Slashdot Mirror
France Tells Its Citizens To Abandon IE, Others Disagree
Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.
I wonder how much of this really has to do with security, versus the corporate and technological schism that is quickly developing between the EU and the USA.
It's difficult to say for certain, but in terms of population, economy and global political influence, the EU and USA are becoming very similar. There are indeed some power struggles going on now that they are reaching parity.
Take, for instance, the EU's handling of the acquisition of Sun by Oracle, two mainly-American businesses (although they do have operations in the EU). Regardless of your thoughts on the matter, the EU's involvement has indeed delayed the acquisition, and is having an affect on the viability and value of Sun.
Microsoft is, of course, another one of the large, mainly-American companies that is involved in Europe. Likewise, we've seen them put under far greater scrutiny than we've seen them put under in the USA. And now several major EU players are suggesting that Microsoft's flagship (albeit shitty) software be avoided.
It makes me wonder whether this is really about doing the right thing, which of course is avoiding IE, or whether it's about sticking a thumb up the arse of a prominent American business.
...you know, the place that already doesn't have browser monoculture. Therefore, your premise doesn't hold true - they don't want to shatter IE monoculture, create variation in the market. They just don't want people to use IE.
And especially in Europe, that's very much four engines, not three, with one or two places having Opera as number one browser, few other as number one alternative browser, and in many it has quite respectable usage share.
One that hath name thou can not otter
IOW, they are so unable and unwilling to upgrade from IE6 that ANY CHANGE WHAT SO EVER would be as equally drastic as another.
You could entirely replace their machine with a Mac and they would be no less traumatized than if you simply installed IE8 for them behind their back.
A Pirate and a Puritan look the same on a balance sheet.
France and Germany were both bitterly opposed to the invasion of Iraq and said so numerous times as members of the UN. Rumsfeld dismissed them as "old Europe".
While China seems to be the boogeyman du jour for America, people should keep in mind that the Euro is competing very successfully against the greenback.
Don't Kill the Messenger: Blaming IE for Attacks is Dangerous
Don't obfuscate the message. Blaming IE for being susceptible to attacks is entirely valid.
So is blaming Mozilla, Chrome, Opera, Konquerer, and Safari when they are vulnerable.
It's all nice and tidy to say "The attackers are to blame." But we don't have control over them. We do have control over which software we use. And if we continually abandon less secure software for more secure alternatives, we will have a continually improving software ecosystem. That will not always mean abandoning IE (well, it may not always mean abandoning IE -- seriously, someday IE might be the most secure option -- stop laughing, it could happen, hypothetically), but it does mean always abandoning whoever fucked up most egregiously most recently. Feedback works.
Stop-Prism.org: Opt Out of Surveillance
Ah, yes, because Opera wouldn't have any market share otherwise.
Never mind that it's the number one browser in Ukraine, number one alternative to IE in Russia (and look like it will be number one overall in a few months), and in my backyard that I know about (post-Soviet EU memberstates) it is usually #3 browser hovering between 5 and 10%. Heck, in quite a few of them Opera Mini (the j2me one) is ahead of Safari...
One that hath name thou can not otter
Just because some anti-competitive behavior wasn't stopped long ago, doesn't make it right.
How is distributing IE with Windows any different than the distribution of Window Media Player, which was considered anti-competitive years ago?
Dilbert RSS feed
For any software, if you're running stuff that is basically 12 years out of date, you should expect your setup to be exploitable. You don't see a lot of people running MacOS 8, early revisions of Slackware, or Netscape 5.5 anymore, right? Neglecting to update IE is about the stupidest thing anyone with some regard for their personal security could put off. It's easily the most exploited piece of software in the history of...software. That's what having a near 100% dominance in the very sketchy playing field of the late 90's/early 00's Internet does for you. I'm no Microsoft fan, but anyone who thinks that code that was written 12 years ago is perfectly fine to use nowadays...switching to another browser isn't going to fix their problem. Medication and a good shrink will fix their problem. And maybe a Computer Science course or two. If you never updated the virus defs in your virus scanner...and you got a virus...switching virus scanners isn't going to fix the fact that you're too undisciplined to wait a few seconds and let your virus defs download no matter what setup you use. If people won't update from IE6, you can bet they won't update any other browser they install, either.
Sorry, but if you get exploited running IE6, I have absolutely NO pity for you. You're just plain stupid, and your stupidity most likely has caused you to infect other systems probably more than once. You're like a driver who plows down a couple margaritas before you go out driving on a Sunday afternoon.
It's worth noting they qualified the suggestion by saying "while waiting on Microsoft to fix the vulnerability". It ain't some global indictment against Microsoft like /. suggested.
IE and Safari improve the security of most power users by presenting easy targets whose code base is unrelated to other browsers.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Honestly, if you believe that, then you skipped several versions of Netscape.
I only very grudgingly and unhappily moved to IE during that era because Netscape fell so far behind. I'd go so far as to argue that new releases of Netscape managed to fall behind even previous version of Netscape.
I'm glad that Firefox eventually resulted from that mess and provided real competition again, but let's be honest: IE (temporarily) won the browser wars by default, not because Microsoft strongarmed Netscape out of the market, but because Netscape reached a point where they couldn't even release a browser as good as the last browser they released. It takes a special kind of mismanagement to get that far gone.
The MSRC also classifies them as vulnerable because it's possible (but REALLY hard) to craft an exploit that can get around DEP, ASLR, GS and Protected Mode and all the other IE/Windows security features.
The MSRC is very conservative in their vulnerability ratings even if it makes MSFT products look bad.