop monopoly?
For all the excesses of DOHS, we wouldn't want their keystroke logs to go directly to russian hackers. Lets hope they are running the latest firefox/thunderbird on minimum security boxes, with individual firewalls that block all incoming traffic.
As for CERT, god forbid they use any Microsoft products except for security research.
If Microsoft is not going to address the security problems fast enough, then obviously the industry is going to do it for them. Point blank. It will hit Microsoft's pocket book, but they have a lot of cash to burn anyway. Microsoft does not have all the luxury of time and market-share they often think they have. However I do expect Microsoft to make a sudden and brutal comeback as they often do. They've learned alot from past software experience. We had better be wary because they aren't gonna' let their browser market share be taken away easily.
It always amazes me when friends stick with IE despite all the hassles (notably popups). I haven't seen a popup in years.
sulli
RTFJ.
oh my god drown yourself in a toilet.
After all these years of preaching that IE is evil, perhaps some people are finally beginning to see the truth (Now that it is biting them on the butt).
:)
And since this is the almighty Homeland Security, this means that all government agencies should now panic and try to uninstall IE from all of their computers. (Oops, where is that elusive uninstall option? No, not that one, all it does is delete the icon.)
I guess that also means that anybody who has a site that only works in IE is a terrorist!
The left-wing Slashdot community (that is, 99.8% of Slashdot readers) immediately becomes Internet Explorer advocates in order to avoid being on the same side as the Bush Administration on anything.
Gamingmuseum.com: Give your 3D accelerator a rest.
A dramatic increase in the userbase will also make the mozilla/firefox platform more attractive for exploit seekers/writers. Such increased level of "real-world testing" will benefit the quality of the browser in a very positive way if handled properly by the developers.
MS: You're gonna release the dogs or the bees or the dogs that bark and shoot bees at you? Go ahead! Do your worst!
Mozilla: My worst ey? Smithers, release the robotics richard simmons!
RRS: Come on Big boy! Shake that butter off those buns!
Basically, just to say that Microsoft didn't really care about their navigator and now this is what they have to go thru, the reality of what their browser is and what needs to be fixed if they want to be ahead of mozilla (if possible).
So when is the Govt. going to fix all of their web sites to work with Mozilla? Currently there are a great number of sites that only work with IE and some businesses rely on those sites.
âoeIn theory, theory and practice are the same. In practice, they are not." â Albert Einstein
Beyond that fact that you're either dumb or stuck if you're running IIS 5.0 these days, does it make sense to link IE w/ IIS 5.0?
--pete
I was hoping to find the links to the CERT and Homeland Security where this information was posted. I assume those would be available online somewhere. The links I see here are all in news sites that actually don't point to the source.
Anyone cares to post the links?
Well, apparently according to the EULA, not Microsoft!
AHAHAHAHA HOW DO YOU LIEK THEM APPELS, FELLOWS? GRABOULOUS!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
'Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice,' Schare said. In other words, M$ is saying CERT should retract the statement or else. Bet there already have been some nasty letters sent their way on law office letterhead...
You're messin' with my Zen Thing, man.....
I work for brittish Telecom.
I have to use IE.
I am not a happy bunny.
I miss tabbed browsing and security and my bed
And which database did the only database-worm so far target?
Mozilla is more secure than IE, period.
There's a thread on the Proximitron (Yahoo) mailing list about creating a filter set that deals with all known exploits.
Proximitron (unsupported, source not availible) is a web proxy that has a very extensive "regex" language for changing HTML on the fly. It's mostly used for ad blocking, but you can do just about anything with it. The reason I put "regex" in quotes is that the language was tuned quite extensively for handling real world HTML. As such, it's really only useful to people that are willing to get down and dirty with another complicated special purpose language.
On the other hand, that sounds like the Slashdot audience!
John Roth
"CERT's subsequent recommendation ... resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
I hate to ask, but didn't the CERT recommendation happen right around the same time as release of 0.9.1?
Without sources I can't refute or support the Wired's article, but it provides no support of it's conclusion itself...
The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.
CERT gave the warning on June 10 . BBC reported this on June 14 .
repete, si tu plait:
The enemy of my enemy is my friend.
Ici est le conclusion de votre course de politique americaine pour a jour d'hui.
Pardon my (shitty) French.
wow. on skim-through, that looked like 'tossing off Kevin Smith,' which, while indubitably a geekly aspiration, is not one I have. Luckily, I read it right the second time.
http://xkcd.com/386/
Mothers Against Destructive Internet Explorer (MAD IE)
I'm sure somebody can come up with a catchy acronym and then BAM! All our MSIE troubles will be solved.
[Fuck Beta]
o0t!
its the first thing i turn off in Opera. But Opera still kinda half-ass uses tabbed browsing even when you disable it.
if i could find a version of Opera and/or mozilla that didnt have tabbed browsing (or that stupid wand thing opera keeps hassling me about) id have the perfect browser.
If only IE were included in the debian/stable distribution so I could have the pleasure of uninstalling it.
Religion is poison to rationality, and we lose sight of that at our own peril. -- Lurker2288
Thirty-seven?!?!?
In a row?!?!
LWATCDR writes "I have been saying this for a long time but now it is offical."
Well, if yahoo news says that somebody once said something at some point in time, I guess that make's it offical.
Perhaps "Yahoo agrees too" would be more appropriate? Can the AOL "Me too!" be too far behind?
Tim Riker - http://rikers.org/
Does this mean it's now a ThoughtCrime to use Internet Explorer?
How much of this "large spike in downloads" was from downloading the recently released 0.9.1? While certainly downloads have increased, I'd like to know what amount is new users versus old users downloading the new release.
I made the switch last night myself. Moved from a hodgepodge of using Mozilla's mail/news client to Thunderbird, and from IE to Firefox. Why? Because I got tired of pop-ups defeating the Google toolbar, and I figured the individual packages would get updated more often.
The Firefox move was painless, and I'm not missing IE.
Whoever decided to skip any sort of wizard to migrate Mozilla mail to Thunderbird has made a mistake. That was *not* painless, and the average user is going to balk at editing text files.
I read the linked Yahoo article, followed its link to CERT. The CERT page leads off with "IIS 5 Web Server Compromises"; the text recommends turning off Javascript, but doesn't say anything about switching browsers. I didn't see anything else about IE that related to this problem. Anybody have a link?
"..that the hackers will start targetting Mozilla"
This too would be fine. The thing is that a Mozilla/IE/Opra Exploit would hopefully not affect the other browsers.
I wish that the interfaces of such things could be intuitive like a tape recorder (and then CD players) or a car where you do not have to re-learn how to use it. The insides are all different, different makes have different problems, but a recall would only remove a small fraction from use.
Diversity of code, ability to read the same standards, and innovation in usability will help the safe flow of information for everyone.
It's so great to see Mozilla rising from the smoldering ashes that MS left Netscape in, only to come back and bite MS in the ass. It's so symbolic, they should change Mozilla's name to "Phoenix" or something.
Huh? Oh. (Gilda Radner on SNL voice....) Nevermind.
ON some sites, and it doesn't seem consistent (but might be), images are supposedly loaded but I cannot see them. I have to right-click View Image in a new page, and it still won't show it on the full page. I have only one extension, the FlashBlock.
Yeah I know this should be an "Ask Slashdot" question, but I figured I might hijack this thread and get lucky for some tech help :-)
I run a Squid proxy server for my company. My boss want me to configure the proxy to limit which browsers can go thru the Squid to reach out on the Internet. We have several internal Intranet web apps which must use IE6 so the order has come down from management have installed both Firefox and IE6 on everyone's workstations and for the users to use IE for only internal apps and Firefox for surfing the public Internet. The only problem is that the users will not comply. They know how to configure the proxy settings in the browser and keep using IE to access external sites. Anybody know how I can configure the Squid proxy to detect what browser the user has and allow Firefox yet block IE from accessing the outside web? I've been googling for the past half day trying to find a solution and so far come up dry. Anybody know if this is even possible with Squid?
Does anybody realize just how hard it is to make people change their browser or OS? I work in IT and almost no one has even heard of Firefox. Only one (besides me) has it installed...and we are IT. This is not the end of anything for the evil empire, this CERT notification won't move M$ market share of browsers by more than 1%. And since the overwhelming majority run IE, we will all still have to have IE just to be able to continuously repair and troubleshoot it. Sorry for the reality check, but end-users are skeptical about any change, unless they feel 100% sure they will gain much, loose little. People say this is the end of the empire, but most people who run Linux and OS X have a Windows PC also.
I just went here: http://mozilla.org/foundation/donate.html and donated $25. They've saved me multiple times this value in aggravation over the last few months alone.
Anybody in this thread care to match this?
I'd have bought some Mozilla merchandise, but their tee shirts look like they're promoting the PLA. Are they trying to send us a submliminal message? This reminds me a lot of the Sherwin-Williams Paint Logo, which must have been an inside joke by some long forgotten left wing artist (hint, note color of paint, then google the initials on the can).
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
"money" , and the reality that most people use IE because of illegal monopolistic actions that resulted in MSOS being the defacto install on their computers, so they use what came with the package, which includes IE, and they are encouraged to go onto the internet without adequate instructions, or without adequate protections, both of which are well known to MS and the various vendors who sold them their computers.
When you have the vast bulk of PCs the last decade and a half being shipped with MSOS, they had a responsibility to make sure they weren't violating anti trust laws, which they failed to do, and got convicted of it.
The consumer was long ago denied any reasonable* expectation of free market choice, when the vendors themselves conspired with MS to ONLY include MSOS to such an extent. It's intent, and to my way of seeing it, is an example of RICO action and should have resulted in MS and several large vendors getting charged with criminal violations, not just civil violations, and several billionaires going to jail over it.
Even though IE is a free download, it is easily observed that most people did not have some other OS OR of their free will go "download IE", it came as a bundled app with their monopoly enforced distribution of MSOS, and the product is seriously flawed. Seriously. The EULA should be challeged, and we need to get a determination of when and how any product may be profited from, but still avoid an implied warranty for suitability for purpose. If they get granted a patent and a copyright, they have certain responsbilites when they trade it in some fashion for money. When you receive something for free, it's a different story. That's the major difference there. And if that again causes a shift in free/open source, how it's distributed, it would be worth it to force closed source/propietary and for-profit sodftware to get classed as a product that is sold, and have normal consumer protections. The tradeoffs are worth it, IMO.
* please note, I said reasonable as opposed to technical. Technically yes, they had a choice, reasonably, no, there was little choice, and still not much. Walk into any big computer store, what is the default install on the boxes there? Are any of them safe to go on the net "as is", how they are sold? No, they are not. The EULA basically is an example of a vast huge case of consumer fraud, IMO. People assume their brand new computers will work, and part of their entire computer package they purchase with real money is the software that comes with it. They would sell little if any new computers bundlked with MSOS if they were merely labled truthfully, as in "you will probably get infected with virus, malware, trojans, backdoors, etc within one hour of being on the internet with the default install and configuration if you click accept on the EULA provided for the bundled microsoft software". If that sticker was on the outside of the boxes, the stores wouldn't seel hardly any of them. How many computers and copies of MSOS would they sell then, if they were merely required to tell the truth, even keeping the current EULAs in place, exactly how they are written now?
I personally *do not care* if the entire software industry top to bottom, left to right, inside to outside has to change licensing,thinking, what they do or how they do it, enough's ENOUGH on claiming a 60 year old industry that has raked in untold hundreds of billions of dollars or more isn't mature and sophisticated enough to offer products that can be covered by minimum consumer implied warranties. Time to take the training wheels off, and get rid of the EULA get out of any responsibility "license". If it slows down releases and causes huge shifts in PHB and investors thinkings and stock holders profits, I could care less, and I bet millions more consumers feel the same exact way. Software will still be written and sold or given away, just of much better quality. Releases will be slower, but they will be much better quality. Pressure will shift from get i
Mozilla and others work to make their browsers just as insecure as IE:
Browser Plug-in Standard
I'm sorry, but "rich" web content basically equates to "insecure" from what I can tell. The more dynamic and powerful you make downloaded code, the harder it is to keep it in check.
Save the "rich" content for some separate application-oriented protocol and leave it out of HTML. That way I can download and run some sort of OS-independent application (the goal) from a trusted site when I need to, and don't have to worry about Joe-random web site abusing it. Surfing the web and running some site-specific application are two distinct tasks with quite different security requirements. I wish folks would stop mixing them, as the problems caused are only going to get worse IMHO.
* Valenti gets the boot.
Sure, but he's been replaced by another DRM-lover. Trust me, there's no clue coming to the MPAA.
* AU sets up a free CA.
Ok, I'll agree with you about this bit of good news... once I see it in IE's default CA list.
* European software patents are being rejected.
Wrong. The Dutch reversed their vote. This does not *yet* invalidate them, although it is a good start... keep the pressure up on your EU representatives!
I've been pushing Mozilla at work for years (I'm the Sr. Web Developer for a major toy company). I've hyped all of the sweet features like tabbed browsing, pop-up blocking, page scaling for printed output, better security, better developer support, etc. Unfortunately, the business guys are interested in doing as little as possible and IE's installed by default.
I've also tried pushing the use of W3C Web standards instead of IE specific sites, but always get the response of, "everyone uses IE". Same deal with the elimination of Javascript (some fscking developers wrote pages that require Javascript).
I've just forwarded this story along to a couple of managers. Hopefully news like this will help to turn them around to non-IE browsers. I've even suggested that we send out CD's to our reps and retailers with a company branded version of Mozilla.
This patch disables ADODB.Stream, which should eliminate any vulnerability. You can download it here: http://support.microsoft.com/default.aspx?kbid=870 669
Life in Orange County
So, will Microsoft now start bagging the US government, or better yet, begin coding a program to outsell-outmaneuver-outmonopolize the Department of Homeland Security?
Am I the only one who thinks this article was written by a retard?
The explanation of the exploit, umm...yeah.
second society
You know, I'm starting to get really tired of the whole ^H anachronism. It's like the computer equivalent of the needle scratch sound effect they use in movie trailers for punchlines.
Is it even possible to generate a visible control code like this anymore? How many people are replying to Slashdot using a telnet session and a Pico editor? Come on. Get into the 21st century.
that comes with the defaultinstall of WinNT4.0. ;-)
That was the last version without (Radio)-ActiveX.
Ok, I am fan of Slashdot.org and read it daily but the headline of "Dept. of Homeland Security Says to Stop Using IE" is a bit misleading and even just flagrant sensationalism. They reference a Yahoo news article (which is a suspect news source anyway) and nowhere could I find the DoHS saying to stop using IE other than recommending the use of other browsers, which by inference could mean "stop using" but the DoHS goes on to say "Alternative browsers such as Mozilla or Netscape may not protect users...". So what the hell kind of recommendation is that? Let's all stay off the net from now on and that will fix the security problem...oh wait, what would I do all day then.
In Microsoft Server 2003 IE comes with Enhanced Security Configuration and that adds ample security to IE to the point of making surfing the web difficult but very secure. I am sure it won't be long till those features make their way in the regular IE. If you have MS Server 2003 give it try.
Firefox is being applauded as a good alterative however I have not tried it myself. I think any popular browser will become vulnerable to exploits as they gain popularity and at least Microsoft has an army of paid coders to fix issues quickly. I really hate switching apps all the time and prefer to stick with one vendor.
--MysticAlpaca
I agree that folks should take some responsibility for their actions. But I disagree with your slippery slope logic on the price of IE, and also MS's culpability in the matter.
Internet Explorer is not free. Microsoft argued until they were blue in the face that IE is integrated into Windows, and they were right. Which means that you pay for IE when you pay for Windows. There is no separate IE business unit, and IE only runs on Windows.
MS touts the ease of use of IE, and markets their browser to the general public, who are not noted for their computer savvy. If IE was released with documentation describing the risks of the Internet and with safe default settings then MS could rightly say that the users were shooting themselves in the foot. But instead IE is not safe by default and Microsoft hides the details of security behind non-descriptive sliders in a sub-menu.
Am I the only one who feels like I'm reading an "alternate reality" article here? Tom Ridge now has a bad goatee and a sash to store is saber, and laughs like this muHAHAHA. oh wait...
I read at -1 So you don't have to.
we don't need clarification then
There is a spark in every single flame bait point.
This may be the beginning of the end... if people massively switch to Firefox (which is open source, not from MS, and damn good), the perception about FOSS will certainly change... people will realize MS is not the only choice.
The next step could be a Windows desktop, but with Firefox, Thunderbird, OpenOffice, and all free/open software with Linux counterparts... once they get used to all that software, the final switch to Linux is seamless.
My website
"Global Class Action Lawsuit against Microsoft"
This is what people don't understand about capitalism. If you don't like the product, you don't have to sue, just stop using the damn product.
I really hate this attitude, "the man keeps us down, so lets sue." It makes absolutely no sense at all. Corporation uses child labour to make affordable products, sue them. Heaven forbid you should accept responsibility for it and stop buying their low-quality products. MSFT sells software for too much money, sue them, don't simply use something else. It's no wonder we have so much unnecessary litigation in this country.
Oh my God, someone needs to watch some Kevin Smith movies so he gets that that was a quote.
Our medium sized company was recently purchased by a much bigger company. The IT people here are really on the ball, from email to our main website, but the new owners want to downgrade everything. Customer service for all other sites within the company have just been outsourced to India. The main company website is a portal run by some third party. What's ironic is that this company is gung-ho about acquisitions, yet they outsource a working, well-functioning part of the company to strangers.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
Microsoft is soon releasing a Universal Patch(tm) for all its software: Duct Tape. Just apply the patch directly to your hard disk surface and/or monitor screen and all will be well.
(That ought to shut DHS up for a while... How much of the Duct Tape business does Bush own again?)
Unfortunately, I'm encountering all sorts of display bugs with Yahoo! News on Firefox (and a few with Slashdot as well). When is somebody going to make a browser that works?
That'd be a good thing for him to do. Just delete the IE shortcut out of the quicklaunch(or whatever that's called) thing by the Start menu, and delete the desktop icons and start menu icons. :)
They will probably not be able to find the IE exe.
The users will probably complain that the internet is gone, but then you can tell them there is a new internet
Article this morning's Daily Breeze cites Opera ASA as saying they have seen no significant change in downloads, and goes on to quote a statement that user apathy rather than loyalty to MS.
...the terrorists have already won!
CDB? Cult of the Dead Browser?
Recommending a different browser is the wrong solution. If people are really freaked out about ActiveX programs, they just need to disable ActiveX. As a web developer, I have Netscape, Mozilla, Firebird, Firefox, Opera, and IE installed. Guess what? They ALL use ActiveX.
Did anyone else notice this tidbit in the article:
Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
"Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
My jaw just dropped open. How are the reports misrepresenting CERT's statements? Get a new web browser can mean only one thing - GET A NEW FRICKIN' WEB BROWSER! How could that possibly be "misrepresented"?
It's basic english - we use it every day! Are you honestly working with computers while not knowing ordinary conversational language? Perhaps we need to tell Microsoft what the definition of IS is.
But in my mind I can see a Microsoft lackey going - "No, no, no, what the really meant was get a new blouse. Um, CERT doesn't like turquoise tops.... uh, yeah that's what they meant."
I don't know what's more pathetic - the fact that Microsoft is trying to accuse others of misrespresenting them, or the fact that many people will believe them and just stick with IE.
Ugh it just disgusts me how blatant and open they are about their lies and coverups. It makes me feel dirty just to see the little IE icon up on slashdot now.
But I'll tell you one thing - people who work for Microsoft certainly must be gearing up for very successful careers in politics.
Not sure exactly what they did (perhaps just adjusted permissions so IE can't be launched) but I do know it had to be installed recently, since our Program Management software (a POS if I've ever seen one) is especially crashy with Mozilla. Not that it's very stable under IE, for that matter, but I hear the Mozilla crashes are less reproducible (I already asked about submitting bug reports). My response was to get the vendor to write standards-compliant software, but again, no one with any power really cares.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
Your mother's a tracer!
Hey, with this announcement I can get my family to switch to Firefox for good. Though they're all IE users right now, dad's concerned about security and asks me for advice on it, so he'd be willing to switch to Firefox. Same for my year-younger brother (he's 18).
The problem is my youngest brother (age 13) doesn't want to switch since Firefox disaplys one of his favorite sites, NeoPets, correctly. Wonder if I should let the shrimp use IE, or bug the hell out of NeoPets until they fix their website.
One man's selflessness is another man's annoyance.
Bureau of Alcohol, Tobacco and Firearms.
What browser do they recommend?
I'm sorry, but I really wish people would stop using the argument that alternative operating systems (Linux, OS X, etc.) are better because they are free from vulnerabilities. Yes, they might be more secure from an architecture standpoint, but as soon as a greater number of people start using these systems, the amount of exploits, viruses, etc. will most definitely rise. The alternative systems are not perfect, and thus they have their weaknesses, and it's just plain delusional to think otherwise.
...and as far as your philosophy on proprietary email attachments, if I were to recieve such a self-important response as you describe I would tell you to go fuck yourself. The Mac snob/prick attitude is seriously getting tired. It is not up to the rest of the world to take time out of their days to accomodate your personal quirks. Either deal with inter-OS clevages on a personal level or or stop using a fucking computer.
--
Is it me, or did it just get fatter in here?
Since we don't use Outlook now, your comment doesn't seem especially relevant. I don't care if our email client is OSS; I just care that it's not Outlook. Personally, I'd love it if we ssh'ed to a bash shell and used pine. Then maybe people would stop sending html formatted messages. We now use Netscape Messenger Express, which is nothing special, but at least doesn't have Outlook's abyssmal security record.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
My PHB wants to know.
Now, if they'd only make IE ILLEGAL...
-- You can't idiot-proof anything, because they're always coming out with better idiots.
Good point. I think they're itching to get a piece of this anti-terrorism pie, and that might actually work. Especially since we're biotech, and potentially have data that could help people developing bio weapons.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
actually, M$ give more money to Dems than Reps:http://www.opensecrets.org/industries/contrib .asp?Ind=C5120
equally interesting to note is that M$ has only recently really gotten involved in the political donation game, and that they are still donating realively small amounts (compare to companies of similar size in other industries), considering just hom much money they have to throw around.
my pet machine
This was pulled from an OS X discussion group:
<IfModule mod_rewrite.c>
RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
</IfModule>
I used to wonder what was so holy about a silent night, now I have a child.
Face it if everyone stopped using M$ IE then the virus creators would switch to whatever else is used.
"If any question why we died, Tell them because our fathers lied."
That's retarded...and queer.
If you use Internet Explorer the terrorists have already won!!
"The great enemy of clear language is insincerity. When there is a gap between one's real and one's declared aims, one turns as it were instinctively to long words and exhausted idioms, like a cuttlefish spurting out ink."
This must by how John Kerry raised over $3 million on Wed. They're obviously using stolen credit card numbers harvested with the help of I.E.
<\tinfoilhat>
http://www.nytimes.com/2004/07/02/politics/campai
We use a Sun calendar program. Seems to work well enough. Sharing documents is easy with a public directory where anyone in the company can dump files. I don't have a PDA, and don't know of anyone here who uses one for work purposes.
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
We have 3 websites that we use that REQUIRE Internet Explorer so they can load ActiveX components.
Other than that, I have 7 people out of a 10 person IT department running either FireFox or Mozilla (in addition to IE).
FireFox is just SOOOOO much FASTER and the tabbed browsing is an instant hit with everyone.
If it weren't for those stupid ActiveX components on those 3 websites, we'd be off of IE 100%. As it is, I'm in IE less than 10% of the time.
This is why we must be careful in what functions are imitated in the open source world from the microsoft world. Security and robust design should be first and foremost.
BTW, I installed Suse 9.1 yesterday. I have to say "congratulations" and "excellent work" to all you who contributed your sleepless nights and bandwidth into the continuing Linux effort. You are truly contributing to a cause that is and will change the face of computing for the better.
I would absolutely love to contribute in some fashion to the cause (other than with $$ - I do that already). Unfortunately I am not a programmer, just a lowly project manager with a geek gene. Any suggestions/links??
Is the juice worth the sqeeze?
this smells like the beginning of the true browser war.
You need people like me so you can point your fuckin fingers and say, "That's the bad guy." So what that make you? Good?
Will the US Goverment require the removal or disabiling of IE on all of it's computers for security reasons?
If Microsoft continues to claim that they can not remove IE from Windows will the US goverment start removing Windows from there computers and replace it with Mac OS/X and or Linux?
Since they Include IIs in this what does it mean server 2003 and Longhorn?
Remember people that write websites that only work in IE are terrorists.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Well the simplest solution is to freeze the settings at the client end. Second best is Regex and UserAgent string.
It's so easy for us to lose sight of the fact that, for most people, computers are work tools. People who use them shouldn't have to be constantly on the lookout for problems, simply because the bampots at Microsoft can't be arsed to write decent code. At least, let the companies who sell people their systems add a more secure e-mail client and browser.
Julia Cameron
Oich ù agus hiùraibh éile
What are we supposed to do when our processors are a weapon and our browser is a national security risk?
HA
HA
HA
the end is coming ya little weasel, no matter who you bribe or which company you buy, one day we're gonna get ya.
Sweet Dreams
I'd be running .90 if it weren't taking a dive for the mat every time I try to run it. It use to work before .9. I even tried renaming the profile directory so it'll create a new one. No dice.
Avant Browser or Myie2? I havn't had any problems with either of them.
The only time I ever used IE on my computer was to download Firefox. My wife steadfastly uses IE, with all the current updates.
I recently ran a spy/adware program to see if either system was infected. Can anyone guess which computer was infected?
If someone says he and his monkey have nothing to hide, they almost certainly do.
You're changing the direction of the discussion. I just tried it with Mozilla 1.7 (and yes, i have flash, but half the web is flash these days), and it works fine.
The fact that you don't like flash doesn't change the fact that the site works with Moz 1.7.
Their recommendation should also include that website builders - especially the one's that built my work's webpage - should stop using technology that only works with an IE browser.
I remember a TV commercial...maybe you remember it too....Big conference has come to a halt because of the computer running the PowerPoint presentation has frozen. The audience is yelling out suggestions..."Try restarting, Try Control-Alt-Delete, etc." There is a pause...then someone yells out..."You should've bought a Mac."
After 11 years of Windows 3+, Win 95, Win 98 and Windows 2000...I got tired of the crashes and then the viruses and spyware. I got a PowerBook. I now do my online banking with Mac OS X and Safari.
Be safer online...buy a Mac.
Deny them access to the goats until they fix the bugs!
OK, someone asked me to send them the link on this CERT advisory. It's option Four of Four on one of their many MSIE/LookOUT exploit advisories.
Seriously, while I'll be one of the first to scream out in a room full of people that Microsoft sucks canal water I'm having a hard time finding any documented evidence that I can wave in someone's face showing them that it's a PoS.
One comment from the defense folks is doing more damage to IE than netscape did in 10 years.
Is there any easy way a company can make IE only able to load in-house pages, and force another browser to be used for the outside web? This would allow those IE-specific things to be used for work, but avoid exploits from outside infecting the network. Seems like a big win for any company. Can this be done to Windows? Or to their firewall or something?
Department of Homeland security, eh?
That means if you use IE...you support terrorism!
http://www.tev.net/photos/homelandsecurity.jpg
-Tev
...oh, wait
True, Yahoo says it's so but can anybody find the actual CERT or DHS press release?
I've just spent a very unrewarding half hour clicking around the CERT and DHS sites and found nada, zip. If either of those bodies really made this inflammatory recommendation, they confided it only in Yahoo, that I can find.
Even though the software is provided "as-is" and one cannot sue if it fails in anyway, I think a case could be made for suing on the basis of malpractice. Malpractice means "bad practice" and the concept differs significantly from product warranty. Doctors, Lawyers, accountants and other similar professionals are sued based not on outcome but on the methods and procedures they followed to reach that outcome. A Doctor is not contractually obligated to cure you nor an a lawyer obligated to win your case but they are obligated to follow broadly accepted standards of method and procedure. If they do not and a negative outcome occurs they can then be held liable. No other standard is possible as no Doctor can guarantee a cure nor a lawyer a victory in court. Similarly, no software provider can guarantee that their products are free of bugs or other defects. Too much of actual process of running software lays outside the control of any single provider. Software providers can't predict how their product will fair until it actually meets the real world But software providers could be legally required to follow standard practices of design and development and be held accountable if they do not. Microsoft made conscious design decisions that opened up severe security holes in their products even though they were warned before hand the problem would occur. They did so for marketing reason even though every security expert warned at the time it was a bad practice. In short, MS needs to be held accountable not for the actual broken software they released but for the studied disregard for the basic "good practices" of secure reliable design that created the flawed software in the first place.
This recommendation should be splashed all over the homepage of Mozilla / Firefox! Anyone who visits out of curiosity should learn that the Dept of Homeland Security recommends switching. Suggested headline: "DEPT. OF HOMELAND SECURITY RECOMMENDS YOU SWITCH AWAY FROM USING INTERNET EXPLORER. Here's why" and a link. BTW, DoHS should also extend their recommendation to any product that uses IE for HTML viewing, such as Outlook etc.
...because they are a monopoly (in regard to the IE bugs and the DHS advisory).
They will be sued because they were willfully negligent in the maintenance a monopoly product, the sabotage of which inflicts material damage upon third parties in the range of hundreds of millions of dollars.
Don't let your dislike of antitrust law cloud the real harm that this software has done. If Standard Oil had sold petroleum products that destroyed the engines of their customers during their monopoly breakup, would they still be liable for damages? Of course.
p.s. IANAL.
Been using konqueror with it for 18 months. I may have set identification to fake IE initially though...can't remember...but I didn't think so. I switched to firefox a month ago and it works fine now (as you stated).
...for the disavowal that comes out after Tom Ridge is taken to the wood shed.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
I understand it's supposed to be funny, but I honestly wonder what is wrong with PETA ? A link anyone ? (Maybe it's obvious to US citizens, but I'm european).
"from the warning-is-years-late-in-coming" dept..
yeah, and I had this posted on my personal blog all the way back on the 30th, and if i'm not mistaken the first place i saw it was a few days before that..
so.. not news. not really for nerds, either. Nerds already use Opera/Mozilla/something else. It's "good advice for the non-nerds".
btw, any people you know that use windows.. please download mozilla/opera/something for them, when you are fixing their computers.
"Champagne for my real friends - and real pain for my sham friends!" http://ericblade.postalboard.com/
Why aren't they recommending people not use Outlook or Outlook express. As bad as IE is the M$ email clients are even worse.
Yeah, whatever!
Karma Schmarma
Yes, the Ford Pinto. Ford knew about the defect but decided not to fix it because it would be cheaper to pay off the lawsuits than fix it. The same thing happened with Microsoft. Microsoft knew about the flaws but decided not to fix them because they would rather work on new features for Longhorn (or a similar reason). That is what they would be sued for, not merely haviing the flaws. Just like the Clinton sex scandal or the prisoner abuse problem, how you handle something bad that happens is as important if not more important than the incident itself. The same applies to fixing flaws whether in software or physical items. It is not negligent for software to have security flaws, it is negligent to not bother fixing the flaws. How often have you seen a known buffer overrun or other exploit in apache or samba go unfixed and the developers give lame excuses like Microsoft does? Considering I have seen many critical securith patches for holes that are "only theoretical" and that no one knows if they are exploitable to run arbitrary code, I would say open source software wouldn't have any problem with limited liablity for security flaws that were known and the developers didn't bother to fix them.
...who advised everyone to use Microsoft products, despite the fact that one of their own organizations made a secure Linux available for free?
Dear Homeland Security,
Compare and contrast:
(1) Your ass
(2) A hole in the ground.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
http://www.baltimoresun.com/technology/ats-ap_tech nology10jul02,0,3417358.story?coll=sns-technology- headlines
I am very small, utmostly microscopic.
Most of them just cheat on you.
The purpose of language is communication, If the idea is clear the grammar ain't important
- "In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."
and use the 'synonym' function, you get the actual meaning. I only used synonyms NOTHING ELSE besides whats in parenthesesSo, yes, if tomorrow, every netizen decided to switch to Mozilla, you would find a lot more security vulnerabilities than you do today. It's not a matter of how well the code is written, if others want to inflict damage on the masses, they'll exploit the tools that they use to cause them harm.
It's quite humorous reading through the posts on /. on this topic, it reads like the writings of revolutionaries before communist takeovers in [insert communist country name here], and parallels many of the battles that are raging on in the world of politics right now.
In the world of software, the 'enemy' is Microsoft.
In the world of nations, the 'enemy' is the United States (whether or not GW is in the Oval Office).
The question to ask next is how does the group that is "in charge" responds to attacks and criticism, and more importantly, do they, overall, keep their base happy.
Additionally:
The four items that affect User Adoption are:(or so said an article i was reading on how to get doctors to embrace Electronic Medical Record systems)
1) Completeness of Data
2) Usability
3) Immediate Benefits
4) Technology independence
If people can access all the data they want, how they want to get at it, and not suffer, but actually gain from making the change, then they will switch (and hopefully Mozilla and others will begin increasing their penetration of the market. With the threat of loosing market share, MS will get its act together - I hope, and not just spend millions on FUD - oh wait, they're already doing that...)
Mozilla/Firefox don't come with a scheduling application because they (or at least FF) have the Unix "less is beautiful" mentality.
Granted, there are scheduling apps out there. Some even sort-of work with Mozilla. But when comparing to outlook:
Gee, Toto, I can't believe I posted something I learnt from my MBA on slashdot!
the solution is here:
http://artax.karlin.mff.cuni.cz/~mikulas/links/
Links is a text WWW browser with tables. Runs on Unix and OS/2. Gives the user serious counter-culture edge.
"Minimum consumer implied warranties"?
Ford et al will warrant that your car is safe to drive. If it isn't, big payouts and recalls all round. They will not warrant that your car is unstealable if you park it in a rough neighbourhood. They don't give you a replacement car because yours was stolen or damaged. That's what insurance is for.
Guess what, the Internet is a rough neighbourhood. Even the best, most secure cars can be stolen by professional car thieves. There are professional computer hackers out there on the internet, and you can only hope that they're busy hacking banks and not you.
You can't warrant that there are no exploitable bugs, because you simply can't know that, no matter who you are or how good your software security is. You can certainly advertise that you've made a much greater effort in securing your browser.
I'm all for systems honestly advertising their security against h4x0ring, if only people would pay attention to that. Nobody would buy a car if they knew 90% of them were stolen without an after-market add-on called "a lock". But they'll take MSIE without question. Do they even know there are other browsers, not ready-to-run on their Wintel system thanks to anti-competitive actions by Microsoft?
The article also says:
"CERT said vulnerabilities in IIS and IE could include MIME-type determination, the DHTML object model, the IE domain/zone security model and ActiveX scripts. Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.
The only defense may be completely disabling scripting and ActiveX controls. "
The inertia that kept me using IE is finally over. I've downloaded firefox and love it. Just wish it would stop nagging me about a newer version. I already have 0.9.1.
if the dhs told everyone to jump of a bridge, i'm sure that would make cnn's top stories also.
It's obvious isn't it? If you don't use IE, you don't have these problems?
Why has it taken so long?
Derek
Kinda like when using Google was cool, because everyone else was using Yahoo or Lycos.
Is /. populated by communists? The parent should be labeled "Insightful." Seriously, if the product is bad, let the market kill it. As soon as the wonderful and egalitarian Linux is actually usable, I'm there! In the meantime, I'm stuck with a kludgey P.O.S. OS, and continuously patching it.
I use Mozilla for everything internet related and OOo for office tasks because I can actually use them! Call me a moron, but I really don't relish the thought of using an OS that can't do all the stuff I need it to do, specifically, Quicken, Photoshop, and 3D CAD (SolidWorks). I rely on those programs. Make Linux run them and I'll switch immediately. Until then, I suffer with MS crap, along with the rest of the world.
But, please, spare me the Marxist bunk about some "ideal" Star Trek world in which everyone has a perfect job and never wants for anything. It ain't gonna happen.
The Philosophy of Liberty | lewrockwell.com
where is the link to the www.dhs.gov or www.us-cert.gov press release or article?
It would do wonders to help my company switch! I can't find it, help!
Doubling this week, to 200K downloads! Why, that's almost 1/10 of 1% of the browser market!
Hoo-ra!
to get the basic functionality of their sites are idiots.
Saying "half the web is Flash these days" shows you're nit too sharp either.
If you can't access the basic functions of a website with Lynx, it's a bad site and deserves to die.
Clickable bells and whistles are OK, but I can't remember how long it's been since I saw a site that NEEDED Flash.
The self-important jerks who want everybody to be impressed with their uber-1337 dezining skillz
are only costing their employers $$$ when folks go to competing sites that make life easy on them.
OTOH, the jerks who put Flash **ADS** on their sites are why I have never bothered to installed Flash on my box at all.
Animated GIF ads were bad enough.
gewg_
They don't. By their own testimony, IE is an integral part of their operating system. And indeed, several important operations in Windows are impossible to perform without IE installed. The operating system is not free, and neither are its integral parts.
I got the following batch files off the net somewhere, and it seems to work for Win2K and probably XP. To disable IE, run:
:End
:Activate :End
@echo off
C:
cd "\Program Files\Internet Explorer"
if not exist IEXPLORE.EXE goto End
if exist IEXPLORE.EX_ del IEXPLORE.EX_
if not exist IEXPLORE.DIR md IEXPLORE.DIR
if not exist IEXPLORE.DIR goto End
attrib -r -h -s IEXPLORE.EXE
ren IEXPLORE.EXE IEXPLORE.EX_
if exist IEXPLORE.EXE goto End
ren IEXPLORE.DIR IEXPLORE.EXE
echo IE disabled.
echo If prompted, click "Cancel" then "Yes" on File Protection restore.
echo Run enable-ie.bat to allow IE to run again.
It still runs if you put a URL into a window bar though, but if your alternative browser is the default browser then it'll launch for everything else.
To re-enable Bill's little helper:
@echo off
C:
cd "\Program Files\Internet Explorer"
if not exist IEXPLORE.EX_ goto End
if not exist IEXPLORE.EXE goto Activate
attrib -r -h -s IEXPLORE.EXE
rd IEXPLORE.EXE
if exist IEXPLORE.EXE del IEXPLORE.EXE
ren IEXPLORE.EX_ IEXPLORE.EXE
echo IE enabled.
"And the meaning of words; when they cease to function; when will it start worrying you?"
This browser warning page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:
Warning!Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website, and could have a large number of problems that allow hackers to hijack it with viruses. These viruses could be used by criminals to secretly take over your computer, download child-pornography, or to commit acts of terrorism and fraud. You may automatically update it now with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available due to Microsoft's somewhat sluggish development schedule.
The US Department of Homeland Security strongly suggests that you stop using Internet Explorer immediately.
There are several standards-compliant web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.
If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners that are available.
We've know for a long time that using Internet Exploder was like spinning the chamber and thinking "I wonder if somebody put 6 bullets in the gun this time?".
gewg_
"Now that MS is re-starting IE development, they should probably do what the Mozilla team was forced to do years ago. When Mozilla first inherited NS-Navigator 4.X, they looked at it and decided to ditch most of it. They started clean with new design concepts. I think MS is going have to do the same thing. The current design of IE is fattaly flawed. It will have to be rebuilt from the ground up with a new security model."
And be crucified on the cross of public opinion? I don't think so. In case you have forgotten. The Mozilla team was practically baked for not getting what people wanted, when they wanted. NOW we see the wisdom of their decisions not to bow to public pressure, but that's because this is Open Source. Not beholden to anyone's itch, say the developers. Microsoft and hence the IE team doesn't have that luxury, and if you think Open Source advocates can be vocal, and venemous? You haven't seen anything yet.
More than anything the difference in terms of lawsuits is push and pull. Microsoft pushes their browser out, consumers have no choice in the matter.
Not to mention MSN is set to the default page for IE. How about about:blank for a change?
I don't know where you USian guys get this rubish about companies have only one goal, the damned profit.
You have been brainwashed and repeat your little mantra like the good Chinese workers used to parrot Mao's Red Book.
Companies can be the expresion of an ideal, the realization of a dream or the intent to attack social problems. You have companies that have been set up to ensure fair trade of tea and coffee, other companies that operate in a cooperative basis in which the workers are owners and benefit.
In Brazil a well known style of management (like some forward thinking USian companies like Google) support their employees to start their own businesses on their free time using company's resources that otherwise would not be utilized.
Many companies have programs to vinculate them with their local communities (mine is one of them) helping with reading skills, IT skills on deprived schools, and promoting on their employees a culture of solidarity and social responsibility. Many of you don't know, but many corporations have strict guidelines about what is legal or moreal and what is not, and employess are lectured constantly (to the point of boredom) about legal and moral obligations.
There are companies out there that compete trying to put innovative products on the market and not by the shameful "embracing and extending" touted by the greatest megalomaniac of the IT industry.
The companies are what you want them to be, if they only pursue profit without regards for the consequences it is because greedy unscrupulous individuals have been made heroes by their peers, the media and unsuspected Red Book reciters.
IANAL but write like a drunk one.
.... if the schedules are broken by the latest round of firefighting patching (and this is not a joke).
IANAL but write like a drunk one.
Installed base:_ surve y.html
Apache -- 67%
IIS -- 21%
http://news.netcraft.com/archives/web_server
Who has the most exploits?
gewg_
go fsck urself plz
I'm pretty sure *most* browsers invoke some kind of HTML rendering engine. Yes, even Mozilla.
"I have a good idea why it's hard to verify programs. They're usually wrong." --Manuel Blum, FOCS 94
people were really conned on this. advertising works, it's a multi billion dollar a year industry. Perople are NOT told it is difficult, or dangerous, to buy and use a computer. They are told it's easy, safe, fun, cheap, new and shiny and they will be losers if they don't jump in the pool with everyone else. When they go to the whitebox sho or back to best buy or whatever, they have never been told to load an alternativ OS, or even a browser, they are just charged for a patch of a fix or sold even more sioftware that alleges cures their computer ills. At work, where their bosses got faked out, they are confronted with the exact same thing. At the store, no choice practically speaking.
Yada yada. Although I think some blame can be laid on the victims,for putting up with it and paying for it for yearsm most of it can go to the actual pepetrators of the scams and cons and on the black hats as well for taking cruel advantage of people because it's easy for them to both do so and to remain anonymous and commit sociopathic actions they normally wouldn't do in meatspace.
This was said late last week by 'The Department of Homeland Security's U.S. Computer Emergency Readiness Team' I don't see anything new with this. I.E has been an issue for years, so this really doesn't come to no supprise.
A site cowboyneal will like http://www.freewebs.com/atpa/
Yea. Sorry Dept of Homeland Security! I guess my PC has a terror alert of ORANGE!!!
Firefox will start to be exploited when more than 2% of the internet uses it. No doubt in my mind that if a LARGE portion of internet users have Firefox, it'll start getting hacked.
I agree with half, disagree with the other.
No, people mostly DON'T know there are alternatives, due to industry collusion and fraud at very high levels, levels such that it is mostly ignored by the government, because even there they profit individually from the congame of maintaining this monopoly, although they claim they don't and had a whitewash "judicial hearing" and series of lawsuits over it. It was a coverup joke whitewash effort *at best*.. There is no prohibition from governmental employees using their income or knowledge to help make scam profits in the markets, just a joke level,or nothing really stopping them accepting "fees" on the side,just a joke level, or nothing really stopping them from getting blackmailed, that's not a joke but it happens to politicians and bureaucrats and dare I say to judges. It just depends on the situation.
As to not being able to make a safer better browser able to surf without getting hijacked within 15 minutes? Well, all I can say is, not coming from an insecure buggy windows background, or very complicated unix background, but a mac classic simple functional OS/brosewr background, I will assert to you that I ran for YEARS on the net with NO antivirus, no firewall, no anything but the default browser (netscape) that came with the OS install. YM obviously varied from that I would guess, so you have that viewpoint "it's almost impossible, it can't be done", etc.
I *never* had to jump through *any* hoops just to surf simply. I went to any website I wanted to go to, read any email. Nothing. I know a few viruses existed, but I never got one, and I don't think there was a remote exploit for mac classic, or at least to be honest and fair I never heard of one or read about one. The first firewall I ever used on a personal machine was two years ago with linux because you need one, same as windows, but at least they give you one that works with linux. With windows, nope, all the installs I ever saw were woefully overpriced, incomplete to a fault, and failed to function very well. And insecurity isn't an issue, they *are* insecure as shipped, you MUST jump through hoops to even approach a dismal-security range, let alone a pretty good-security range.
It only took a massive hack to do it, but at least that's a start. www.AnythingButMicrosoft.org
Know what happens when a child-labor sweatshop
is closed down due to bad publicity? The kids go
into prostitution. They need to put food on the
table, and will do whatever it takes. For them,
the sweatshop is a very good employer.
Lynx does images, you simply have to select the one you want to look at and it pulls up in your choice of image viewer. Links does table and other formating, so the placement of images gives you a clue about what's a picture you want to look at.
Friends don't help friends install M$ junk.
...I don't think IE's going to be much more of an issue shortly, considering it's now a National Security Risk, per the DHS (That is, after all, the reason for this whole discussion in the first place...).
Simply put, I'm using this as a reason to get as many home users as I possibly can onto Firefox or Opera under Windows and it's some "ultimate" ammo for me to use to reccomend anything but Windows and Microsoft for our customers as it's a grave security risk like few others.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Based upon the descriptions of the seperate vulnerabilities, there is no safe way to use IE . Apparently MS doesn't realize that there's already a bunch of zero-day exploits out and about using the latest IE exploits.
Microsoft's days are numbered at this point. It doesn't matter if they fix this mess- there's a perponderance of evidence that indicates that they band-aid things instead of fix them (including one of the newest exploits going around- supposedly it was fixed in recent times...). They can not be trusted at all for things that require security- anywhere.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
That is not what they are talking about. Internet Explorer allows you to embed IE inside of another application. You can even put a different name on the taskbar and call it another application, even with your own icon. In theory, some scam artist could write their own "web browser" in about 15 minutes. The problem here is that you really are using Internet Explorer, even if you are claiming to be some other application.
More often this is used in applications like AOL (IE is the default browser in AOL), where they use this ActiveX component to display web content. I think AOL uses their own e-mail system, however. You can also see this in the Real Player application, again if they are going to display web content instead of playing music or an audio/video clip. (Try this if you have Real Player.) Other application also use this, in things like About boxes or even a cool splash screen when you start an application. Sometimes they even do full TCP/IP http requests for content, including machine-specific data. A good security hole if I ever heard of one, and a cheap and easy spy app as well.
Mozilla does not use the I.E. rendering engine... they have their very own, so they don't need it. A while back it was a common task for CS instructors to assign students to make their own HTML rendering engine. I wrote one myself just to see if it could be done. Not a beginner task, but still something well within the capabilities of any recent CS college graduate (if they actually taught you anything).
I've been digging around the CERT website, and I can't find a single place where CERT actually says that the recommendation for this vulnerability is to use a browser other than IE.
Anyone care to remove the blindfold from my eyes?
I thought Opera was the #3 (popularity-wise) browser out there. I certainly like it well enough to see no need to switch to FireFox. And yet Wired doesn't even give it a mention? What's up with that? Are they trying to re-style the browser-wars?
Plug-ins are not something that automatically gets downloaded and installed on your machine. You have to knowingly download and then install them. This is for Windows or any other OS that the plug-in framework is residing on.
On the other hand, IE provides "helpful" features like self-installing plug-ins (ActiveX) and a help framework that completely circumvents the security- all without ANY user intervention.
In the proposed solution you offer, there is no difference with the plug-in model of things- you have to actually install something with your own intervention to be able to view "rich" content. The moment you do anything Internet centric, you change the security profile completely. Having one or more applications to do things doesn't change the amount of work, etc. like you seem to think it does. In fact, in some cases, you just made the work harder because now you've got to add more rules in your firewall and monitoring tools which could leave loopholes in your security. And it still doesn't stop idiots from running malware passed along via e-mail, etc.
Your whole premise doesn't work.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
They're redirecting all the common worm and trojan exploit attempts for IIS to MS' website. Nice.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
The Mozilla Team is counting on your support just like your buisness is counting on its products
the dept of homeland security FINALLY does something useful other than be a useless drain on the economy?
We have seen that living things are too improbable and too beautifully "designed" to have come into existence by chance.
Can (or do) those other applications embedding the IE engine use the zone controls and otherwise follow any of the security settings for IE itself?
God, I'd hope so, otherwise that could be a right nasty mess (and would explain some of the weirdness I used to encounter back when I used/troubleshot Windows
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
on this 32M W98 machine. I tried firefox, it's unusably slow on this machine, I gave up on it in frustration. Looked at "onebyone" to find something with a smaller footprint, but it doesn't do enough to get into hotmail. IE performs perfectly well on this thing as far as I can tell, so I'll be looking forward to whatever configuration options and/or fixes MS can come up with.
On the other hand, my own work/home systems are a w2k where firefox runs fine, and a linux box where I'm not sure what brower I'm using but it obviously is not IE. Too bad I'll have to leave this system with IE as it is. (a box I setup for a friend).
Poetic justice...
If it can be changed with software (I.E. through any application you can point and click with), and depending on your current user privilege settings (I.E. if you are logged in as Administrator... very common for a single-user situation, less likely in a multi-user work situation or as a student in a well-run computer lab), that software can alter any settings just as if you had clicked on anything in the control panel.
Yes, that is scary.
In fact, the security zoning is just changing a few flags in some minor API calls, and a good hacker knows how to flip bits. It really is that simple, and you can in theory set yourself up as an administrator even if you don't have "Administrator" priveleges. Microsoft officially "discourages" this sort of behavior, but it still can be done.
This mess is far worse than you can possibly imagine in this regard.
I don't know, I can imagine quite a bit :) Lord, what a clusterfuck this all sounds like.
;) )
What I do know, after fixing many hundreds of Win 9x systems for people, is that I decided I was going pure Linux and not looking back. I've found it relaxing. I spend almost no time in maintenance after initial setup and pretty much zero time worrying about system security.
Dumb, dumb. Microsoft is really going to take it on the chin this year, methinks. Which in the long run will be a good thing, perhaps; but in the meantime a lot of people are getting screwed (like my folks; every week I get another phone call...)
Not to mention the weird stuff I encounter at work, where we now run XP Pro on all our systems. FE, we have one box, identical to the others, where the network card driver pukes on a random daily basis. Easy enough to fix - go to the hardware manager and re-enable the card - but WTF?! So far nobody either at Corporate or MS has been able to fix it - and it's not hardware, either. What a PITA.
(also three times now in the last two weeks getting a call from corporate telling us to reboot all our boxes because they could no longer VNC into them. Rebooting fixes it. Ah, Oh Lauded Stability of XP. *snort* Other than kernel upgrades my home boxes never get rebooted. Never; and they work a lot harder than the work boxes do. Windows. Bah.
Cheers,
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
ok sure i like using 1994 technology for a browser, dumba$$ go away you linux bigit FUD slinging a$$
They're just a pretty GUI add-on for Internet Explorer.
I've tried both of them. Useful, but as long as Internet Explorer remains a big security risk, I can't/won't use it.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
DHS settled upon Micro$oft OS as their standard,
IN SPITE OF industry associations' warnings of
the multitude of vulnerabilities in same.
While I have no doubt that DHS may do a credible
job of securing their computers, the recent
vulnerabilities announced in Cisco routers does
little to assuage security concerns.
Considering the shear number of computers/gear
purchased by DHS, and the volume of SENSITIVE
data they have collected, how long before the
bad guys know everything about everyone, plus
all the security vulnerabilities that the USA
(government/industry/infrastructure) still has?
Whatever happened to the notions of "secure by
design" policies that the more sensitive portions
of the US government subscribed to? Were these
notions scrapped for "political" reasons, or just
the usual SOP of "dunderheads in charge"?
A lot of posters in this (sub-)thread mention calendaring as an obstacle to replacing Outlook. But I believe that Ximian's "Connector" offering would allow you to maintain all of your Outlook functionality (using the Ximian Evolution client).
Yes, you'd have to retain your Exchange server, but it's a big step in the right direction, no? In fact, I think that changing only the client (at first) might help persuade management, because it's a safer migration path, with a clear fall-back strategy.
Evolution doesn't run on Win, but you could use it from Win as an X app running on a *n*x box, or in a virtual machine on the same box as Win (VMware, OSS equivalents, etc.). Heck, maybe it might even run on cygwin.
Win + Moz - Outlook = no more mshtml.dll vulnerabilities, right?
But when the Dept. of Homeland Security jumps on that bandwagon, oh man, that really boils my teakettle. Without looking at the figures, I'll go ahead and assume that America is the most targeted country for terrorist attacks. Surely Homeland Security wouldn't encourage us all to leave America... would they?
2Flower said, "Which is simpler / less bulky, Mozilla, or Firebox? . . . I'm the audience you need to sell on the idea of ditching Microsoft the most"
1. Here's the experience of someone who JUST MADE THE SWITCH YESTERDAY. I've been using IE for years, *n*x for years, and Opera(Win) & Firefox(Win) for months.
(a) I tried ffox first, because I feared that Moz might be too much like some bad Netscape experiences I had (several years ago).
I find (**on Win, YMMV**) that ffox is too slow (*including* latest releases through 0.9.1):
fetch / render is ok, but re-draw (e.g. after minimizing and later restoring the window, or after uncovering from an another app's window) takes way too long.
(b) Then I tried Opera. Performance is fine, ads are a *very* minor nuisance. But for me (somewhat of an IE "power"-user), the UI difference is non-trivial.
(c) So I decided to try Moz after all. After less than two days, I'm convinced that it's the least disruptive alternative of these three.
2. Hint: install the "Little Moz" theme. It's appearance is the most like IE, and the least wasteful of screen-space (smaller icons, etc.).
3. If you're currently using the Google toolbar in IE, there's an almost-identical plug-in for Moz.
4. I can't believe the number of people who told you -- erroneously -- that you can only get Moz by accepting the Moz email client. The install-process gives you the option to install *only* the browser.
If you need further help / advice switching from IE to Moz, post a message in http://slashdot.org/~nusratt/journal
Yahoo! (R) Now you can user1.cab #REGEDIT4 Gophercentral.COM+>Telnet 23 really funny 56-Bit World Wide Internet Trusted Sites Newsgroup Newsletter Patriot Act II, Scene III, dBIV, Group HTML Text Con Version 5,4,321,0.0,401K-Bi-folder Twain 32 to SBC ASIS UPS How To Get support and Help Edit Community-1 File Cabinet Program Manager Traffic in Complaint Forms as a Co-Plaintiff of Delta T Creations and Real Things Artists Cooperative Networks [MSIMN.EXE] Submit new posting to lameness filter Parsons Quicken Family Lawyer Launch New Briefcase to My SlashDot.Org [Plus!] News for Nerds. Stuff that matters. Windows 98 Setup Wizard Setup Options (*) Typical ( ) Portable ( ) Compact ( ) Custom NOTE: Above is going on one of my other computers about.com past 38 minutes. It needed a deep reformatting due to heavily polluted TCP [Inbound] "Windows Messages" DEFENDANTS : Dept. of Homeland Security Says to Stop Using IE - Microsoft Internet Explorer provided by America Online URL (Address) (e)g/comments.pl?&sid=113251&op=Reply&threshhold=1 &commentsort=0&tid=113&tid=126&tid=172&tid=99&mode =thread&pid=0602562
IPTechPhone:#01 + 512 - 247 - 6696
IPTechViaFacsimile:#01 + 512 - 247 - 6696
WE"//are available MON-SUN 10 am - Midnight.
Maybe only machine will answer; rarely gone more than a few hours.
My PnP/PCI WIN98SE DOS 7.01 NT PC-clone(s) can display(translate) any "Microsoft Source codepage" into a "readable form". Have plenty of legal ammo archived on zip100's and dt1000's. Several colleagues have their own "ALBUM"-"Cover Story"
actually no they didn't Microsoft half fixes serious IE vuln It's a work around and only does half the job.
> I'm sorry, but I really wish people would stop using the
...and as far as your philosophy on proprietary email
:-) Does dealing with viruses,
> argument that alternative operating systems (Linux, OS X, etc.)
> are better because they are free from vulnerabilities.
I'm not sure what you're referring to. I made no such claim.
Perhaps you have my post confused with some other post.
> Yes, they might be more secure from an architecture
> standpoint, but as soon as a greater number of people start
> using these systems, the amount of exploits, viruses, etc. will
> most definitely rise.
I agree with you. We can only hope that the architectural
superiority to which you refer will help keep the malware
to a minimum on non-Windows platforms.
> The alternative systems are not perfect, and thus they have
> their weaknesses, and it's just plain delusional to think
> otherwise.
I agree. Perhaps you read my post with an overly-active
imagination. Do you consume a lot of caffeine?
>
> attachments, if I were to recieve (sic) such a self-important
> response as you describe I would tell you to go fuck yourself.
So far, everyone I have asked to resend their message to me
in a readable format have done so. I suppose it might be
because they have something they feel is worth communicating.
> The Mac snob/prick attitude is seriously getting tired.
> It is not up to the rest of the world to take time out of their
> days to accomodate your personal quirks. Either deal with
> inter-OS clevages on a personal level or or stop using a
> fucking computer.
Your jealousy is so transparent.
worms, trojans & other malware make you feel angry?
Yes Mr. Gates, anything you say Mr. Gates.
A while back it was a common task for CS instructors to assign students to make their own HTML rendering engine. I wrote one myself just to see if it could be done. Not a beginner task, but still something well within the capabilities of any recent CS college graduate (if they actually taught you anything).
I never tried to write an HTML rendering engine, but I'd imagine that the hard part would be to write the "quirks mode" rendering that is necessary to display the countless millions of invalid HTML pages on the web. I don't think that would be part of the CS instructors assignment.
JP
Got time? Spend some of it coding or testing
Got time? Spend some of it coding or testing
It's interesting that while slashdot is quick to report on flaws in Windows and IE, they refuse to report on linux vulnerabilities.
Like just about any major software project, getting the basics down and being able to accomplish about 90% to 95% of all of the objectives takes about 10% of the work. It is those last little bits that always seem to get you, and in the world of web browsers that would be the killer part.
Dealing with the basic text formatting rules (making different font sizes, displaying bold, italics, hyperlinks (in another color), colorizing backgrounds, etc. can be done fairly quickly. Adding images would be a little more daunting, but still can be done along similar lines. A real challenge would be to add buttons, list boxes, and other input fields. Finally, dealing with http post queries and mapped regions would add yet more complexity. By the time you start adding Javascript, other scripting interfaces like Java itself, and even further adding general plug-ins for movie codecs and other fun stuff you then finally got almost a commercial web browser.
That is the trick. A basic HTML renderer for some sub-set of HTML is easy enough. The quirky "bugs" in some web browser that some web designers take advantage of (I.E. designing only for Internet Explorer, for example) to make a web page look "neat" can also be a headache to try and reproduce. Often most web browser designers don't deal with compatability, but instead try to just stick with W3C specs, and only try for this unstandard compatability as a very secondary issue.
The problem really isn't Microsoft either. Remember, they got into the internet way late in the game.
In order to make a secure OS, you need to do it from the beginning. You absolutely can't put security into any software package after the fact. You can leave places where security can be hooked in to make it more secure at a later date, but it has to be in the overall architechture design.
In this respect, Linux got a little bit of a boost with the fact that Unix in general has been designed from the beginning to be with much more secure system. I don't think it was a deliberate move on the part of Linus Torvalds, but he was copying the overall design that came from people who had done some serious thinking about security, For Unix gurus, by the time Linux came into being, were already thinking of security implications.
Windows does what Windows was designed for: A GUI interface on a cohesive set of generic APIs that control generic I/O devices of a single user IBM-PC compatable computer system. Inter-PC communication was intended to be significantly slower than the CPU speed, and even then was only supposed to be connecting people in the same room, or at most the same building.
That Windows is being used for applications that don't fit the above description is a testament to the stupidity of the people who are using it in manners other than that simple explaination. Computer viruses would still be a problem with Windows, but it would take much longer for them to propogate, and the I/O vectors for virus propogation would be restricted to disc media of some sort.
The security problems that Windows is facing right now is the fact that executable software can be sent into a computer through means other than a floppy drive or CD-ROM. The avenues that these worms are coming into most people's computers take advantage of the fact that the internet is a pervasive technology, where data can be tranfered without the knowledge of the person using the computer.
I work in the IT industry as a system/network administrator at a large hospital during the day and I do part time work at night and on the weekends doing internet installs for the local ASDL, FTTH and Cable internet service providers.
The hospital I work at has a "good" security section with proxy, firewall, SMS server, intrustion detection all the gee-wiz-bang security tools that you would expect an organization lible to the tune of $25k per privacy violation (thanks to HIPPA) to have. Still, I have to deal, on a daily basis, with computers that have spyware installed on them. Not only that, but when the Blaster worm hit (and remember, we had all these security tools prior to its arrival), it still managed to wriggle its way on to our network and in less than 5 minutes infecting every vulnerable computer. My standard response to reimage any desktop that is found with spyware, virus or worm as a matter of policy. For instances of Spyware, I consider this to be punishment for the miscreadent behind the keyboard (very likely a "smart" person with a PhD or MD). The other, non-user initiated instances, we are currently looking at PXE booting our Windoze desktops from solid, known-good image each and every time the user starts up their desktop. We have a gigabit backbone, so we can get away with this. I think the long term decision that needs to be made, however, is to remove windows from the equation entirely.
Now, on to that part-time moonlighting gig. First, I decided to do this to get a better understanding of how users operate at home vice work (with the hope that it would lead to some insight about why things go wrong at work). Second, the pay was good if done right. I discovered that home users are completely insane with regard to security. About 10% to 15% of the user's desktops I encounter have IE so comletely dorked up beyond recognition as a functioning browser that I *MUST* manually download mozilla from the command prompt to get the user through the web based section of the sign-up process. Another +30% of the users have marginally functioning browsers with fairly benign malware (pop-ups, web page redirection, unwanted browser plug-ins, lowered volume modem dialing scamware, etc.). I have a time limit on my installs (user needs to be signed up within at least 20 minutes or else it's not economically worth my while to be out there); so, I usually point them at mozilla.org before I leave. There is a certain large percentage to users (say between 3% to 5%) who's computers are so throughly fscked that I will just walk away from the install after demonstrating, with my laptop, that their internet connection works, but their windoze computer doesn't. To these poor, unfortunate folks, I hand them a live CD distro before I leave.
If you do the math, over half of home Windows users are fscked to some degree. Now I understand why call centers are being farmed out to India. It just simply isn't a matter of cheaper labor; it's actually an economic necessity in light of Windows market share.
I think that Microsoft, in its desperation to "get" the internet, made some really bad design and business decisions that will end up truly demonstraiting that they didn't "get" the internet at all.
The other half of the equation, which has not been tested, is the curse of market share. It will be very interesting to see, over time as the Open Source market share starts to re-take the browser and over take the desktop, how the open source community patches and updates flawed software (fortunately, Microsoft has demonstraited some good ideas that didn't work; maybe, with a little luck, the Open Source community will learn from these mistakes and either correct the fundamental flaw(s) or build something better). Regardless of all the drivle that comes out of Open Source advocates' mouthes, this will be the single feature that defines the difference between Open Source and Microsoft.
what the hell are you yammering about???
oh my god, I don't get it
How about:
Frank's Corner ...
This website contains all the information you need to get Windows applications and games running on Linux using Wine. Popular applications: AutoCAD R14, Photoshop 7.0,
CrossOver Office ... Quicken, and Adobe Photoshop, and ... allows Windows Web browser plugins, such as QuickTime and Shockwave, directly on your Linux browser. No Windows Operating System license required; CrossOver is a complete replacement for your Windows OS as far as your applications are concerned. They note that Solidworks 2004 remains untested and they're looking for an advocate.
Allows you to run many popular office productivity software applications, such as Microsoft Office, Lotus Notes, Microsoft Project and Visio, graphics applications like Macromedia Dreamweaver MX, Flash MX,
NeTraverse Win4Lin Run your favorite Windows applications on the Linux operating system in the fastest Windows 95/98/ME environment available for Linux.
I've only had experience with Crossover Office, starting about 3 years ago, when I absolutely had to get MS Office 97 working on a Linux box for a Master's thesis (OO.org 1.x and StarOffice 6.x both messed up on the document's footnotes and/or endnotes back then). I bought Crossover Office at LinuxWorld SF, and it worked fine, though I didn't try it with any other applications.
The SolidWorks is probably going to be the clincher for me. (Don't take this the wrong way, but I'd rather draw things in my own blood than use AutoCAD. haha)
Thanks again for the links. :)
The Philosophy of Liberty | lewrockwell.com