Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts Say To Switch Browsers In Light of IE Vulnerability

Posted by timothy on from the here's-my-number-if-the-place-burns-down dept.

It appears that the exploit in IE briefly mentioned a few days ago is causing a serious reaction: SteveAU writes "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched. The flaw, which affects all versions of Microsoft Internet Explorer, is manifested via malware and has infected over 6,000 sites thus far. Microsoft states: 'The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.'" According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).

Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.

103 of 455 comments (clear)

  1. In other news ... by elronxenu · · Score: 5, Funny

    Water still wet.

    Pope still Catholic.

    1. Re:In other news ... by Anonymous Coward · · Score: 5, Funny

      and chairs still fly

    2. Re:In other news ... by Anonymous Coward · · Score: 4, Funny

      last time I checked, *my* pope was orthodox. or to be more precise, Pope and Patriarch of All Africa on the Holy Orthodox and Apostolic Throne of Saint Mark the Evangelist and Holy Apostle.

      happy flamebait!

    3. Re:In other news ... by geekmux · · Score: 4, Funny

      and chairs still fly

      Not this week, I heard the chair budget got cut on account of increased costs from the United Union of Broken Windows.(Look hard for the double meaning there)

    4. Re:In other news ... by Pollardito · · Score: 5, Informative
      that's all news that is true, this article is not actually true:

      Said [Trend Micro's] Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

      But Microsoft counselled against taking such action.

      "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

      He added: "We're trying to get this resolved as soon as possible.

      so it's not actually Microsoft that's suggesting that people switch browsers, Microsoft has only "urged people to be vigilant while it investigated and prepared an emergency patch to resolve it."

    5. Re:In other news ... by funehmon · · Score: 5, Insightful

      I think shoes flying is more accurate.

    6. Re:In other news ... by Chris+Mattern · · Score: 4, Funny

      last time I checked, *my* pope was orthodox. or to be more precise, Pope and Patriarch of All Africa on the Holy Orthodox and Apostolic Throne of Saint Mark the Evangelist and Holy Apostle.

      Otherwise known as "Leroy".

    7. Re:In other news ... by ImdatS · · Score: 2, Informative

      Being wet is not an attribute of water, in fact water makes wet. If I remember correctly from my physics class:
      When a matter is covered by a liquid such as water, that matter becomes wet.
      Yes, the Pope, on the other hand, does have to have the attribute "catholic==YES", otherwise it won't work (whatever "it" it is).

    8. Re:In other news ... by Facetious · · Score: 4, Funny

      Q: What's worse than a grammar-nazi?

      A: A physics-nazi that feels compelled to scrutinize the minutia of jokes.

      --
      Let us not become the evil that we deplore.
    9. Re:In other news ... by ConceptJunkie · · Score: 4, Insightful

      Which is what Microsoft always says: You're gonna get screwed if you use our crappy browser, but at least we warned you.

      No software is perfect, and everything has security flaws, but it seems to me, even 8 years after Microsoft (claimed they) took a serious position on security, they still seem to have an order of magnitude more problems than everyone else. Yeah, I know, they're the biggest target, but for crying out loud, Google wrote chrome from scratch* in less time than IE7 was in beta (or if not, it wasn't too far off) and came up with a browser that blows away IE in every single way except the number of desktops that have it installed.

      Microsoft is at the point where they can do little but admit that there's nothing constructive they can do any more. It's been obvious for years to people in the know, but they've reached a point of diminishing returns: It obviously takes more effort to keep their bloated corpse of an operating system (and its 10-years-out-of-date browser) just working and free of 0-day exploits (leave alone catching up with the competition) than it would be to start over like Apple did with OSX.

      How much longer will it take for MS to wake up? When the amount of effort needed for them to keep Windows limping along exceeds to man-power of the entire planet? It probably won't begin until the chair-tosser-in-chief is gone, and then it take years for them to recover. It used to be that Microsoft put as much effort into maintaining their monopoly as they did in their software. Now it seems maintaining their monopoly receives all but the smallest fraction of attention. The rest goes to plugging holes in the about-to-collapse dyke.

      * For certain values of "from scratch"

      --
      You are in a maze of twisty little passages, all alike.
    10. Re:In other news ... by shutdown+-p+now · · Score: 3, Insightful

      So the Church of England is Catholic too? The Queen is after all the One True God.

      The Church of England does not consider itself the only true Christian church in the world - they recognize the Old Catholics, for example.

      And yes, Anglicans consider themselves to belong to the Catholic Church of all faithful Christians, just as any other Christian denomination that subscribes to the Nicene Creed (this includes all Protestants, too). It stems from the following line in the Creed:

      "We believe ... In one, holy, catholic, and apostolic Church"

      (note that this was written before the Great East-West Schism)

      Here are some, hopefully, more coherent explanations of this. I'm not a theologian, so I can only push the limits of sanity so far :)

    11. Re:In other news ... by shutdown+-p+now · · Score: 2, Interesting

      I think you got that reversed. Catholic typically refers to Roman Catholic. All Catholics are Christians, not all Christians are Catholic.

      No, I have not. Every Christian church considers itself the (or a part of a) "One, holy, catholic, and apostolic Church" from the Nicene creed. Roman Catholics are simply the largest denomination, and the most dominant in areas in which the modern Western civilization arose, so they monopolized the word (at least in European languages). But you can ask any local Orthodox priest if his church is "catholic". Or you may just read the Wikipedia article.

      Note that I'm talking about this from personal experience. I'm not Christian, but I live in a country where Orthodox Christianity is the dominant religion, and the Russian Orthodox Church calls itself "sobornaya", which is a direct translation of the Greek world "katholikos" to Russian as used in the Russian translation of the Creed (sometimes, they also use a plain transliteration - "kafolicheskaya").

      That said, it is still true that unqualified "Catholic" in everyday use usually means "Roman Catholic". In Russian specifically, we have a handy distinction: "kafolic" always refers to Orthodox, and "katolic" always to Roman Catholic (we don't have a sound corresponding to "th" directly, hence the approximations).

    12. Re:In other news ... by shutdown+-p+now · · Score: 2, Informative

      You might read about the Nontrinitarians which are CLEARLY linked on the right hand side of the wiki as the fourth listed denomination (no doubt, there may be others as new churches are started frequently). From the first link, I like the description of the Nicene creed as a political, Roman-influenced screed. It may be a little bit more than an oddball sect. .. It may be a little bit more than an oddball sect.

      If you actually read about the Nontrinitarians at your link, you'll see that no original Nontrinitarian churches (e.g. Arians or Cathars) have survived to this day - they have been pretty much wiped out as the enemy of the religion and of the state. The list of the groups in that article really says it all - they are all fringe splinter groups (sometimes splinter groups from fringe groups, even).

      So, yes, it is just a collection of oddball sects. Even more so as they don't actually form a single denomination - last I checked, Doukhobors didn't recognize the LDS, the LDS didn't recognize Jehovah's Witnesses, and so on.

      From the first link, I like the description of the Nicene creed as a political, Roman-influenced screed.

      Sure it is - mainstream Christianity as a whole is a heavily politicized, Roman-influenced religion, ever since Constantine made it the state religion of the Empire!

  2. Those that haven't already changed... by celardore · · Score: 5, Insightful

    ...probably won't. Most uneducated users that read the article will probably be of the mindset "oh, it won't happen to me".

    1. Re:Those that haven't already changed... by Andr+T. · · Score: 4, Interesting

      I think that most people that read news about IT don't use IE already.

      --

      Any life is made up of a single moment, the moment in which a man finds out, once and for all, who he is.

    2. Re:Those that haven't already changed... by LingNoi · · Score: 2

      Same thing with backups, they're never taken seriously until the company loses all its data and goes out of business.

    3. Re:Those that haven't already changed... by SkankinMonkey · · Score: 4, Insightful

      Yea but the ones that they support and frequently think it's a good idea to click on the 'Hit the target to get a free iPod' ad is a good idea.

    4. Re:Those that haven't already changed... by denis-The-menace · · Score: 4, Insightful

      Corps won't change either, cause their most computer-illiterate users happens to be their CIO and his/her underlings.

      If something huge happens, FF may actually get into corps even without a Mozilla-created, Corp-approved MSI package.

      --
      Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
    5. Re:Those that haven't already changed... by joelholdsworth · · Score: 5, Insightful

      I was listening to BBC Radio 1, and they had a news item about it this morning. But I think GP is right - I can't imagine it will make many users switch. However, as more and more people within the technical community become jaded with the consistent poor quality in Microsoft's offerings, MS will inevitably loose mind-share, and hence their strangle hold on the industry will loosen.

      It's this sort of thing that made me switch over to Linux a year ago. I haven't looked back.

    6. Re:Those that haven't already changed... by Anonymous Coward · · Score: 5, Funny

      Yea but the ones that they support and frequently think it's a good idea to click on the 'Hit the target to get a free iPod' ad is a good idea.

      I won one of these a few days ago. Just to let you know, they don't actually give you an iPod directly. Instead, they ask for your bank account information and deposit $250 (they say it's for tax purposes). I should be getting my money any day now!

    7. Re:Those that haven't already changed... by fuzzyfuzzyfungus · · Score: 5, Interesting

      Speaking as an institutional IT underling, a Mozilla created MSI for Firefox would be really, really handy. As would a mechanism for installing extensions and updates in a more manageable way. Here, at any rate, there is no real opposition to FF per se; but deployment has, thus far, mostly foundered. "Well, IE updates can be deployed within the system with WSUS, FF updates will happen per machine and be blocked by the firewall, and there is no way in hell we'll be able to keep all the machines updated manually." Which is largely true.

      Now, this mostly comes down to the fact that Windows doesn't have anything nearly as nice as real package management(WSUS for MS apps and drivers only is the closest they really come), so apps end up rolling their own with varying degrees of success, which sucks. If we were running *nix this wouldn't be an issue. Unfortunately, that isn't really my option. If FF had a decently manageable MSI option, I'd probably install it on all user machines tomorrow; but until then I'll have to stick with using it on a more limited scale(You think I would use IE for anything beyond the broken intranet stuff?)

    8. Re:Those that haven't already changed... by notaspunkymonkey · · Score: 5, Funny

      My wife has just come over to me (she listens to Radio 1) and told me that I need to install another browser on all our machines.. I guess she has never noticed that we are a Ubuntu household!! At least the message is getting across to normal non techie users at the moment that IE is bad..

    9. Re:Those that haven't already changed... by Shikaku · · Score: 4, Informative

      http://www.frontmotion.com/Firefox/

      Like this?

    10. Re:Those that haven't already changed... by archen · · Score: 3, Interesting

      Really it's not that simple. I was a supporter of firefox in my organization, and to my surprise I pretty much won. We use Firefox for nearly everything. Nearly. I have content adviser turned on for each of the machines which for the most part cripples IE and makes it nearly impossible to actually browse the web. IE is still very necessary for many sites which are required for our operation. Not internal "we developed in house badly designed pages", but actual corporate sites to manage various accounts on the Internet. That's surprising in 2008 that companies could have their head stuck in the sand that badly, but they seem to be all over the place... and unfortunately in places required for essential function.

      I'm fortunate that the medium sized company goes along with this, because in any other organization we'd just use IE and that would be the end of it. Just managing the work arounds has actually been a lot of work, although in my mind it comes out to a wash in being a bit more proactive in preventing the vulnerabilities that flood IE.

    11. Re:Those that haven't already changed... by archen · · Score: 2, Interesting

      No, after the install windows (2000) I "remove" IE as an application. It doesn't show up anywhere, but you can still launch it through run > iexplore. For regular users that require this (usually people who have to manage things like our fuel accounts and such) I re-enable it. I leave content adviser on, and basically have to enable it to browse the site. Unfortunately content adviser is sort of brain dead and I've never gotten wild cards to work, so many sites redirect you all over the place, and pull images from sub domains etc. I also have to be logged in as Administrator for the changes to stick so it becomes this big circus just to browse a site.

      So they have the IE icon, but it doesn't function for anything but those sites. I considered trying to solve this with a proxy, but it seemed like it would be too much to try to juggle two browsers through while only allowing one to have unrestricted access.

    12. Re:Those that haven't already changed... by minerat · · Score: 5, Insightful

      Yes, but it's often many days out of sync with the official releases. In more bureaucratic organizations you're not going to get some random 3rd party build of an application that handles as much sensitive data as a web browser approved. Mozilla needs to realize that wider corporate adoption requires easy manageability. MSI + Group Policy Template FROM MOZILLA would be huge.

      --
      ...and you've eaten your pen. simply stunning.
    13. Re:Those that haven't already changed... by Leafheart · · Score: 2, Informative

      From that website:
      (not part of Mozilla Foundation)
      Which is the same as nothing for any big business.

      --
      --- "When you gotta do something wrong. You gotta do it right. (Fighter)"
    14. Re:Those that haven't already changed... by CSHARP123 · · Score: 2, Informative

      AM news station here in Atlanta which is pretty popular during driving hours were warning today. People will certainly take a note when it is broadcasted on the news

    15. Re:Those that haven't already changed... by Anonymous Coward · · Score: 3, Interesting

      In my organization, we use Macs. We don't have to, but we do, because everyone used to have their own operating system and their own trouble and having to use another computer for a while was a pain when you were a linux fan-boy and the other person was using windows or when someone simply didn't have any gui apps because he's a console fan-boy, etc.

      We're writing software that should be accessible via ssh and web, so the solution was simple: everyone will use Macs (honestly, it took me ONE day to get used to mine and configure it the way I like it) and whoever deals with the web interface gets licenses for virtualisation software and windows + kubuntu. This way, everything will be tested on Safarai, Firefox, Opera, IE, Konqueror and Chrome. Of course, everything is also easily tested to work in SSH, thanks to the wonders of mac's console. If one person has to temporarily use another person's computer, it won't be too much of a hassle because you've always got mac's spotlight to find whatever applications you need and everyone is used to the same interface.

      You can and you should use Macs for development, if it's technically possible. This will ensure a uniform environment and, if you need to just test your applications under other operating systems, you can always use VMware or whatever. The low number of apps available for macs ensure that everyone is using mostly the same software and there aren't huge differences like jumping from Vista to the My Own Tiny Linux console. [we developed our own tiny linux version, because it's needed to run our software and some of the devs actually enjoyed using it for development]

    16. Re:Those that haven't already changed... by Hal_Porter · · Score: 4, Funny

      Really it's not that simple. I was a supporter of firefox in my organization, and to my surprise I pretty much won. We use Firefox for nearly everything. Nearly. I have content adviser turned on for each of the machines which for the most part cripples IE and makes it nearly impossible to actually browse the web. IE is still very necessary for many sites which are required for our operation. Not internal "we developed in house badly designed pages", but actual corporate sites to manage various accounts on the Internet. That's surprising in 2008 that companies could have their head stuck in the sand that badly, but they seem to be all over the place... and unfortunately in places required for essential function.

      I'm fortunate that the medium sized company goes along with this, because in any other organization we'd just use IE and that would be the end of it. Just managing the work arounds has actually been a lot of work, although in my mind it comes out to a wash in being a bit more proactive in preventing the vulnerabilities that flood IE.

      You can do much better than that. I duct tape huge boxing gloves to my users hands, that way they can't type malware in using a notepad and Alt key codes. I've also banned people carrying in USB peripherals (might have malware), laptops (might have malware), mobile phones (distracting and pointless) and A4 binders (might have malware written out as a long list of Alt key codes). I've also removed all the phones (someone might whistle malware down the phone to a 56K modem). Though I've covered all the ports, USB, network, modem and so on with epoxy resin. Still I believe in defense in depth.

      Some of my users have found out how to remove the gloves with their teeth, even though my security guards will beat anyone they see trying to do that. I've asked the CEO if I can amputate their hands and leave them with bandaged stumps but he obviously was too 'non technical' to understand. He just shook his head and walked off. Maybe muzzling persistent rule breakers after the third beating would be a acceptable. Actually I want to muzzle and blindfold everyone all the time and cut off the power. Still, even though the solution I have is not perfect it is very secure.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    17. Re:Those that haven't already changed... by Frosty+Piss · · Score: 2, Insightful

      Corps won't change either, cause their most computer-illiterate users happens to be their CIO and his/her underlings.

      Many "corps" will not switch because they have internal applications that require IE for some reason (ActiveX...)

      --
      If you want news from today, you have to come back tomorrow.
    18. Re:Those that haven't already changed... by lysergic.acid · · Score: 4, Informative

      sounds like a stereotypical trojan/adware/malware infection. at least all you're getting are pop-ups. the last one i had to deal with at work also used DNS-hijacking to redirect any webpage request to their spam (porn) site, preventing any web surfing. to make things worse, it wouldn't even allow the user to run certain programs, like notepad, Hijack This!, Internet Explorer (this malware targeted Firefox).

      a fresh install is probably the easiest/quickest way to fix it, but it's not the only solution. with a little sleuthing (Windows Task Manager & Hijack This!) you can usually identify the file & process name(s) of the malware. all the times i've had to deal with that sort of thing, i found the solution in forum discussions on tech support sites (found by googling the file/process name of the trojan). if you're lucky, someone will have made a cleaner program for that particular malware program.

      one of the more frequently encountered malware/adware programs is SmitFraud. that's one i've encountered several times. it cannot be removed by AV programs or spyware/malware removers (though it'll try to get you to purchase and install rogue AV/Anti-Spyware programs). if you do have SmitFraud, then your best shot is SmitFraudFix.

  3. Vulnerability by conureman · · Score: 5, Insightful

    The only way to open iexplore.exe in my home computers is through the "run" tab. This is to prevent unfit users from not using one of the other browsae. I seldom format & install windows now, unlike before I took that measure.

    --
    The cost of that cleanup, of course, will be borne by taxpayers, not industry.
    1. Re:Vulnerability by Man+Eating+Duck · · Score: 3, Informative

      The only way to open iexplore.exe in my home computers is through the "run" tab. This is to prevent unfit users from not using one of the other browsae.

      Can't you open any folder and then enter the URL in the address bar?

      I just tried at my work computer, it opens Firefox on WinXP. I guess that's because Firefox is my default browser.

      --
      Are you a grammar Nazi? I'm trying to improve my English; please correct my errors! :)
    2. Re:Vulnerability by kv9 · · Score: 4, Funny

      This is to prevent unfit users from not using one of the other browsae.

      for everyone's sake, I hope that's a fucking typo.

      --
      Stop Computers/Cars Analogies on S
    3. Re:Vulnerability by cerberusss · · Score: 5, Funny

      This is to prevent unfit users from not using one of the other browsae.

      for everyone's sake, I hope that's a fucking typo.

      No it's not a typo, there are many wordae like that.

      --
      8 of 13 people found this answer helpful. Did you?
  4. Microsoft should just scrap IE by Reality+Master+201 · · Score: 3, Insightful

    Just start over. The thing's a chunk of crap that doesn't render stuff properly and must be a nightmare to maintain.

    Pick another rendering engine - WebKit or Gecko - and build a browser around it. Maybe provide IE classic for those poor schmucks who are at jobs with crappily coded intranet apps full of client side VBScript, but don't make it the default.

    1. Re:Microsoft should just scrap IE by hey! · · Score: 4, Insightful

      They won't, because there are only two things shoring up their critical desktop OS monopoly in the enterprise at this point: Office and IE.

      User and developer dependencies on IE's peculiarities makes not having access to Windows inconvenient. Microsoft's own web software are designed to provide users of alternative browsers with inferior experience.

      Keeping those "poor schmucks" dependent on IE is worth a great deal of money to MS.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    2. Re:Microsoft should just scrap IE by Reality+Master+201 · · Score: 5, Insightful

      Yeah, believe me, I've done a lot of corporate consulting, and there's plenty of places with stuff that they'd have to recode to move off IE. Stuff that uses client side VBScript and extensive ActiveX controls. Sometimes it's 3rd party apps from a timesheet system vendor or whatever.

      It already works. So why recode just to make the computer geeks happy?

    3. Re:Microsoft should just scrap IE by xorsyst · · Score: 2, Insightful

      They won't, because there are only two things shoring up their critical desktop OS monopoly in the enterprise at this point: Office and IE.

      Thank your lucky stars your enterprise doesn't use sharepoint then.

      --
      Get free bitcoins: http://freebitco.in
    4. Re:Microsoft should just scrap IE by swillden · · Score: 3, Interesting

      So why recode just to make the computer geeks happy?

      Who cares about the computer geeks?

      Recode to make the Chief Security Officer happy.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    5. Re:Microsoft should just scrap IE by plague3106 · · Score: 2, Informative

      Huh... well it might not act like svn, because its not a version control system. You seem to horribly misunderstand what sharepoint is.

    6. Re:Microsoft should just scrap IE by Blakey+Rat · · Score: 2, Informative

      IE has tons of backwards-compatibility cruft. They can't just yank it; there'd be thousands of apps that literally couldn't run because they depended on some obscure IE feature.

      That said, Microsoft *does* have an excellent (if slow) rendering engine named Orcas. As opposed to IE's engine, named Trident. It's used for their also-excellent Expression Web product. And, I think, Visual Studio, but I don't have that installed so don't quote me on that.

      --
      Comment of the year
  5. Re:Red header by jadrian · · Score: 5, Insightful

    I used to spend all day on Slashdot and now I only check it occasionally.

    I guess some good came out of it after all.

  6. Is any browser safe? by Toreo+asesino · · Score: 5, Interesting

    Personally I don't use IE for most things, but I don't use FireFox for reasons of security at all; just because the extensions rock.
    To my mind, all browsers have more or less the same number of security problems; name me a single mainstream browser that's not had a vulnerability this year for example.

    So in other words, we should find ways to seal off browsers from the normal desktop; lock it down in some low-rights, sandboxed safe environment planning that when it is hacked, it at least will be very limited in scope.

    And that, ladies and gentlemen, is why if I had to choose my browser on purely default security scope, I'd go for IE7/Vista or some customised FireFox setup that nailed it to the floor.

    Just a thought.

    --
    throw new NoSignatureException();
    1. Re:Is any browser safe? by __aayejd672 · · Score: 2, Insightful

      But not all browsers are welded to the kernel.

    2. Re:Is any browser safe? by Raenex · · Score: 5, Insightful

      So in other words, we should find ways to seal off browsers from the normal desktop; lock it down in some low-rights, sandboxed safe environment planning that when it is hacked, it at least will be very limited in scope.

      Except the browser is an excellent application to hack, even if sandboxed, because it has network access and is used for nearly everything these days, including online banking. If you want to be safer you'll have to use separate sandboxed browsers for finance vs email vs ... vs random browsing.

    3. Re:Is any browser safe? by Svartalf · · Score: 4, Insightful

      Few browsers enable privilege escalation like IE does on a regular basis.

      --
      I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
    4. Re:Is any browser safe? by LtGordon · · Score: 4, Insightful

      Running web content in a sand boxed environment is exactly one of the features Google emphasized with Chrome. Web content is inherently untrustworthy so this is a smart move. It's sort of like wearing a web-condom: used to be that going bare-browser was mostly safe as long as you were careful who you interacted with, but nowadays even the pretty ones can burn you, so your best bet is to just wrap your tool ... with a sandbox. (I'm still working on the analogy)

    5. Re:Is any browser safe? by IceCreamGuy · · Score: 2, Funny

      The Links browser? Stallman knows what's up! What do you guys think, Lynx or Links? I prefer Links, just seems easier to use to me. Lynx actually did have a vulnerability disclosed in October, http://web.nvd.nist.gov/view/vuln/detail;jsessionid=031729623a47404f1389622ff35a?execution=e1s1. That damn Lynx has just gotten too mainstream to be safe these days!

    6. Re:Is any browser safe? by chrisgeleven · · Score: 5, Insightful

      Firefox to me is more secure in a way because it usually has security patches released within 48 hours or so after a 0-day exploit, sometimes even within 24 hours. Microsoft on the other hand has been known to leave 0-day exploits unpatched for months.

      Also, Microsoft patches have to wait for their nightly automatic install or when a user shuts down their PC. I believe Firefox checks every time it is launched for updates and installs them. The odds are, you are going to get patched quicker using Firefox then IE.

    7. Re:Is any browser safe? by the_B0fh · · Score: 2, Interesting

      First of all - Firefox was designed with security in mind.

      IE was not. That alone is enough to drive me off IE. Go to the Risks digest and read what Bob Atkinson wrote about Authenticode - he basically says that a broken screen saver has higher priority than security issues - and authenticode is the security technology behind ActiveX. And Atkinson is the fucking author of authenticode.

      http://catless.ncl.ac.uk/php/risks/search.php?query=authenticode

      And what you want - that technology already exists. A company called GreenBorder made it. Guess what - google bought it. Hopefully, the big G will release it soon.

    8. Re:Is any browser safe? by Bearpaw · · Score: 2, Funny

      It's sort of like wearing a web-condom: used to be that going bare-browser was mostly safe as long as you were careful who you interacted with, but nowadays even the pretty ones can burn you, so your best bet is to just wrap your tool ... with a sandbox. (I'm still working on the analogy)

      Try adding a reference to "extensions". That'll help.

    9. Re:Is any browser safe? by fuzzyfuzzyfungus · · Score: 2, Informative

      VMware is a downloadable image, essentially FF plus minimal linux, designed for their VMware Player, that essentially does that. It isn't what I'd call an elegant solution; but the improvement in security is substantial.

    10. Re:Is any browser safe? by nschubach · · Score: 2, Interesting

      Unless the sandbox is created with a fresh copy of the executable every time it starts... Start Browser, OS copies a clean executable/settings into a sandbox and runs said executable. Upon exiting, sandbox is deleted along with any garbage that was injected by malicious sites.

      --
      Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
    11. Re:Is any browser safe? by Anonymous Coward · · Score: 5, Informative

      Neither is Internet Explorer. There is nothing about IE that has anything to do with the kernel. You confusion lies in the fact that you confuse "operating system" specifically with "kernel" which is not completely correct. Absolutely no part or component of Internet Explorer resides in privileged memory.

      Internet Explorer, however, is a part of the operating system in that a number of the libraries used in Internet Explorer the browser are modular and can be used through other applications, both first party and third party. Various components of the Explorer shell, such as Active Desktop, are accomplished through hosting the HTML renderer of Internet Explorer. Many applications also rely on those libraries are a variety of functions from rendering HTML to performing simple FTP commands. They could use other means to accomplish the same tasks, but the Internet Explorer API makes it exceedingly easy.

      So, no component of Internet Explorer is hosted within the kernel at all. However, Internet Explorer is a part of the operating system in that it is a constituent component of the platform API expected to exist for applications. Removal of those components will break scores of applications.

      Note that this vulnerability also does not impact Internet Explorer 7.0 on Windows Vista running within Protected Mode. Yes, the vulnerability can still be exploited and the arbitrary code executed but that code will be contained within a fairly tight sandbox which lacks the privileges to write data to any location, including the user's own profile, even if the current user is running as Administrator. Google Chrome on Windows Vista is the only other browser to use this functionality. No browser can completely prevent buffer overruns in loaded native plug-ins, but browsers may mitigate the effects by sandboxing themselves. Other browsers should take note and follow suit.

    12. Re:Is any browser safe? by British · · Score: 2, Funny

      Choosing a browser with security as the only concern? Opera.

      "Eeeeverybody's getting secure browsers!"
      "You get a secure browser!"
      "YOU get a secure browser!"
      "You get a secure browser!"

    13. Re:Is any browser safe? by Z34107 · · Score: 4, Informative

      IE never was "welded to the kernel."

      IE exports a COM object, which lets developers add HTML rendering to an application with one line of code. So, that's one reason why they don't want you uninstalling it - HTML rendering is something a lot of Windows applications are expecting the OS to export.

      The closest it came to "welded to the kernel" was Active Desktop where the Windows shell used it to render a web page on your desktop. I think it was also used if you had an HTML background for folders, too. Not sure what happened to it in XP or Vista.

      About the only things that count as kernel-welded in Windows land are device drivers and services, of which IE is neither.

      --
      DATABASE WOW WOW
    14. Re:Is any browser safe? by TheRaven64 · · Score: 2, Interesting

      It always has been, it's just been stupid, because a lot of complex dialog boxes in Windows (e.g. Windows Update) used the mshtml DLL for display. You can delete iexplore.exe and explorer.exe and use something else for your shell, and delete mshtml.dll and make sure you don't run any applications that depend on it. The kernel is still happy, as are the low-level parts of the uesrland, but a huge amount of the GUI depends heavily on it.

      --
      I am TheRaven on Soylent News
    15. Re:Is any browser safe? by Kozz · · Score: 4, Funny

      ...use separate sandboxed browsers for finance vs email vs ... vs porn browsing.

      Fixed that for you.

      --
      I only post comments when someone on the internet is wrong.
    16. Re:Is any browser safe? by Shados · · Score: 2, Interesting

      No sitation, I was only going by the historical background of both browsers. Firefox has its roots in Mozilla, which was...less than stellar back in the days. Of course, everything changed and that background is fairly irrelevent now.

      And the vulnerability is an issue because not everyone is on Vista, not everyone has UAC on, and most people (including me until 2 days ago!) know about the memory protection feature (plus, while I didn't hit any, it supposingly can have some incompatibility issues with some IE plugins in 32 bit... Silverlight, Flash and Java work fine though).

      Plus well, its still bad if someone can crash your browser with javascript. But it still IS a valid workaround that issue (and most future IE exploits) that makes something that would be totally horrible into a mere pain in the butt.

    17. Re:Is any browser safe? by TheRaven64 · · Score: 2, Informative

      Which doesn't help if you go from a site with an exploit to your internet banking site. What you really want is a different browser process and chroot for each web site you visit. You could do this relatively easily with UNIX, by having the browser contain a reparented X11 window which did the actual browsing, and each time you click on a link that crosses the a boundary between domains killing the process and spawning a new one going to the new site which would chroot() itself into ~/browser/{site name} and store any site-specific info (caches, passwords, and so on) there. If it didn't store anything, then the directory would be removed on exiting the site.

      --
      I am TheRaven on Soylent News
    18. Re:Is any browser safe? by arevos · · Score: 2, Interesting

      Except the browser is an excellent application to hack, even if sandboxed, because it has network access and is used for nearly everything these days, including online banking. If you want to be safer you'll have to use separate sandboxed browsers for finance vs email vs ... vs random browsing.

      Isn't Chrome meant to do this? Each tab in Chrome is an individual sandboxed process.

    19. Re:Is any browser safe? by swillden · · Score: 2, Interesting

      No sitation, I was only going by the historical background of both browsers. Firefox has its roots in Mozilla, which was...less than stellar back in the days.

      Netscape/Mozilla was never particularly bad with respect to security. Certainly it wasn't any worse than IE.

      Of course, everything changed and that background is fairly irrelevent now.

      Agreed.

      And the vulnerability is an issue because not everyone is on Vista, not everyone has UAC on, and most people (including me until 2 days ago!) know about the memory protection feature (plus, while I didn't hit any, it supposingly can have some incompatibility issues with some IE plugins in 32 bit... Silverlight, Flash and Java work fine though).

      So, people could upgrade to Vista, leave UAC on (with attendant annoyances), and learn about and turn on the memory protection feature (assuming it's not on by default), or... they could install Firefox. Time and expense for the first option: many hours and hundreds of dollars. Time and expense for the second option: 15 minutes and no cost.

      I realize you were responding to claims that IE was designed without security in mind, not evaluating the practicality of different options. My point, though, is that IE *was* designed without security in mind, and that your response is proof of that fact. Microsoft's belated attempts to fix it without starting from scratch (as they've finally done with IE8) rely on heavy-handed tools provided only in their latest OS and which come with their own set of disadvantages.

      Firefox's security relies on careful design and implementation, plus a very quick patch turnaround time and automated update process -- that, somehow, never seems to break things, in spite of Microsoft's insistence that patches that don't receive heavy QA must.

      If IE's use of Vista memory protection turns out to be highly effective (time will tell), then Firefox developers will make use of it as well, and FF users will have the benefits of both that technology AND good implementation practices and quick, effective update processes.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  7. Wrong summary by OhHellWithIt · · Score: 5, Informative

    Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched.

    I don't see anywhere in TFA that Microsoft has advised people to use another browser. It's other experts. So this is a "dog bites man" story, not the other way around.

    Now, if you don't mind, I'll go back to my nap.

    --
    "Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
    1. Re:Wrong summary by Sebilrazen · · Score: 2, Informative

      Mod parent up, I RTFA and the mentions to switch are provided by Ferguson who's a TrendMicro guy, Curran, a UK Microsoft guy said, "Whoa... that's not what we meant..." roughly.

      --
      "There are no facts, only interpretations." --Friedrich Nietzsche.
    2. Re:Wrong summary by rlawley · · Score: 2, Informative
      I only read the article because it looked like big news that Microsoft were recommending users use something else. Obviously this was not the case, as shown in the quote...

      But Microsoft counselled against taking such action. "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

  8. I'm no fan of MS... by Viol8 · · Score: 3, Insightful

    .. in fact I'm a diehard linux fanman (too old to be a fanboi!)

    But even I'm getting sick of the hysterical anti MS reaction every single time some exploit appears for some or other program. Some people particularly media commentators need to get a sense of perspective and understand that no complex piece of software can really ever be bug free and these sorts of errors will creep in occasionally. Who hear who codes in C or C++ hasn't had a similar bug in their own code from time to time even though you were sure you'd debugged everything and the code passed through testing fine? Probably all of us. So look around you to spot the glass before you start chucking any stones!

    1. Re:I'm no fan of MS... by joelholdsworth · · Score: 2, Insightful

      So look around you to spot the glass before you start chucking any stones!

      The problem is that this isn't some little application. There are 750 MILLION users of IE. Each user will have paid somewhere between $20 and $200 for the privalege of using their bundled browser - and Microsoft is rich! beyond the dreams of avarice.

      Is it wrong for us to expect a little quality in IE? Especially considering the number of users, it's importance as an app, and the amount of cash MS has?

    2. Re:I'm no fan of MS... by Svartalf · · Score: 2, Insightful

      Heh... You'd just have other exploitable issues, either within the Java JVM or in poorly written code- just not the same class of them. I don't place blind faith in a language to clean up after myself.

      --
      I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
    3. Re:I'm no fan of MS... by IceCreamGuy · · Score: 2, Insightful

      Unlike the South Park episode in which pure cash was the cure for AIDS, there is no cure for imperfect code. I dare you to write a Hello World which you can guarantee to be completely secure until the end of time. Not like this isn't serious, and not like Microsoft has had a great track record with security, however throwing "cash" at an app doesn't guarantee unequivocal perfection. Usability is inversely proportional to security; if you want an app that will be usable by the majority of the world, then it will have security flaws no matter what. If you want an app that's completely secure forever, then your app will have to never be used by anyone ever.

    4. Re:I'm no fan of MS... by Macthorpe · · Score: 3, Insightful

      Do you have anything more recent than 10 years ago?

      It's not unreasonable, after all the security improvements that have been put into Vista, that the prevailing attitude may have changed somewhat in a decade.

      --
      "It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
    5. Re:I'm no fan of MS... by swillden · · Score: 3, Insightful

      Usability is inversely proportional to security

      This is a common myth.

      I'll grant that there is often tension between security and usability, but to say that they're inversely proportional is flat wrong. It's very easy to build software that is neither usable nor secure and it's possible to build software that is both very usable and very secure.

      Further, the usability/security tension that exists in some situations is irrelevant in the present context. This security flaw -- like many, many others -- has no relationship whatsoever to usability. IE would be equally usable (or not) if the flaw didn't exist, and the usability of IE will not decrease once the hole is repaired.

      In short, your statement is both a red herring, and wrong.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  9. No, Microsoft did NOT say to use another browser by Anonymous Coward · · Score: 5, Informative

    RTFA.

    Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

    But Microsoft counselled against taking such action.

    "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

  10. another OS by TheMeuge · · Score: 3, Interesting

    Next week's news: "Microsoft experts" advise users to switch to temporarily switch to a different OS, as they prepare to roll out Windows 7... ... jokes aside I haven't been THAT peeved with Vista. The interface is awkward, file transfers are dramatically slower than Ubuntu, and downloading a file over the internet invokes a 20 second freeze in Firefox. Other than that, it seems more stable than XP, and is responsive enough on my recently upgraded desktop.

    It has been relegated to a game console status though, at least for me.

    1. Re:another OS by theaveng · · Score: 3, Insightful

      "PEBKAC - problem existing between keyboard and chair".

      Ahhh okay. I don't see how Firefox freezing for twenty seconds is a problem caused by the user. Why do you blame the user and not the programmers?

      --
      FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
    2. Re:another OS by BluenoseJake · · Score: 2, Insightful

      Most likely the 150 extensions and plugins? That has been the cause of most of Firefox's slowness, in my experience.

    3. Re:another OS by mR.bRiGhTsId3 · · Score: 2, Informative

      I am more apt to blame firefox than windows for that one.

  11. Uhhh, no... by IceCreamGuy · · Score: 4, Informative
    FTS:

    Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched.

    FTA:

    But Microsoft counselled against taking such action.

    "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

    Not trying to downplay the clear reasoning behind switching browsers, but the summary is just blatantly incorrect in this case.

  12. Re:bear. woods. pope. hat. by tekrat · · Score: 2, Interesting

    Poor MS, what with Vista they have been having a bad time of it recently.

    Poor Microsoft? You've gotta be kidding me. If your main products are crap, you get what you deserve. Anyone who thinks that Windows or IE are great obviously hasn't even tried anything else seriously.

    At the Trenton Computer Fair earlier this year I was handed an Ubuntu disc. I've subsequently loaned this disc to others, made copies, etc., etc, and everyone that actually put it in their computer and tried it came back to me to tell me how amazing it was.

    If given a viable alternative, PEOPLE WILL SWITCH, and move away from MS/IE/Windows, and it's associated legacy crud.

    And yes, I own a PC running Windows (2000). But I also own an iMac, an EEE-pc, and various SGI and SUN boxen. And a machine running Ubuntu.

    --
    If telephones are outlawed, then only outlaws will have telephones.
  13. Will this flaw affect "old" IE browsers? by theaveng · · Score: 2, Funny

    My laptop has an older IE; version 5 I believe..... will this flaw affect that too, or is it just a flaw in the current version of IE?

    --
    FOX NEWS.com should be BANNED from television and internet. Have the Congress take it over and give us Truespeak.
  14. The shrieking is a bit tedious by symbolset · · Score: 2, Funny

    Especially since it happens nearly every day. Oh noes!!!! Everybody panic!!! Another exploit in Windows/Office/Explorer. WOE is us!!!

    Perhaps if we phrased it like a sponsored ad: "Todays exploit brought to you by yet another buffer overflow error!" "This morning's gaping security hole sponsored by Stormworm. Stormworm: The worm of choice for the discerning mailbot."

    --
    Help stamp out iliturcy.
  15. Re:Red header by Midnight+Thunder · · Score: 2, Funny

    Normally this is reserved for subscribers, so maybe it was a subliminal attempt to get you to subscribe ;)

    --
    Jumpstart the tartan drive.
  16. Re:Makes sense to me by __aayejd672 · · Score: 2, Funny

    And since then, they've also learned how to make anti-spyware apps that distinguish between real spyware and cookies that just track what websites you go to for advertising purposes.

    Aaaah I didnt realise I was jumping forward in time before running anti-apyware after browsing with FF :)

  17. Strange news by femtoguy · · Score: 2, Interesting

    This is especially strange news in light of an article from zdnet, http://blogs.zdnet.com/security/?p=2304, saying that firefox is the top bad example from a list of 12 programs with the worst security record. More interestingly, they don't even mention Internet Explorer as having bad security problems, despite news like this. Does Microsoft just pay journalists to write things like this on the day before they know they have bad news to release in hopes that people won't notice their security problems?

  18. Re:bear. woods. pope. hat. by apodyopsis · · Score: 2, Interesting

    That does not sound practical. I mean obviously they will try it and sometimes it will work - but a company cannot just write away all liability for their goods in a contract, life does not work that way. And it rather depends on the local laws at point of use surely?

    I am pretty sure that some risks cannot be written off in a contract and you are always liable.

    But, INAL and I am sure that most of the people who browse this will know more than I do - so whats the real angle here?

    Can MS simply add #17 to their EULA and expect all liability to vanish or are they being optimistic?

  19. Re:Red header by mhall119 · · Score: 5, Insightful

    For all Slashdot's leanings toward open source and hatred of all things microsfot or proprietary, does anyone else find that Slashdot itself acts like a closed source company?

    You mean like how they host the code that runs their site on a publicly available CVS server and FTP site? Open source means that you can modify the code however you want, not that other people will modify the code however you want.

    --
    http://www.mhall119.com
  20. Not MS, it's Trend by courteaudotbiz · · Score: 2, Informative
    From TFA

    "In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."

    Then

    Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."

    So NO, it's not Microsoft who recommends switching browsers, they even say

    "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.

    I wanted to clarify it since the story wasn't that clear...

  21. Re:Red header by ObsessiveMathsFreak · · Score: 2, Insightful

    OK, is this whole red thing some kind of mass troll, or is a new format change about to be hoist on us all? Screenshots, or it never happened.

    --
    May the Maths Be with you!
  22. Re:Red header by Fastball · · Score: 4, Insightful

    Sure, but I think the more valid point (the one the parent was trying to make) is that ./ would do well to have some sort of Changelog page that also includes changes to come. This way, folks aren't "adjusting their television sets" when the feature de jour makes an appearance. They'll have a place to RTFM.

  23. Only 0.02% ?? by l2718 · · Score: 2, Interesting
    Quoth the MS hack:

    Said John Curran, head of Microsoft UK's Windows group: "At present, this exploit only seems to affect 0.02% of internet sites"

    The internet is large. One out of every 5000 sites is a lot. Cut your losses and run while you can.

  24. Re:Even that isn't necessarily enough by blueskies · · Score: 2, Insightful

    Well phishing doesn't depend on client side vulnerability anyway--it's a social hack.

  25. Unfortunately, not practical by grasshoppa · · Score: 3, Informative

    As much as I'd like to push out firefox for my users, I have many users in a domain environment with mapped applications directory; firefox is simply unmanageable in this environment.

    Of all the improvements they are making in firefox, they are ignoring a potentially very large audience by not including some way to manage the browser in a corporate environment.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
  26. Re:Red header by Daimanta · · Score: 5, Funny

    Obama performs stupid /. changelog tricks with Ubuntu!

    Frontpage material

    --
    Knowledge is power. Knowledge shared is power lost.
  27. Non technical users are getting the message. by jotaeleemeese · · Score: 4, Interesting

    In BBC Radio 5 Live an MS representative was giving the suggested steps to protect Windows machines, the full 4 of them.

    The newsreader and presenter, Anita Anand asked if it would not be easier just to switch to another browser.

    The MS guy replied with the platitudes to be expected, the important point is that mainstream non technical media are getting the idea.

    --
    IANAL but write like a drunk one.
  28. People should go there and read it. by jotaeleemeese · · Score: 3, Insightful

    And then read the fallout where the readers debunk what the article says, including posts to problems with IE that for some reason were completely ignored when doing the compilation.

    I will just point out that Firefox is #1 because they *patched* the most vulnerabilities.

    Only in Bizarro Planet this would define the most unsafe application.

    --
    IANAL but write like a drunk one.
  29. Sorry by Pope · · Score: 2

    Never been Catholic.

    --
    It doesn't mean much now, it's built for the future.
  30. Re:Red header by Blakey+Rat · · Score: 2, Informative

    A changelog would imply they're following some kind of "design" or "plan" when they're clearly not. They make changes to people using the "version 1 discussion system" obviously intended for users of the "version 2 discussion system", like the Users page. They randomly break things, then half-repair them. i.e. listing the wrong content (submitted articles), then 'fixing' it by showing the intended content (recently posted comments) wrongly (incorrect scores).

    Oh, and they're owned by the company that runs SourceForge, the site that frequently looks like this: http://schend.net/images/screenshots/slashdot/sourceforge_blank_window.png or this: http://schend.net/images/screenshots/slashdot/sourceforge_wish_it_was_a_blank_window.png

    Slashdot seems to be a classic DailyWTF-esque "Developmestuction" environment: http://thedailywtf.com/Articles/The_Developmestuction_Environment.aspx

    There isn't anybody at the entire Sourceforge/Slashdot corporate entity I'd call a "web developer".

    --
    Comment of the year
  31. It can be done... sort of. by kwabbles · · Score: 2, Interesting

    I've been able to run Firefox to some extent in a corporate environment and keep it updated - I just create an MSI package whenever a new version of Firefox comes out (3.0.3, 3.0.4, etc) and then roll it out via group policy. Then I just let my users know they should use Firefox for all of their browsing, and use IE only for craptastic activex/VB intranet apps.

    You're right though - they really need to make it easier. Keeping plugins, etc updated is impossible.

    --
    Just disrupt the deflector shield with a tachyon burst.
  32. What a crock of bullshit title by Toll_Free · · Score: 2, Informative

    "Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while a serious security flaw is being patched."

    Then

    According to the BBC report, though, Microsoft itself is only asking that users be "vigilant while it investigated and prepared an emergency patch"; it's outside experts who say to dump IE (at least for now).

    So, which is it?

    It's bullshit editing like this that keeps slashdot and other sites like it from being taken seriously by anyone other than the fervent geeks that perpetuate it. Seriously.

    When a title and a summary both contain conflicting statements, the article shouldn't even run.

    --Toll_Free

  33. Re:Red header by Blakey+Rat · · Score: 4, Interesting

    I have nothing against "AJAX", I just have this thing against "ugly."

    Slashdot had a huge competition to design a new look only a couple of years ago, and it actually looked pretty good for a long time. Then, relatively recently, they've decided they wanted to add dynamic features, and the look has gone into the crapper. The only recourse is to keep Slashdot set to "Classic" appearance, which is less vomit-inducing, but the "version 2" appearance keeps leaking in.

    See, for example, these bugs:
    https://sourceforge.net/tracker2/?func=detail&aid=2144813&group_id=4421&atid=104421
    https://sourceforge.net/tracker2/?func=detail&aid=2159787&group_id=4421&atid=104421
    https://sourceforge.net/tracker2/?func=detail&aid=2348173&group_id=4421&atid=104421
    https://sourceforge.net/tracker2/?func=detail&aid=1939546&group_id=4421&atid=104421
    https://sourceforge.net/tracker2/?func=detail&aid=1939531&group_id=4421&atid=104421

    and probably a dozen others I've noticed but not bothered to submit. (BTW, if anybody at Slashdot tells you to submit your issue as a bug report to get it looked at, they're lying. They never look at bug reports.)

    --
    Comment of the year
  34. Summary wording flawed by belrick · · Score: 2, Informative

    The article linked in the text Microsoft has begun flooding media outlets with information advising users to switch to an alternate browser while quotes a Trend Micro spokesman advising users to switch and a Microsoft spokesman explicitly saying he can't advise users to switch over one flaw. This contradicts the summary text.

  35. Cycle of Abuse by clarkn0va · · Score: 2, Insightful

    so it's not actually Microsoft that's suggesting that people switch browsers

    Au contraire. "I cannot recommend people switch due to this one flaw". Translation: We've given you countless reasons to switch already. Here's one more.

    IE users (and Windows users in general) remind me of the plight of the abused spouse, caught in the endless cyle of abuse. This is phase 2. A fix has been promised for tomorrow. That's phase 3. How many times is the average victim victimized before they leave? Way too many.

    db

    --
    I am literally 3000 tokens away from the chaotic crossbow --Stephen