Slashdot Mirror
Microsoft Says Upgrade To IE8, Even Though It's Vulnerable
Barence writes "Microsoft has issued a statement urging people to upgrade their browser to IE8, after the zero-day exploit that was used to attack companies such as Google went public. According to Microsoft's security advisory: 'the vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.' But, although IE6 has been the source of the attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7."
.. now *that* would be real fun.
Because DEP is enabled by default in IE8, unlike IE6 and IE7. The exploit can not work against IE8. Also, IE in modern versions of Windows is sandboxed, unlike Firefox. Sorry to rain on the parade...
"...I think the Microsoft hatred is a disease." - Linus Torvalds
...or Death
Security theater to keep people on their, similarly defective, latest product is the best thing MS could do for now, it seems. I'm waiting for comment from Bruce Schneier...
One that hath name thou can not otter
the vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Is this an ActiveX thing? I mean how the hell do you get the pointer in the first place? And how do you keep the browser from page faulting?
I'm so confused!
Software Engineer: "It's a complete mess... The vulnerability is present in IE6, 7, and 8 and it won't be an easy fix."
Marketing Shill: "Excellent! Now they've no reason not to upgrade to IE8. Get out a Security Advisory at once!"
This whole article should be marked redundant. Whoever could upgrade to 8 did it.
Some people just can not afford to do it; if it is a question IE6 or access to internet it will be IE6.
"Blah blah blah." - [citation needed]
Even if the exploit is successful on IE8 on Vista or Win7, the reduced security mode that it runs in will prevent it from actually doing anything.
Sure it may be able to crash the browser, or maybe screw with a favorite, but it can't access user files and especially can't do anything to the OS even if the exploit works.
So saying it is a 'problem' on Vista or Win7 is stretching the truth.
Looking back at the whole story it seems that Google planed this in advance. They got hacked for real... but then someone had an idea: this an IE exploit so lets benefit from this. Let's show everyone how bad IE really is. So they posted on their blog saying that they will get out of China because of this attack (very dramatic so everybody heard about it) but I suspect that they have no intention to do that. I think they used their blog just to let people know: "we are Google, we know stuff about security but we've been hacked, we will lose this big market and it's all because of this flawed IE". Now everybody is running away from IE (finally).
Not sure if this is evil but I'm sure IE will lose because of this.
From TFA:
But although Internet Explorer 6 has been the source of attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.
But then, in the very next sentence of the very same FA:
Nevertheless, Microsoft is still urging its customers to upgrade their browser to the latest version. "Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8," the company claims.
Am I missing something, or are they suggesting that last week's attack is not "currently known"???
My head feels like it's about to asplode from this doublespeak...
/HJ
UPGRADE!
IE6 must die!
You know what struck me as strange when I read this post? I thought about the issue that Firestone went through a few years back with their faulty tires causing a few deadly accidents. By comparison:
If Firestone were to beg people to buy their faulty product, even though it was dangerous, people would think that Firestone being rather twisted and greedy.
When Microsoft basically does the same thing with their faulty product, it's somehow "OK"?
I guess the "go fix your shit and don't come back until it's done" mentality is rather dead these days...
I dunno... If these folks are using IE6, and don't have any clue what they're doing, wouldn't they just be better off without a web browser? They'll find a way to stumble along something dangerous regardless of what anyone does to help them protect themselves.
I think that we should encourage these users to upgrade to the "offline experience."
Upgrade to Firefox!!!
Get rid of that Microsoft Virus masquerading as an operating system!
Except for the product is free and one is more secure then the other. While it's not perfect it's not as terrible as you make it out to be. No browser is 100% secure so by your standards if you recommend Firefox instead and they get malware from it are you to blame for it? Is this really MS's fault for people refusing to upgrade for whatever reason?
Doctors prescribe medications all the time knowing about potential side effects and even if the user does have these side effects many times it is better then the original condition. Or would you just recommend that someone shrivel up and die because there is no perfect solution?
That's a bad analogy, because the TFA only suggests customers to upgrade to IE8 from a previous version. It doesn't appear to be a money grab, i.e. (no pun intended) there's no recommendation to switch from say Firefox to IE8.
Your memory fails you. Firestone said the problem was that their tire wasn't rated to the standards which were required for a particular Ford model. Ford installed them as OEM tires anyway. When it came out, Ford said Firestone made a faulty tire, but Firestone responded that the tire wasn't designed to be used in the environment created by Fords one SUV model.
As usual, another analogy on /. fails...
Your comment is outrageous. The submission consists of a factual statement and some literal quotes from Microsoft.
If this is FUD about explorer it is Microsoft FUD about explorer and not the submitters.
A browser exploit doesn't put your life in danger.
Makes me wonder why they were not using Chrome in the first place... ^^
The right time to stop using IE6 is not with this new exploit. It's circa 2003. I find all this perplexing because from what I hear, the people who keep thrusting IE6 on people like a poisoned dagger are IT departments, but aren't IT departments supposed to be staffed by, you know, techies? The kind of people who go to nerdy sites like /. and should know IE6 sucks rat balls?
I understand that other browsers like Firefox might have been hard to push out and manage back when the world first discovered that browsing can improve as long as you avoid Microsoft, but what about IE7? That came out over two years ago and it definitely sucks slightly less. Can we revoke Geek status from IT staff that are still pushing IE6? Ban them from this site? Cut off their Internets until they appologize?
(Special consideration would of course be extended to those techies who were unjustly forbidden from upgrading IE in their infrastructure because of web apps that only worked on IE6; the web app developers should have their Geek status revoked instead.)
Incorrect... The fault was Ford stuck the tires on as OEM parts, and actually UNDER-INFLATED the tires. The issue that occurred with the Firestone tire would have happened with ANY P or UV tired that was also under-inflated on that vehicle at highway speeds. An under inflated tire causes major heat build up, and leads to tire failure.
As another posted said, a crap analogy.
I haven't used IE in any form for 5 years. Any web page that I can't see in Firefox doesn't want my business. The only way to start IE on my computer is to run the .exe file since there are no shortcuts or icons anywhere.
Professional Politicians are not the solution, they ARE the problem.
Except that using a faulty browser isn't more likely to kill than people riding with faulty tires on something that moves really fast.
It seems that all exploits that I've read about over the last decade all boil down to the same flaws - buffer overflows, invalid pointers, format strings, etc.
Yet, developers persist in using the same old programming languages & libraries that are rife with weaknesses.
Why haven't they changed to something better? From what I can see, better tools have been available for a long time and, quite frankly,
the old "we've always done things this way and it would be too expensive to change" is real crap.
What about the cost of NOT changing? Is that irrelevant because the cost ( and consequences ) are the burden of the end-user, not the vendor?
Isn't it past time that things changed?
Pain is merely failure leaving the body
Really? Impossible! I fully expected them to say it would be better to use Firefox or Opera.
Seriously. What did you expect? Be honest.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Firestone still took the contract, they weren't going to turn down a sale of millions of tires.. They knew what Ford was putting them on.
Except that using a faulty browser isn't more likely to kill than people riding with faulty tires on something that moves really fast.
I assume you aren't a political activist in China.
In many ways if you are going to stick to using Internet Explorer, then it might as well be the latest one. If there is a flaw that affects IE8 less than the other two, then it is still the lesser risk. Even if it doesn't and is still major, then Microsoft will most probably concentrate on providing a security fix for IE8, and not the others. Heck, beyond hyper-conservative company policy (aka "let's stick with 10 year old software, no matter what"), there is very little reason not to upgrade and plenty of reasons to upgrade. To name three: its free, its more standards compliant and it is probably more secure that the previous to versions.
If you are still using IE5, then I have nothing good to say.
Jumpstart the tartan drive.
you should remember that these are criminals who spend all day trying to find any way into your computer and the only reason you don't hear a lot about firefox is because IE 6 and IE 8 have the largest marketshare when it comes to browsers
i am by no way a soldier of microsoft but they are under constant attack by these criminals
after all why go after someone else who may only have 20% of the market
As usual, another car analogy on /. fails...
There, fixed that for you. ;-)
It wasn't even that "exotic" of a problem. Ford recommended a low tire pressure for a softer ride - trying to make a truck not ride like a truck. Low tire pressure generates excess heat, which ultimately causes the tire failure. And because the other tires on the vehicle are also under-inflated, the changes in the vehicle's handling are magnified and everything goes to hell.
People who ran the tires at (for example) 35PSI instead of 30PSI didn't have problems.
Are there a lot of ex-Pentagon bureaucrats at Microsoft? Both seem to have an incredibly self-destructive habit of doing anything but owning up to the problems they create, apparently oblivious to the fact that it's a lot better for all involved if they were to just say, "Hey, we fucked up, and we're going to fix it," and then fixing it. It's not like the competing browsers haven't had plenty of security holes, but the difference with -- to pick the one I'm most familiar with -- Firefox is that when a vulnerability is discovered, my first awareness of it is generally a new welcome screen in the morning announcing the fix. With IE, it's listening to users and admins bitch about unresolved issues in browsers that have been in the field for for years.
Oh well, it could be worse. At least aerial defoliants and depleted uranium munitions are not among Microsoft's current offerings.
Proud member of the Weirdo-American community.
Well I DID say it was an attempt at a bad analogy.
The point I was trying to make was similar to that of some other folks. Yes IE8 does not fix this specific flaw, however it does address many other vulnerabilities and outright flaws in IE6.
I believe the expression is "throwing the baby out with the bathwater".
According to the actual advisory (http://www.microsoft.com/technet/security/advisory/979352.mspx), no upgrading is recommended at all...
Any tire that has issues running at 30PSI is garbage. That's a normal pressure.
If the difference between 35PSI and 30PSI can end your life then I would never use those POS tires. That kind of pressure difference could be caused by nothing more than a cold morning.
Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.
That is a misrepresentation, at best.
The knowledge-base article: http://blogs.technet.com/srd/archive/2010/01/15/assessing-risk-of-ie-0day-vulnerability.aspx
It states pretty clearly that IE7 *may* be vulnerable to this attack. But it also states that IE8 - on all recent platforms (XPSP3, Vista, 7) - contains the bug but due to DEP (and protected mode on Vista/7) it is not exploitable. That seems to be a pretty good reason to upgrade.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Seriously, while there's no security change by getting users to upgrade from IE6 to IE8 (with respect to this flaw), there's a massive net gain in getting another IE6 off the streets. Thank you Microsoft, for using every means possible to move users away from IE6.
Actually, IE5 is the only version not effected. You should be downgrading not upgrading.
http://www.theregister.co.uk/2010/01/14/cyber_assault_followup/
"But Kurtz warned the vulnerability exists in all versions of IE except for IE 5.01, service pack 4, and that it would be possible for attackers to work around the protection."
One of the problems Microsoft (and this /. thread) gets at is how out of control Microsoft's users are. Microsoft wants you to upgrade to a version of a proprietary browser that can still be compromised with some reconfiguration. Because IE is proprietary, all IE users must wait until Microsoft genuinely fixes the bugs that allow remote code to compromise the browser even after said reconfiguration. Firefox, while vulnerable even in a default install, is free software. Firefox's destiny is in our collective hands. We decide how and when Firefox is fixed and we decide how thorough that fix is.
So while you're probably not a programmer, like most computer users, you have options with Firefox that you don't have with IE. You could learn to program and help fix Firefox's code. You stand virtually no chance of doing this with IE's code no matter how expert you become. It is of no help to look at this as though Firefox hackers are your workers so you can sit back and wait for them to deliver a fix ("I haven't seen any indication that they aren't working on a fix. What will you say if the patch comes out?").
Software freedom changes the game by giving you permission to control your computer; the more free software you run, the more control you have. Like with any other freedom how much of that permission you're willing to leverage is up to you.
Digital Citizen
..and then during testing Ford found their SUVs flipped over at the slightest turn so they lowered tire pressure substantially.
Ford internal documents show the company engineers recommended changes to the vehicle design after it rolled over in company tests prior to introduction, but other than a few minor changes, the suspension and track width were not changed. Instead, Ford, which sets the specifications for the manufacture of its tires, decided to remove air from the tires, lowering the recommended psi to 26. The maximum pressure stamped into the sidewall of the tire was 35psi; however tires should only be inflated to the pressure listed by the vehicle's manufacturer.
It has been since it debuted in an XP service pack.
So if you "disable" DEP to make some apps work, it still isn't disabled for IE8, because IE8 opts-in for it.
http://lkml.org/lkml/2005/8/20/95
The submission consists of a factual statement and some literal quotes from Microsoft. If this is FUD about explorer it is Microsoft FUD about explorer and not the submitters.
Submitter "quoted" some quotes of Microsoft statements from a news site (PC Pro). As it turns out that is actually a misrepresentation of the factual statements made by MS.
The article actually had a link to real statements from Microsoft on the issue (security advisory). To quote those:
Mitigating Factors:
The advisory can be found here: http://www.microsoft.com/technet/security/advisory/979352.mspx.
Is it too much to ask that submitters actually click the links and read background information before quoting quotes? Or would it spoil a good MS bashing?
Uhhh...as usual?
Can yiu give a few pointers to other failed analogies on Slashdot? My own recollection (and searching a few minutes ago) only found ones that were pretty relevant or, in fact, downright funny.
My memory of that if far different. The tires were faulty but in a small percentage of tires. There was a manufacturing defect that would cause tread separation. The number of faulty tires was relatively small.
The real problem was that Ford Explorers were rolling over in accidents. Ford wanted to blame it all on the tires when in reality that particular defect was a factor in only a small number of accidents. The real cause of the issue was the instability of the Ford Explorer. It is a simple matter of physics. SUVs like the Ford Explorer have a high center of gravity. Sudden motions (like those that occur in an emergency) would cause the vehicle to roll over.
An overview of the data showed that:
Logically one would conclude that the problem wasn't so much the Firestone tire but the vehicle based on the percentages. But Ford had more money to spend on lobbyists and PR. And most people want to believe that the real issue is a $100 tire that can be replaced instead of the $30,000 vehicle that cannot be easily replaced.
There was a Frontline report which uncovered that Ford knew their SUVs had roll over issues since the Bronco II which came out ten years earlier.
Well, there's spam egg sausage and spam, that's not got much spam in it.
If you had any idea what OP was talking about, you're realize that this isn't "sandboxing and virtualization". Thus, the attacker won't be taking control of the browser in a non-priv account or in a virtual space. This is DEP, data execution prevention. You may also know it as the NX bit. It's disallowing the execution of code from non-code areas such as the stack/heap. Thus it LITERALLY disallows the code from being run. So while the vulnerability is academically "there" the reality is, it does not run code, at all. Not in some restricted domain, not as some no-priv user. It simply doesn't run. Thus it cannot be used for malicious purposes.
Your entire post is anti-IE hate, and you have no idea what you're talking about. Then you go on to drag in some ActiveX bashing. Of course you've been modded up as "informative" even though your entire post is factually incorrect. I mean this is Slashdot right?
> The real cause of the issue was the instability of the Ford Explorer.
The real cause of the problem (that's *problem*, not "issue") was idiot drivers who bought trucks and drove them like pancake cars. Trucks necessarily have high centers of gravity. It is obvious to anyone with any brains that you can't drift a truck around a corner. Most modern cars are so low and flat (in the interest of fuel economy) that they are almost impossible to roll. People get used to that and then try to drive trucks the same way.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
I had the pressure recommendation wrong. Ford had recommended 26 PSI. That's well below "normal" pressure for most road vehicles, especially heavier ones like SUVs.
http://en.wikipedia.org/wiki/Firestone_and_Ford_tire_controversy
So Ford specified possibly weak tires, and then went on to change their recommendations in such a way that it made them weaker without changing the tire specs.
May is such a definitive word. If I had a million dollars on a project, may is not going to cut it. And how much faith would you put into DEP? I don't: http://uninformed.org/?v=2&a=4&t=sumry
Also do you think M$ will come out and say that, "IE8 is exploitable, please use something else."?
Half of writing history is hiding the truth.
So MS should take a lesson from Firestone and make it clear to users that IE is still recommended for use, just not on web sites that could potentially contain harmful code.
Essentially you are blaming the driver. Yes, you can't drive a SUV like you can a passenger, what Frontline uncovered was that even in low speeds, the SUV was unstable:
Futhermore, Ford knew this at least a decade before and did not address the situation directly:
Well, there's spam egg sausage and spam, that's not got much spam in it.
I did some reading up on this. I don't use Firestone tires, nor do I drive a Ford, so I didn't follow it too carefully. Last I heard, there was talk of a defect in the Ford assembly line that compromised the tires at the factory. That talk seems to have gone away though.
What I did find is, after rollover problems were found in their pre-sales testing, they reduced the recommended tire pressure from 30psi to 26psi. I guess it was a problem where the tires were too hard, so they softened them up a little to keep the truck from rolling over, possibly because of the high CG. This minor reduction in pressure wouldn't lower the CG much (like 0.0090") The rated max tire pressure was 35psi, which would cause problems if driven at highway speeds for a long duration. Depending on the tire, 30psi cold could easily become 35psi on a long trip. 26psi wouldn't be enough to make the tire overheat.
Car & Driver magazine did a test in the Explorers, inducing a blowout. With professional drivers on a closed course, the blowouts did not cause a rollover. It was likely a combination of a mechanical failure (blown tire) and poor emergency driving skills.
Serious? Seriousness is well above my pay grade.
Chrome is particularly loathed by IT departments because you can download it, install it, and run it as a user because the program only installs to the user's application directory.
Think of that, a web browser that runs in user space. Seems like it should be loved by competent IT departments.
If we measured the effectiveness of corporate IT by individual uptime (instead of by number of tickets closed), there would be a newfound appreciation for browsers that run in user space and resist infection. But with the economy the way it is, we need to "manage" as many things as we can get our hands on, lest management find out what we really do and how easily they could downsize the help desk by making better architecture choices.
In more than a few companies, IE "puts the beer on the table" for level 1 help desk technicians.
The place I work is still running IE 6. About 6 months ago they did a big effort to upgrade to IE 7, tested all their apps, and then decided that they weren't ready. There is currently no time table to upgrade to IE7 let alone 8.
A company I interned at had IE 4.0 for the longest time, even after 5 came out, and the latest versions of netscape....
I think what our friends at Microsoft don't realize is that big companies (especially big regulated companies) are really slow to move on things. Upgrade to IE 8 is not really a valid answer. A large regulated company will spend months testing, and in many cases it will take years to go upgrade. Now if IE didn't encourage people to violate web standards, then it wouldn't be that bad. But unfortunately it does and people do. So fixing things to work with IE7 or even IE8 after IE 6 is a pretty big deal.
So good luck with that. I know my company is going to be running IE 6 for at least another year, maybe more. They have to go slow because it is a financial company and they are subject to all sorts of SOX controls and regulations. Also upgrading browsers does not immediately generate revenue so it is not a high priority. They don't even use the right resources for testing so it drags out much longer than it should....
I worked at a Microsoft Fanboy company but even then it took a good 6 months to test all the apps with IE 7 and there the roll out wasn't company wide, just that division. There was also a project in Parallel to fix the issues and move all development projects to Visual Studio 2005. They properly staffed based on what they had, and it still took 6 months. And they were Microsoft Fanboys. I mean SQL SErver 2005 comes out, they need to upgrade within a year. SQL Server 2008 comes out, they put on a project to upgrade within a year. Windows Vista comes out, they need to upgrade.... And even there 6 months time is a lot of time to be exposed to a vulnerability. And they are the exception not the rule.
For many companies a security issue or browser upgrade does not generate revenue and is super low priority....
Microsoft should have said to use Firefox or other browser in the meantime. That is real (at least temporary) solution and workaround for the problem.
Using IE6 problems to advertise IE8 is not.
Comcast will not accept an non-IE browser. So, I suppose it does make to stay with msie, at least it's accepted by more websites.
Excuse me, HOW MUCH is Microsoft worth nowadays? And for all that money, they can't STILL YET seem to fix a bloody software problem? They can't still seem to get just ONE PROGRAM RIGHT? Not one? Even a teeny-weeny little program? And they're worth HOW MUCH MONEY? Just a simple program? What? Nothing?
YankDownUnder Veni, Vidi, volo in domum redire
So with the zero day exploit and blah blah, microsoft is claiming that its software is flawed and vulnerable, and was rushed out the door to meet marketing and sales demands, rather than having tested and checked the software to see if its really ready or not? The hell you say! I would not have thought such an upstanding organization blah blah could possibly blah blah. Cue the fanbois! Its an undocumented feature! This zero day exploit ensures that if microsoft wanted to post patches to your computer, they could get in without asking, thus saving you the trouble of having to do the work yourself. You also don't have to send in feedback as to how you are using your computer, as they can find out on their own. The same with banking information. They can just send you the latest software in the mail, and take the money out of your bank account instead of you having to buy it yourself. Isn't that conveniient? Similarly, if your kid has had medical issues, they can tailor software to meet your needs, and send it to you (no fussy bills to pay, they know your bank account number). Upgrade people, upgrade. Oh, and remember to thank the developers, developers, developers, developers.
As a web developer I am elated that this might help drop IE 6/7's market share. If in the near future I only needed to make fixes for IE 8 my life would be a lot easier.
Having radio button somewhere that makes your OS vulnerable to _KNOWN_ exploit is really stupid idea.
You can only idiot-proof the OS so much. The end users need to have some responsibility for their actions.
It's like putting a lock on your door and leaving it unlocked. Should the lock manufacturer prevent you from leaving the door unlocked? They can, but then when you have a situation where you need the door always unlocked you're out of luck.
There are situations where you need to run IE and Windows in lower security modes, mostly due to poorly written legacy software. Microsoft can only help you so much, they have been pushing security since NT 3.1, most companies ignored the guidelines, (AOL, Apple, Macromedia/Adobe, EA, Sony and Google to name a few HUGE ones). MS finally got tough with them with Vista and 7. The problem is, now lots of users run out and disable UAC or DEP because some app doesn't play nice with it, or they have to run Everquest as an administrator, because games need admin access for some reason, or older versions of AIM needed to violate DEP, or Google Toolbar wouldn't run in IE7 with high security on. Who's fault is this? MS for not breaking legacy apps, software companies for writing sloppy code, or end users for putting up with this crap?
I did upgrade, a long time ago to Netscape, then Firefox and next to Ubuntu.
I have been around long enough to remember when a browser was JUST a browser ( no I am not talking about Linx ) but early versions of NetScape.
The problem fundamentally one of overreaching..
It is all part of the "Hey look what I can make this thing do!!" syndrome.
And yes this is a syndrome and all of us, myself included, are suffering from it. We want to impress our peers, we want to make the computer sit and beg, rollover and play dead whatever ...
NONE of this yummy was ever thought all the way through and I mean since HTML version 0.01, CSS 0.01 and beyond. We still have the checkbox control that is never returned by the browser unless it's checked! and how long have we all had to write stupid work around's for that stupidity.
We want the browser to be everything text rendering program, application container, remote control device you name it. We gave it the ability to get to the OS ( upload files through your browser much? ), we started giving it hooks into everything without thinking about the consequences of our actions, "Hey lets make the browser a Word Processor, lets make it a spreadsheet!! Hey wow look at what I can do!", lets give it a scripting language, lets give it the ability to do XYZ and all of that has to hook into the OS at various levels.
In typical Microsoft style the had to one up everyone and do it badly, but we led them down this garden path, so really we have no one to blame but ourselves for the current mess of security problems that effect all browsers but more so Microsoft because they chose to allow the browser to go even deeper into the OS then anyone.
Hey KID! Yeah you, get the fuck off my lawn!
That's a bad analogy, because the TFA only suggests customers to upgrade to IE8 from a previous version. It doesn't appear to be a money grab, i.e. (no pun intended) there's no recommendation to switch from say Firefox to IE8.
#1. They are still recommending that you upgrade from one faulty product to another.
#2. You're absolutely right. They are NOT recommending a different browser, and therefore, it is absolutely about a money grab. Remember that there are literally millions of potential waiting in the wings with aging hardware looking to upgrade to a new computer and new OS at any given moment. I'd say Microsoft is doing everything in their power(with right or wrong recommendations) to keep said group from upgrading to a Mac.
I was listening on the radio this morning and a supposed Microsoft statement was read out on ABC (Australia) AM. As well as upgrading Internet Exploder they also reccomended 'users of Windows XP' upgrade to later versions of Windoze.
Microsoft even exploits bad publicity for their upgrade cycle.
Linux has bugs. Windows has holes. I am +10/11GMT.
I guess the "go fix your shit and don't come back until it's done" mentality is rather dead these days...
Internet Explorer has been vulnerable since the first version, but that's still what most people use. Microsoft says to "upgrade" anyway. And most people will -- whether Microsoft fixes their shit or not.
The productivity wasted as 80 percent of the country's computer users install patches every week or two has to be staggering. And you'll still be vulnerable. Not to worry, though. Another security patch will be on the way.
No, we should encourage those fuckwads to drink a nice tall frost glass of bleach as they are too fucking stupid to even exist let alone use a computer.