Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts Say To Switch Browsers In Light of IE Vulnerability

Posted by timothy on from the here's-my-number-if-the-place-burns-down dept.

It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6,000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).

Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.

10 of 455 comments (clear)

  1. Those that haven't already changed... by celardore · · Score: 5, Insightful

    ...probably won't. Most uneducated users that read the article will probably be of the mindset "oh, it won't happen to me".

    1. Re:Those that haven't already changed... by joelholdsworth · · Score: 5, Insightful

      I was listening to BBC Radio 1, and they had a news item about it this morning. But I think GP is right - I can't imagine it will make many users switch. However, as more and more people within the technical community become jaded with the consistent poor quality in Microsoft's offerings, MS will inevitably loose mind-share, and hence their strangle hold on the industry will loosen.

      It's this sort of thing that made me switch over to Linux a year ago. I haven't looked back.

    2. Re:Those that haven't already changed... by minerat · · Score: 5, Insightful

      Yes, but it's often many days out of sync with the official releases. In more bureaucratic organizations you're not going to get some random 3rd party build of an application that handles as much sensitive data as a web browser approved. Mozilla needs to realize that wider corporate adoption requires easy manageability. MSI + Group Policy Template FROM MOZILLA would be huge.

      --
      ...and you've eaten your pen. simply stunning.
  2. Vulnerability by conureman · · Score: 5, Insightful

    The only way to open iexplore.exe in my home computers is through the "run" tab. This is to prevent unfit users from not using one of the other browsae. I seldom format & install windows now, unlike before I took that measure.

    --
    The cost of that cleanup, of course, will be borne by taxpayers, not industry.
  3. Re:Red header by jadrian · · Score: 5, Insightful

    I used to spend all day on Slashdot and now I only check it occasionally.

    I guess some good came out of it after all.

  4. Re:Is any browser safe? by Raenex · · Score: 5, Insightful

    So in other words, we should find ways to seal off browsers from the normal desktop; lock it down in some low-rights, sandboxed safe environment planning that when it is hacked, it at least will be very limited in scope.

    Except the browser is an excellent application to hack, even if sandboxed, because it has network access and is used for nearly everything these days, including online banking. If you want to be safer you'll have to use separate sandboxed browsers for finance vs email vs ... vs random browsing.

  5. Re:Is any browser safe? by chrisgeleven · · Score: 5, Insightful

    Firefox to me is more secure in a way because it usually has security patches released within 48 hours or so after a 0-day exploit, sometimes even within 24 hours. Microsoft on the other hand has been known to leave 0-day exploits unpatched for months.

    Also, Microsoft patches have to wait for their nightly automatic install or when a user shuts down their PC. I believe Firefox checks every time it is launched for updates and installs them. The odds are, you are going to get patched quicker using Firefox then IE.

  6. Re:Microsoft should just scrap IE by Reality+Master+201 · · Score: 5, Insightful

    Yeah, believe me, I've done a lot of corporate consulting, and there's plenty of places with stuff that they'd have to recode to move off IE. Stuff that uses client side VBScript and extensive ActiveX controls. Sometimes it's 3rd party apps from a timesheet system vendor or whatever.

    It already works. So why recode just to make the computer geeks happy?

  7. Re:Red header by mhall119 · · Score: 5, Insightful

    For all Slashdot's leanings toward open source and hatred of all things microsfot or proprietary, does anyone else find that Slashdot itself acts like a closed source company?

    You mean like how they host the code that runs their site on a publicly available CVS server and FTP site? Open source means that you can modify the code however you want, not that other people will modify the code however you want.

    --
    http://www.mhall119.com
  8. Re:In other news ... by funehmon · · Score: 5, Insightful

    I think shoes flying is more accurate.