Slashdot Mirror
Dept. of Homeland Security Says to Stop Using IE
LWATCDR writes "I have been saying this for a long time but now it is offical. From Yahoo News:
'The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.'" In related news, rocketjam writes "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
"In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."
This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer. You gotta love this. You just cannot make stuff up like this!
Cheers!
Erick
http://www.busyweather.com/
Horray for the Department of Homeland Security! LWATCDR is not the only person that has been saying "get off of IE" for a long time.
Now the pressure is on Microsoft to get their shit together and make IE more secure, or risk losing their commanding lead in the web browser department. Even my dad, who would rather not use a computer than have to start using different programs, has asked me to put FireFox on his system. And my dad's boss, who is quite possibly one of the most computer illiterate people in the world, has expressed interest to him in moving the whole office off of IE onto another browser.
It really says something for how widespread this news is. If I was MicroSoft, I would be scared at this point.
I didn't listen to them when they asked me to duct tape and plastic wrap my house, I didn't listen to them when they raised the alert level 5 different times, I didn't listen to them when they told me to trust them, but I am glad that other people do... Perhaps this will do double duty! It will fix websites that cater to IE only so that they work with the currently "broken" Firefox so that I don't have to refresh or cross my fingers to get it to work.
"According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
I hope that this also translates into a large spike of donations to the mozilla organization. Firefox and T-bird are teh moh scheezi, and i started using mozilla years ago.
I've donated about $150 over the years, how bout y'all?
do() || do_not();
the courts have ruled that Msft's bundling and pushing IE with every OS purchase is good for the consumer. Let business be free to manipulate their customers! It's good for the economy.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Now all us computer nerds will lose our counter culture edge. Plus you'll no longer be able to detect a fellow geek merely by his browsing choice. I guess we'll have to go back to tossing off random Kevin Smith quotes and seeing who catches on.
1) Create product that a smaller portion of the population uses, thus keeping the effectiveness of attacks on your product less desirable than the other 2) Give your product away for free, open sourced, and up to date with all the latest standards, oh, and make it more secure (novel idea, really) 3) ??? (wait about five or six years for a government agency to declare your competitor's product unsafe enough to get the CERT all riled up) 4) Profit, or How Mozilla Pays M$ Back for The Whole Killing of Netscape Thing
That was CERT's announcement, this is actually the Department of Homeland Security making this recoomendation. 2 different orginizations, same recommendation.
Hopefully people switching to FF will mean that more bugs will be squatched from it. Perfect timing for that 1.0 release.
wow!!
I am the Alpha and the Omega-3
Recently I was cleaning rather obnoxious spyware off of my sister's laptop. To prevent further infection, I was asking her to install Firefox. I said it'll block popups. Still reluctant. Tabbed browsing? Nope. More secure? Nu uh, still stubborn. Stop the spyware? No. (She's getting irritated at this point). CERT Recommended to stop using IE? Still won't let me install it.
*pause*
She then asks if our mother uses it. I said yes (thanks to me).
"Ok, install it."
Homeland security be damned, it's the MOTHERS we need to convert.
Homeland Security says to stop using IE but in the Air Force we're still using it and I haven't heard any plans to switch to something else. It's good to know that the DoD is listening to the security measures of the other departments.
"Armed forces abroad are of little value unless there is prudent counsel at home" - Cicero
I've been posting news articles like this one around the workplace, but man, is it hard to get anyone to listen. If HQ won't even listen to this headquarters's own IT department, why should they listen to someone in R&D?
Bah. Anyone have any advice on this?
Si la vida me da palo, yo la voy a soportar Si la vida me da palo, yo la voy a espabilar
This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer.
Translation: After all those horses get out of the way, we'll have your barn door fixed in a jiffy.
A feeling of having made the same mistake before: Deja Foobar
A support article by Microsoft suggests a solution to the holes in their product, specifically the one where an address can be spoofed and displays a different url than the one you're actually at. Solution: Don't click on links! :)
"The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself."
Well, if you really want to be counter culture, just wait a few months, then start using IE again after the bulk of computer using Americans move over, that will really shock your friends, it can be like a cult
"Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
Let's see what we have here.
- First sentance tells us that Microsoft isn't going to try to attack the credibility of CERT because that'd be unlikely to get anywhere.
- Second sentance is trying to blame "the media" for misreporting the story, but the media's working from a primary source that has a section heading called "Use a different web browser". I don't know how you're "misrepresenting" that when you take that as a suggesting to download any browser that isn't Internet Explorer which means Mozzila, Opera, Netscape or any other compeitor out there. They want CERT to take back the recomendation to just stop using IE... that's the only kind of "clarification" that's possible here.
Microsoft clearly wants a CERT retraction. But do they stand any chance at getting one?
Anyone want to place bets on whether some clever MS lawyer is preparing to argue that any antitrust action related to the browser bundling should be tossed out, because the feds are now encouraging people to use browsers written by the competition? After all, if the government acknowledges that there is legitimate competition, then clearly, MS must not be abusing its desktop monopoly, since so many people are now downloading those free alternatives... right?
As an alternative... imagine if DHS came out and said that a flaw in GM vehicles aided terrorists, and people should purchase Ford and Chrysler vehicles until the flaw is repaired. Do you think GM would immediately start demanding financial compensation for lost sales and market share from the federal government?
Now, extend that to MS, despite the fact that IE is, effectively, free. If the whole thing still seems unbelievable, insert Robert Heinlein's quote about corporations thinking they have an unassailable right to make a profit above all else here. I'll bet good money MS is already preparing the legal briefs for some kind of retaliation.
Someday, you're going to die. Get over it.
Wow. Think how much worse this'd be for Microsoft if IE was a core part of the operating system!
- mark
-----
I tried an internal modem, but it hurt when I walked.
Rich
You just need learn to love the big brother. It may take time, but in the end, you will love him. We will take care of that.
Now, how many fingers?
“Wait for Hurd if you want something real” –Linus
You know, everyone says that but I never have problems. I've been using Mozilla (and then FireFox) for ages and I constantly do online banking (psecu), access my (admittedly too many) credit cards (mbna, discover, amex, etc) via web sites, get all my news online, buy stuff online, etc. The only time I ever had a serious problem using a website that was designed for IE and didn't work in Mozilla was AT&T's Blackberry webmail client. Seriously, that is THE ONLY ONE.
I think this whole "IE is required for banks, online stores, etc". is a big FUDdy myth. Start pointing out sites that do not work with standards if there are so many and let's all encourage those sites to fix their broken stuff.
Finkployd
my question is, if 1) there's no patch yet for IIS servers to defend against the attack, and 2) the microsoft update servers are all IIS, then how can we know that microsoft update hasn't been hacked? hmm? (oh the humanity!)
Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
So the press misquoted CERT? I've read the text and almost everything I've seen is a quote, albeit summarized occasionally.
I think it's absolute comedy that when MS plays hardball, it's just business as usual, but when things swing the other way they can't stop complaining how they aren't getting a fair shake.
Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
Translation: We are currently researching ways to extort CERT into issuing a new statement saying our browser is the most secure as long as you don't use the default settings we chose for you. Fact: IE is the most secure browser when completely blocked by a firewall.
I objected and got called "Ayatollah of web-compliance" :-)
In Soviet Washington the swamp drains you.
http://johnkerry.com was running Apache on Linux when last queried at 26-Jun-2004 10:33:54 GMT
http://georgewbush.com was running Microsoft-IIS on Windows 2000 when last queried at 25-Jun-2004 13:05:27 GMT
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
Uh, it is reported that the trojan only automatically installs itself with IE. For other browsers, you have to download and run a GIF image that is disgused as an EXE with the infamouse double-extension social engineering trick.
Did you read the page you linked to?
"Global Class Action Lawsuit against Microsoft"
This is what people don't understand about capitalism. If you don't like the product, you don't have to sue, just stop using the damn product.
I really hate this attitude, "the man keeps us down, so lets sue." It makes absolutely no sense at all. Corporation uses child labour to make affordable products, sue them. Heaven forbid you should accept responsibility for it and stop buying their low-quality products. MSFT sells software for too much money, sue them, don't simply use something else. It's no wonder we have so much unnecessary litigation in this country.
This browser warning page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:
Warning!Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website, and could have a large number of problems that allow hackers to hijack it with viruses. These viruses could be used by criminals to secretly take over your computer, download child-pornography, or to commit acts of terrorism and fraud. You may automatically update it now with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available due to Microsoft's somewhat sluggish development schedule.
The US Department of Homeland Security strongly suggests that you stop using Internet Explorer immediately.
There are several standards-compliant web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.
If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners that are available.
I don't know where you USian guys get this rubish about companies have only one goal, the damned profit.
You have been brainwashed and repeat your little mantra like the good Chinese workers used to parrot Mao's Red Book.
Companies can be the expresion of an ideal, the realization of a dream or the intent to attack social problems. You have companies that have been set up to ensure fair trade of tea and coffee, other companies that operate in a cooperative basis in which the workers are owners and benefit.
In Brazil a well known style of management (like some forward thinking USian companies like Google) support their employees to start their own businesses on their free time using company's resources that otherwise would not be utilized.
Many companies have programs to vinculate them with their local communities (mine is one of them) helping with reading skills, IT skills on deprived schools, and promoting on their employees a culture of solidarity and social responsibility. Many of you don't know, but many corporations have strict guidelines about what is legal or moreal and what is not, and employess are lectured constantly (to the point of boredom) about legal and moral obligations.
There are companies out there that compete trying to put innovative products on the market and not by the shameful "embracing and extending" touted by the greatest megalomaniac of the IT industry.
The companies are what you want them to be, if they only pursue profit without regards for the consequences it is because greedy unscrupulous individuals have been made heroes by their peers, the media and unsuspected Red Book reciters.
IANAL but write like a drunk one.