Slashdot Mirror

← Back to Stories (view on slashdot.org)

France Tells Its Citizens To Abandon IE, Others Disagree

Posted by ScuttleMonkey on from the just-fix-it-already dept.

Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

10 of 406 comments (clear)

  1. love the recommendation by alain94040 · · Score: 5, Informative

    The link to the official French recommendation is here: CERTA-2010-ALE-001

    Quoting from it (rough translation): "while waiting for the editor [Microsoft] to correct this vulnerability, we recommend people use an alternate browser.

    --
    are you a startup founder looking for co-founders?

  2. Tear down by drDugan · · Score: 5, Insightful

    "Don't Kill the Messenger: Blaming IE for Attacks is Dangerous"

    Actually, IE is not the messenger, its the source of at least one know security hole that participated in this problem.

    The article fails to explain how blaming the software with a known exploit is dangerous.

    They assert it will create a "false sense of security" because there exist other methods of attack (other software with security flaws). Even if they did have support for other security holes, this reasoning is an absurd logical fallacy. Amazingly, the author doesn't even have support for the premise of the illogic it's based on an *implication* from a quote by McAfee CTO George Kurtz.

      FTA:

    The main thing to keep in mind is that these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.

    This is completely absurd FUD. IE *was used*, it is insecure, and there is no fix (yet). These conclusions come right from this article and others.

    Obvious conclusion: use different software. This conclusion is also supported by the long and consistent history of security issues with IE. I think, after reading this and other articles, it is more dangerous to continue to assert that IE is secure.

  3. Importance of Competitive Choices by reporter · · Score: 5, Insightful
    This incident underscores the importance of fighting monopolies and ensuring the availability of competitive choices. If Microsoft had succeeded in driving all other browsers out of the market in 2000, then today, we would not have any other choice and would be forced to use a browser with a dangerous security risk.

    We should applaud the recent work by the European Commission in demanding that Microsoft design their European version of Windows to allow users to choose the browser that they want -- thus, allowing them to never install Internet Explorer. The European Commission has been better advocate of free-market competition than the American Federal Trade Commission.

    Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.

    1. Re:Importance of Competitive Choices by SydShamino · · Score: 5, Insightful

      Microsoft didn't driver browsers out of the market, Opera was "in the market" the entire time you're referring to.

      That's the "If" in "If Microsoft had succeeded".

      Netscape gave up because their business model was completely undercut by the fact that Microsoft made IE mandatory on every computer sold. Opera survived as a niche, and Mozilla was born from Netscape's ashes, both of which are signs that Microsoft didn't succeed.

      --
      It doesn't hurt to be nice.
    2. Re:Importance of Competitive Choices by supremebob · · Score: 5, Insightful

      That said, if Netscape actually made a browser that was worth a damn during the reign of Internet Explorer 5 and 6, it might still be around today.

      Keep in mind that Internet Explorer is STILL bundled on almost every new PC that's been released in the past ten years, yet competitors like Firefox and Chrome have taken significant market share from it. Why? Because Mozilla and Google finally put out a better product that was faster, more secure, and and cooler features.

    3. Re:Importance of Competitive Choices by Artifakt · · Score: 5, Insightful

      In the theoretical free market, everyone has perfect knowledge of the values involved. For example, the person signing a mortgage knows everything relevant to the same extent as the bank issuing it. Obviously, that fits your shades of grey model. When a state, for just one example, makes efforts to require people with inside knowledge to reveal it to the people they are negotiating with, that is actually a move towards a perfect free market. Let me repeat that for the people who think they are capitalists but are really Mercantilists or something - State involvement is a fundamental method of getting and preserving free markets, not an anti-market force.
            The theory behind antitrust law is the government has to step in when a monopoly is being abused, not merely because it exists. This can include both situations where a monopoly is damaging other businesses and, alternatively, where it is damaging the public at large.
            Microsoft's influence over the hardware market might be considered an example of damage to other businesses - either established businesses such as Gateway or AMD, or possible startups we may have never heard from. This story, on the other hand, is about a case of possible damage to the public, and has little or nothing to do with the other possible abuses.
            Many of the EU/Microsoft claims have involved damage to other businesses. They don't really prove anything about what Microsoft has done to the public one way or another - this claim has to stand or fall on its own. France's publicising the vulnerability is a move to provide more perfect knowledge, so it's arguably an effort towards a more perfect free market. In fact, it's up to the people criticising France to show how there's a flaw in the action - it's normally what a State should do, some would argue what a State is required to do, and moves things closer to a free market, unless there is a substantial falsehood in France's claim.

      --
      Who is John Cabal?
  4. This is exactly why I let my kids play with by nedlohs · · Score: 5, Insightful

    the toys we know have been painted with paint with high amounts of lead in it.

    After all, if I took those away from them I'd just be giving myself a false sense of security since it's likely there are some other toys with lead in them that I don't know about.

    Same reason I smoke, sure I know smoking causes cancer but not doing it would just give me a false sense of security given there are numerous other things that also cause cancer.

  5. The Part I don't Get. by jellomizer · · Score: 5, Insightful

    While Microsoft won the browser war they failed their objectives.

    The point of winning the browser war was so Microsoft could change the direction of web standards, eg pushing Active X except for Java Applets. VB script vs Javascript etc. This failed miserably for Microsoft now they are putting time and effort into IE a Free OS Addon to the product and they are not getting anything really out of it. Except for this big push to make IE seem like this great browser they should just well use Firefox it is just as good if not better, we will keep IE going and as secure as possible for a while but will phase it out in about 10 years.

    Staying #1 in the browser market where every version you are pushed to follow everyone elses standards is just a wast of your time and money, espectially when you have a slew of other people making good alternatives. Firefox, Chrome, Safari, etc... That really want to follow the standards. Let IE fall too 20% market share, this is OK.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  6. I'm sick and tired of reading that crap by Anonymous Coward · · Score: 5, Insightful

    Every single time EU regulates USA companies, some Americans come and say "They are just being hard on USA companies". But no. They have been very strict to other companies too (Just google about EU and Samsung, Siemens, ABB, Alstom, Saint-Gobain... The list really goes on. Go ahead, check by yourself. They have been handing out massive fines here and there for anti-competitive practices.).

    It's just that the media in USA doesn't pay that much attention to EU fining european companies. In addition, european countries in general have stricter regulation on national level so antitrust investigations on smaller european corporations are done at that level.

  7. Re:I blame the IE 'mentality' by pyrbrand · · Score: 5, Informative

    Actually, any add on can be enabled for only a specific set of pages. For instance, to restrict the use of Flash in IE8, to go Tools->Manage Add-Ons then under the Adobe published by section, double click the "Shockwave Flash Object" (I don't know why Adobe can't just call it Flash), then under the text field titled "You have approved this add-on to run on the following websites:", click the button "Remove all sites". Now you'll get a gold bar on every site that uses flash in which you can allow the site to run flash or not. Not quite as nice as Flashblock, but still pretty good.