Slashdot Mirror

← Back to Stories (view on slashdot.org)

France Tells Its Citizens To Abandon IE, Others Disagree

Posted by ScuttleMonkey on from the just-fix-it-already dept.

Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

4 of 406 comments (clear)

  1. love the recommendation by alain94040 · · Score: 5, Informative

    The link to the official French recommendation is here: CERTA-2010-ALE-001

    Quoting from it (rough translation): "while waiting for the editor [Microsoft] to correct this vulnerability, we recommend people use an alternate browser.

    --
    are you a startup founder looking for co-founders?

  2. Re:Tear down by KarmaMB84 · · Score: 4, Informative

    The flaw exists but the default configurations on Windows Vista and Windows 7 will prevent any damage. My understanding is that Microsoft's policy is to classify them as vulnerable because it's possible to run IE7 and IE8 in configurations where they actually are vulnerable (DEP disabled, Protect Mode OFF) even if the default configuration makes them immune to the current exploit.

  3. Re:It'll never work... by RobertM1968 · · Score: 4, Informative

    Wrong... the problem is in ALL versions of IE from at least 6 upwards on ALL operating systems from at least XP upwards. Microsoft themselves admitted that.

    Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

    Microsoft Advisory

    Why are people still perpetuating the myth that this does not affect IE7 or IE8 when Microsoft themselves claim it does?!?!?! Just curious.

    --
    StarTrekPhase2 - The Five Year Mission Continues!
  4. Re:I blame the IE 'mentality' by pyrbrand · · Score: 5, Informative

    Actually, any add on can be enabled for only a specific set of pages. For instance, to restrict the use of Flash in IE8, to go Tools->Manage Add-Ons then under the Adobe published by section, double click the "Shockwave Flash Object" (I don't know why Adobe can't just call it Flash), then under the text field titled "You have approved this add-on to run on the following websites:", click the button "Remove all sites". Now you'll get a gold bar on every site that uses flash in which you can allow the site to run flash or not. Not quite as nice as Flashblock, but still pretty good.