Slashdot Mirror
Penn State Tells Students To Ditch IE
Hoyceman writes "About 80,000 students and staff are being told to use an alternate browser. The Penn State ITS department sent the alert 'because the threats are real and alternatives exist to mitigate Web browser vulnerabilities.' InformationWeek is carrying the story."
AC karma whore post:
Penn State Tells 80,000 Students To Chuck IE Dec. 10, 2004
A public university with an enrollment of over 80,000 puts the kibosh on Microsoft's Internet Explorer.
A public university with an enrollment of over 80,000 put the kibosh this week on Microsoft's Internet Explorer, and urged its students to switch to alternative browsers such as Firefox, Mozilla, Opera, or Safari.
Penn State University on Wednesday issued an alert to students and staff recommending that they dump IE and use a different browser.
The university's Information Technology Services (ITS) gave the advice "because the threats are real and alternatives exist to mitigate Web browser vulnerabilities," ITS said in a statement. It cited the security problems in IE that have been the focus of both media reports and recommendations from such organizations as the US-CERT, the federally-funded computer response team housed at Carnegie Mellon University.
"The University computing community [should] use standards-based Web browsers other than Internet Explorer to help minimize exposure to attacks that occur through browser vulnerabilities," added ITS.
Penn State's advice is the latest negative news about Microsoft's popular browser. Security problems continue to plague IE -- some patched, some not -- while rivals like Firefox slowly nibble away at its still-dominating market share.
That should be ITS in the write-up. IST is the PSU school of Information Sciences and Technology (www.ist.psu.edu).
I believe the 80,000 refers to the students, not the staff.
Before any liberals are tempted to mod up one of my comments, a word of warning: I'm actually making fun of you.
Although Penn State has issued this warning, it is far from true. All Penn State Computer Lab Machines have IE set as the default, and group policy is set such that you cannot switch even to the installed version of Firefox. In addition the Firefox user settings are stored in Application Data which has a 20 meg quota. This means whenever a user tries to log out after browsing, it refuses saying there is too much data. IE on the otherhand, gets cleaned of cookies and cache automatically so that when you log out there is never a problem with the quotas. If Penn State wants to actually get people to switch, they should do something about it on their own machines.
The product design kids, like myself, do care, unlike the other art kids. Mainly because we're well aware that IE is a badly designed product. =)
sadly that's not true. pretty much every old school mac os 9 user i know that now uses os x uses IE for mac. STILL. even though microsoft publically said they are stopping all updates (including security)
- tristan
It's been the onofficial policy for my University's helpdesk to install FireFox on any students' computers, particularly if they've been having Spyware problems. Here's part of an e-mail sent out on Nov. 5 to the entire Yale Community.
To Selected Members of the Yale Community:
We wanted to send you an important reminder about your privacy and
security while browsing the Internet. We are concerned about certain
vulnerabilities inherent in Microsoft Internet Explorer (MSIE). Even if
you do not use this application as your browser, you should consider a
read through for information about keeping your computer updated.
Due to its popularity, MSIE has increasingly been the target of technical
exploits and sophisticated "phishing" schemes. We strongly encourage you
to take certain precautions for your own security:
1. First and foremost, verify that your computer is updated with current
patches and updates. The best and easiest way to do this is to set your
computer to automatically update its operating system and antivirus
software. If you need assistance doing this, please see below for contact
information.
2. There are known vulnerabilities in MSIE that do not yet have patches.
This has happened in the past and appears likely to happen again in the
future. We recommend that you either:
a) Refrain from visiting unknown websites or providing personal or
financial information while using MSIE, unless you are absolutely certain
you are dealing with a truly reputable website (for example the CDW-G
website in the Yale ePortal).
b) Use an alternative web browser such as Mozilla or Safari. The Yale
Software Library (www.yale.edu/software) provides recommended alternatives
that are easy to install and provide the same basic functionalities as
MSIE. There are some web pages that will only display properly in MSIE
(since it contains certain special proprietary functions), but most web
browsing can be accomplished using the alternatives.
Little anectdotal evidence from someone who goes to Penn State:No.
When I am on campus and need to print something(something that seems to come up fairly often since most hw assignments for certain classes are avaialable only online), I always laugh at the fact that students are willing to stand in line and wait for a windows computer rather than use the Macs which are always available. Doesn't bother me though, I just go right to the front of the line and go in, do what I need to do, and get out. I highly doubt most of the students are doing anything on those windows machines that cannot be done on a Mac, but for whatever reason they refuse to use them.....I will leave guesses as to the reason as an exercise for the reader.
Monstar L
I submitted this same story with a lot more detail (but not the InformationWeek link) 28 hours prior to the timestamp on this story. It was rejected. Sure, mod me off-topic if you think I'm whining.
I posted my write-up in my journal for posterity's sake. Replies are welcome on this post in regards to the actual news story. Comments as to why you think the submission was rejected should only be posted in the journal. (You don't want to be off-topic, right?) Did I submit at the wrong time of day? Was the submission too long? Ok... enough whining.
I won't make you do unnecessary clicking, so here are some of the relevant links that I found:
Penn State's own news article
Chronicle of Higher Education article
ZDnet article
The journal entry also has comments taken from a PSU IT personnel listserv, as well as other links.
I'm going to school at Baker College and at my campus, they've got Deep Freeze on all the computers. You are logged on as admin* and can install whatever you want, but when the computer is restarted it goes back to its original condition. It installs a filter driver that keeps track of all writes to the main disk, logs them and prepares to undo them upon restart. All your documents/files you want to keep are put on removable media (they'll get undone upon restart otherwise). Authorized admins can disable this temporairily to make permanent changes. Turn on a computer and it is in pristene condition; no crap, regardless of what the previous user did. This might not be so good for home use, but for the pre-installed standard lab environment needed for the computers, it works beautifully.
I would definately recommend Deep Freeze for any place with requirements like this. Put all the user profiles and documents on a central server, cluster or removable media and make permanent local changes impossible.
Viruses on the document storage area should be the only malware left; if you put it on a server, it can be scanned easily.
* It's not quite full admin, as you can't install new services or drivers; they might mess with Deep Freeze.
Well, what's interesting, however, is that I was in one of the computer labs on Tuesday, and ITS still had Internet Explorer as the default browser on some two thousand lab computers at University Park. They couldn't have changed it over in one day. In addition, since ITS does only cover University Park, half of those 80,000 students at Commonwealth campuses will still use IE. This is a welcome decision, but ITS needs to back it up with words by installing Firefox on its public computers, and encourage the computer services departments at the other 21 campuses to do the same.
At Carnegie Mellon, considered to be one of the best tech schools in the world, all students (even CS and ECE majors) are required to take Computing Skills Workshop. The very first lesson in the course is on security and passwords. It also covers UNIX commands, file management, and access rights.
After a few weeks, most people realize that they can skip the classes and only show up for exams, so it's not really a waste of time for those who do not need it. However, for those who do, it ensures that they have a baseline level of computing knowledge, which helps keep our network safer.
| Ceci n'est pas une pipe.