Slashdot Mirror
Latest Version of MyDoom Exploits New IE Flaw
techentin writes " CNN Money is reporting a new and improved MyDoom variant which is spread by a hyperlink in email. Clicking the link connects the user to an infected machine, which exploits a recently discovered buffer overflow in Internet Explorer. McAfee has a more detailed description. Is this yet another good reason for running Firefox?" CNET also has a story.
Give Firefox such a big present for their 1.0 release.
Can they start teaching in school that using IE is like having un-protected sex with 15 donkeys? or would Microsoft complain?
This comment does not represent the views or opinions of the user.
People still use IE?
ok so they accidently leave one bug in their browser and everybody jumps all over them. big deal!
How do we know the link to the story isn't just a trick to get us infected?
Technology, the cause of and solution to all of life's problems.
Let's not be hasty. True, I love Firefox, but IE is a giant honey pot out there for malicious attackers. If too many people switch, they'll start targeting Firefox. As much as I hate to admit it, they WILL find flaws to target.
Man, if only there were some browser we could use instead of IE...
Oh well.
"It is seldom that liberty of any kind is lost all at once." -David Hume
users could pull their heads out of their asses and stop clicking on links in SPAM.
Bzzzt, wrong answer.
Most viruses come from people you know, since they exploit the address book feature. Most spam comes from people you never heard of.
Thus, it is the links in the e-mail from people you KNOW, not spam, that is the problem.
Learning HOW to think is more important than learning WHAT to think.
SP2 not vulnerable... Upgrade or perish.
A seemingly infinite number of flaws in a finite piece of code, this is quite an achievement.
"Lack of security issues?"
Okay, I'll grant you that FireFox is probably more secure than IE. But to say it lacks security issues is going a little further than I'd go, myself. In fact, I'd be willing to bet you $10 that it has security issues of it's own.
Don't sell your friend a dream. Set his expectations realistically. No software is bulletproof. No software lacks security issues.
Firefox f-ing rocks, no doubt about it. It blows IE out of the water. It probably has far fewer security holes. But to say it "lacks security issues" is naieve.
Don't believe everything you read on slashdot. A lot of these people have an agenda to meet.
I've been running Linux on my main desktop for years, and recently I've really been considering switching to Windows. After all, it's got some cool apps, and while I wouldn't call it "feature complete", I say they've done a good job of implementing many of the best features of Linux and OSX. However it's articles like this that convince me it's still a bit early to switch to Windows.
All told they've made some real inroads in servers, and the desktop experience is improving with each release (the current unstable branch -- AKA "XP" -- has implemented the theme concept long popular in KDE and Gnome!) however I think it's still premature to declare Windows ready for prime time on the desktop.
The *real* ironic twist to the story is that newer versions of McAfee VirusScan that Dell has been shipping requires Internet Explorer to be installed... and uses it to run the control center windows.
Now how's that for secure?
I may never, ever figure out the mentality of that decision.
There are a few design flaws in IE that make it a uniquely dangerous program to use to access the internet. These mistakes have, as yet, not been made by the Mozilla team. Perhaps we have learned a few things...
The largest problem (mostly the cause of spyware rather than viruses though) is the issue of ActiveX scripting. Because ActiveX controls are trusted on the basis of vendor signature, and because someone can force an old version to be downloaded and installed, it means that no security patch can protect you against a malicious site scripting against a bug in an ActiveX control signed by a trusted vendor. No security patch can be writte to do this without breaking *every* ActiveX control in the internet.
The second issue is that of security zones. This allows an attacker to exploit any flaws that come with the enforcement of such zones. This is an issue for viruses and spyware alike.
Now, it is possible that a new as yet unimagined sort of attack will eventually be possible against some type of functionality in Mozilla. At least one type has (XUL files spoofing interfaces), but if these become a problem, it is open source, and so you or anyone else can pay for somone to make a version with a different structure. If enough people switch, the process begins over again. But each time, I think we are safer.
LedgerSMB: Open source Accounting/ERP
For those who don't RTFA, XP SP2 doesn't appear to be vulnerable.
"Users who have installed Windows XP Service Pack 2 are immune to the programs that use the vulnerability, including the two new variants of the MyDoom virus."
I don't usually get mail from people I know telling me that Paypal has charged my credit card.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?