Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Issue Out-of-Cycle Patch for IE

Posted by CmdrTaco on from the download-reboot-repeat dept.

rsw writes "Microsoft will be breaking their normal patch cycle and issuing a patch for the Download.Ject attack (a.k.a. Scob). They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob." Note that this does not mean that they are replacing IE with FireFox.

12 of 391 comments (clear)

  1. Wow by Anonymous+Crowhead · · Score: 5, Insightful

    The released a patch when it's needed, not when it's scheduled. How novel.

    1. Re:Wow by EtherAlchemist · · Score: 5, Insightful

      I'm only playing devil's advocate here, but it's possible (likely?) that Microsoft suffers from internal politics, like many other software companys, that actually work against the process.

      I work for a software company where fixes to bugs on live products are held up for weeks and months on end while managers seek the person to blame, assign blame, come up with a plan to make the fix, revise the plan to include 8 other random and unrelated things they want to fix, slap them into one rollout that will now require 6 developers on 3 teams and 4 QA guys who will follow the spec to the letter (even if it is mispelled) and file 200 new bugs. This cycle goes on for a month or so and by the time the fix is released, a dozen other problems have surfaced and been deemed not important enough to fix now. Afterall, we just had a hariy cycle trying to get the last fix out.

      Now, the way it should have gone: Identify the problem, design a fix, make the fix, test the fix, deploy the fix. Days, not weeks or months.

      --
      R(k)
  2. Damn by Billobob · · Score: 3, Insightful
    Note that this does not mean that they are replacing IE with FireFox.

    Awww damn, and here I thought that Microsoft would include one of its strongest competing products instead of it's own that millions of dollars were funneled in to. Maybe I'm just too naive...

    --
    If you have to ask, you'll never know.
  3. Firefox is not the answer. by garcia · · Score: 3, Insightful

    I am throwing Karma out the window on this one as my comments on this subject fall on deaf ears here but... Firefox is not an acceptable replacement for IE for 90% of the users out there so I really think we could have done without the snide comment.

    Yesterday I mentioned that nearly everyone who visits my site with Firefox are coming in from Slashdot URLs. It may come as a surprise to you but more than 90% of the Internet users out there aren't aware or concerned with IE vulnerabilities. It may also come as a surprise to you but Firefox isn't exactly the best browser out there if you want 100% compatibility with the "broken" sites on the Internet. These same users that don't know of the issues w/IE are more concerned that they cannot reach their online banking, see their sites the way that the "broken" authors intended, and have a seamless browsing experience.

    Firefox is not the answer to MS' issues. Better preparation for security is.

    1. Re:Firefox is not the answer. by gnu-generation-one · · Score: 5, Insightful

      "Firefox is not an acceptable replacement for IE for 90% of the users out there so I really think we could have done without the snide comment."

      Huh?

      Microsoft Internet Explorer isn't an acceptable browser for 90% of the users out there.

      Nevermind your "snide" assertions about the websites that don't work, people are getting owned here. It's a serious problem. It's the spam problem and the virus problem and all the tech support problems, all stemming from this one application that's so insecure that everyone, from DHS to MSN themselves recommend getting rid of it immediately.

      If your favorite website doesn't work in a generic web-browser, get them to fix it, or get a new supplier. Even the banks have got HTML websites now.

  4. Re:Firefox by datadriven · · Score: 3, Insightful

    I only use firefox. What render problems? I haven't been able to get IE to run on slackware anyway.

    --
    GETPKG - Package Management for Slackware
  5. Re:The mounting pressure by EnnTeeDee · · Score: 5, Insightful

    "Our [Microsoft IE] users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," Hachamovitch said.

    Umm, yeah, we should (in a perfect world) be able to have confidence that the biggest software company on the planet puts out the best product. But Microsoft is too big and juicy a target to inspire confidence.

    We also should be able to trust our elected leaders to be able to spend our tax funds wisely, but I'm not holding my breath on that either.

  6. Long-term solution? by RonnyJ · · Score: 5, Insightful
    They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob."

    So, are their patches normally NOT long-term solutions to vulnerabilities then?

  7. Re:Slashdot by LilJC · · Score: 4, Insightful
    Parent has been modded funny, but I think a lot of us do.

    I've walked into work before with the owners complaining of not being able to get to half the web sites they like to peruse and hit slashdot to see what's up. Half the time I'm back in 20 seconds with an satisfactory explanation about a recent or in-progress attack.

    Of course, I have to (for the umpteenth time) explain to my boss/CEO that I can't fix other peoples' servers, only ours. Wish I could at least get that guy to remember how a sort works in Excel.

    --

    The only thing more dangerous than a file named -rf is renaming it -rf\ /
  8. It seems that ... by Hatfieldje · · Score: 3, Insightful

    One of the biggest complaints against MS is that they are slow to respond to user need, while quick to add profit-margin-stretching-even-though-the-user-does n't-want/need-anyway "features" (e.g. Clippy). So how is the /. community going to react when MS actually starts listening to the customer and adding true features like security, speed, efficiency?

    I've noticed over the past couple of months that there have been a few of opinions coming out. One is that it's too late for MS. They screwed the pooch years ago and their entire user base will end up jumping ship.

    Another is that this is nothing but a marketing ploy. MS isn't really changing their ideology, they're just making us think they are, so we're better off jumping ship.

    The other (my personal opinion) is that it's a welcome change. I will be glad when Windows becomes an environment that is as stable and easily configurable as linux. I love competition. It's what makes America thrive, and if MS can become competitive (again) in the eyes of /. geeks, just think about how much more time/effort will go into linux to make it even better. And, as for jumping ship, we'll have no need. But we may have a fleet comprised of MS, *nix/*BSD, etc.

    Kudos to MS for trying to fix their old mistakes, and hopefully in a couple of years, they'll have them fixed and we can really have an OS War!

    --
    for maximum effect, the preceding post should be read monotone and at a steady cadence
  9. Re:Firefox has more holes? by Fuzzums · · Score: 3, Insightful

    bugs != hole.

    - user profiles are a mess!
    - Crash triple-clicking on textbox during page load.
    - TestCookie crashes in NSPR logging
    and so on, and so on.

    What am I missing in the big bug-list? Hmmm. Remote exploits, security holes, javascript exploits, Active-X exploits.....

    And - Clipboard does not work - can hardly be seen as a critical bug. It's a feature ;)

    --
    Privacy is terrorism.
  10. Why does everyone thing Firefox is "winning?" by NitroWolf · · Score: 5, Insightful

    I've been contemplating which thread to post this to, so I'll post it here.

    Why does everyone thing we're "winning" against Microsoft/IE with Mozilla Firefox? It's not that we are winning, it's that Microsoft isn't playing anymore.

    There's no reason for them to have the dominant browser on the market anymore, and one HUGE reason for them to explicitly NOT have the dominant browser. Their DOJ investigations focused, in part, on the fact that IE was bundled with Windows and thus constituted a monopoly. However, if Microsoft now lets IE flounder and lets Mozilla (or another browser) become dominant, they have a huge lever to use against any future DOJ or legal inqueries. They can then say they aren't a monopoly, as another browser is dominant.

    And why not? There's no money to be made on IE - it's strictly a resource drain. They don't make a single dime from it... why pay someone to keep IE up to standards, when they can get the whole Open Source community to do it for free - in the form of Mozilla.

    Stop and think about it for a moment, there's absolutely NO reason for MS to have the dominant browser any longer... there's no financial or legal advantage to it. A browser is effectively a commodity, and anyone developing one is going to have to expend resources to do so - with no return on that investment. Thus, Microsoft's only real logical conclusion would be to let IE slowly fade away, it solves not only the money/resource drain, but also protects them from further DOJ inquiries.

    So Firefox isn't winning, exactly... Microsoft just took their ball and went home, because the game had no point for them anymore.