Slashdot Mirror

← Back to Stories (view on slashdot.org)

France Tells Its Citizens To Abandon IE, Others Disagree

Posted by ScuttleMonkey on from the just-fix-it-already dept.

Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

14 of 406 comments (clear)

  1. Tear down by drDugan · · Score: 5, Insightful

    "Don't Kill the Messenger: Blaming IE for Attacks is Dangerous"

    Actually, IE is not the messenger, its the source of at least one know security hole that participated in this problem.

    The article fails to explain how blaming the software with a known exploit is dangerous.

    They assert it will create a "false sense of security" because there exist other methods of attack (other software with security flaws). Even if they did have support for other security holes, this reasoning is an absurd logical fallacy. Amazingly, the author doesn't even have support for the premise of the illogic it's based on an *implication* from a quote by McAfee CTO George Kurtz.

      FTA:

    The main thing to keep in mind is that these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.

    This is completely absurd FUD. IE *was used*, it is insecure, and there is no fix (yet). These conclusions come right from this article and others.

    Obvious conclusion: use different software. This conclusion is also supported by the long and consistent history of security issues with IE. I think, after reading this and other articles, it is more dangerous to continue to assert that IE is secure.

  2. False sense of security by sunderland56 · · Score: 4, Insightful

    PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

    Well, of course they'd say that - they are running a PC/Windows/Microsoft magazine, after all.

    AppleWorld, on the other hand, has been blaming hacker attacks on Microsoft Windows for many years now - and the general population seems to agree with them, even though it does lead to a false sense of security in OSX.

  3. Importance of Competitive Choices by reporter · · Score: 5, Insightful
    This incident underscores the importance of fighting monopolies and ensuring the availability of competitive choices. If Microsoft had succeeded in driving all other browsers out of the market in 2000, then today, we would not have any other choice and would be forced to use a browser with a dangerous security risk.

    We should applaud the recent work by the European Commission in demanding that Microsoft design their European version of Windows to allow users to choose the browser that they want -- thus, allowing them to never install Internet Explorer. The European Commission has been better advocate of free-market competition than the American Federal Trade Commission.

    Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.

    1. Re:Importance of Competitive Choices by SydShamino · · Score: 5, Insightful

      Microsoft didn't driver browsers out of the market, Opera was "in the market" the entire time you're referring to.

      That's the "If" in "If Microsoft had succeeded".

      Netscape gave up because their business model was completely undercut by the fact that Microsoft made IE mandatory on every computer sold. Opera survived as a niche, and Mozilla was born from Netscape's ashes, both of which are signs that Microsoft didn't succeed.

      --
      It doesn't hurt to be nice.
    2. Re:Importance of Competitive Choices by supremebob · · Score: 5, Insightful

      That said, if Netscape actually made a browser that was worth a damn during the reign of Internet Explorer 5 and 6, it might still be around today.

      Keep in mind that Internet Explorer is STILL bundled on almost every new PC that's been released in the past ten years, yet competitors like Firefox and Chrome have taken significant market share from it. Why? Because Mozilla and Google finally put out a better product that was faster, more secure, and and cooler features.

    3. Re:Importance of Competitive Choices by Capsaicin · · Score: 4, Insightful

      I'm really confused...

      That's because the real world comes in shades of grey. A free market cannot exist without some intervention of the state. Minimally a state has to defend against Viking raiders and to establish legal property relations.

      Moreover the free market obeys the dialectic of things tending towards their own negation. That is to say the goal of participants in the free market is to eliminate the competition creating a monopoly in a market and thus to defeat the freedom of that market. Rather cruelly, this is when the state is once again required to step in move the goal posts. You've got to feel sorry for successful corporations, don't you?

      --
      Better to be despised for too anxious apprehensions, than ruined by too confident a security. --Edmund Burke
    4. Re:Importance of Competitive Choices by Artifakt · · Score: 5, Insightful

      In the theoretical free market, everyone has perfect knowledge of the values involved. For example, the person signing a mortgage knows everything relevant to the same extent as the bank issuing it. Obviously, that fits your shades of grey model. When a state, for just one example, makes efforts to require people with inside knowledge to reveal it to the people they are negotiating with, that is actually a move towards a perfect free market. Let me repeat that for the people who think they are capitalists but are really Mercantilists or something - State involvement is a fundamental method of getting and preserving free markets, not an anti-market force.
            The theory behind antitrust law is the government has to step in when a monopoly is being abused, not merely because it exists. This can include both situations where a monopoly is damaging other businesses and, alternatively, where it is damaging the public at large.
            Microsoft's influence over the hardware market might be considered an example of damage to other businesses - either established businesses such as Gateway or AMD, or possible startups we may have never heard from. This story, on the other hand, is about a case of possible damage to the public, and has little or nothing to do with the other possible abuses.
            Many of the EU/Microsoft claims have involved damage to other businesses. They don't really prove anything about what Microsoft has done to the public one way or another - this claim has to stand or fall on its own. France's publicising the vulnerability is a move to provide more perfect knowledge, so it's arguably an effort towards a more perfect free market. In fact, it's up to the people criticising France to show how there's a flaw in the action - it's normally what a State should do, some would argue what a State is required to do, and moves things closer to a free market, unless there is a substantial falsehood in France's claim.

      --
      Who is John Cabal?
    5. Re:Importance of Competitive Choices by JAlexoi · · Score: 4, Insightful

      In short: Free market is as much a utopia, as much as communism is a utopia.

  4. Don't switch? by mounthood · · Score: 4, Insightful

    "You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer. That's not going to be good for productivity. And finally, what if your replacement browser itself turns out to contain a vulnerability? Are you going to switch again?"

    That's the sort of shallow, thoughtless attitude that got you stuck with IE6 in the first place.

    --
    tomorrow who's gonna fuss
  5. I blame the IE 'mentality' by brxndxn · · Score: 4, Insightful

    I remember Steve Ballmer screaming 'Developers! Developers! Developers! Developers!' and that has been the IE 'menality' ever since. The mentality is "Give the developers (especially big huge companies like Microsoft, Adobe, Symantec, Google) complete control over the users' computers just by clicking 'ok' in Internet Explorer one time." That has got to be seen as a security hole. Every goddamn piece of software now wants to run as a service, check for updates, annoy the user, and prioritize itself. For example, once you install Adobe Flash, it is there.. on every web page.. despite whether the user might want to choose not to load the annoying flash for that particular web page. I am not complaining just about flash - just about the lack of options to make installed software optional. Why can't I have an option to 'right click, show flash' on all my flash animations? and for that matter.. all other software that wants to open by default without giving me an option to save?

    Here's how I would make IE more secure in a general sense:

    1. Program the 'stop' button as the highest priority. IE is useless if it decides it has to load an entire complicated web page (or malware site) before I can click 'stop' and cancel all of it.

    2. Put options in IE to disallow resizing of IE windows by script, removing of toolbar buttons, preventing the user from resizing windows, and using 100% of system resources to process a web page.

    3. Remove the ability for a 'Windows popup button' to prevent the user from stopping a script. How asinine is it that a web page can merely repeatedly pop up system messages forcing the user to click ok before allowing the user to click stop? IE screws this up royally with Java helping.

    4. Put a 'cookie tracker' right inside Internet Explorer.. Allow the user to control whether a site can modify a cookie. Notify the user (at the bottom status bar - not in his fucking face) that 'a cookie was created or modified' when visiting a web page. User might get suspicious when his favorite porn site tries to modify the 'gmail' cookie.

    5. Never allow web pages to stop me from right-clicking. Fuck you. It's my computer.

    I'm sure there's a whole lot of other things I could say that Microsoft will continue to ignore..

    --
    --- We need more Ron Paul!
  6. This is exactly why I let my kids play with by nedlohs · · Score: 5, Insightful

    the toys we know have been painted with paint with high amounts of lead in it.

    After all, if I took those away from them I'd just be giving myself a false sense of security since it's likely there are some other toys with lead in them that I don't know about.

    Same reason I smoke, sure I know smoking causes cancer but not doing it would just give me a false sense of security given there are numerous other things that also cause cancer.

  7. The Part I don't Get. by jellomizer · · Score: 5, Insightful

    While Microsoft won the browser war they failed their objectives.

    The point of winning the browser war was so Microsoft could change the direction of web standards, eg pushing Active X except for Java Applets. VB script vs Javascript etc. This failed miserably for Microsoft now they are putting time and effort into IE a Free OS Addon to the product and they are not getting anything really out of it. Except for this big push to make IE seem like this great browser they should just well use Firefox it is just as good if not better, we will keep IE going and as secure as possible for a while but will phase it out in about 10 years.

    Staying #1 in the browser market where every version you are pushed to follow everyone elses standards is just a wast of your time and money, espectially when you have a slew of other people making good alternatives. Firefox, Chrome, Safari, etc... That really want to follow the standards. Let IE fall too 20% market share, this is OK.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  8. I'm sick and tired of reading that crap by Anonymous Coward · · Score: 5, Insightful

    Every single time EU regulates USA companies, some Americans come and say "They are just being hard on USA companies". But no. They have been very strict to other companies too (Just google about EU and Samsung, Siemens, ABB, Alstom, Saint-Gobain... The list really goes on. Go ahead, check by yourself. They have been handing out massive fines here and there for anti-competitive practices.).

    It's just that the media in USA doesn't pay that much attention to EU fining european companies. In addition, european countries in general have stricter regulation on national level so antitrust investigations on smaller european corporations are done at that level.

  9. Locks and burglars by Exitar · · Score: 4, Insightful

    Of course if a burglar breaks in my apartment thank to a defect of my lock and steal my fornitures I blame the burglar for the theft.
    But I change my lock afterward.