Slashdot Mirror
Microsoft to Issue Out-of-Cycle Patch for IE
rsw writes "Microsoft will be breaking their normal patch cycle and issuing a patch for the Download.Ject attack (a.k.a. Scob). They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob." Note that this does not mean that they are replacing IE with FireFox.
Seems as though all of the exploits coming out against IE has finally got to them. I've counted about 5+ just from the Full Disclosure and BugTraq mailing lists in the past few weeks. All of them different in nature of thier attacks.
Hmmm.
The released a patch when it's needed, not when it's scheduled. How novel.
Note that this does not mean that they are replacing IE with FireFox.
Good, cause firefox has render problems on slashdot all the time (where as IE doesn't). I don't think its firefox, either, cause it doesn't happen on any other site I go to.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Awww damn, and here I thought that Microsoft would include one of its strongest competing products instead of it's own that millions of dollars were funneled in to. Maybe I'm just too naive...
If you have to ask, you'll never know.
and if they do why?
/. thread about it
I mannaged to get my work to use fireFox after showing them a
All spelling mistakes are due to solar flares...honest
...the most finiky of users, my Mom, to Firefox without her even knowing it. Now if Dad would stop playing Solitaire long enough for me to get at his computer then I'd de-IE him as well.
...where I come for all my MS IE patch news.
John Kerry is a Joke!
I am throwing Karma out the window on this one as my comments on this subject fall on deaf ears here but... Firefox is not an acceptable replacement for IE for 90% of the users out there so I really think we could have done without the snide comment.
Yesterday I mentioned that nearly everyone who visits my site with Firefox are coming in from Slashdot URLs. It may come as a surprise to you but more than 90% of the Internet users out there aren't aware or concerned with IE vulnerabilities. It may also come as a surprise to you but Firefox isn't exactly the best browser out there if you want 100% compatibility with the "broken" sites on the Internet. These same users that don't know of the issues w/IE are more concerned that they cannot reach their online banking, see their sites the way that the "broken" authors intended, and have a seamless browsing experience.
Firefox is not the answer to MS' issues. Better preparation for security is.
...with the Rhythm method?
So, are their patches normally NOT long-term solutions to vulnerabilities then?
shhh, don't tell anyone, but I'm still using IE6.. I dunno, I'm just so used to using it, and it seems to work well for me. I haven't had any virus or security problems(that I know of).. I always want to try firefox after reading posts about its power, but man.. IE is just so..so.. easy.
Boxing Equipment Reviews
Build a CD of Windows 2000 without IE (or Outlook, etc. etc)
Build a CD of Windows 2k, XP, or 2k3 without IE (or Outlook, etc. etc)
Download an IE removal program for Win2k
Rightly or not, that Homeland Defense notice got some peeps in senior management a little spooked and asked our IT department to start making Firefox the default browser on all new systems they set up for employees.
As a long-time Mozilla and Firefox user, I couldn't be happier. Whether it's the right reason or not, I couldn't care -- at least there's a hint at the IE domination trend slowing down a bit, and that is good for consumers.
Microsoft may have won the browser-war in the late 1990's but at what cost???
Mozilla/Netscape as of the last couple of years made fantastic progress and is definately now the better browser in both functionality, security and last but not least mozilla looks better to me and renders websites better too...
M$FT should just throw in the towel on IE and reduce its function to Windows Update and able to download Mozilla/Netscape, (just make it a ftp downloader tool)
One of the biggest complaints against MS is that they are slow to respond to user need, while quick to add profit-margin-stretching-even-though-the-user-does n't-want/need-anyway "features" (e.g. Clippy). So how is the /. community going to react when MS actually starts listening to the customer and adding true features like security, speed, efficiency?
/. geeks, just think about how much more time/effort will go into linux to make it even better. And, as for jumping ship, we'll have no need. But we may have a fleet comprised of MS, *nix/*BSD, etc.
I've noticed over the past couple of months that there have been a few of opinions coming out. One is that it's too late for MS. They screwed the pooch years ago and their entire user base will end up jumping ship.
Another is that this is nothing but a marketing ploy. MS isn't really changing their ideology, they're just making us think they are, so we're better off jumping ship.
The other (my personal opinion) is that it's a welcome change. I will be glad when Windows becomes an environment that is as stable and easily configurable as linux. I love competition. It's what makes America thrive, and if MS can become competitive (again) in the eyes of
Kudos to MS for trying to fix their old mistakes, and hopefully in a couple of years, they'll have them fixed and we can really have an OS War!
for maximum effect, the preceding post should be read monotone and at a steady cadence
Do people care about IE security problems? Most do actually, people just either don't know about the vulnerabilities or if they do they don't know there's anything that can be done.
/. renders.
Everyone I know when I talk to them about how bad IE is, if they listen, switches to Mozilla, I switched my school's computers and those of atleast 60 others.
People are listening now more than ever, its becoming so bad (atleast one a week) the mainstream media is even going "Another Internet Explorer vulverability has been found".
All I tell people is that:
1. Mozilla works faster
2. It has a pop-up blocker
3. It is immune to those once a week IE vulnerabilities
4. You just about don't get spyware (and mention keyloggers). <---The Killer One And BTW, I use Firefox 0.9.2 (mozilla.org build for Linux/x86) and have never had problems with how
"Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience." - Microsoft group product manager for Internet Explorer
.... funny funny. Maybe they're talking about FireFox 1.0.
Yes they should have this powerful secure browser
"There is no spoon." - The Matrix
bugs != hole.
;)
- user profiles are a mess!
- Crash triple-clicking on textbox during page load.
- TestCookie crashes in NSPR logging
and so on, and so on.
What am I missing in the big bug-list? Hmmm. Remote exploits, security holes, javascript exploits, Active-X exploits.....
And - Clipboard does not work - can hardly be seen as a critical bug. It's a feature
Privacy is terrorism.
Not strictly true.
The development of TCP/IP allowed the ARPANet to happen (which later became the Internet follwing commercialisation in the late 80s).
UNIX-based servers formed the core of the ARPANet because TCP/IP has always been built into UNIX and UNIX was designed as a multi-user multi-platform network operating system.
Microsoft assumed that the world would use their poor quality NetBIOS/LanManager protocols until the early 90s when they were forced to include TCP/IP support into Windows - that was after they almost ruined Novell by worming their way into using IPX/SPX networking protocols.
In other words, a kludgy operating system had to be kludged even more to support TCP/IP. This is a legacy that has lived with MS since and while the support of TCP/IP has improved over the various Windows iterations, the fact is that the Windows architecture is not as suitable for Internet connectivity as UNIX.
Everything in UNIX is designed for simplicity - one program doing one task. If you need a network service, just turn it on - if you don't, turn it off.
Where UNIX has a weakness is the security model because, in ARPANet days, information was open and there was no need to secure servers. However, that has improved a thousandfold over the years with features like shadow passwords, better authentication models and secure protocols. The simplistic security model of "you, those you trust and the rest of the world" now works to it's advantage because it's very easy to apply to a system - the difficult part is knowing all the potential holes to apply it to that can only come from experience.
If Windows was not an Internet OS today, we would still have crackers and security exploits on UNIX. However, there would be less of it because fewer crackers would be clever enough to break into a UNIX system and whilst there might be the occasional worm program, email viruses simple would not exist.
Gentoo Linux - another day, another USE flag.
theres a better way. change the url from it.slashdot.org to just slashdot.org5 1213 turns into/ 1751213
or whatever.
example:
http://it.slashdot.org/article.pl?sid=04/07/29/17
http://apple.slashdot.org/article.pl?sid=04/07/29
.
I've been contemplating which thread to post this to, so I'll post it here.
Why does everyone thing we're "winning" against Microsoft/IE with Mozilla Firefox? It's not that we are winning, it's that Microsoft isn't playing anymore.
There's no reason for them to have the dominant browser on the market anymore, and one HUGE reason for them to explicitly NOT have the dominant browser. Their DOJ investigations focused, in part, on the fact that IE was bundled with Windows and thus constituted a monopoly. However, if Microsoft now lets IE flounder and lets Mozilla (or another browser) become dominant, they have a huge lever to use against any future DOJ or legal inqueries. They can then say they aren't a monopoly, as another browser is dominant.
And why not? There's no money to be made on IE - it's strictly a resource drain. They don't make a single dime from it... why pay someone to keep IE up to standards, when they can get the whole Open Source community to do it for free - in the form of Mozilla.
Stop and think about it for a moment, there's absolutely NO reason for MS to have the dominant browser any longer... there's no financial or legal advantage to it. A browser is effectively a commodity, and anyone developing one is going to have to expend resources to do so - with no return on that investment. Thus, Microsoft's only real logical conclusion would be to let IE slowly fade away, it solves not only the money/resource drain, but also protects them from further DOJ inquiries.
So Firefox isn't winning, exactly... Microsoft just took their ball and went home, because the game had no point for them anymore.
Please post your home address on Slashdot and we will ask the Firefox programmers to come over to your house and give you a personal demonstration. If they deliver the demonstration as a singing barber's shop quartet, will that impress you?
Is there any particular night of the week that's better for you?
Nobody, least of all the OSS "philosophers" give a damn about your "loyalty".
It's software, it's free, it's there but it's up to you to get off your butt and try it for yourself.
Gentoo Linux - another day, another USE flag.