Slashdot Mirror
France Tells Its Citizens To Abandon IE, Others Disagree
Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.
The link to the official French recommendation is here: CERTA-2010-ALE-001
Quoting from it (rough translation): "while waiting for the editor [Microsoft] to correct this vulnerability, we recommend people use an alternate browser.
--
are you a startup founder looking for co-founders?
"Don't Kill the Messenger: Blaming IE for Attacks is Dangerous"
Actually, IE is not the messenger, its the source of at least one know security hole that participated in this problem.
The article fails to explain how blaming the software with a known exploit is dangerous.
They assert it will create a "false sense of security" because there exist other methods of attack (other software with security flaws). Even if they did have support for other security holes, this reasoning is an absurd logical fallacy. Amazingly, the author doesn't even have support for the premise of the illogic it's based on an *implication* from a quote by McAfee CTO George Kurtz.
FTA:
The main thing to keep in mind is that these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.
This is completely absurd FUD. IE *was used*, it is insecure, and there is no fix (yet). These conclusions come right from this article and others.
Obvious conclusion: use different software. This conclusion is also supported by the long and consistent history of security issues with IE. I think, after reading this and other articles, it is more dangerous to continue to assert that IE is secure.
MIcroslop completely.
Yours In Novosibirsk,
Kilgore Trout
duh!
Dear
PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.
Well, of course they'd say that - they are running a PC/Windows/Microsoft magazine, after all.
AppleWorld, on the other hand, has been blaming hacker attacks on Microsoft Windows for many years now - and the general population seems to agree with them, even though it does lead to a false sense of security in OSX.
So where is the fix?
Not because Microsoft sucks per say but because computer security is becoming a classic monoculture problem.
IE is such a valuable target because of the number of users.
The greater the variation in software the less valuable each exploit becomes.
Let's face it most people will not change so saying that everybody should change will probably get you 30%
A very real problem is there is only three browser engines at this time Geko, Webkit, and IE.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
We should applaud the recent work by the European Commission in demanding that Microsoft design their European version of Windows to allow users to choose the browser that they want -- thus, allowing them to never install Internet Explorer. The European Commission has been better advocate of free-market competition than the American Federal Trade Commission.
Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.
Hey PCWorld -- a vendor refusing to patch a product that has a major security hole in it that's very publicly known is criminally negligent, and yes, the correct answer is to stop using that product and punish the ever-living crap out of the executives and the company that isn't taking something like that seriously.
#fuckbeta #iamslashdot #dicemustdie
"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer. That's not going to be good for productivity. And finally, what if your replacement browser itself turns out to contain a vulnerability? Are you going to switch again?"
That's the sort of shallow, thoughtless attitude that got you stuck with IE6 in the first place.
tomorrow who's gonna fuss
Calling for the abandonment of IE isn't the whole answer. But it will help make more people aware that it's not the only browser out there, and that it is possible for the average user to make the change to another browser easily.
On the other hand, if they only suggest one alternative, then that only creates another monoculture.
Ultimately I'd like to so no one browser with more than 25% market share. Make the scum work harder for their exploits.
---
"I can't complain, but sometimes still do..." Joe Walsh
On one side, I don't like the fact that peoples can't make the difference between two versions of a software.
On the other side, browser diversity can't be bad, so I guess anything that can make people try something that is not IE is good.
(\__/) This is Lapinator
(='.'=) copy it in your sig
(")_(") so it can take over the world
France and Germany agree on something?
The IE threat must be greater than previously imagined. Or...something.
coding is life
Really, it's both: IE should be avoided until there's a patch and yes, blaming one software package does give people who dont know any better or dont think about it a false sense of security when they switch. They're not mutually exclusive positions...
Why would a website like PCWorld recommend it's users NOT to ban Internet Explorer? It's both foolish and stupid, still recommending Internet Explorer that is short sighted.
It seems like me this is just Microsoft propaganda, seriously their is not a single reason why you should use Internet Explorer above any other modern browser like Google Chrome or Mozilla Firefox.
yes people should stop using IE 6, besides the horrible interface, many new websites don't display correctly in it, it is a browser dating back to 2001 and outdated by now, 2 versions behind current Microsoft product. People with windows updates should already be using a more secure browser IE 7 or IE 8, or one of their choice. And although IE6 has been significantly attacked - switching to other browsers does not make you immune, Chrome, Safari, Firefox have all had security flaws. IE8 holds up well to other browsers re http://nsslabs.com/test-reports/Q309_Browser_Security_Summary_Final.pdf Also there are some social engineering style attacks that no browser currently protects against completely - sites that people are fooled into believing they are legitimate and passing personal details/etc.
That makes Germany and France. If only the US would do the same, as there are too many naïve people who don't even know there are other superior web browsers.
France, Germany, Russia, and the fucking Queen of England recommend not to use Blender due to it's overly complex interface. Thank you government, for stepping in.
Instead of doing all your web browsing on a computer that's connected to a network -- which is inherently insecure -- consider only using the internet on systems which are isolated from the network with an "air-wall."
This security solution is effective at preventing viruses, trojans, worms, clickjacking, DNS spoofing, and most other malware as well.
Next up: avoid cancer by not breathing.
There's no -1 for "I don't get it."
It helps to force web developers to design their sites based on standards, not for the browser with the largest market share. I have many friends with Apple computers that use exclusively Firefox even when Safari on OS X is a very good browser. This helps a little to keep the overall security of the plataform up, since you can't be sure that all users of OS X also are users of Safari.
Mexico: 100% conservative's America now!
As many I escaped IE long time ago, however I am getting regular infections via Firefox and Seamonkey and am really tired of running ComboFix for some nasty rootkits installed after Firefox gets into its knees. Anyone can tell me which browser to use? I use Chrome solely for Google stuff, I don't want to be monitored everywhere else. Playing also with Safari due to its HTML5, but have no clue about its security...
Yes.
In this case, the messenger was the one who compromised and betrayed the system. Saying IE isn't to blame is just simply wrong and uneducated. IE is a terrible browser on so many levels beyond security. Yes, this is Google, and no they shouldn't only be using Chrome, because you cant uninstall IE from XP. Some people just click on internet shortcuts or links without even caring which browser it is. This isn't the fault of Google. This is the fault of Microsoft for neglecting their shoddy products, even if it is 2 generations old now. This isn't a (real) reason to jump ship on XP, Microsoft just wants to get rid of XP, which is another mistake. I am losing more and more respect for Tech Columnists every day.
Im a troll because I disagree with you.
I remember Steve Ballmer screaming 'Developers! Developers! Developers! Developers!' and that has been the IE 'menality' ever since. The mentality is "Give the developers (especially big huge companies like Microsoft, Adobe, Symantec, Google) complete control over the users' computers just by clicking 'ok' in Internet Explorer one time." That has got to be seen as a security hole. Every goddamn piece of software now wants to run as a service, check for updates, annoy the user, and prioritize itself. For example, once you install Adobe Flash, it is there.. on every web page.. despite whether the user might want to choose not to load the annoying flash for that particular web page. I am not complaining just about flash - just about the lack of options to make installed software optional. Why can't I have an option to 'right click, show flash' on all my flash animations? and for that matter.. all other software that wants to open by default without giving me an option to save?
Here's how I would make IE more secure in a general sense:
1. Program the 'stop' button as the highest priority. IE is useless if it decides it has to load an entire complicated web page (or malware site) before I can click 'stop' and cancel all of it.
2. Put options in IE to disallow resizing of IE windows by script, removing of toolbar buttons, preventing the user from resizing windows, and using 100% of system resources to process a web page.
3. Remove the ability for a 'Windows popup button' to prevent the user from stopping a script. How asinine is it that a web page can merely repeatedly pop up system messages forcing the user to click ok before allowing the user to click stop? IE screws this up royally with Java helping.
4. Put a 'cookie tracker' right inside Internet Explorer.. Allow the user to control whether a site can modify a cookie. Notify the user (at the bottom status bar - not in his fucking face) that 'a cookie was created or modified' when visiting a web page. User might get suspicious when his favorite porn site tries to modify the 'gmail' cookie.
5. Never allow web pages to stop me from right-clicking. Fuck you. It's my computer.
I'm sure there's a whole lot of other things I could say that Microsoft will continue to ignore..
--- We need more Ron Paul!
...you know, the place that already doesn't have browser monoculture. Therefore, your premise doesn't hold true - they don't want to shatter IE monoculture, create variation in the market. They just don't want people to use IE.
And especially in Europe, that's very much four engines, not three, with one or two places having Opera as number one browser, few other as number one alternative browser, and in many it has quite respectable usage share.
One that hath name thou can not otter
When I said this was all an elaborate ruse to Market Chrome.
Clearly I'm the only one here parano^H^H^H^H^H^HSensible enough to see whats plainly in front of us.
Take Microsoft vs Google. Google's brand name is made up of 50% vowels, 50% consonants, whereas Microsoft is 33-67. This is a clever method designed to make you think that Google is fairer and wishes to have an equal representation of all letters. However, this is just plain deceiptful, because "Chrome" is only 33% vowels wheras "IE" (we'll abbreviate it) is 100% vowels, thus making up for the lack of vowels in "Microsoft". There are also even spreads across such MS products as "Office" and "Live". Apple has felt the need to keep up with the proper representation of vowels by throwing in a single lowercase i in front of every one of their new products. Good on them.
So I know what you're thinking: What do vowels and consonants have to do with ACTA and Net Neutrality? Absolutely nothing! But they DO have a lot to do with the recent attacks made against Google. As you can recall, its been recently discovered that the attacks originated in China. Surprising to some people, English has not been fully adopted yet, and many Chinese citizens still speak Mandarin and that other language no one can remember. All traditional chinese languages use characters, not letters. (To those who program or are DBA's, a letter is what normal people call a char). Now, what is Mandarin missing that English has? You guessed it; VOWELS. It's clear and obvious that Google is behind all of it. What the end goal is, I'm not entirely sure, I'm still trying to connect the dots.
What's important about this article is that its happening in FRANCE. This is a bit of a PR stunt for France. You see, everyone hates Microsoft, and everyone hates France. This hurts the French industries of exporting Cheese, Wine, and arrogant behavior. So France is hoping that by declaring they hate Microsoft as well, everyone will look on them in a better light. WE MUST NOT ALLOW THIS. If people start liking the French more, Baguettes will be everywhere. And I mean everywhere. Breakfast lunch and dinner. Baguettes at home, baguettes at work, baguette soup, baguette sandwhiches. Don't get me wrong I like a baguette every now and then but if we let them get a single foothold on the breadmarket they will take it over completely. There is nothing stronger then the relentless pursuits of a French Bunmaster.
So please, everyone, I beg of you. Keep using IE8, if you already do. Not because its secure, because it isn't. Not because of Google, no matter how evil they secretly are...
But because the standard loaf shape of bread is under attack, and if we don't come to defend it, no one will.
I agree. This sounds like the old "criminals can pick weak locks so security is worthless" fallacy. Sure any door can be opened, but that doesn't mean you should just remove the door.
That said, even if it was true, I'd still want people to abandon IE. Anything that gets people on browsers that render stuff half-decently without gobs of extra code is good.
Even getting people to IE8 would be a big improvement.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
The issue is for all browsers after IE5, so in this instance perhaps you could suggest going back to an earlier version of IE. See earlier Microsoft lies regarding this. They have there own PR to spin this. You do not need to help. Personally I think promoting anything but a monoculture of browsers is acceptable, as everyone is more than aware of what happens then.
"France Surrenders the Browser War"
Don't Kill the Messenger: Blaming IE for Attacks is Dangerous
Don't obfuscate the message. Blaming IE for being susceptible to attacks is entirely valid.
So is blaming Mozilla, Chrome, Opera, Konquerer, and Safari when they are vulnerable.
It's all nice and tidy to say "The attackers are to blame." But we don't have control over them. We do have control over which software we use. And if we continually abandon less secure software for more secure alternatives, we will have a continually improving software ecosystem. That will not always mean abandoning IE (well, it may not always mean abandoning IE -- seriously, someday IE might be the most secure option -- stop laughing, it could happen, hypothetically), but it does mean always abandoning whoever fucked up most egregiously most recently. Feedback works.
Stop-Prism.org: Opt Out of Surveillance
... blaming IE for attacks is a dangerous approach that could cause a false sense of security.
Because a false sense of security is better than no sense of security at all.
That is all.
the toys we know have been painted with paint with high amounts of lead in it.
After all, if I took those away from them I'd just be giving myself a false sense of security since it's likely there are some other toys with lead in them that I don't know about.
Same reason I smoke, sure I know smoking causes cancer but not doing it would just give me a false sense of security given there are numerous other things that also cause cancer.
Presumably this means the French government want people to use IE6, since they automatically do the opposite to what they're told?
"Stop using IE"
Ok. I'll stop using IE8. But the problem wasn't in IE8 - it was in IE6 - so it was brought about by people who are using a version of IE that was replaced 1 to 2 years ago.
"Microsoft didn't patch the zero day bug"
Wouldn't matter if they had - these people are using IE6. Technically they did patch it - in IE7 and IE8 - and the people using IE6 haven't upgraded to the new free version - so what good would a patch do? Sure, MS could have withdrawn the installer and people could have upgraded using a new installer - but that would only reduce the number of people using it - it wouldn't eliminate it (there'd be all those disks floating around with IE6 as part of the operating installation).
And all this guff about "IE6 ruined the world" seems like crap anyway because if it wasn't IE6 then it'd be Acrobat, or Safari or Firefox or Opera or Chrome. If we all move to then they'd target . It's just that IE6 is still in use by a significant number of morons who probably don't have a virus scanner let alone any idea of why they shouldn't click the message that states "Your computer appears to have a virus...".
dnuof eruc rof aixelsid
It could create a false sense of security by telling people to switch, and Microsoft is patching the problem. But aren't there TONS of other reason why to abandon IE.
boycott french kisses?
"PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security."
Yeah, of course they would argue this. They get major advertising dollars from someone affected by such recommendations.
France and Germany agree on something?
The IE threat must be greater than previously imagined. Or...something.
France just hadn't surrendered to anyone in a little while and were getting frisky.
These posts express my own personal views, not those of my employer
Are the internals of Windows 2000 and Windows XP so different that Microsoft can't put IE8 on Win2k?
I mean, it seems like that's the obvious solution, and Win2k's on extended support still, so... and XP only identifies itself as NT 5.1 (Win2k is NT 5.0).
Always amuses me to see "You should upgrade to IE8!" then click the "Upgrade" button and say "Just click Download to get IE8!", scroll down, and then it says "IE8 is not available for your operating system". You'd think Microsoft's update site could've done the check earlier...
But, although IE6 has been the source of the attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.
Someone needs to do a lot better research when writing these articles or posting them to Slashdot or both.
THIS is blatantly wrong:
Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well."
Heck, simply reading Slashdot would have turned up this:
Slashdot Article on this
Or this from Microsoft themselves which states even Microsoft believe no such thing.
Microsoft Admits IE7 and IE8 are vulnerable to this too
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.
I posted something similar about this days ago on yet another similar topic, but was laughed at by the MS/IE zealots who claim Microsoft said only IE6 is vulnerable... so, since they cant read obviously, there it is again... with the relevant section BOLDED this time.
C'mon folks, these RCEs are not new stuff, and seem to exist in EVERY version of IE since the beginning of time till now with "patches" that never fully address the issue (hence, as MICROSOFT themselves noted, this issue is... well... still an issue... even for IE7 and IE8).
Their lame (see story link above) answer that people should upgrade to IE8 as if that was the solution to this problem is idiotic. Yeah, people should upgrade to IE8 (if their machines can actually run it - some of my clients have older, slower machines and no budget to replace them)... but Microsoft should also be working on actually fixing all the RCE exploits and buffer issues in the IE line.
Regardless, my point is, with so much coverage over this (on Slashdot alone), you'd think the "Story Approvers" or author would have gotten that glaringly misleading (and incorrect) point correct. Oh well.
StarTrekPhase2 - The Five Year Mission Continues!
Not using something that is famously known to be broken is a bad idea? Uh, sure.
I don't know who Tony Bradley is (and I'm not really interested), but TFA explains who George Kurtz is, and my thinking is that McAfee's entire business model is based on the fact that MS products are insecure and broad targets. Every time a PC gets Windows replaced, he loses a potential customer. Every time Windows gets malware, his existence is justified.
IE has several critical flaws, some of which have been unpatched for years. Recommending to use a known unsafe browser is little different than arguing cars don't need seat belts, or OSHA is a waste, or whatever else flies in the face of safety in a given context.
While Microsoft won the browser war they failed their objectives.
The point of winning the browser war was so Microsoft could change the direction of web standards, eg pushing Active X except for Java Applets. VB script vs Javascript etc. This failed miserably for Microsoft now they are putting time and effort into IE a Free OS Addon to the product and they are not getting anything really out of it. Except for this big push to make IE seem like this great browser they should just well use Firefox it is just as good if not better, we will keep IE going and as secure as possible for a while but will phase it out in about 10 years.
Staying #1 in the browser market where every version you are pushed to follow everyone elses standards is just a wast of your time and money, espectially when you have a slew of other people making good alternatives. Firefox, Chrome, Safari, etc... That really want to follow the standards. Let IE fall too 20% market share, this is OK.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Well, that plan wouldn't sell any new copies of Win7, now would it?
Yep. And the cell phone provider markets are more attactive in many other place of the world, too...
How about internet providers? Cable/satellite TV, anyone?
Somehow this free market thing giving the best products to the consumer doesn't always work out. Too bad.
For any software, if you're running stuff that is basically 12 years out of date, you should expect your setup to be exploitable. You don't see a lot of people running MacOS 8, early revisions of Slackware, or Netscape 5.5 anymore, right? Neglecting to update IE is about the stupidest thing anyone with some regard for their personal security could put off. It's easily the most exploited piece of software in the history of...software. That's what having a near 100% dominance in the very sketchy playing field of the late 90's/early 00's Internet does for you. I'm no Microsoft fan, but anyone who thinks that code that was written 12 years ago is perfectly fine to use nowadays...switching to another browser isn't going to fix their problem. Medication and a good shrink will fix their problem. And maybe a Computer Science course or two. If you never updated the virus defs in your virus scanner...and you got a virus...switching virus scanners isn't going to fix the fact that you're too undisciplined to wait a few seconds and let your virus defs download no matter what setup you use. If people won't update from IE6, you can bet they won't update any other browser they install, either.
Sorry, but if you get exploited running IE6, I have absolutely NO pity for you. You're just plain stupid, and your stupidity most likely has caused you to infect other systems probably more than once. You're like a driver who plows down a couple margaritas before you go out driving on a Sunday afternoon.
Every single time EU regulates USA companies, some Americans come and say "They are just being hard on USA companies". But no. They have been very strict to other companies too (Just google about EU and Samsung, Siemens, ABB, Alstom, Saint-Gobain... The list really goes on. Go ahead, check by yourself. They have been handing out massive fines here and there for anti-competitive practices.).
It's just that the media in USA doesn't pay that much attention to EU fining european companies. In addition, european countries in general have stricter regulation on national level so antitrust investigations on smaller european corporations are done at that level.
Are you going to pay for all the extra work testing all the different versions/languages of windows 2000 pro / server / ... That is a 10 years old operating system after all and way less popular than XP.
...French IE6 users surrender to Chinese hackers, that is...
It's worth noting they qualified the suggestion by saying "while waiting on Microsoft to fix the vulnerability". It ain't some global indictment against Microsoft like /. suggested.
IE and Safari improve the security of most power users by presenting easy targets whose code base is unrelated to other browsers.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I've got a 10 year old car.... The regular maintenance isn't more expensive that the regular maintenance for a new car. Sure, I pay money, for oil, for work hours.... I can't help that Microsoft provides "maintenance" for 0$ I'm sorry, but in this day and age a 10 year old computer can provide a good working system hardware-wise, but it's the software that breaks. I have dumpster-diven a P-IV 1.9GHz using RDRAM (According to Wikipedia, August 2001... so 8 years and a half ago or so) that runs XP just fine. It runs Debian now, as a server and frankly there is nothing lacking about it for its task.
XP is from August 2001.... Just saying....
In the day and age we reached the "good enough" computer, upgrading stopped being mandatory for many people.
Of course if a burglar breaks in my apartment thank to a defect of my lock and steal my fornitures I blame the burglar for the theft.
But I change my lock afterward.
...either install a newer version of IE or install a new web browser all together.
IE's reputation is terrible.
It's so bad that it's tainting all their other softwares.
On the contrary, Google is really working hard to create a strong brand.
Microsoft should not declare that IE8 is one of the most secure browsers (even if it's partially true).
People don't even know how to differentiate between IE6 and IE8 !
In my company, some people uses IE and google our company name to get to our homepage !
Microsoft should instead try to rename the browser to something like IEasy, or whatever, like they did with Vista.
Then once the new browser will be completely hacked, rename it to something like IE10, so that everybody will have forgotten the terrible brand.
Anyway, it's entirely their fault that Web development became such a nightmare, and forced large companies to keep IE6 due to the ugly ActiveX components.
that means everyone with Win2k/XP gotta buy a new PC or get a retail copy of windows-vista/7 = which means more money in microsoft's coffers, fsck em, go get a copy of Linux for free!
Politics is Treachery, Religion is Brainwashing
Take this piece for example.
Help stamp out iliturcy.
Microsoft still insists IE8 is the 'most secure browser on the market' and you will barley notice any difference once they do release a patch. You see you can hardly tell it's IE all covered in kay-why... Remember, when it comes to security, if the door is locked try opening a Window!!! Yeah and I believe in the Easter Bunny!
How does Microsoft gain by forcing everyone to have IE installed on Windows by default (now excluding the EU of course).
They don't make any money from selling it... Someone said that the formats they were trying to push were the end game, but it is apparent that they have no chance in accomplishing that.
So why does Microsoft continue? Is it too late to reduce the interoperability between Internet Explorer and Windows itself?
Maybe Microsoft is right. If you define "market" as "web browsers which you have to pay for".
The one about the French surrendering again? Bush is out of office, it's ok to make fun of the French again.
Kwisatz Haderach
Sell the spice to CHOAM
This Mahdi took Shaddam's Throne
There's no room for trannies here! This is Slashdot, and we use binary. 1 or 0, which is it?
Sorry; but I have to call conflict of interest here, simply from the amount of revenue PCWorld realizes from MS adspace buys. MS routinely 'votes with its dollars' by shifting the bulk of its ads, and therefore ad revenue, to the publications most favorable to the MS party line.
As a result, an article on Microsoft published by someone like PCWorld is like an article on global warming published by a wholly-owned subsidiary of a coal company: Take it with an iceberg-sized grain of salt.
Regards;
This is absolutely silly. The EU didn't somehow save us from Microsoft, and they didn't give us any competing browsers. We got those from the private sector, and government regulation didn't do jack.
Did the EU give us Firefox/Mozilla? No. Opera? No. Safari? No. Konqueror? No. Chrome? No. And there have been many other browsers that have been developed as well. All by the private sector, and a number of them were under development before the EU started regulating everything.
And more importantly, did any of you out there switch to Firefox because the EU told you to? Or was it because the EU told Microsoft they had to make IE uninstallable that you suddenly switched to Firefox? I'm pretty sure no one did that. We all went out and downloaded Firefox, in many cases before the regulation took hold, because it was a better browser than IE 6. It complied to standards, had many useful plugins, and most importantly had tabs. It was a better product hands down, and it quickly started gaining marketshare. The reason Netscape got destroyed earlier was because it was not superior to the Microsoft product (at best it was equal, though I'm not convinced it was) and it had a worse business model that at one point included charging a fee for the browser. Obviously that was the wrong business model to choose, as evidenced by the fact that there are over a half a dozen competing browsers now, and all of them are free downloads. The browser just wasn't a peice of software people were willing to pay for.
Frankly, this worshipping at the shrine of the EU and its regulation is just plain boneheaded and wrong. Even if governmental regulation was a good thing (something I vehemently disagree with in almost all cases), using this as an example is stupid. Especially since this wasn't a monopoly. If it were, Microsoft could have charged a fee for IE after driving its competitors from the market (in a real monopoly the monopoly holder always gets to jack up the price when there is no competition), but obviously Microsoft couldn't do that. It would have been overtaken by Mozilla almost immediately, because it was also a free browser. In some markets, competition simply forces the price to zero, and that's what happened here. There were no monopolistic barriers to competition; just a temporary lack of a browser with good enough features and a decent business model. And once that browser (Firefox) appeared, no one minded downloading and installing it onto their OS, despite the fact that they already had IE.
PS - A little known fact is that Netscape almost totally dominated the browser market before IE jumped into the fray. In fact, many sites were designed to work exclusively with Netscape, and even required a user agent string beginning with "Mozilla" to run. In effect, if anyone had a monopoly, it was actually Netscape at the beginning, when they even had a monopoly on content. IE in the early days actually had to spoof the user agent string and pretend to be Mozilla just to get the site to work with it. IE was the underdog and fiercest competitor, which is why it won in the end. It had nothing to do with monopoly.
Beware of bugs in the above code; I have only proved it correct, not tried it.
Does this really have to be about the security of IE? Shouldn't this be more about a true lack of diversity? In no way do I think MS has a monopoly on the browser market but they still have the highest market share. That makes it a really big target cause just one exploit can infect a large amount of people. If FF or Chrome was in the same position this story would be about them not IE. FF and Chrome are not in any way exploit proof and they should not be treated as such. Not only is it not IE's fault that company's use IE. They could of updated there code to work with all browser. They could of used a different browser but ultimately they used IE. The browser market is getting ever more diverse and when it balances it self out we wont be reading about this type of stuff as much. Just like in the animal kingdom if a species genetic diversity (lack of browser choices) is so small a virus can wipe out a big chunk of them. So in closing don't blame IE cause it could easily happen to FF or Chrome if they had most market share. Open source or not every thing has exploits.
The Australian Government issued warnings about IE today as well:
http://www.abc.net.au/news/stories/2010/01/19/2795684.htm
Just one question, we've got non-Microsoft Anti-Virus/Anti-Malware, non-Microsoft client firewall, non-Microsoft anti-spyware...why are we spending money on all this for our organization if it doesn't mitigate against these zero-day vulnerabilities?
I guess they all remain quiet as nobody wants to share this spotlight with MS.
I am sorry, but any idiot sys admin that does the "but my company needs IE6 because of X, Y, or Z for customs software" in the year 2010 should not be allowed to touch computer ever again, and the frigen idiot that keeps them employed should also be fired after being strung up by their balls (insert tits here) for having bought the BS in the first place.
MS software has proven over, and over, and over again to be so insecure that no one is allowed to connect an MS anything to my network. Not even the transient guest. If security is critical to your biz and you are even sort of competent at your job, you will keep Microsoft out of your company and your network.
Living in Chile
I was a Netscape user back when I got on the web. It was just the browser to use, worked well. I liked it, didn't like IE. Then it hit version 4 some, 4.7 I think, and just stuck there. Nothing new happened. IE came out with IE5 which really looked better in a number of ways, but I still stuck with Netscape, out of inertia if nothing else. Then IE6 came out and looking at what it did, I just couldn't stay with Netscape any longer. I switched over.
These days I use Firefox, I like it better. In part I switched for the same reason. IE kinda stagnated at version 6 for a long time, and Firefox went from being a useless beta to a more capable browser.
So you are correct in my case at least. What killed Netscape wasn't IE's bundling, it was Netscape's inability or unwillingness to update their product. IE become better so I used it. Pure and simple.
anyone who thinks that code that was written 12 years ago is perfectly fine to use nowadays... Medication and a good shrink will fix their problem.
There's MOUNTAINS of COBOL written more than 20 years ago that is perfectly fine to use nowadays. And perhaps some of those "stupid" people that you look down are corporate employees and groups that had IE6 mandated as their development environment for internal applications. They had no choice - it was the "stupid" managers who got fucked over for believing MS's hype. I don't hate on any company - I hate on all of them equally. But you're a moron if you think it's not possible to write solid code properly.
Yeah, I know that doesn't sit well with Web Weasels out there, but had they switched off Javascript...
Just sayin'
I prefer a real sense of security. But until that comes along, it just makes sense not to use any version of Internet Explorer.
Is PC World owned by Norton or Symantec?
Don't you think the main target will become Firefox? and a lack of funding, a truckload of frustration and the end of another era?
ps. I don't use IE.
How would Netscape pay their programmers? IE was free to take because Microsoft took YOUR money paid for the BROWSERLESS Win95/3.11/etc to pay for the developers who made and integrated IE into the OS.
That money came from OS sales where you didn't get a browser. Either you paid more for Windows than you needed to, the shareholders got less of a dividend than they would have, or the workers got less pay than they would have.
Netscape sold the browser server and IE couldn't and didn't work with it. Both used propriatory extensions but IE could ignore Netscape because the OS was selling. Netscape couldn't ignore IE's changes or they couldn't sell a product.
So Netscape you got a free product as an enduser, IE you paid for the product as an enduser through hidden tarrifs. And since you HAD to pay that tarrif, Netscape couldn't sell their product. Microsoft could.
And if they can't pay their programmers, how could they make a better browser?
Different approach to this whole mess... Google claims it got attacked by chinese, then they claim it's the fault of IE6 (wich is stupid, you can't attack a server with a browser, only users, unless their admins browse on production server machines using ie6 wich would be a good wtf). Then they blame MS, few european governments already well-fed with anti-ms crap join them saying MS is bad... and poof, google gets more browser share. Excellent
So ... should we conclude that this new advice is based on nothing more than some official reading the headlines on the Google hack with his breakfast, choking, getting egg all over his trousers, and wanting to explain why he had to change his trousers and was therefore late for work? Or is it really a case of someone finally seeing an opportunity to get support for a long-intended measure? I'd like to know, but I'm not optimistic.
Unfortunately they also seem to have overlooked a much bigger security hole: MS Windows itself. Especially older versions, unpatched, un-firewalled, and incautiously administrated (in my guess this means about in 95% of all home installations).
If they are at all serious about their "security warning", then why not set their mandatory ISP-snooping infrastructure to scanning for viruses, trojans, and malware too? That might actually help their citizens a lot more than scanning for child pornography or coded Bin-Laden C3 traffic.
And what about themselves? Why not mandate Open Source code vetting for any OS to be considered for government use? After all, they wouldn't buy proprietary encryption schemes either, would they? And why not institute a government-wide preference (not a mandate) for Open Source Office applications? And spend, say, 10% of what they spend now on proprietary software on awarding contracts for supporting, maintaining, and improving said Open Source software so as to meet every last demand made on it in government? They would be looking at huge savings and very high returns.
Or would that be too radical?
Has Google confirmed any of the other attack vectors, or are they only listing those they have a competing product?
Je suis entièrement d'accord.