Slashdot Mirror


Dept. of Homeland Security Says to Stop Using IE

LWATCDR writes "I have been saying this for a long time but now it is offical. From Yahoo News: 'The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.'" In related news, rocketjam writes "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."

16 of 1,069 comments (clear)

  1. Its About time by arieswind · · Score: 5, Interesting

    Horray for the Department of Homeland Security! LWATCDR is not the only person that has been saying "get off of IE" for a long time.

    Now the pressure is on Microsoft to get their shit together and make IE more secure, or risk losing their commanding lead in the web browser department. Even my dad, who would rather not use a computer than have to start using different programs, has asked me to put FireFox on his system. And my dad's boss, who is quite possibly one of the most computer illiterate people in the world, has expressed interest to him in moving the whole office off of IE onto another browser.

    It really says something for how widespread this news is. If I was MicroSoft, I would be scared at this point.

    1. Re:Its About time by plj · · Score: 4, Interesting

      If I was MicroSoft, I would be scared at this point.

      Well, they are. According to wired (emphasis mine):

      Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.

      "Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.


      In other words, Ballmer has probably already contacted Bush to remind him about the terms of his re-election campaign funding by MS...

      --
      “Wait for Hurd if you want something real” –Linus
  2. Great News by devphaeton · · Score: 5, Interesting

    "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."

    I hope that this also translates into a large spike of donations to the mozilla organization. Firefox and T-bird are teh moh scheezi, and i started using mozilla years ago.

    I've donated about $150 over the years, how bout y'all?

    --


    do() || do_not(); // try();
  3. Yeah Right by BigDork1001 · · Score: 5, Interesting

    Homeland Security says to stop using IE but in the Air Force we're still using it and I haven't heard any plans to switch to something else. It's good to know that the DoD is listening to the security measures of the other departments.

    --
    "Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
  4. Kinda funny... by devphaeton · · Score: 4, Interesting

    Not 4 months ago MSN.com (obviously slanted) was trumpeting around "BROWSER WAR IS OVER!!!" and proclaiming that IE was the clear victor (though they never gave the conditions that made it a victor, they just sensationalized and re-iterated the same shit over and over in different wording in True Fox News Style(tm))

    MS to "win the browser war" just in time to have their browser shot down every time they turn.

    They had better wake up to this, too... These days, "internet" is about 85% of what computing is about. MS with all their attempts to blur the lines between your computer and the internet, and their flagship web application is poo.

    --


    do() || do_not(); // try();
  5. Re:DUPE!... well, mostly. by LostCluster · · Score: 4, Interesting

    Not really. This is the original source document...

    Notice that it's the Department of Homeland Security seal at the top of the document. For our purposes, CERT is a subset of DoHS... it's just that the media is now picking up on the more known name of the larger organization to bring the story to the masses.

  6. Serious for MS by Decaff · · Score: 4, Interesting

    This kind of thing could be serious for Microsoft. Their strategy is 'thick client' - the browser and other features are integrated into the operating system. If security issues remain while the browser becomes a fundamental part of future Windows use, their are in trouble.

  7. A side effect of Pop-Up blocking by devphaeton · · Score: 4, Interesting

    Netcraft confirmed in a report today that the beleagured Pop-Up Advertisement industry is citing Mozilla and Firefox as the driving force that has snuffed out their livelihood and threatens to drive them into extinction....

    (c'mon, someone else can do this better than me) :-D

    In other news.... when parasites and popups are no longer possible, what sorts of nefarious crap will the nefarious-mongers do next?

    --


    do() || do_not(); // try();
  8. windows update at risk? by bratboy · · Score: 5, Interesting

    my question is, if 1) there's no patch yet for IIS servers to defend against the attack, and 2) the microsoft update servers are all IIS, then how can we know that microsoft update hasn't been hacked? hmm? (oh the humanity!)

  9. Cool, just after a PHB here by mi · · Score: 5, Interesting
    Instructed the internal webmaster team to ignore all other browsers -- to save valuable time and effort, of course. Which -- since they use Microsoft web tools only -- instantly led to the whole intranet web-site becoming disfunctional in Mozilla, Konqueror, and Opera.

    I objected and got called "Ayatollah of web-compliance" :-)

    --
    In Soviet Washington the swamp drains you.
  10. Re:If it's broke...well....we'll fix it later by tsarin · · Score: 4, Interesting
    Doesn't the click-wrap license agreement stipulate that you agree to "indemnify and hold harmless" (or however it's phrased) Microsoft, such that you don't have recourse to lawsuit? IANAL, but that's my reading of it.

    Leaving aside whether or not click-wrap licenses are actually enforceable, I suggest that all the folks who aren't using any MS products at all (myself included) -- and as such haven't agreed to any such nonsense -- band together to join a class action suit against them. Whether it's for all the time we're stuck burning, having to fix the Windows PCs our friends, family, &c constantly need fixed, network outages caused by virii that use Windows exploits as a vector (my ISP [cable] was more or less buried under the overload in traffic from MyDoom and Welchia or whatever they were called, to the point that their only recourse was turning off infected users' connections).

    Does "people who don't use a product but are still inconvenienced, put out and may even have suffered financial loss (as did a friend of mine when our ISP choked on virus traffic) because of its foreseeable and preventable problems" consitute a class?

  11. Re:If it's broke...well....we'll fix it later by str8 · · Score: 4, Interesting

    As pointed out, IE & IIS and such are paid for. Another factor is that despite the weak remedy of the DOJ antitrust suit, MS was still found to be a monopoly. This puts them into a different class than most other software.

    Despite the click-wrap license which claims no liability, I think it would be easy to show the contrary and the class action is a good idea. MS is a for-profit company and as such their goal is to make money. They aren't going to write any code unless it affects the balance sheet. Time to make the exploits show up on the 10-Q.

    There's more truth in Dilbert than in Farenheit 9/11

  12. Reality Check by bonaman_24 · · Score: 4, Interesting

    Does anybody realize just how hard it is to make people change their browser or OS? I work in IT and almost no one has even heard of Firefox. Only one (besides me) has it installed...and we are IT. This is not the end of anything for the evil empire, this CERT notification won't move M$ market share of browsers by more than 1%. And since the overwhelming majority run IE, we will all still have to have IE just to be able to continuously repair and troubleshoot it. Sorry for the reality check, but end-users are skeptical about any change, unless they feel 100% sure they will gain much, loose little. People say this is the end of the empire, but most people who run Linux and OS X have a Windows PC also.

    1. Re:Reality Check by kryptkpr · · Score: 4, Interesting

      Does anybody realize just how hard it is to make people change their browser or OS?

      Huh? I find it's really easy to make people switch.. the conversation goes something like this:

      Them: "Why is my computer running so slow? And Why do I have all these popups when I'm not doing anything?"
      Me: "Your system is infected with malware.. I will clean it"
      [an hour or so passes as Spybot and Adaware do their thing, and I do my thing with Toolbarcop]
      Them: "How do I keep this from happening again?"
      Me: "Internet Explorer is not secure. If you use it, this WILL happen again, and there is nothing you can do about it. Oh, and Russian Hackers will steal your passwords and credit cards. The only thing you can do is switch browsers to this new one called Firefox."
      Them: "What does it look like? Does it have a googlebar? Will my popup blocker still work?"
      Me: "Looks pretty much the same as IE, except Favorites are called Bookmarks."
      Them: "Bookmarks! I remember those from Netscape"
      Me: "You'll feel right at home then. Google search and pop-up blocker are built into the browser"
      Them: "Sign me up!"
      [I set IE to high security, add windowsupdate to trusted sites, and install Firefox making it default browser. Remove all IE icons, put Firefox icons in their place.]

      I've converted 5 people in the last week.

      I have 1 suggestions for the firefox people: Bundle (or at least provide an installation page that opens when you first run the browser with links to install) Flash, Shockwave, and Java.. With those 3 things installed, there is no reason to open IE again.

      --
      DJ kRYPT's Free MP3s!
  13. Re:If it's broke...well....we'll fix it later by Trepalium · · Score: 4, Interesting
    Oh, please. A managed runtime is not a magical security bullet. In the case of Internet Explorer here, these are not the buffer overflows, off-by-one or signedness errors that a managed runtime could ever protect against. These are simple security design errors. Microsoft wanted to show how great their IE engine was and implemented security zones so that local HTML-only applications could exist using the engine. They are being burned by this, now, as people find new ways to turn the higher security 'Internet Zone' into the lower security 'My Computer' or 'Trusted Sites' zones.

    Of all programming errors, buffer overflows, off-by-one, and signed mistakes are some of the easiest spot and to fix. Other errors, like SQL injection, privledge separation, races and the dozens of other errors that can cause crashes, security vulnerabilities, or denial of service attacks, can not be protected against by a managed language because they're outside the scope of the language itself.

    --
    I used up all my sick days, so I'm calling in dead.
  14. Informative IE Links - IE Bashing Extraordinaire by qwasty · · Score: 5, Interesting

    This browser warning page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:

    Warning!

    Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website, and could have a large number of problems that allow hackers to hijack it with viruses. These viruses could be used by criminals to secretly take over your computer, download child-pornography, or to commit acts of terrorism and fraud. You may automatically update it now with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available due to Microsoft's somewhat sluggish development schedule.

    The US Department of Homeland Security strongly suggests that you stop using Internet Explorer immediately.

    There are several standards-compliant web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.

    If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners that are available.