Slashdot Mirror
German Government Advises Public To Stop Using IE
An anonymous reader writes "After McAfee's disclosure of an IE 0-day vulnerability this week that had been used in Operation Aurora, the hack and stealing of data from Google, Adobe and about 3 dozen other major companies, the German government has advised the public to switch to alternative browsers (untranslated statement). Given that the exploit has now been made public and the patch from Microsoft is still nowhere to be seen, how long will it be before other governments follow suit?"
According the original article, DEP (enabled by default in IE8) and sandbox mode (Windows 7, Vista) all stop this zero day.
If that is the case, doesn't that in IE's favor, nor against? All browsers have vulnerabilities. All of them have zero-days. However, it seems that IE has some pretty good built-in protections that Firefox lacks.
You know your product's reputation is in trouble when a government advises the public to dump it.
It is not a question of living in a glass house. No application is 100% secure. At issue with Microsoft products; your ass is hanging in the wind for at least 30 days from a security vulnerability... unless they deem it serious enough to issue one outside their update window. At least with Firefox and the other Mozilla based browsers, your ass is hanging out there much less, and that is the real issue when dealing with security issues.
My karma is not a Chameleon.
Firefox/Mozilla guys live in some imaginary World where you maintain/install/update thousands of desktops/laptops just like a home user, clicking "firefox.exe" installer.
IE on the other hand, has amazing administrator capabilities and when coupled with that enterprise "ms update services", it is unbeatable.
Firefox resists to ship a Microsoft Installer (MSI) and Apple Installer (PKG) for some mysterious reason let alone doing the stuff above. Near all those ".exe" shareware etc. stuff you see are in fact MSI packages packed into .exe file for convenience and prevent web server issues.
It got more unexplaniable since there is a complete open source MSI packager which is hosted at sourceforge ( http://wix.sourceforge.net/ ) and interesting thing is, InstallShield corp like guys would even donate their solutions to them with free automated setups. It is not some no name software, it is Firefox.
Perhaps they did - and then MS said "we'd listen to you, but we gave loads of money to a lobbyist organisation who then gave it to the senator on your oversight committee, so bog off".
Which is why I don't understand parents point. The exploit was against Adobe PDF Reader, not against IE. It would have worked in other browsers.
And because Firefox crashed too, it was definitely getting past what it should had been. No browser should even crash on some code on website.
TBH, if it takes all of that precaution just to run your web browser, maybe it's time to use a different one?
By default, Windows 7 w/ IE8 is supposed to already have those bits in place - DEP, permissions isolation, all that rot. But damn... now you're talking about checking that all 3rd-party plugins being off before going online, etc? There comes a point where it's just easier (not only safer but EASIER) to run Firefox, or take the next step and get Linux. It's certainly orders of magnitude easier to just get a Mac and use that instead.
I know, I know, marketshare, 'just a matter of time', whatever... but think about this: Most folks don't give a flying frig about the subtleties of defense-in-depth, they don't care about vuln counts (no matter how contrived), nor do they really care about what happens 3-5 years from now, when they'll have likely replaced their computer anyway. What most folks DO care about is how safe it is out there right now, and w/ a near-perfect record (of not becoming some 13-year-old script kiddie's bitch), Linux and Apple products make more and more sense to the individual once they realize that you don't even have to bother with running A/V on the things, or worry as much about malware, or etc. For those who don't want to make that big of a jump, it's a hell of a lot easier for them to just download and use Firefox, Chrome, whatever... and leave IE alone entirely.
Quo usque tandem abutere, Nimbus, patientia nostra?
And I do take a hike in those cases.
If I encounter such a webpage, I simply move on as I am running Linux and have no interest in any web sites that think they need to force me to run any Windows crap.
If you mod me down, I *will* introduce you to my sister!
I'm required to use adobe's horrible products.
As far as I'm concerned, Adobe is a far greater security threat to my network than IE. I do not understand why people insist on using Adobe products. They are a pain to administer, and not particularly useful. Rather than concentrate on MS, why doesn't the EU take a look at a real threat, Adobe.
Hoist Number One and Number Six.
a) Almost everybody has PDF reader installed (it's preinstalled on most PCs)
b) Firefox managed to contain it.
c) We all know IE is way more promiscuous than other browsers.
No sig today...
Please tell me you aren't a programmer, you clearly don't get it.
If its crashing, they've got 95% of what it takes to own you, the next part is just figuring out how to use that to get some code to run.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
That's no trouble. If they're that dumb, then I don't need their content.
Don't take life so seriously. No one makes it out alive.