Slashdot Mirror
4 New "Extremely Critical" IE Vulnerabilities
TopherTG writes "Buckle your seat belts folks. On what is looking to be the next Black Tuesday, with rumors of 9 new Windows security patches being released, Secunia is reporting on 4 new vulnerabilities in IE that allow for arbitrary code execution and placing content over other windows. Combined with the new Windows patches, it is likely more Download.Ject and Sasser like viruses will be emerging in the coming months."
At what point do we need to shift the focus here and start posting slashdot stories when they find some code in IE that actually works?
What does "Black tuesday" Refer to?
An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.
So SP2, which is supposed to make Windows super-safe (even at the expense of backwards-compatibility in some case) may have actually introduced an IE bug.
surprise, surprise...all i want to know is why you need 9 patches for 4 holes. maybe the first patch fixes 1 and creates 5 more?
Sorry Funkdid, your bet of Wednesday for the next IE exploit was incorrect. However according to Price is Right rules your bet is the closest without going over, so you win!
Your prize today is 9 shiny new windows patches! And a new car!
Urge to post... fading... fading... RISING!... fading... fading... gone.
A spokesman for Microsoft said, "These are the last 4, we swear!"
I'm switching to Lynx.
Shocked! I'm shocked, I tell you!
Solution:
Disable Active Scripting.
Use another product.
Get Firefox!
"Solution: Disable Active Scripting. Use another product."
Creative Demolition
I can't wait to see the next 'hilarious' virus names that come out next. My favourite is and has always been the "Kak.Worm". Short and to the point!
... all the antivirus companies like Symantec, Sophos, etc. just start classifying IE as a virus. Get rid of IE and most of these viruses/worms will have nowhere to go.
so... many... holes...
is MS trying to buffer overflow our minds in order to run arbitrary advertising in our brains?!?!?!?!
How long is it going to be before some big mainstream press picks these recursive stories up and starts recommending people try another web browser?
And is there anything we can do to get this in the press?
*.02c
Obviously anyone who hasn't made all their Windows 'friends' switch to FireFox needs to do so now. Just point them to the download site and send them this article, which nicely explains the benefits of FireFox, and why you have nothing to lose by trying it:
http://slate.msn.com/id/2103152
You know, for some reason, I feel bad for the IE Developers, who are probably a bunch of well meaning people that are hampered by upper-management decisions.
This is not something you want to wake up to as a developer, whether it's proprietary or open source. It's just that they can't make decisions based on solving the problem alone, they have so much red tape to go through to make changes, that even though they might want to solve this problem, someone on the top is making it difficult.
Jason Lotito
I guess this makes all the bitching about Moz/Firefox in the other story a bit mute...
Yes Francis, the world has gone crazy.
Internet Explorer in Windows XP SP2 Releae candidate is not vulnerable to any of these exploits.
As soon as the IE apologists had a reason - a fleeting one, but a reason still - to act like IE wasn't so bad... the floodgates open.
Dissolve... Resolve... Evolve...
Dear Staff,
IE has a vew unsolved vulnerabilities to say the least. Download the latest version of Firefox or Mozilla from http://www.mozilla.org/.
Thanks,
Bill G
"During times of universal deceit, telling the truth becomes a revolutionary act" -- George Orwell
I sure the hell don't I am a huge fan of Opera.
- ZeroGuard
Not meaning to sound too ruff on Windows users (I know their IE browser is psuedo-integrated) but I find it hard to see why you'd want to continue using IE when there are so many other lovely browsers available that don't suffer as many vulnerabilities/ get patched so much faster.
:)
Just one example: Firefox. Admittedly I don't use Firefox myself but a number of my Windows using friends have switched to this in recent months and they absolutely love it; even to the point of raving about it to me
So what is the real reason that so many Windows users don't find an alternative? Are they bone-idle or are they ignorant to the range of alternatives?
Ripping an new rectum in the fabric of spacetime.
Yes I know Mozilla/Firefox is better and I use regularly. However I have to develop applications in ASP.net, basically Internet explorer as mandated as mandated for this application. Granted windows runs the majority of desktops here). Why cant Microsoft just build code that is at least semi-secure puhleeeeaaaaassseee....maybe it's time to pitch for a full out work switch to Mozilla/Open Source. Especially when it's a new vulnerability (or multiple vulnerabilities) once a week. *sigh*
Ok I'm through crying now Microsoft hear my pleas....
...in bed
This is absolutely no surprise, and seems at this point almost un-newsworthy. There are so many holes in the virtual screen door that we call IE, its becoming moot to mention them. Why not solve the problem at its base, and switch to Mozilla. I am director of IT at the company that I work for, and we all use Mozilla now, and I feel a lot better about this. I am waiting for 2 things though:
1.IE to not be a part of the actual operating system (not going to happen, they've already committed)
and
2.Web Developers to write code that is compatible with all browsers (i.e.: not written just for IE, such that if another browser is noticed, service rendered unusable).
when this happens, i will be pleased.... until then, i guess we're going to be fighting off more exploits than one can shake a stick at.
sigSEGV - doy!
I don't feel sorry for people who work at Microsoft. They are well compensated for the suffering they inflict.
Friends don't help friends install M$ junk.
[sarcasm]Secunia tells us that OS X, OpenBSD, and Linux are a cracker's dream compared to Windows! They have the statistics to prove it![/sarcasm]
52 Weeks, 52 Religions with John Hummel
Firefox. The Browser reloaded.
Seriously, it is even more of a security risk to use IE now. Please try Firefox, and encourage your friends and family to do so too. You will be pleasantly surprised.
...before a majority of Windows users have decided to give up and switch to a safer platform for their browsing, email, chat, and p2p.
Windows has a terminal parasitical infestation, the only way to keep a Windows box safe these days is to keep it off the net.
So, I predict: one box for the net, running a Linux disc, and another box for games and photos and all those Windows-only toys.
It's becoming clear that Windows and the Internet simply do not mix.
Ceci n'est pas une signature
Yes, Microsoft gets attacked because they're the biggest target. No, I don't buy the argument that all OSes are inherently just as secure or insecure as other OSes. Just compare Windows 98 to Windows XP, or OpenBSD to Windows ME. All OSes are not the same, and marketshare is not the only factor.
Read the EFF's Fair Use FAQ
Well, one of our web sites has around 300,000 visitors a month and about 93% of them use IE
Look for yourself:
IE6 has 72% market share as of 2004
"An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system."
Damned either way. Run Mozilla, if you aren't already.
At this point you really have to be a 100% Grade-A idiot to run IE.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
If people running windows were not so used to running as admin, this would not be a fundemental problem. If Windows was more friendly to being used as a multi user system, then only the os would be the bottleneck (although still a significant one) in making a system secure. I mean, running a browser should be a fairly secure activity, after all, it is such a basic part of every day computer use.
Built one of these, have you? Do tell, do tell.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
That's it! I give up! (Though I'm sure it's only a matter of time before they find a way to hijack my computer without me even being connected to the Internet.)
Or does the very name of IE sound like a scream?
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
We've been hearing about these vulnerabilities for a while. I for one have switched to using Firefox and Safari for my main browsers as soon as Safari was launched. I use IE only when I come across sites (why can't developers follow the standards that have been set by W3C?) that were coded specifically for IE and don't render properly in the other browsers. Many people in my circle, and in the Slashdot circle have been doing the same thing. But what about the masses? What about the average Joe, the average corporate user? I don't think these people understand the severity of the situation here or that they even care. Hence, we still have roughly 90% of the users out there just moving along with these secure-as-swiss-cheese browsers and not moving to more secure solutions. What major industry, company, government agency, etc has to go down in a giant ball of fire to get people to do something about this and not continue to use a sub-standard product?
Just imagine if cars were sold with this many problems. Or home security systems...
"He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
because thousands of very large companies (you know, the ones which actually pay for symantec software?) standardised all of their internal applications on IE -- basically meaning they invested millions (billions?) of dollars writing internal web applications which work in IE but no other web browsers. a huge mistake, yes, but you're talking about re-write work on the order of a hundred or so million dollars.
MORTAR COMBAT!
who uses IE anymore?
With Mozzilla and Opera, the only reason one would use IE is to go on non-standard compliant web sites.
That's where people should hit the nail. If we want a real alternative to IE, email website owners and tell them their site need to support other browsers.
Or better, but tricky, support Microsoft technology... but then, you run into the vicious cirlce that that technology is exactly the reason why IE is not secure.
Really, is the malice of the programmer the only premise for calling the software malware? I think software that does enough damage, albeit due to stupidity/bad_coding rather than malice should qualify too.
Either that, or we need a new term called "el_stupidoware" (or variations thereof).
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
Anyone have a cached link for this?
Their site is getting hammered.
Check out Mon and Mon.cgi
does anyone still uses IE?
It was never installed on any of my computers. But some surveys says it is about 95% of the users. Of course those surveys are not 100% reliable. Anybody still using IE should seriously consider switching now.
Do you care about the security of your wireless mouse?
Nihil Novi Sub Sole
SHE does throw dice.
I see lots of people posting things like here's your reason to switch to mozilla or opera or firefox...well, here's my question...are all these vulnerabilities discovered in IE, just because it's the browser of choice? if firefox was the browser of choice with the largest market share, wouldn't virus writers and security experts just be finding vulnerabilities in it?...or are mozilla/firefox/opera that much more secure...it's kinda like MAC users saying how the MAC is so secure because all of the viruses are windows viruses...well, that's because no one bothers to write a virus for MACs...
"Facts are meaningless. You could use facts to prove anything that's even remotely true." - Homer Simpson
The funny thing is that the Internet Explorer icon for this story is the one from IE/Mac and not the Windows version.
But does it seem to anyone else that MS is actively trying to make Moz & friends look good?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
This is why I use K-meleon. http://kmeleon.sourceforge.net/
I Hate Sigs
It's skewed highly towards the web developers/more technically inclined, BUT the fact that non-IE browsers are doing so well there is a GREAT sign, as it means web designers are moving away from IE.
If you want a better general representation of the web, Google's Zeitgeist web browsers graph (from May) is a better place to look. If you zoom in, you do see that the Mozilla based browsers are slowly gaining.
Google doesn't index user sigs, so stop trying to "Google Bomb" with them.
Is it possible the black hat hacker community sees IE reeling from recent attacks and bad press, and is working in a concerted effort to completely discredit IE and leave Mozilla and Opera as the default alternatives? Is MSIE on the ropes and about to go down for the count?
"Academicians are more likely to share each other's toothbrush than each other's nomenclature."
Cohen
Running Internet Explorer is like pulling your pants down and screaming "rape me" in the middle of the motorway.
Great quote I won't forget anytime soon. I believe he told this to his bank on the phone after they said they only supported Internet Explorer and Netscape 4.5 to access the account part of their site.
See that hole in the wall? That's where the stock market crashed!
This sig is only here so people stop skipping the last lines of my posts.
perhaps it would be a good idea for everyone to contact their elected representatives:state, local and federal and convince them the need to switch to something other than IE
Join Team Mozilla #38050 Folding@home
http://slashdot.org/article.pl?sid=04/07/13/124720 3&mode=thread&tid=126&tid=154&tid=172&tid= 95
Yes, a lot of it has to do with popularity.
I think another major woe of IE is that it tried to hard to be the solution to everything. Hence it got co-opted into insecurity.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
--pete
Just set a box of Windows XP out in the field, and the worms keep rolling in. They stopped for a moment and we were afraid we would have to go back to the old method of using shovels and a bucket. But, like magic, they kept coming and coming.
All hail the Quizatz Hadderach!
IE isn't so much like a virus as it is like your tonsils. They get infected from time to time, swell, cause trouble, send you for help, until finally you have them removed.
The world is made by those who show up for the job.
Firefox (and most other browsers) will let you change the agent that appears to be browsing. This had to be implemented due to stupid web designers that only allowed IE. In other words, a lot of those IE results are probably non-IE browsers.
I know plenty of people who might be interested in switching away from IE if the full ramifications of these security problems actually reached them, rather than being too technical, or not on the evening news, or wherever they might be lucky enough to see them.
How about someone writes a virus that injects code that redirects to... the Firefox installer? If people don't notice or care when their home pages and computers get hijacked, they probably won't care if their browser suddenly changes either.
I'm not serious, but sometimes I wonder what would happen if people who didn't patch their IE were switched to Firefox by force.
The bottom line is that IE is probably partially pre-loaded at all times, once again adding to the Windows overhead.
There is nothing to stop you running Firefox fully pre-loaded from boot-time.
Ripping an new rectum in the fabric of spacetime.
I'm not quite sure how this is, but our collective websites run on our server generate around 2 million hits per month, and i would have to say that about 97-98% of them use IE.
I've had the worst time being the only Linux guy in the office, and my cries have not completely fallen on deaf ears, as 2 of my co-workers have installed Firefox recently. But when i can talk to someone for less than 5 minutes about the pros and cons of Mozilla and open source browsing vs. IE, most of them nearly start sobbing with all their troubles.
People daily complain to me about the bot problems or spyware issues that they have. I was sympathetic and helpful for a time. But now I wanly smile and say "mozilla.org/firefox" and walk away. Those super-cool guys with browser problems can kiss my ass until they start listening to me, and the rest of the world.
Read the only personal Runyon page out there.
Remember when 2000 was supposed to be the most secure ever? Then XP? Now it's Longhorn. I didn't believe them then and I don't believe them now.
I feel sorry for the poor Windows poopies. Paying big bucks to get porked like a cheap prom date. And not so much a kiss from Billy boy.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
to consider any that isn't an MS product. He is a staunch Redmond supporter, won't even concede the imporatance of Unix/Linux/Mac ever, as if they never existed. I have been hitting him with links from these stories for almost a year straight, he just called, wants to me to start having our desktop guys install FireFox on his desktops next week. Chalk up one more for the good guys...
Family and friends ask me all the time on how they can fix IE vulnerabilities. Easy answer... use mozilla, firefox or opera.
Some are terrified at the thoughts of not being able to use IE, perhaps thinking that IE is the only browser that they can use.
100% Insightful
Don't miss the opportunity of being part of a big network of people which computers send colorful mail messages, participate in collaborative strength testing of servers, share your private information for the good of mankind and other fun and exciting activities (that you will not be aware of, but believe me, they are fun!)
* Ad sponsored for the World Association of Crackers, Phishers, Scammers and Spammers
The management isn't telling these guys "Write me a buffer overflow, STAT!!"
If they can't code good software, that's their own damned fault and I don't feel bad for them.
- It's not the Macs I hate. It's Digg users. -
Windows XP SP2, RC2 is vulnerable; I successfully completed their test. --pete
http://slashdot.org/comments.pl?sid=114272&cid=9 681659
Appologies, my html skills no work good. :-)
I boycott signatures
Sorry to make a double reply.
I've just tested the load time of Firefox on my System (from dry - no-preloading).
I get a usable Firefox window in 3 seconds on a moderate 2400XP system with an ATA hdd.
Thats actually quicker than loading Konqueror for me.
I wonder if its an issue with the Windows port which causes longer load-times?
Ripping an new rectum in the fabric of spacetime.
Um, like fat shit you bitches! I hate Microsoft! They gobble cocks! LIEK GMAIL TEH ROOLZORS! FAT NIGGAZ!! GORILLA!! I LIKE PNATS!! DO YOU LIKE BEANS!?! I hope you ate your Wheaties today!! Have fun!! enjoy!
I understand you have a long way to go to catch up to IE, but finding exploits and writing viruses is the not the way to gain markey share. We find it very unfair marketing practices since we are not able to find nearly as many exploits in your browser. Please stick to handing flyers or having hippie rallies or whatever you open source people do.
Regards,
Microsoft Marketing Team
When making a hardware product very few compaines would use single source parts. IE specific coding is writing for a single source. I thought the whole idea behind Web Apps was to not be tied to one OS much less one Browser.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
If IE is such an awfull product, why is it so prevalent? Monopolistic trade practices such as bundling in OEMs. Also I know I'm not the only person here who experienced the "glitch" where IE wouldn't load the netscape site. Once I had to download Opera just so I could then download Netscape. Couple these with the fact that 95% of the users either don't care enough about their user experience or don't understand that it can be better, and there you go, IE reigns supreme in the land of apathy.
I swear, if Ivan Stang had used "Bill" instead of "Bob", I'd tithe 90% to the CoS (Subgenius, NOT $cientology)
It's Tuesday.
But that's non-standard, the canonical way is (. to do it like this .)
(. I really like your new way of indicating sarcasm, we like totally need another one .)
mr kettle black. well funny no one mentions this hole also out today. It effects all browsers. I dont like IE at all but the submitter might as well have mentioned it since it is in the same news blurb on the side..
The war with islam is a war on the beast
The war on terror is a war for peace
I think you'd be much more likely to be hit by a car than raped, at least in America. I'm not sure how exactly you drive your cars over there, but now I'm not so sure I want to.
Well.. maybe. Or Maybe not. But Definitely not sort of.
um, if you are told to "write enermous feature by the end of the day" how good did you expect the code to be.
obvisiouly validation is not the top priority in a truncated timeline.
duh
Well unless you like being blamed for the rest of your live for every IE only site and everytime they can't get those free icons and other spyware toys.
Everyone with even the slightest clue has switched by now. The ones remaining on IE are the true dumbshits and the diehard fans. They can't be saved or even want to be saved and if you try they will only resent you for it.
The best linux/firefox advocate does not try to convert people, we are not christians or muslims. There is no bible saying we have to convert the unbelievers. (I think jews are forbidden and don't know about other religions)
The best linux/firefox advocate just keeps working while all the windows users are running around patching and let the few windows users with a brain who still haven't gotten the message figure it out themselves.
Of course once people have realized that they need to switch THEN YOU GIVE THEM ALL THE HELP THEY NEED AND YOU CAN GIVE. But then they will be wanting your help. You won't be forcing it upon them. If you don't believe me just ask youreselve how much you like unsolliceted advice.
Lets try it shall we, you should ditch windows and linux and run minix instead, it got zero exploits. Like it?
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Seeing that percentage, wouldn't he be part of "the rest of the world"
The fourth vulnerability (createPopup) has already been exploited in phishing scams for some time now. Initial reports of the exploit only started coming in a couple months ago, even the vulnerability has existed since IE 5.5.
Scammers use it to mask the address bar and/or other browser widgets (such as the secure icon). This exploit is particularly dangerous because it can be used to mask/disguise any part of the user's screen, including other windows or even the start menu.
I submitted it to slashdot over a month ago, but it was never greenlighted. I guess these IE vulnerabilities are so commonplace it takes several at once to make the main page...
web design experiments
IE is the interface between the user and the Windows OS. It just happens to also act as a web browser. That's what they mean when they say it is integrated as part of Windows.
Now, taking the software that is responsible for interfacing with the OS and making it your default tool for interacting with the outside world was just plain stupid -- a marketing/legal department move to skirt the ruling that they couldn't bundle IE with Windows. Once done, however, almost any problem with IE becomes a root exploit. Surfing with IE makes this problem go from some risk to extreme risk. The only way to avoid this kind of escalation is to separate web broswer from OS interface: something MS doesn't want to do since then they are back to the bundling problem.
Life is short: void the warranty.
Actually, I'm afraid that SP2 will release on schedule because it's necessary to patch the earlier holes... That means that SP3 won't release for at least a month (development, testing, RC, etc) so the script kiddies have a huge window (ack, no pun intended) of time to play their games. I almost feel sorry for the IT staff responsible for large Windows installs...
These security announcements are coming out more and more frequently. I wonder whether companies like Dell will start to offer other choices in operating systems to the masses for fear that their business might suffer? Here I'm thinking the Dells have a bargaining chip with MS, but it's entirely possible MS could just subsidize any losses.
To-do List: Receive telemarketing call during a tornado warning. Check.
I would be curious to see how much of the original IE6 code remains. It's a damn quilt with all the patches we've applied.
796F75617265616E65726400
I am getting a report on the new security vulnerablity of IE. Are you all facing the seeing the same behaviour?
Senthil
IE works, it does some things well. Anyone who remembers many of my posts over the years knows I'm no fan of Microsoft, but their browser does work. Effectively it's not the browser that's broken, but their implementation and bundling. Where Mozilla or Opera are stand alone applications, IE has links directly into the OS which make the vulnerabilities. If Microsoft had simply played by the same rules everyone else had to, there would have been far fewer problems for them and far fewer embarassments for them.
When competitors and gadflies all pissed and moaned about Microsoft playing unfairly with this bundling strategy, which most of their non-directly-Operating-System software is built following, it wasn't the DoJ or courts that should have been listening, but Microsoft themselves.
Perhaps there should be a Darwin Awards for software, awarded to those companies which continually hoist themselves by their own petard.
A feeling of having made the same mistake before: Deja Foobar
With the Windows current Playschool Theme(tm) why not try for some other bold colors? AP news- Microsoft today issued another fuschia alert, warning of 4 more Internet Explorer vulnerabilities...
"What use is power to the Keeps of Balance?" -Disnt of Nightmare LpMud
Every effective packet on the internet is signed and registered. Every e-mail, mp3, mpeg and application is registered and authenticated by the Central Authority, which very well may be out-sourced to Turkmenistan.
This is what the ultrapatriots want.
This is what corporate america wants.
This is what *****tology wants.
This is the super convergence of thinking and identity, accountability and control.
A world without insanity or fear, where everything not forbidden is compulsory.
Let a thousand flowers bloom, let a hundred schools of thought contend!
Can someone explain to me how an IE vulnerability can lead to a Sasser like virus? I thought Sasser was a worm that spread automatically through open ports of unpatched Windows machines, whereas IE vulnerabilities seem to have to be user initiated.
Wow! J00 ARE QUEEAR GaY HOMOESEXUAL!!!
It seems like somebody was jelous of a certain other browsers bug now weren't they?
I stole this Sig
Telnet over port 80.
I like it :-)
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
Microsoft Delays Windows XP Service Pack 2
Posted by simoniker on Monday July 12, @05:02PM
MSN, Word Vulnerable To Shell: URI Exploit
Posted by timothy on Monday July 12, @07:42PM
4 New "Extremely Critical" IE Vulnerabilities
Posted by CmdrTaco on Tuesday July 13, @11:45AM
Microsoft Expects 1 Billion Windows Users by 2010
Posted by CmdrTaco on Tuesday July 13, @08:14AM
Is MS trying to be funny or something? Honestly, I really think you have to try to mess-up this badly this many times in such a short period of time... I can't believe a mainstream revolution leaving MS products isn't occuring...
When are the masses going to learn?
That's why IT management, starting from the top down, needs to plan better.
There is nothing revolutionary, even using ActiveX, that can be done in IE that cannot be done by other means with non-IE browsers.
The only significant benefit to doing IE-only development is the streamlined development tools.
This reminds me of a story I heard as a kid... The Three Little Pigs. Sure you can build a straw house quickly, but is it a long-term solution?
.sigs are for post^Hers.
I'm a fan of Microsoft. I like most of their products. I make a living off their development tools and platforms. I'm incredibly happy with Windows 2003 Server. I typically defend Microsoft whenever I get the chance.
.8 (or so), IE was the better browser if you ignored security issues. But you can't ignore security issues. And now that FireFox is just as good (and better in many ways) than IE, I can't see any rational reason to continue to use IE.
But not when it comes to IE. It is fairly clear to me, and anybody else whose mind is not clouded with zealotry, that IE is the single best attack vector into the average personal computer. Nearly all PC users use IE for a significant portion of the day, and nearly all of those users have no idea that visiting a web site could be dangerous.
I stopped using IE about 6 months ago when a web page managed to install spyware on my machine. I was fully patched, but it happened anyway. If it weren't for McAfee Antivirus, I never would have known. I've been using FireFox ever since.
Up until FireFox
So, there you have it. A diehard Microsoft fan dumping IE like a bad habit.
Good luck!!
They don't crop up randomly in an otherwise sane software. There are probably hundred to be discovered in that closed software. Probably many are already discovered and exploited, but not made public yet. Please say "newly discovered" to hint at this facts.
Both cars and homes have windows you can smash and get right in. Heck, I leave 3 windows open in my house almost every day.
There are two major differences in this situation:
You can't automatedly break into a home from afar and take the stuff out. That's a big problem with the internet, you don't need any kind of proximity to attack someone/something.
Second, your car/home doesn't automatically run code. With IE or Windows or whatever, if you can get code into the right spot, you can take over a machine and make it do what you want, not what the owner wants. Cars and houses don't do this.
The masses won't change becuase these articles are only read by us techies. Even when it is on CNN.com, it is buried in the technology section; where only techies go anyway. Put it on the front page headlines of CNN or USAToday already...
On occasion I am forced to run the mac version of IE, how many of these exploits actually affect the mac version(which is rather old at this point)?
Here is an email that I sent to my family members, I suggest that you do something similar.
.
This will be the last email that you will receive from me about security holes in Internet Explorer. Microsoft is not able to release patches quickly enough to secure Internet Explorer. The U.S. Department of Homeland Security now recommends that if users are unable to patch the security holes in Internet Explorer that they use another browser. Please switch to the latest version of Mozilla web browser. You can find this web browser at http://www.mozilla.org/
http://secunia.com/advisories/12048/
Andrew
Why did I lurk so long before registering for a Slashdot account? I could have had a Slashdot ID of less than 100000.
Several thoughts (semi-serious) that have bubbled to the surface regarding recent talks of Moz vs. IE & the slapstick comedy routine being performed in Redmond on the matter of o/s & browser security: 1. Who remembers when the industry was on the verge of adding scripting to browsers? Do you remember how loudly people screamed that this was a bad idea and would lead to security issues we couldn't even begin to imagine? So much for sandboxes. 2. I love the Intel banner add at the top of my /. screen. Apparently, security begins with using real Pentiums microprocessers. So that's the answer!
3. I'd like to suggest a new /. category Icon; "Rock 'Em Sock 'Em Robots" to indicate browser war articles.
4. Maybe MS should introduce a new product line; we already have XP Home Edition and XP Pro... IMHO- the timing is perfect for an additional variety- the SECURE version.
: )
This is an old mantra of engineeringt. In the end it comes down to a manager saying we have no budget to do it right but we must deliver ontime and within a budget. This really doesn't work!!!
How long is it going to be before some big mainstream press picks these recursive stories up and starts recommending people try another web browser?
I'd consider Business Week pretty mainstream. From it's July 12th Issue: Why I'm Staying Away From Internet Explorer (registration required). A column by Stephen H. Wildstrom in which he states "I've been increasingly concerned about IE's endless security problems, and this episode has convinced me that the program is simply too dangerous for routine use."
It is supposed to provide access to all of the capabilities of the system via scripting. It does. The illusion of security is strictly an aftertought.
I'd like to get my hands on an exploit that installs Firefox, with the IE theme, and then replaces all desktop and startmenu shortcuts with a pointer to Firefox. Also changes the default browser.
Anyone know of one? The terms are too generic for a quick google.
S
Its the new browser wars, but this time its not about who looks the best its about who can manage to take the simple thing that is HTML, and turn it into the most deadly virus-pushing force known to computers. I think IE is definately in the lead on this, Mozilla did have a little lead with their shell bug but then we learnt the shocking news that they had stolen the technology from windows! now IE is back in its rightful lead and on its way into victory. And lets not forget IE's secret weapon: the ability to flood the screen with pop-ups at a moments notice, really how anyone could live without pop-ups is just beyond me.
This comment does not represent the views or opinions of the user.
Like Windows users everywhere who use IE only for Windows Update, I went through the ritual of adding v5.windowsupdate.microsoft.com to my Trusted Sites list and disabling Active Scripting in my Internet Sites list today. This is a fresh[-ish] install of Windows XP SP2 RC2. I've never used trusted sites before on it. However, I noticed that there was already one entry in the list: https://free.aol.com Why was this? I don't use AOL- I don't even have it installed. I'm starting to sense some corporate brainwashing (and, a site that if cracked would give anybody full access to every copy of IE in SP2...). Has anybody else seen this?
My Systems
Is it just me, or is there an aura of joy in the *NIX (Mainly Linux) community whenever such "bad" news about Microsoft products hit the masses? Deep down inside are we all hoping for an MS natural disaster? What is it about this kind of news that makes us this way? Hatred torwards Bill? Hatred towards the big corporations? Love for open source world domination?
Are we right to rejoice while others grief? Should we be labeled as "haters" (rap cliche)? What is it? There are some *NIX users out there that are responsible for patching some of theses system , so therefore your level of joy is suppressed because of work. But deep deep down inside there is an evil smirk of joy whithin your soul. WHY?
Damn it, now that I think about it I should have posted this as an "Ask Slashdot". Someone please post this as an "Ask Slashdot. I will post it myself, but I have a 100% failure rate when posting anything other than replys around here.
You need people like me so you can point your fuckin fingers and say, "That's the bad guy." So what that make you? Good?
It HAD to come up and bite them on the ass sooner or later. Just looks like it was later than everyone was hoping for.
Over the past few weeks, it seems like all I'm reading about are IE exploits. Still my less "tech-savvy" friends are mostly unaware.
Has anyone run across a webpage (or made one) that lists all the recent exploits with a brief description of each exploit? Sending one link listing all recent vulnerabilities would certainly convince more people to switch, no?
I just about dropped a brick in my pants. Up here at school a lot of the apartment complexes have high speed internet, and of course, it is set up for the cheapest and least secure way you can think of. As a result with the last round I had a queue of some six computer all in need of patching, spyware removal, and virus removal. One of the apartment complex's is going to hire me to fix the tenants computers. When I saw the post the first thing that went through my mind is that I am going to make some money. One of the first things that I do when I fix a Windows computer now is to install Firefox. And before someone says it has bugs, I must say that it is significantly less buggy than IE. What I would like to know is how much the last round cost and how much these new 9 vulnerabilites will cost. And I think its time that computer users file a class-action, anti-trust suit. I think we have a pretty good case to argue that Microsoft abused it's monopoly to push superior products out and as a result the public has suffered. With 96% of desktops running Windows this many bugs is simply unacceptable.
The views expressed are mine own and do not express the views of my employer.
This is Seriously getting ridiculous, when are the AV vendors going to go ahead and just classify Internet Explorer as a Virus ?(or at the very least the most effective breach vector ever written).
That's exactly the argument that Microsoft apologists have been using for years. But just because Microsoft products are more pervasive does not mean that they are just as secure as Linux, OS X, et. al..
In point of fact operating systems are not all the same. Some sacrifice security for flexibility or features (ex: Windows). Some eschew clever new features and integration in favor of security (ex: OpenBSD).
Microsoft's development methodology for years was built around increasing the featureset of the Windows OS and Office suite. Marketing drove development of the OS, and development priorities were established accordingly.
Are Yugos as safe as Volvos? Do MiG-29s carry as many passengers as 757s? Software is designed, and in any design process you have to make trade-offs. Microsoft has repeatedly shown us what their design priorities are, and the fact that Microsoft products are ubiquitous doesn't mean that some competing OSes are not inherently easier to secure.
Read the EFF's Fair Use FAQ
Get rid of IE and most of these viruses/worms will have nowhere to go.
Have you forgotten the other two malware targets that round out the top three: Microsoft Outlook and Microsoft Word.
95% of morons^H^H^H^H^H^Hend-users still use IE (for Windows), and probably will indefinitely, even if it's shown that long-term use of IE shrinks one's penis and testicles, causes cancer of the spleen, and makes baby Jesus cry.
Film at eleven.
Seriously: Why don't they devote one day a week on FOX NEWS to talking about this crap? Then, the Sheeple might actually get the message...
Honey, I shrunk the Cygwin
I should have written, "why Linux vendors and Apple don't use Microsoft's security weaknesses as a marketing point when trying to sell Linux or OS X."
I reread my first post and got this image of guys in their cubicles in Cupertino trying to crack into servers in Redmond... . ;-)
Read the EFF's Fair Use FAQ
My only regret is...
that I have...
Boneitis!
Do your part and call your local newspaper.
/. local media.
I wonder if we can
You didn't even try, did you?
Did you? The black Tuesday in this article refers to the day Microsoft releases it's security patches (the second Tuesday of each month). This schedule is part of their "trusted computing" initiave.
It's a black day because the patches reveal the existance of vulnerabilities, which malware authors use to take advantage of unpatches systems.
"TORONTO -- July 13, 2004 -- Today at the Microsoft® Worldwide Partner Conference 2004, Mike Nash, corporate vice president for the Security Business and Technology Unit at Microsoft Corp., provided an update on the continued commitment Microsoft has made to help improve the security of computers and networks. Nash outlined steps Microsoft has taken and noted measured progress to date, including technical innovation in providing greater isolation and resiliency for computers and networks; improvements to security update tools and processes; expanded authorization, authentication and access control capabilities; improvements to quality through a commitment to engineering excellence; and success in providing global customer guidance and engagement. " Rrrriiiiigggghhhhhtttttt
If I didn't have absolutely NOTHING to do, I wouldn't be here.
My family insists on useing IE, I have tried with all of my ability to get them the hell off of it, but they say that "mozilla doesnt work/look/feel like IE" to which I say "yea, and you dont ket hacked/spyed on like IE either." but to no avail. I run SBSD and adaware and find at least 20-30 non-cookie spyware apps every week on the family PC.
How do you convince stuborn parents/sibloings that they are in danger?
I say we just switch to Lynx and forget about all these vulnerabilities!
Doh, guess I'll just have to switch to ascii porn!
Provided and/or discovered by:
1-3) Discovered by Paul (greyhats).
4) Originally discovered by Georgi Guninski.
G.Guniski advisories are protected and copyrighted for the simple reason that companies like Secunia are reproducing their advisory and making money from it. They even steal the glory in news and look like the serious company reporting the problems. The reality ? They know nothing special about security, they are here for buisness and communication.
This sucks, and anyway using G.G. discovery (under explicit non-redistribution copyright) is probably illegal.
And funny to have a discovered by XXX *AND* *ORIGINALLY* discovered by XXX.
They pretty well know that the original discovered is the only one whom can be called the discoverer, don't they ?
There's already a lot of discussion going on about "use Mozilla/Firefox/Safari/Lynx/whatever", so I won't rehash that here. If you can pull it off in your environment, great.
There are a lot of environments, however, where switching from IE just isn't an immediate option. In the future, perhaps, but worm writers and virus scripters won't wait. So here's my advice, my hope, and my PLEA to all you I.T. guys out there.
No matter how much you hate IE, please, for the love of God, get your users to UPDATE THEIR SYSTEMS WITH THE PATCHES. Even if they don't use IE.
We can all save ourselves and each other a hell of a lot of hassle by taking Microsoft's efforts to patch their product as what it is: an effort (however feebly-, politically-, or economically minded) to secure their product. The viruses and worms generally aren't harmful to the user--it's all the network traffic that infected machines produce that is the major headache. Spam, pingfloods, DDoS, it all targets other services and the infrastructure on which we all depend. Be neighborly on the Internet, and make sure you've got your systems are secure as they can be, even if they're not the systems you'd prefer to run.
Switch browsers, yes. If it makes sense for you and you can do it, go for it. But don't let everyone on your site get infected in the meantime. Remember that the the majority of viruses and attack exploits out there in the past months have been proactively counteracted by Microsoft patches.
Infections are caused by morons who don't patch. DON'T LET YOUR USERS BE MORONS (to the extent that this is possible).
Thanks,
The Internet
The Parent post was ironic humour; I think you missed it :/
Ripping an new rectum in the fabric of spacetime.
http://home.earthlink.net/~vorck/
choice 2, for XP and 2k3:
http://nuhi.msfn.org/
Come on guys, get a grip. The alternatives have just as many flaws. But amazingly, Slashdot turns a blind eye to them.
I guess its true that Slashdot only deals out anti-MS FUD.
I think that since the switch from Firebird to Firefox, Mozilla should change the name of Thunderbird to Thunderdog. It alludes to more simple times, back when almost every cartoon on T.V. was like Dragon Ball Z, with terrible animation and tons of commertials, making a normally 30 minute show stretch on for 3 months.
I wasn't around back then, but I still get Cartoon Network.
. . .and there's already 6 "Critical Updates" ready to go just for Win2K. Now, I should be a good little corporate drone and wait for our IT group to roll out a patch to everyone, but I'd rather not take the risk.
I can't wait to see how many are ready for me on my XP box at home. At least I have the option of running Firefox there. Well, except when I need to run Windows Update, of course.
The correct answer is "me."
Mozilla eating the MSN butterfly.
I'd rather have it eating the IE icon, but this is close enough.
Checking the WindowsUpdate site I see that finally the ADODB.Stream hole has been patched (see http://www.microsoft.com/downloads/details.aspx?Fa milyID=4d056748-c538-46f6-b7c8-2fbfd0d237e3&displa ylang=en for details). This was a major flaw that had been present all along through the numerous IE exploits. Combining this with some hardened security zone settings that disable Active Scripting and IE shouldn't be the total joke that everyone is making it out to be. It's still a lot patching and modifying compared to recent releases of Mozilla-type apps but...
"Exploit yes, root exploit, no, not unless the user is running as an Administrator. IE still runs at the privileges of the logged on user."
the sad truth is that no one I know has folks set up as "Users" or "Limited Accounts" unless its a guest account. Also, any new computers that are purchased end up with XP asking for a person's name to set up an account. This account is always an account in the administrators group. 99% of XP users use this account at their primary, not understanding the difference.
In addition, those that do set up limited accounts many times discover that [insert pre-XP software package here] doesn't work with Limited accounts so they revert back, or they use the Power User account which is almost as bad as administrator.
Damned if you do, damned if you don't.
(a) folks
Is the juice worth the sqeeze?
In the same way, should we expect that Konqueror is also a bad idea?
For awhile that security bugs in non-MS browser just don't happen with the same frequency or degree. Bugs in non-MS browsers *occured*, but they tended to be much more subtle bugs with lesser payloads, as opposed to MS which tends to wind up with seemingly really obvious security holes with serious consequences on a regular basis. For every "untrusted site may gain read access to cookies belonging to another site by a contrived series of steps" in Mozilla there was an "execute arbitrary remote code by clicking a link" in MSIE, it seemed.
Then last week the shell: bug in Mozilla was reported, and I was humbled. Perhaps, I thought, perhaps Mozilla wasn't really all *that* much better than MSIE, and I was being silly by my stance that MSIE was an unsafe product and Moz was a safe product. Maybe, I thought, trusting any software vendor is just as silly as trusting Microsoft.
Then I see this news today and I don't feel so humble anymore.
One thing I found odd, though. I haven't done a close study or anything, but when the mozilla vulnerability was found last week, it was very widely reported. I saw it at least twice on news.google.com and I believe on cnn.com. But with these new IE vulnerabilities? Well, maybe it's just too soon, but cnn.com has nothing on this-- it does have a story "renewed calls for alternate browsers" which mentions in the second paragraph two IE bugs that MS fixed already-- and news.google.com has nothing. And n.g.c's top tech story?
Microsoft CEO Touts Security Push at Conference
Reuters - 55 minutes ago
SEATTLE (Reuters) - Microsoft Corp. MSFT.O is taking a big step toward boosting the security of its flagship Windows product in August with the release of a major software update, Chief Executive Steve Ballmer said on Tuesday.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
I needed to run IE once in a while to access some sites that wouldn't allow Safari, and even then some sites wouldn't work properly on IE for the Mac surprisingly. But I found out about Safari Enhancer, which helps with the problem and is free. If you don't know about it, check it out. Turn on the debugging menu checkbox, and it automatically enables Safari to pretend it's IE on a Windows box if that's what the site needs. It proves that many of these browser incompatibility sites are actually on the server side which conviniently lock-in users to IE on Windows. There's no reason why a site without any fancy DHTML or Active X components should work on IE for Windows and not work properly on IE for the Mac, yet Safari Enhancer lets the site work on Safari. I've actually witnessed this. Just make sure you set "History Menu Items Limit" to 999, and don't leave the field blank. It doesn't completely eradicate the problem, like sites that rely heavily on IE DHTML. And strangely enough, a Whatis.com search results page would make Safari hang. But other than that, it really helps.
Its dead jim. Bought fucking time. Wake up world.
Not a nice way to treat family.. "f-off unless you drop IE"
Glad im not part of your family...
---- Booth was a patriot ----
is at ms04-jul
.signature not found
Well, at least we know that he is not a scientologist!!!
Funny how The Republic of Korea, popularly known as South Korea, is generally considerd a republic by most people.
The Federal Republic of Germany (popularly known as West Germany) also disproves your smart-ass remark.
Your post has wit, but is as insightful and meaningful as the stuff it's aimed at.
Some countries that call themselve democratic or republic aren't.
All people have personality, some are just arrogant and think they have more than others. (Yes this is aimed at you, and not at the 'personalities'.)
Some people try to sell snakeoil, sometimes calling it a "solution".
And some people make witty generalising remarks out of arrogance, karma-whoring or plain stupidity.
Come on, if you're stupid enough to not notice a pop-up, you deserve to be exploited.
This is dumb, and they're calling this a "critical" problem now. Why don't people understand that the Internet is a web application platform -- it's not just made for old ladies selling quilts on eBay. It's a powerful development environment and calling it's capabilities "flaws" is just stupid. Educate people -- don't cripple development tools!!
I for one hope they leave createPopup() alone. It makes for some very sexy menus...
"Ballmer told a crowd of hardware, software and consulting companies, which provide the bulk of Microsoft's revenue by reselling its software to businesses and homes, that the world's largest software maker was on track to deliver on its 2-1/2-year-old promise to make its software more secure and reliable."
This is why the browser wars were a good thing. Sure, web development was annoying because of all the versioning nightmares, but at least there were safe alternatives. At least there was competition driving the products to be better and better.
Payback is a bitch no? Sure they got a little paddle on the backside and a, "Don't do that again" over their monopolistic practices, but here we are, seeing the karma swing around to bite them in the ass.
Hopefully this stuff will continue to the point where we can get the ball rolling again. Yet another big moment for open source software to try to swing in and become a viable alternative. Especially considering the fact that firefox is just an application and not a whole OS, which can be a scary leap for many to attempt an install, it might really open some eyes to what could be.
RALLY!
m.
Bastard.
http://www.eeye.com/html/Research/Advisories/AD200 40210.html
Scroll down to the end and find this.
U Can't Trust This
By: MCSE Hammer
Blaster did ya some harm
We just say, hey, another worm
But thank you, for trusting me
To mind your site's security
It's all good, when your server's downed
Our dope PR will pass blame around
Cuz it's known as such
That this is some software, you can't trust
I told ya Homeland
U can't trust this
Yeah that's why we're giving ya the code
U can't trust this
Check out eEye, man
U can't trust this
Yo let 'em bust more funky system
U can't trust this
Give 'em a string or recvfrom
Like no sweat they got the keys to your kingdom
Now ya know
You talk about eEye, you're talking about holes
Remote and tight
Coders still sweating so someone better write
A book to learn
What it's gonna take in '04
To earn some trust
Legit, either secure or ya might as well quit
That's the word because you know
U can't trust this
U can't trust this
Breakin' in
Stop -- eEye time
Let's stop beating a dead horse. It's the desktop marketshare that drives crackers and virus writers..
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
I was just talking about the costs to develop/upgrade the existing apps -- you're totally right that the total economic effect would easily be in the billions.
MORTAR COMBAT!
People who still allow IE to run ActiveX/Active Scripting nowadays are insane.
I rather have those f@cking Macromedia Flash and other Java gimmicks non functional than having hijacked and gotta clean up the mess later.
How many more years of baseless stupidity of open security holes must we endear?
How much longer is security through obsurity going to carry a clueless monopoly to its demise.
Patience has its virtue. But for the end-user, only fools would get lucky. Not this time, Bill.
I'm sticking with Firefox/Mozilla. Mozilla
Thank you open-source for opening my eyes to a better software through open-colloberation and open-cooperation. You've shatter my belief that corporation can fix after themselves.
Instead, we see tons of industries built upon MS insecurities.
Time to experience another industry bubble-burst, this time in the security sector, not I&T.
Is it me or has MS had more expoits, since they decided to fix the security of their OS. It seems like it is 10 fold the number of exploits.
MS needs a total redesign of their software. They need to start with multi user system first...and just work from there. After that, create a command line and rip IE the hell out and make OS application indepentent of themselves. Having every piece of software in your OS dependent on every piece that is on the cd makes no sense. If you cannot rip IE of your system...that could possible be the worst design ever...an OS diagram on 8x12 paper is not worth buying.
It is real hard to imagine why people love windows so much or dont know better. I guess it like this: I am a huge hockey fan(in the south) and cant imagine someone not liking hockey. But once you learn the rules and all that other shit, 99% of the people love it after they see a couple games live....you have to try a couple times and learn something different.
Deserving got nothing to do with it.....shuffle
One line blog. I hear that they're called Twitters now.
One thing about Firefox drives me crazy. Many of you may call me crazy for saying this, but I really miss the "Open" option when downloading executable file types. I think there should be an option (bury it deep in the preferences, leave it off by default) to allow me to un-grey the Open box when I try to download a .exe. I know what I'm doing, and if I get stung, my fault.
As godawful as all the recent security problems with MS have been, they really haven't been bad enough to get either business users or the general public to switch. They've both been conditioned by years of exposure to Windows to just expect this kind of annoyng behavior from computers.
And that's all the recent exploits have been, annoyances. At worst, you get to scrape your disk off and reinstall, with very little harm done - a little worse than a BSOD, but not costly.
Now, if a worm got loose with properties like I suggested here, people would switch in droves.
To a Lisp hacker, XML is S-expressions in drag.
I build boxes for people when I can be bothered and one of the first things I so is to install Mozilla, provide shortcuts on the desktop and Start Menu and tell them "Use Internet Explorer and I won't provide support"... my girlfriends cousin started using IE because he found Iexplore.exe. I mean what the hell, when us techies are confronted by these kind of morons who *hunt* for the damn program what chance do we have? Suffice to say even with ZoneAlarm installed (he said yes to every connection in and outbound) he had a multitude of virii and a billion and a half spyware and toolbars... oh I also installed AVG and AdAware too. Sheesh.
I've noticed that everyone who is for abortion has already been born - Ronald Reagan
the last thing OSS needs is to be associated with virus writers. maybe you were going for a +1 Funny?
Is the juice worth the sqeeze?
Are firefox and opera really more secure?
Or is it just that they are not targeted by hackers because not enough people use them to make it worth the time?
"Effectively it's not the browser that's broken" /. people had to "customize" web pages so they would look good in IE. How can you say IE is not broken?
How well does IE use CSS2? MS refuses to correctly and completely implement many standards. I assume many
Ok, after messing with the probably intentionally vague security settings, I have discovered that it is impossible to disable Active Scripting and yet leave JavaScript enabled. Same deal with ActiveX and Plugins (Flash being one of them).
...but I guess that's a bit too much to ask for.
Since most sites use at least some amount of Javascript and Flash (e.g. gmail), you're left with these choices...
* Turn off all scripting
* Take your chances with Microsoft's flaws
* Deal with the annoying 'prompt' for just about every page
* Manually configure the pages you want as trusted sites
Boy, I wish there was a selection that said...
"Disable all Microsoft(R) Web Technologies"
Does it hurt to hear them lying? Was this the only world you had?
Why do all of the M$ apologist say this?
IE works, it does some things well ... IE has links directly into the OS which make the vulnerabilities.
Dillo works about as well as IE and better in some ways. Those ways being that it won't root your system, unless you port it to M$ and open yourself to the same kinds of bugs that get other programs like M$ Word. Oh wait, does this mean that Word "links directly into the OS"? Nah, it means the OS is a piece of poop, just like the browser. IE does nothing that other browsers don't do and it does what it does poorly. Windoze also does less than other OS and does what it does poorly.
You would have to have your head screwed on backward to not see the differences.
Friends don't help friends install M$ junk.
Lindows 2.0 "leaked"? a version of AOL for Linux that used Netscape
http://msnbc.msn.com/id/3078317/
I hate runas, its nothing like su or sudo. Quick rant here, oracle installed with permissions so that only Admin could access the dir. I couldn't change it. Tried to do as I would in KDE and do:
runasto pop open an Admin explorer shell to change the permissions on the dir. Just doesn't work. Command ran and nothing happened. In KDE its just a simple
su root -c konqueror
or for mesudo konqueror
or even ALT+F2, konqueror, "run as different user: root" and enter the password. Had to close everything I was working on (this is my work computer with ssh sessions, code files, and RDP sessions open), log out and log back in as Admin just to simply add my user to the list of allowed users. User-Friendly my assC Pungent
"Windoze is still a buggy, toy operating system relative to Linux..."
There you go again, praising Windows by calling it an operating system. It isn't and it isn't intended to be. It's an abuse system that happens to run programs.
I agree with everything else you said.
A great many problems can be avoided simply by setting ActiveX controls to prompt for download, allow only ActiveX controls digitally signed by a trusted source to run (you can check the signature before you accept), and turn off active scripting. Yes, IE has problems, but in all fairness it probably has the dubious distinction of being the most analyzed, probed, and maliciously scrutinized software on the planet. Mod me down if you wish, but someone has to play devil's advocate.
I just called my boyfriend and asked.
The solution for Palm hotsync:
Give the user Administrative-level access.
Install the Palm software.
Explicitly grant the user access to the installed Palm files in Program Files (rather than doing it via Group access).
Remove the user from the Administrators group.
Voila. Palm hotsync works without Admin rights. The temporary Administrator rights are needed so that the installer can create certain user-specific registry keys. Another way to do it is to install it under an Administrator's account and then export/import the reg keys, but my boyfriend reports that temporarily setting up the user with Admin rights is overall easier.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I realize this doesn't mean much to Joe Sixpack or Grandma Ethel since the fixes might not be as easy as an automatic download. But checking Microsoft's website I have seen simple instructions showing folks how to lock things down. Microsoft's flawed attempt at seamless integration between their OS and apps left huge security holes. But at least there are ways to lock them down. As for whether the barn door has been closed too late for some is another story I guess :-(
My main user account is in the "Power Users" group. The account in the "Administrators" group (which is not the default "Administrator" account -- that one was renamed and then disabled) is only used for software installs that require it and Windows Update.
This is as per Microsoft's own recommendations.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Could someone explain how one piece of software can have so many severe vulnerabilities? Are Microsoft programmers unbelievably bad at programming? Are Microsoft programmers just people who moved up from the lawn maintenance crew?
Is is possible that Microsoft does not allow its programmers enough time to finish what they write?
Did the U.S. government's NSA spy agency go in after IE was written and add a lot of bugs?
Here's a better view of the same Secunia advisory: Microsoft Internet Explorer Multiple Vulnerabilities, Secunia Advisory: SA12048 This view shows the 4 new vulnerabilities and shows 54 additional older vulnerabilities at the bottom of the page.
This one blew me away. I went to Windows Update and installed today's critical updates. After restarting my computer, Mozilla Firefox wouldn't run! I got the "has experienced an error and has to close" screen. So, I started uninstalling the patches. When I tried to uninstall 841873, I got a message that said that, if I continued with the uninstall, Mozilla Firefox would no longer function. The really interesting this is, once I uninstalled 841873, FIREFOX WORKED!!! No a conspiracy nut at heart, but this is just too coincidental. Has anyone else experienced this yet? Running XP with all current updates (except 841873) on a P4 3 ghz with 512K. Mozilla Firefox 0.9.2
I agree, we need to get people to use other browsers. But /. has been full of almost mindless cheerleading for Firefox, and mainly firefox alone. Damn, people, it's still a beta product. There are some sites that it doesn't render correctly still. How about pointing people to a STABLE alternative? Like, ummm, I don't know.....Mozilla? If they need a brand name, point them to Netscape (nope, they're not dead, contrary to reports otherwise; they're even releasing 7.2 soon, and it's basically Mozilla with a Netscape label, so you can feel good about recommending it). Hell, if you don't mind ads, there's Opera.
Sometimes we let our open-source ethic/activism overload, and forget that most other folks aren't techie geeks that like doing things such as installing betas, testing Fedora Core/Debain Unstable, etc.
Life is hard, and the world is cruel
Infections are caused by morons who don't patch.
No, infections are caused by Microsoft releasing a product that would be cause for a class-action if it were any other type of product. But luckily for us, everyone has become accustomed to crappy software that is insecure. Even better for our puny geek egos, they have accepted the blame for being morons.
Using a computer should not require a degree from MIT. I am capable of operating a 2-ton motor vehicle travelling at 80 mph, yet I couldn't tell you how it works beyond the absolute basics.
MOD PARENT UP. Good explanation.
To wit -- Here's a little history lesson on why you're wrong. And when Linux starts to get the number and volume of enterprise-level applications that Windows has, these types of history lessons will prove useful. But don't just take the easy way out and say "Yeah Windows sucks" and not try to learn about the mistakes that might just be made again without some perspective.
UNIX has had a clean and simple separation between administrator and user privileges since the 1970's, and Linux uses the same mechanisms. UNIX and Linux have faced the most formidable opponent trying to break down that barrier over decades: the college student, who can spend hours a day trying to break into university systems. And they did. And UNIX developers fixed the bugs and adapted the security models.
The people who need a history lesson are Microsoft developers. They just started hacking some time in the 1980's, giving a damn about security or any of the other hard stuff. That kind of ignorance got hardcoded into Windows APIs, libraries, documentation, coding styles, frameworks, and instructional materials. That's why most third party developers for Windows put files all over the place and don't pay any attention to security either.
It's not surprising Microsoft and Microsoft developers managed to grind out popular GUI apps quickly--they cut corners on all the hard stuff and didn't even know it. The UNIX nerds at the same time were saying "this isn't the right way of doing it": they were looking 10-20 years down the road with the experience they already had, but because they were thinking long-term, Microsoft beat them on time to market and price. That's why Windows, and not UNIX, rules the desktop today. But ignorance and backwards-compatibility issues are catching up with Microsoft, and it seems quite likely to me that their fall is going to be just as spectacular as their rise.
XP SP2 limits the createPopup functionality to the viewport of the current page.
As SP2 fixes this bug, it proves that microsoft has known about and hidden the information about this bug for a while. What a bunch of bastards!
I think everybody poor person that has fallen for this should receive some form of compensation from microsoft. They knowingly left a dangerous door open without warning people. Bastards.
Hell, I run an XP-related website and this kinda crap even pisses me off.
Davak
Want to help a Microsoftie switch to Firefox? See if you can help, I'm sure once he gets it working he'll go and convert others...
[o]_O
Prof. Gene Spafford, who runs the CERIAS computer security institute at Purdue University, once said that Microsoft has, and I quote, "...world class security people. Unfortunately, marketing rules that company".
I've heard several other developer friends tell me that the quality of MS developers has always impressed them, that they've got really bright people working for them. One friend, who is now a Java developer, told me that Microsoft was one of the two toughest interviews he had after college. These accounts are not coming from two-week MCSE's that code in VB. These guys have computer science degrees, and are dedicated Unix/Linux users. So their comments made an impression on me. I've also heard these things elsewhere.
So simply saying "they're idiots" doesn't quite ring true. Spaf also said that the main differnce between Windows and Mac products was that Apple has a culture where, to rip off Ford here, quality is job one. He reiterated the power of the marketing corps at MS then, hinting at the pressures Marketing puts on the developers to get new and sometimes weird/useless features into the products, all with rediculous deadlines. That's the difference. Leadership from the top down. Not "idiots" in the software ranks.
Life is hard, and the world is cruel
How long is it going to be before some big mainstream press picks these recursive stories up...
A recursive story? Isn't that a story about a story about a story about...
"Hardly used" will not fetch you a better price for your brain.
My point is that every piece of software is made by humans that make mistakes. One big problem that windows has currently that linux does not is that linux usually runs processes with minimum privledge and has minimum attack surface by default whereas XP and older have a huge attack surface and run everything as admin by default.
As anyone that understands security should know the best way to stop exploits is writing correct code. They also know that its impossible to do this 100% and so advise other defenses. I've been running RC candidates of XP SP2 and it goes a long way to lowering the attack surface. It also seems to lower privledges of services. I think it will go a long way to reducing the number of vulnerabilities in the OS not by fixing them necessarily but by not exposing them to the world to exploit. I just wish that someone could train application developers to write code that runs correctly under non-admin accounts.
"You can now flame me, I am full of love,"
I cannot, in good faith, install a beta product on our companies PCs. I don't want to install Mozilla because it also has an email package which I don't need (bloat), and that I'd have to support (of course by simply saying "don't use it" but when someone breaks their email I'll still have to fix it).
I _NEED_ Firefox to get to 1.0!!!
I'm thinking about it, therefore I might be.
"Anyone who remembers many of my posts over the years knows"
Help us by reminding us why someone would be watching your posts over the years. Based on your post, you seem as noteworthy as any other anonymous coward.
Are these vunerablities addressed in the latest flurry of Windows Updates? On Win XP is was 5 critical updates On Win2K it was 6! - or are they taking it too seriously?
Artificial intelligence is the study of how to make real computers act like the ones in the movies.
I just got into hot water with my boss over upgrading several workstations to firefox. I believe his exact words were 'They've already put out a lot of patches, there can't be any serious problems left!'. What a bail-out!
Oh, and that last poll? -20%
What the heck is a 'sig'?
Sure, this sort of entry might get pulled out by someone, but at what point can you completely trust the Wikipedia?
John
I'm amazed your post got past 2. What they call it has no bearing on the issue.
As others have pointed out, Internet Explorer does not meet a basic requirement of a browser. (Thank you, epsalon, for the summary.) For the link-impaired, RFC 2616 section 7.2.1 specifies that a browser isn't allowed to override a specified content-type, but IE does so regularly, and it's not exactly a secret. I was taught on day one of my first CGI programming class (which wasn't _that_ long ago, which is why I can remember) that IE does not handle text/plain correctly, so don't expect text resources to appear as intended to the end user.
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
Hmmm...
Sure, but management is saying that you have to have X features done in Y days using only Z resources without any idea what X, Y and Z need to be to produce a good product.
Don't tell me it doesn't happen. I have to deal with it every single freaking day.
Bryan
This May 2004 Macworld editorial [macworld.com] talks about "Henny Penny" attitudes. [I guess they meant "Chicken Little" as in "The sky is falling".] Macworld writers have been dismissing Secunia for months as a FUD source for security issues with Linux and MAC OS.
Have you Meta Moderated t
So I tried to grab the patches and launched the trusty [sic] windows update. then I received this bit of news:
... what a crappy way to keep evenyone updated. does one really need a dedicated server to keep up with all this?? how about a link to some fucking executables? that's what I'm looking for.
Windows Update cannot continue because a required service application is disabled. Windows Update requires the following services:
Automatic Updates enables detection, downloading, and installation of critical updates for your computer.
Background Intelligent Transfer Service (BITS) enables faster, restartable downloading of updates.
Event Log logs Windows Update events for troubleshooting. To ensure that these services are enabled:
1. Click Start, and then click Run.
2. Type services.msc and then click OK.
3. In the list of services, right-click the service name, and then click Properties.
4. In the Startup type list, select Automatic.
5. Verify that the service status is started.
I try to imagine my grandmother (not a bit head) and her reaction to this (my feeling of the technical inadequacy of most people). She'd flee from the house in terror and call me. Drag me there and force me to start a service
the punch line is this:
the service was already started and I could be screwed here... well guess I really AM going to have to get firefox today..
You mean the flaw that only affected IE5? Sorry, I don't think that's "GAYER THAN AIDS." There have been plenty of dumb-ass OSS mistakes as well.
If the applications were written correctly, Windows wouldn't be a pain in the ass to run as non-admin.
It's not Microsoft's fault that, say, Maxis chose to make the Sim require admin. Not a single application installed on my laptop requires admin. Why? Because I don't install garbage software. Windows does not require that your software have admin privileges to run. It's just that dumb software developers don't code correctly.
I'd rather say "Grab your popcorn!" ;-)
Honestly, anyone who is still using IE on Windows can't be in his/her right mind.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
What about this, eh?
No problem with the patch for me. Running Win2K, all current updates, PIII 750, 128MB, Firefox 0.9.2.
My username does not make me Apathetic. It's irony, get it?
Engineers, being geeks, do not follow traditional reward models very well - engineering is rewarding, whether you write buffer overflows or not. They need negative re-inforcement to close the feedback loop.
I would propose forcing anyone who writes code containing a buffer overflow to work one week on company sanitation duty. Lesser punishments could be administered for those who write more obscure security flaws - kitchen duty, IT duty, or QA.
I swear, why didn't anyone else think of it before...
<email>
With the recent AOL and Intel merger, that you've all got an e-mail about before, I'm sure, both AOL and Intel (hereby refered to as Antel), have issued several warnings about your web browser, Internet Explorer.
With Bill Gates tracking all of these e-mails, he's been able to prove that there's about 96% of the world (that has a computer) using Internet Explorer. However, for the first time, Bill Gates may be wrong!
There have been several recent attacks against Internet Explorer, and these are not limited to:
If you click a link in your e-mail, IT MAY ERASE YOUR ENTIRE COMPUTER!
Just by opening up a webpage, without your knowledge, IE could install several harmful programs that read your e-mail and send your credit card number, name, and all other personal information to hackers across the internet!
Because of these possibilites, Antel has issued several warnings to stay away from Internet Explorer, and instead use Mozilla, Firefox, or Opera.
Now go spread the word to all of your friends!!one1!
Prove the power of e-mail! Forward this to everyone in your address book asap!
IF YOU DO, ANTEL WILL REWARD YOU WITH A $20 ANTEL GIFT CERTIFICATE!
</email>
DoD security people emphasize this. It's not the kids throwing rocks at the fence that are the real threat. It's the guy who finds out what tonight's target is and tells the enemy forces.
In the business world, you might never know if someone has seen the financial data you're releasing tomorrow and then shorted the stock. That kind of info is far more valuable than credit card numbers.
are becoming as common as Ken Jennings winning Jeopardy :)
One word: OpenBSD. Are they brilliant programmers?
Bzzzz. Sorry, wrong answer.
You do not have to logout to run an app as another user. Yes, it does (poorly) require setting up an icon to run it as (let's say "Admin"), but you don't have to logout, just supply a password.
> but that is a tactic that would be as sinister to resort to as the
> initial IE monopolization
While you have a point in the abstract, in the real world I can endorse banning IE. Who actually PAYS the price of the stupidity of Windows users running IE? When the Russian mafia stole thousands of people's bank account and credit card numbers, who ended up eating most of the bill? Hint, it wasn't the luser and it was certainly not Microsoft.
It would be the sanest thing in the world for all of the banks and credit card companies to get together and, as an industry, ban the use of IE for accessing their sites on an arranged date. Set enough time to give everyone fair warning, through warnings on their websites when an IE user connects, inserts in bills and mailouts of Mozilla/Netscape (AOL's marketing dept would probably find the marketing opportunities irresistable) to customers.
But after the deadline, cut them off cold. Display a notice on the order of:
"Your browser has proven to be chronically insecure and the banking industry has made a decision to refuse to assume the risks inherent with it. Please use a different browser to conduct secure financial transactions.
List of links here.
p.s. This ban will remain in force until one of the following occurs:
1. As a user known to be engaging in high risk behaviour, you may sign a waiver assuming responsibility for any and all monatary losses resulting from identity theft tracable to Internet Access, regardless of the specific circumstances or products involved.
2. The browser vendor (Microsoft Corp.) indemnifies us against losses resulting from flaws in their product.
3. Microsoft redesigns their browser, submits it's source to open scrutiny by the Internet community and they and then we reach a consensus that it no longer presents a clear and present danger.
Democrat delenda est
Is that a corruption of "Sheep people"? Why not just say "the great unwashed" instead of trying to be funny? Speak English, you snob.
Don't dismiss this. The more I read this email, the more that I realized that something like this could win Mozilla the browser war...
Read it two or three times and then think about some of the stupid email forwards that you've received. If everybody on slashdot.org replied to all of the senders of a stupid email forward with this email, then this email would be proprogated. We would then see a shift in browser usage...
Andrew
Why did I lurk so long before registering for a Slashdot account? I could have had a Slashdot ID of less than 100000.
I just wish that someone could train application developers to write code that runs correctly under non-admin accounts.
Oh, you mean like Linux developers have been doing, right from the get-go?
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
2 converts so far:
wow. I was using IE until I read this thread, then I went and downloaded Firefox, and holy shit, the difference is amazing. My internet is a gazillion times faster, this tab thing is cool as shit, and I am not getting 84983849384092 pop ups.
Thanks guys!!
You really dont need to try very hard to convince normal, non-geek sane people.
You scoff about the Administrator thing, but you are wrong too.
/sigh
1) Windows is nearly unusable as a "regular user".
2) Those of us who have been dragooned into service as psudo or actual network adminstrators are forced, day and night, to use a Windows login which is a "group member" of some groups that make "Machine Administrator" seem a laughable and weak status.
Even as I speak (type? 8-) here at my job, I am logged into our corporate network using my normal daily account. I am required to be doing this. As a member of the domain administrator group, I can go to "My Network Places" (god save me from these cutsie names) and find any computer on the corporate network, and add actions to the schedulers for *those* *remote* *computers*.
Imagine it, if my "normal" "non administrator" session were compromised; if I were foolsh enough to use IE (which I must from time to time becaus of MS, but which I avoid when possible); if I were foolish enough to log into some other, pre-compromised machine on our network; the exploit would only need to pursue my "normal" permissions to share-out a folder and then schedule the contents of that folder to run "later" on every other machine on the network. And so on...
Yes, I have yet to see an exploit for this in the wild; it is none the less a gaping hole inherent in the design. But I suspect that the only reason I have not is that script-kiddie haxors are unimaginative and overtly linear lusers.
On my linux boxes I "always" log in as a regular user and then promote myself when necessary. In fact nobody can directly log in as root on any of these boxes, even from the console.
In Windows, in my corporate setting, I have no choce but to be more-than-god from each machine I use and so treat the systems as if I am a big security hole.
Then again, what about the other four guys with Domain Admin? I know at least two of them do stupid and exploitable things every day.
It's just dumb.
Good thing the company decided to take the corporate DHCP and DNS off of my "vlunerable" linux box and put it safely into MS Active Directory where it can be safe and happy...
Yea... right... the problem is people logging in as "Administrator"...
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
If I've got the frickin Windows Update Thingy configured to Download and Notify me of new updates, why is it that I ALWAYS find a /. posting about it BEFORE Windows Update tells me about this CRITICAL UPDATE????!!!!
Yes, I know it's because Windows is L@m40 733t w00tg or some lame term you techie people use.
I like-a do-the cha-cha.
I'm going to try very hard not to be mean. Seriously, did you (and everyone else who replied to the challenge to list one thing IE does better) not realize what you're saying???
These are IE-specific things!!! You're comparing apples and oranges. The only sane response is probably drag-n-drop bookmarks. Not IE-only CSS hacks! Look at it this way:
Seriously, that's what it sounds like. Next you'll say that IE is better because of Active-X. Who gives a shit if IE has some IE-only, embrace and extend version of CSS? That's not the mark of a better browser, that's MS using their market dominace to screw with standards just enough to lock-out competitors. I'm open to "participating in a creative discussion", but be creative.
Dear User,
Please boot off of your Windows CD and delete everything in c:\windows\system32 because it'll make your system... go faster. Yeah.
Pretend that something especially witty is here. Thanks.
And it's greeeeeat.
The catalyst:
The techies in the computer lab in my school put it on the desktop for all to use.
When I immediately converted:
When the NYtimes.com's popup was instantly blocked. Coool. I knew Firefox could do this, but seeing is believing, I guess.
Favorite
The registry offers one central place where all the configuration data is kept. It makes it easier to share configuration between programs. It also ensures that all configuration uses the same format, so that the same code can be used to read it in any application.
That's not to say that a registry is all happiness and roses. By sharing the configuration between all apps, any app can corrupt *all* of the configuration. Further, it is much harder to recover the configuration, because it is not in a human readable format.
n/t
They through away their trust fund on utterly useless Microsoft "certification", then fail to see why people get pissed off (or laugh at them) when they arrogantly try to tell real techs how to do something.
I'm starting to feel sorry for IE. Everyone's picking on it. It does have some nice features:
A few months ago when Microsoft released another set of patches (one of which plugged the hole that Sasser exploited), somebody posted a comment in the story about these patches. They also claimed that the new pathces buggered up their Windows installation (it worked fine on mine), but this time round, somebody discovered a 3rd party app that conflicted with the patch (I vaguely remember seeing something about in on the Microsoft site, but can't find it).
Replace "Mac" with "Volvo" and "Win/PC" with "Yugo" and say it agin with a straight face.
You think people said more expensive safely-built cars weren't a "viable alternative" once people realized that Yugos were POS deathtraps???
Posted AC, as should be...
When you look at the state of the world, how can you not become a radical, liberal anarchist?
OK, for what ever reason, you can't switch all your users to a mozilla based browser for politics or whatever reason. but YOU should switch as should anyone with domain admin rights.
Asumming you have some control, your users have "user" rights. But YOU have "Admininstrator" rights too all \\workstations & \\servers...
All it would take is YOU clicking on the wrong link and bye-bye domain.
(as if your ego would allow you to assign yourself a meager 'user' account.)
BTW I was giving linux the credit it deserves for doing the non-admin thing right by that statement. It upsets me that many windows applications can't say the same.
"You can now flame me, I am full of love,"
that eventually, with a new bug report/vulnerabilty coming out every week or so, IE would be bug free. I mean, it's been in stable, production mode on 6.0 for what, 4-5 years now?
How many vulnerabilities can one piece of software have?
Could someone explain why Linux and its utilities have so many critical security notices posted against it?
Because there are quite a few utilities and every piece of software has, as you notice, some mistakes.
The grandparents point was how incredibly ridiculous amount of critical flaws there are in one application, it's over 50 now for IE6, and IE5 and IE5.5 have similar amounts, though quite a few overlap that will probably make over one hundred security vulnerabilities in one application, don't you think that's taking "people make mistakes, but that's okay" argument bit too far? I challenge you to find any one specific piece in those many linux utilities that has anywhere NEAR the amount of problems IE has.
And the adjective you brandish so freely is best applied to yourself.
The companies that are testing Linux in the desktop would leave your jaw dropping to the floor. If only one or two of those global economic mamooths switch it would be so momentous given their size and position in the global economy that you will come to regret being on record saying so much nonsense.
... but are they ethical, moral or even legal?
IANAL but write like a drunk one.
Slightly OT, but particularly ironic, I think, is little problem in Utility Manager:
Microsoft originally fixed this in MS04-11. But how? They just removed the menu entry, but forgot about all the other ways the help system can be invoked.
Really assistive of them to help 'em gain Admin...
It is actually a lot safer to disable the "Run As Service" (its a likely point of attack, as it creates yet another hole in an already swiss cheese operating system, they only benefit is that not every user has it enabled, but by far the majority don't have it disabled either).
I have to use it for sophos (required for virus detection upgrading across a network to xp/2000 boxes) and I still don't like the idea and would far prefer to disable that particular service. Typical MS, good idea (somebody elses) poor execution (quick dirty solution in an attempt to match su).
Chaos - everything, everywhere, everywhen
I suspect that this is at least partially the fault of clueless moron web-so-called-designers building "Submit" buttons which are absolutely dependent on dodgy JavaScript for their operation. Often so absolutely dependent that if you do sneak a marginal field value past the JavaScript, the script dies from lack of data validation (and in at least one case I saw, it reliably brought down the db, too).
Got time? Spend some of it coding or testing
They pulled the team back out of maintenance mode a month or two ago and and are now in panic mode as they survey what the FOSS community has been doing while they slept.
Got time? Spend some of it coding or testing
I've had the same issue. For Windows it seems some software only allows themelves to run with one instance/process.
This is what seems to be with explorer. And then when you try to runas explorer, even though you're running as admin, well, there's allready a process running.
Killing of the original process and then running explorer as admin seems to do the trick, but for that to work, you'll need to replace explorer with something else as standard shell.
Not that I've tested this thoroughly, but I think it's a windows multiuser-issue. As a relatively fresh multiuser OS, it doesn't seem to handle two processes with the same name running under different users, if the program requires one process only.
Feel free to correct me though.
Not Buzzword 2.0 compliant. Please speak english.
I've commented this in another comment in this thread. It's a really bad bug, but it's not impossible to bypass.
Hope this helps, if you should ever need a admin-explorer again.
Not Buzzword 2.0 compliant. Please speak english.
No one's talking about if someone will or will not develop for IE. This thread is asking about what IE does better than other browsers, especially Firefox. Citing IE-only CSS hacks is not an answer to that question. That is not a matter of merit. That is a matter of specific implementation. It is, in fact, worse. Just as Microsoft's JVM was worse than Sun's. It does not follow standards and it is likely as myopically designed as everything else MS does.
If you want to argue that it is a great property that W3C should have implemented, then fine. But you and other were arguing that because IE chose to create its own proprietary way of doing something and other browsers chose standards-compliance instead, that IE was superior in that respect.
I'm not questioning your ability to be realistic, nor your attitude towards Linux. I'm saying that you are making the common mistake of seeing IE as a standard unto itself. If that is the bar, then why not say that IE is superior because it supports Active-X and other browsers (thankfully) do not?
what does uninstalling this 841873 patch do then?!
switch back to incorrect reporting of the system memory as 512M even when it's 512K !?!
Hell, I am surprised this guy has managed to get a 512K for a P4
Where I work, we have all the anti-virus stuff hogging the CPU as you say - and now it's gotten to the point where they have locked the network down and any device not running a special service will have its MAC marked as "rogue" and cannot use the network.