Slashdot Mirror
Microsoft to Issue Out-of-Cycle Patch for IE
rsw writes "Microsoft will be breaking their normal patch cycle and issuing a patch for the Download.Ject attack (a.k.a. Scob). They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob." Note that this does not mean that they are replacing IE with FireFox.
Seems as though all of the exploits coming out against IE has finally got to them. I've counted about 5+ just from the Full Disclosure and BugTraq mailing lists in the past few weeks. All of them different in nature of thier attacks.
Hmmm.
Note that this does not mean that they are replacing IE with FireFox.
Good, cause firefox has render problems on slashdot all the time (where as IE doesn't). I don't think its firefox, either, cause it doesn't happen on any other site I go to.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
and if they do why?
/. thread about it
I mannaged to get my work to use fireFox after showing them a
All spelling mistakes are due to solar flares...honest
...the most finiky of users, my Mom, to Firefox without her even knowing it. Now if Dad would stop playing Solitaire long enough for me to get at his computer then I'd de-IE him as well.
shhh, don't tell anyone, but I'm still using IE6.. I dunno, I'm just so used to using it, and it seems to work well for me. I haven't had any virus or security problems(that I know of).. I always want to try firefox after reading posts about its power, but man.. IE is just so..so.. easy.
Boxing Equipment Reviews
Rightly or not, that Homeland Defense notice got some peeps in senior management a little spooked and asked our IT department to start making Firefox the default browser on all new systems they set up for employees.
As a long-time Mozilla and Firefox user, I couldn't be happier. Whether it's the right reason or not, I couldn't care -- at least there's a hint at the IE domination trend slowing down a bit, and that is good for consumers.
"more than 90% of the Internet users out there aren't aware or concerned with IE vulnerabilities."
That's odd. At least every week I have someone mention some new spyware or popup they run into, and how do I deal with it. Many of them are now quite happily running Mozilla or Firefox.
And the problem with viewing people's sites isn't my problem, it's the site's. If it doesn't work, I go elsewhere. And my bank's site works just fine with Moz.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
Microsoft may have won the browser-war in the late 1990's but at what cost???
Mozilla/Netscape as of the last couple of years made fantastic progress and is definately now the better browser in both functionality, security and last but not least mozilla looks better to me and renders websites better too...
M$FT should just throw in the towel on IE and reduce its function to Windows Update and able to download Mozilla/Netscape, (just make it a ftp downloader tool)
"Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience." - Microsoft group product manager for Internet Explorer
.... funny funny. Maybe they're talking about FireFox 1.0.
Yes they should have this powerful secure browser
"There is no spoon." - The Matrix
It just got too scary for me when my whole PC got infested with spyware. It's true that I didn't have IE patched to the abosulte latest version. However, there's exploits coming out all the time and the time to patch is way too long. I'm glad I did switch and I doubt I'd go back. Firefox's popup filter does everything better than IE with the google toolbar. Adblock is the best comprimise (so far) for simplicity and effective ad blocking.
I admit that the features in SP2 sound promising, but I'm already too comfortable with Firefox.
This should not surprise you though. As seen by the eventual release of Window XP SP2 you will see a new version of Windows that represents Microsofts new focus on security. Their goal is to make people aware that there are security risks and they must make an active effort to keep their computers up to date and patched. Windows Update will take a more active role and SP2 will include a Virus Program "checker" to make sure you are running some sort of virus protection.
While many of you say that 90% of the Internet Explorer users aren't aware of the security problems, it is microsofts goal to make this aware. I wouldn't be surprised to see the number of unaware users quickly diminish. With all the news about the viruses and exploits, people can't be that dumb to just ignore them. While people may not do something now, when SP2 comes out I have reason to believe that people will begin to realize that they need to keep their computers patched.
Upgrading to Firefox is also a start. While it blocks most of the ActiveX scripts which get exploited, it also provides many additional features, including popup blocking and more.
It would also be nice to see Antivirus or firewall companies taking a more active role in advertising. Firewall programs like Kerio Personal Firewall monitor existing applications and notify the user when an application is trying to be replaced (for example during an upgrade). These firwalls prevent ad-ware and other programs from being installed without the user knowing (for example my roommate had "My Horroscope" somehow installed on her computer without her knowing, meanwhile Kerio blocked it from being installed on my computer).
We're starting to see an age where more people are aware and more companies are making people aware of the security risks of not keeping an up-to-date computer.
But didn't MS say it's the patches that cause the exploits?
Plus the patch won't be ready till NEXT week.
Normally MS doesn't PR their minor patchs. Maybe their Service Packs, but i don't really know.
So, how much of this PR stunt has to do with what Home Land (in)Security had to say about IE?
Not strictly true.
The development of TCP/IP allowed the ARPANet to happen (which later became the Internet follwing commercialisation in the late 80s).
UNIX-based servers formed the core of the ARPANet because TCP/IP has always been built into UNIX and UNIX was designed as a multi-user multi-platform network operating system.
Microsoft assumed that the world would use their poor quality NetBIOS/LanManager protocols until the early 90s when they were forced to include TCP/IP support into Windows - that was after they almost ruined Novell by worming their way into using IPX/SPX networking protocols.
In other words, a kludgy operating system had to be kludged even more to support TCP/IP. This is a legacy that has lived with MS since and while the support of TCP/IP has improved over the various Windows iterations, the fact is that the Windows architecture is not as suitable for Internet connectivity as UNIX.
Everything in UNIX is designed for simplicity - one program doing one task. If you need a network service, just turn it on - if you don't, turn it off.
Where UNIX has a weakness is the security model because, in ARPANet days, information was open and there was no need to secure servers. However, that has improved a thousandfold over the years with features like shadow passwords, better authentication models and secure protocols. The simplistic security model of "you, those you trust and the rest of the world" now works to it's advantage because it's very easy to apply to a system - the difficult part is knowing all the potential holes to apply it to that can only come from experience.
If Windows was not an Internet OS today, we would still have crackers and security exploits on UNIX. However, there would be less of it because fewer crackers would be clever enough to break into a UNIX system and whilst there might be the occasional worm program, email viruses simple would not exist.
Gentoo Linux - another day, another USE flag.
Here's what I do;
... all are mentioned in passing and seal the deal, though the tabbed multi-site 'home page' is the winner for some reason.
1. Install Firefox.
2. Ask the person what web sites they visit often.
3. Put the sites in a set of bookmarks and use that set as the 'home page'.
4. Show them.
5. Ask if they want to use Firefox by default.
So far, I've had 3/4 switch. Pop-up blocking, better security,
Please post your home address on Slashdot and we will ask the Firefox programmers to come over to your house and give you a personal demonstration. If they deliver the demonstration as a singing barber's shop quartet, will that impress you?
Is there any particular night of the week that's better for you?
Nobody, least of all the OSS "philosophers" give a damn about your "loyalty".
It's software, it's free, it's there but it's up to you to get off your butt and try it for yourself.
Gentoo Linux - another day, another USE flag.
With Nlite you can even remove the IE rendering engine. Of course, some things in Windows won't work afterward, but that shouldn't be surprising considering how hard MS has worked to make IE impossible to remove. Take note that Nlite is still very much beta software and has plenty of bugs that need to be worked out, but all-in-all it is a very nice program. Currently it requires the .net framework 1.1, but the author is currently working on a C++ version. I suggest anyone who uses Windows 2000/XP/2003 check it out.
I think something to remember here is that IE integrates into a lot of their products so I think a better way of describing the process would be Identify the problem, design a fix, make the fix, test the fix, fix the fix, test the fix, fix the fix, test the fix, deploy the fix, hope that they didn't rush the fix out too quickly and break other peoples software. Weeks not Days or Months (well mabye months on occasion)