Slashdot Mirror
Penn State Tells Students To Ditch IE
Hoyceman writes "About 80,000 students and staff are being told to use an alternate browser. The Penn State ITS department sent the alert 'because the threats are real and alternatives exist to mitigate Web browser vulnerabilities.' InformationWeek is carrying the story."
The students finally get an education.
Why UNIX?
AC karma whore post:
Penn State Tells 80,000 Students To Chuck IE Dec. 10, 2004
A public university with an enrollment of over 80,000 puts the kibosh on Microsoft's Internet Explorer.
A public university with an enrollment of over 80,000 put the kibosh this week on Microsoft's Internet Explorer, and urged its students to switch to alternative browsers such as Firefox, Mozilla, Opera, or Safari.
Penn State University on Wednesday issued an alert to students and staff recommending that they dump IE and use a different browser.
The university's Information Technology Services (ITS) gave the advice "because the threats are real and alternatives exist to mitigate Web browser vulnerabilities," ITS said in a statement. It cited the security problems in IE that have been the focus of both media reports and recommendations from such organizations as the US-CERT, the federally-funded computer response team housed at Carnegie Mellon University.
"The University computing community [should] use standards-based Web browsers other than Internet Explorer to help minimize exposure to attacks that occur through browser vulnerabilities," added ITS.
Penn State's advice is the latest negative news about Microsoft's popular browser. Security problems continue to plague IE -- some patched, some not -- while rivals like Firefox slowly nibble away at its still-dominating market share.
Will this ITS department support issues with other browsers. Each browser has its quirks, and work arounds for certain things. If they recommend using other browsers, they must be able to support them, especially if they run proxies.
Kudos to Penn State for not falling into the "it's built into the OS so we'll use it as a standard!" trap.
Many Bothans died to bring you this sig.
Joe Pa...
Joe Pa...
I say M.O., you say 'zilla!
...'zilla!
...'zilla!
M.O....
M.O....
(pause)
MOZILLA!!!
Shop as usual. And avoid panic buying.
At Brown we get a CD with all the latest security patches and a copy of Firefox every year. Prevents trouble, methinks.
Since when has this country used intellectual elite as a pejorative term?
But make sure that your alternate browser it is a recent version of Firefox or Mozilla. They have responded very quickly to security issues, and are being proactive about security, much more so than the the people behind Konqueror or Opera. Also, keep your alternate browser patched just as vigilantly as you would Internet Explorer. As the popularity increases you will see more attacks against Mozilla based browsers.
I don't know what the answer to security is. I hope it isn't educating users, because that just plain doesn't work for most people. The problem is that right now there doesn't seem to be any other way.
Whoever corrects a mocker invites insult;
whoever rebukes a wicked man incurs abuse.
--Proverbs 9:7
if a student can run safari as an alternative, then he/she must be using a Mac. not to defend IE, but isn't IE for Mac less dangerous than IE for Windows? if he/she has already ditched Windows, does he/she need to ditch IE too?
Looks like IE get burned by the very same 'feature' that allowed it to get 95% market share : integration with Windows and total access to stuff it shouldn't. Lesson learned, Microsoft?
But even without security, FireFox is just plain better. Tabbed browsing is huge, Bookmark toolbar, extensions, find-as-you-type (HUGE improvement over CTRL+F search)... Now I look at IE (the rare time I need to open it for windowsupdate) and it just feels...dirty.
Eureka Science News - automatically updated
At my college the first thing I did on every computer I touched was to install Firefox. I also put Winamp on a few open lab computers for listening to Internet radio while I worked.
Recently I became unable to login to my student account, with a message "Your account has been disabled, please speak to your network administrator."
Well I went and found my network administrator to ask about what was up. Apparently it is against school policy to install programs on their computers. This is totally understandable and reasonable, and I apologized. But he decided I needed to be chewed out and he had a killer fact that he just knew would crush me.
Looking me in the eyes he proceeded to tell me that due to me installing Firefox and Winamp on two of the open lab computers they no longer function and had to be totally reformatted. This man, who is in charge of keeping the school network secure, seriously thinks that Firefox and Winamp could possibly be the root of a computer's DEATH. I did not argue the matter no matter how ridiculous it is; I just wanted my account back.
How is it they let people become the network administrator for an entire technical college, a college that hands out degrees in technical fields, that are just that ignorant. How can any competent network admin possibly think Firefox and Winamp are causing a computer to not boot?
So now under threat of permanently losing my student account I am forced to use IE. It is excruciating, because I am not the only person installing software on the open lab computers, just the only one knowledgeable enough to install useful non adware-infested programs. Just opening Internet Explorer results in about 3 minutes of closing popups.
--- "End Of Line" - MCP
6) They'll cut the price.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Although Penn State has issued this warning, it is far from true. All Penn State Computer Lab Machines have IE set as the default, and group policy is set such that you cannot switch even to the installed version of Firefox. In addition the Firefox user settings are stored in Application Data which has a 20 meg quota. This means whenever a user tries to log out after browsing, it refuses saying there is too much data. IE on the otherhand, gets cleaned of cookies and cache automatically so that when you log out there is never a problem with the quotas. If Penn State wants to actually get people to switch, they should do something about it on their own machines.
6) Improve Internet Explorer so that it is better and more secure than Firefox.
Well, its possible... right?
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
6) They'll donate to the school - either kiosk computers with just IE, some web system that only works with IE, or enough general funds for new computers or a Steven Ballmer Building so that they'll retract their statement or never do something like that again.
At this point, Microsoft needs to pay for market share and mindshare. IE can't compete at its current price (free/bundled), so they'll lower it.
It's been the onofficial policy for my University's helpdesk to install FireFox on any students' computers, particularly if they've been having Spyware problems. Here's part of an e-mail sent out on Nov. 5 to the entire Yale Community.
To Selected Members of the Yale Community:
We wanted to send you an important reminder about your privacy and
security while browsing the Internet. We are concerned about certain
vulnerabilities inherent in Microsoft Internet Explorer (MSIE). Even if
you do not use this application as your browser, you should consider a
read through for information about keeping your computer updated.
Due to its popularity, MSIE has increasingly been the target of technical
exploits and sophisticated "phishing" schemes. We strongly encourage you
to take certain precautions for your own security:
1. First and foremost, verify that your computer is updated with current
patches and updates. The best and easiest way to do this is to set your
computer to automatically update its operating system and antivirus
software. If you need assistance doing this, please see below for contact
information.
2. There are known vulnerabilities in MSIE that do not yet have patches.
This has happened in the past and appears likely to happen again in the
future. We recommend that you either:
a) Refrain from visiting unknown websites or providing personal or
financial information while using MSIE, unless you are absolutely certain
you are dealing with a truly reputable website (for example the CDW-G
website in the Yale ePortal).
b) Use an alternative web browser such as Mozilla or Safari. The Yale
Software Library (www.yale.edu/software) provides recommended alternatives
that are easy to install and provide the same basic functionalities as
MSIE. There are some web pages that will only display properly in MSIE
(since it contains certain special proprietary functions), but most web
browsing can be accomplished using the alternatives.
You are dealing with a Windows admin. For many of them, the common reason for everything is that the problem is someone else's fault. That someone else being a combination of Microsoft, Firefox, Winamp, the computer's mood that day, some virus, "an act of God," or hackers that don't really exist. Don't take it personally.
Open Source Sushi
IT staff doing their job will both recommend the safest path as well as try to prevent damage. It's wonderful that the university took such steps, but to say that IE isn't the problem is very, very incorrect.
I see PCs all the time which have IE up to date as well as have up to date anti-virus software that are *still* plagued with problems. Why? IE vulnerabilities.
Even for a patched system, IE presents a vulnerability for computers that are used for "general" web surfing. Firefox is a perfectly valid recommendation, even for those with up-to-date systems.
They've recently been merged with/taken over by a larger college in a nearby town, and the surviving IT department is in the process of converting the site from
Common Sense doesn't always win.
I submitted this same story with a lot more detail (but not the InformationWeek link) 28 hours prior to the timestamp on this story. It was rejected. Sure, mod me off-topic if you think I'm whining.
I posted my write-up in my journal for posterity's sake. Replies are welcome on this post in regards to the actual news story. Comments as to why you think the submission was rejected should only be posted in the journal. (You don't want to be off-topic, right?) Did I submit at the wrong time of day? Was the submission too long? Ok... enough whining.
I won't make you do unnecessary clicking, so here are some of the relevant links that I found:
Penn State's own news article
Chronicle of Higher Education article
ZDnet article
The journal entry also has comments taken from a PSU IT personnel listserv, as well as other links.
I'm going to school at Baker College and at my campus, they've got Deep Freeze on all the computers. You are logged on as admin* and can install whatever you want, but when the computer is restarted it goes back to its original condition. It installs a filter driver that keeps track of all writes to the main disk, logs them and prepares to undo them upon restart. All your documents/files you want to keep are put on removable media (they'll get undone upon restart otherwise). Authorized admins can disable this temporairily to make permanent changes. Turn on a computer and it is in pristene condition; no crap, regardless of what the previous user did. This might not be so good for home use, but for the pre-installed standard lab environment needed for the computers, it works beautifully.
I would definately recommend Deep Freeze for any place with requirements like this. Put all the user profiles and documents on a central server, cluster or removable media and make permanent local changes impossible.
Viruses on the document storage area should be the only malware left; if you put it on a server, it can be scanned easily.
* It's not quite full admin, as you can't install new services or drivers; they might mess with Deep Freeze.
I go to Harvard University, and am a User Assistant -- basically, a student-employee of Computer Services who helps undergrads with computer problems. Our policy whenever someone comes in with a problem, be it a virus or spyware or even a simple problem with Eudora, is to install Firefox. I have never had a user object, and when I show them some features like tabbed browsing, they really warm to the browser. One girl even said that she used DeadAIM primarily for the tabs and loved it that Firefox came with such a feature too.
Of course, the best thing is that once the user is firewalled and virus-protected and has SP2 and Firefox, he or she will probably never come into the Clinic again!
Sometimes, thanks to clueless professors, I've needed to use IE. I actually talked to two professors about using standards instead of cheap development tools that foist garbage on their students and would require expensive software and break in a year or two. It was like talking to a brick wall and they could care less. I was polite, and I can only hope that they remember me and think, "hmmm, that guy was right."
Having a University policy in place would be great. The line, "Use a standard browser" would no longer work. More importantly, stuff that does not work with Mozilla or Konqueror would get fixed and that would spare me a few trips to the library.
A policy like that would also be nice for the staff. Morons who think Microsoft is some kind of standard would get the message loud and clear. More importantly, this removes any kind of lingering FUD about the University not "supporting" alternate browsers. I'm sure the IT staff would love it too because they are the ones who get to spend the all nighters and who bear the embarrassment of turning off whole dorms and sections of campus when the next M$ born worm crawls through.
This kind of transition has been happening at my University but slowly. The student log in still has an advertisement for Microsoft software on the first page but all the public kiosks in the Union have been converted to Linux terminals running Mozilla. The continuing security dissaster is finally getting solved with something other than the blame the user game.
It's nice to hear some good news coming from Penn State.
Friends don't help friends install M$ junk.
If this is their public face, it most likely means that the place is run by total dicks. You're better off switching to a different school.
Penn State's IT department is definitely NOT inept. I was there from 1999-2003 and I was always impressed with their implementations, policies, security, and interest in encouraging new technologies. Hell, all Computer Science grad students are given Apple Powerbooks with VirtualPC and Windows. Penn State was one of the first to give their students free Napster service in order to circumvent the RIAA bullshit. Even as a Mechanical Engineering student, I had access to Windows, Macs, Suns, and Linux boxes. I had FTP-able storage that I could access from Lab computers and from my apartment. They may not be the best, but from comparisons I've made between them and other Tier 1 schools that I've visited or attended, they are above average.
[insert lame joke here]
The CIO called a meeting on security, brought in all the CIO's and CS managers from the University branchess for the state, and among other things, we talked about what to do about the slew of problems with student machines.
I pointed out that students get zero education on computer security, and that if they really wanted to fix the problem, they would create a 1 credit required gen-ed course on personal computer security. Students would thus be required to learn how to keep junk off their desktops one hour a week for a semester (plus it would be an excuse to give remedial computer usage insruction to some of the freshmen that come from living-under-a-rock high school.)
That idea raised some eyebrows. They said "now, THAT's thinking out of the box." They diligently noted it in their notepads and pointless PDA gizmos.
And then, did absolutely nothing.
But that's about what I was expecting, that just because they had the wherewithal to recognize a good idea when they heard it, didn't mean they would remember it for more than a week. That's not how it works. If it doesn't reach crisis proportions, these types of people don't do crap about it.
Someone had to do it.
When I was in school, I remember using Netscape 3 to view webpages (after all, we were using Unix).
I'd rather say that universities are going back to their roots. IE was designed for home computers and the Joe User, not for universities.
At Carnegie Mellon, considered to be one of the best tech schools in the world, all students (even CS and ECE majors) are required to take Computing Skills Workshop. The very first lesson in the course is on security and passwords. It also covers UNIX commands, file management, and access rights.
After a few weeks, most people realize that they can skip the classes and only show up for exams, so it's not really a waste of time for those who do not need it. However, for those who do, it ensures that they have a baseline level of computing knowledge, which helps keep our network safer.
| Ceci n'est pas une pipe.