Microsoft To Ship Emergency IE Patch

← Back to Stories (view on slashdot.org)

Microsoft To Ship Emergency IE Patch

Posted by kdawson on Tuesday January 19, 2010 @08:26AM from the advanced-persistent-threat dept.

Grotendo writes "Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend." Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of "groups that can be referred to as the Advanced Persistent Threat."

187 comments

Min score:

Reason:

Sort:

Enough is enough! by LostCluster · 2010-01-19 08:29 · Score: 5, Informative

I'm uploading the IE6 No More code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE. I'm almost thinking we should move from a warning to a service-denying error if this goes much further.
1. Re:Enough is enough! by MrEricSir · 2010-01-19 08:43 · Score: 5, Funny
  
  Why not just exploit their browser's security flaws and wipe their hard drive?
  That way they learn their lesson about safe browsing the old fashioned way.
  
  --
  There's no -1 for "I don't get it."
2. Re:Enough is enough! by Anonymous Coward · 2010-01-19 08:45 · Score: 0
  
  Or distribute the software via the exploit.
3. Re:Enough is enough! by NotBorg · 2010-01-19 08:46 · Score: 1
  
  Sorry, but I need them alive! Muhahahahahahahh! Nom Nom Nom Nom!
  
  --
  I want this account deleted.
4. Re:Enough is enough! by H0p313ss · 2010-01-19 08:50 · Score: 4, Funny
  Pro
  
  Amusing
  Might solve problem
  Cons
  
  Illegal
  Immoral
  Counter proposal: have you tried carpet bombing a small third world country today?
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
5. Re:Enough is enough! by A+Friendly+Troll · 2010-01-19 08:51 · Score: 1, Troll
  
  I'm uploading the IE6 No More code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE.
  Five.
  It's missing Opera, which globally has more users than Chrome, for example, and wtfpwns both IE and Firefox combined market share in certain countries. In most European countries, Opera has more users than Safari and Chrome.
  While the concept is neat, the choices aren't, and they are both offensive and ignorant.
6. Re:Enough is enough! by Archangel+Michael · 2010-01-19 08:53 · Score: 2, Interesting
  
  I'm running similar code on my site, and yet many of the "visitors" are still using IE6. I suspect most of those are bots, because of the traffic pattern looking for Registration and Forum pieces.
  It is sad when you can spot a bot by the UserAgent.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
7. Re:Enough is enough! by whitedsepdivine · 2010-01-19 08:54 · Score: 0
  
  I was going to click on the link, but now I am scared. My company used IE :(
8. Re:Enough is enough! by jhoegl · 2010-01-19 08:56 · Score: 1
  
  One doesnt need to carpet bomb when their buildings are made of a concrete deck of cards.
9. Re:Enough is enough! by Nerdfest · 2010-01-19 09:02 · Score: 1, Interesting
  
  Serious question here: does the Chrome frame for IE6 protect users from this attack? It would be interesting to know, as MS stated that it increased the security exposure (which is true in theory, but generally false in practice from what I've seen, as all attack surfaces are not created equal.)
10. Re:Enough is enough! by stuckinphp · 2010-01-19 09:03 · Score: 1
  
  its wikipedia..
  
  --
  if only
11. Re:Enough is enough! by ArhcAngel · 2010-01-19 09:10 · Score: 1
  
  Considering how many single purpose devices I work on that still use IBM/MS DOS 3.3 I suspect IE6 will be dominant until corporations are forced to migrate to Win7/8. Big companies are spending their money on things that make them MORE money. Upgrading to IE 7/8 is NOT free and since IE6 "works" in the eyes of the boss there is no "need" to upgrade. I'm not aware of an enterprise deployment feature for FireFox or Chrome. I believe Opera may have one but I don't think it is free. Since XP and IE6 for the majority of enterprises is good enough nothing short of Microsoft pulling the plug on XP and thus IE6 will get those entities to address the issue of their IE6 locked web site / application. That time is coming barring any further extensions from Microsoft but it is still years away (currently 4/8/2014). Where I work they have taken 2 years rewriting our intranet web applications to work with IE7 but as of yet have no plans to migrate anyone and simply roll IE7 to new builds...of XP Pro. But feel free to continue to deride IE6 users sternly to your hearts content as they stare back with that deer in the headlights gaze.
  
  --
  "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
12. Re:Enough is enough! by dgatwood · 2010-01-19 09:10 · Score: 3, Informative
  
  No. Chrome frame is only active if a page specifically codes for it. Otherwise, it does nothing. An attack page would not typically include code for a workaround.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
13. Re:Enough is enough! by h4rr4r · 2010-01-19 09:22 · Score: 0
  
  Enterprise deployment of Firefox is dead easy, just use the portable one and make an msi of it. Lots of tools to customize it.
  No there is no group policy doo-dad for it, but those are near useless tools for drooling morons anyway.
14. Re:Enough is enough! by NatasRevol · 2010-01-19 09:22 · Score: 3, Funny
  
  Just drop carpets!
  
  --
  There are two types of people in the world: Those who crave closure
15. Re:Enough is enough! by negRo_slim · 2010-01-19 09:26 · Score: 0
  I'm uploading the IE6 No More [ie6nomore.com] code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE. I'm almost thinking we should move from a warning to a service-denying error if this goes much further.
  
  Pro
  
  Amusing
  
  Might solve problem
  Defiantly amusing, but I doubt any web master worth his or her salt would put that up and not expect to come across as lazy and childish.
  --
  On the Oregon Cost born and raised, On the beach is where I spent most of my days
16. Re:Enough is enough! by GF678 · 2010-01-19 09:27 · Score: 2, Informative
  
  I'm uploading the IE6 No More code to my website now. There's a point where users of outdated software need to be told there's four major cost-free options, including a much updated version of IE if they want to stick with IE. I'm almost thinking we should move from a warning to a service-denying error if this goes much further.
  I'm sure corporate users who have IE6 forced upon them will appreciate it if they try to view your site.
  I'm sure your response would be "well they can bring it up with their IT department and use it as a way to persuade the upgrade". Doesn't work like that in the real world, particularly if old IE6-only compatible web apps are still in use.
17. Re:Enough is enough! by Ogive17 · 2010-01-19 09:28 · Score: 1
  
  I've asked our local IT guy (contractor) if the company had any plans to upgrade from IE 6 and he said no. Our HQ is on the left coast and that's where the ISD dept. resides. There are probably a couple applications that won't work properly with any other browser and that's keeping us with 6. Around the country we probably have a couple thousand work stations.
  
  I don't know anyone else who uses IE and hasn't upgraded to IE8.
  
  --
  "Action without philosophy is a lethal weapon; philosophy without action is worthless."
18. Re:Enough is enough! by stokessd · 2010-01-19 09:31 · Score: 1
  
  That's a very good point. And all corporations will tell you that the only surfing you should be doing should be work related, so if you follow that rule, your chances of getting owned even on IE6 are pretty low.
  Now I'm posting to slashdot during work hours, and I'm not even an IT guy, so you can see how followed that policy is. At least I'm on firefox.
  Sheldon
19. Re:Enough is enough! by Drethon · 2010-01-19 09:32 · Score: 1
  
  Could you also convince my place of buisness that making IE6 the manditory browser and not allowing installation of any other browser is a very lousy idea?
20. Re:Enough is enough! by ZeRu · 2010-01-19 09:38 · Score: 0
  
  Wiping one's hard drive just because they use IE6 is just too harsh...I prefer redirection to goatse.
  
  --
  If you post as an AC, don't expect me to spend a mod point on you.
21. Re:Enough is enough! by Culture20 · 2010-01-19 09:39 · Score: 1
  
  I don't know anyone else who uses IE and hasn't upgraded to IE8.
  I know several companies and some university departments. IE6 intranet applications are the dumbest thing in the world, but the "If it ain't broke don't fix it" mantra doesn't consider security when gauging levels of "broke", only whether the intended purpose still works, and that's a business decision, not Infosec/IT decision.
22. Re:Enough is enough! by Anonymous Coward · 2010-01-19 09:41 · Score: 1
  
  I believe you need to read this.
  http://www.d-e-f-i-n-i-t-e-l-y.com/
23. Re:Enough is enough! by PopeRatzo · 2010-01-19 09:43 · Score: 1
  
  Opera, which globally has more users than Chrome
  By "globally" do you mean "in your head"?
  According to marketshare.hitslink.com, as of December 2009 Safari had 2.4% of the browser market share. Chrome had 4.63%
  Over at gs.statcounter.com, as of January 10, 2010 Opera had 1.98% and Chrome had 5.88%.
  
  --
  You are welcome on my lawn.
24. Re:Enough is enough! by zonky · 2010-01-19 09:43 · Score: 1
  
  Rubbish. There exploits are commonly deployed via ad networks or 0wned legitimate sites. There is no such thing as a "safe" page and/or site.
25. Re:Enough is enough! by H0p313ss · 2010-01-19 09:45 · Score: 1
  
  * /me adds "Defiantly Amusing" as a bullet point to his CV*
  
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
26. Re:Enough is enough! by happy_place · 2010-01-19 09:49 · Score: 0, Flamebait
  
  Why not just exploit their browser's security flaws and wipe their hard drive?
  Why not exploit their browser's security flaw, to install Chrome or Firefox on their machine and disable IE? Remap the icon, they probably wouldn't even know anything had changed... well other than it worked faster and better...
  
  --
  http://www.beanleafpress.com
27. Re:Enough is enough! by denis-The-menace · 2010-01-19 09:53 · Score: 1
  
  You must have a lot of pull or have a competent PHB.
  Most places that start to consider FF stop when they find out there is no MSI *created by* the makers of FF.
  You can get GPOs and pre-built MSI for FF but again, NOT by the makers of FF.
  But this will soon be moot.
  When Google *does* release an MSI for Chrome, FF will not be able to get into Corps because by then it will be too late.
  Wake-up Mozilla!
  
  --
  Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
28. Re:Enough is enough! by RajivSLK · 2010-01-19 09:59 · Score: 1
  
  No Save IE6! It keeps us employed!
  http://www.saveie6.com/
29. Re:Enough is enough! by Dumnezeu · 2010-01-19 10:02 · Score: 1
  
  Why not slip a copy of Firefox as their default browser and remove the Internet Explorer shortcuts, by exploiting the bug? Of course, this depends on the laws of the country where you host your website.
  
  --
  Yes, it's sarcasm. Deal with it!
30. Re:Enough is enough! by Beardo+the+Bearded · 2010-01-19 10:04 · Score: 1
  
  I'm using IE6 right now, you insensitve clod.
  Why, you ask, is an Electrical Engineer -- one who reads /., has acted as a sys admin for two start-ups, uses Linux at home (and Puppy for the kids, that's right, my 6-year-old uses Linux) and has over 25 years of programming and networking experience)-- using IE6, a browser that MS itself has said, "oh god, please ditch it"?
  Because I'm at work and some of the legacy applications here require it.
  Have you got a solution? I'd love to hear it because I'd get a big fat bonus for a process improvement.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
31. Re:Enough is enough! by Anonymous Coward · 2010-01-19 10:05 · Score: 0
  
  Exept if it is an attack page made by Microsoft...
32. Re:Enough is enough! by A+Friendly+Troll · 2010-01-19 10:28 · Score: 1
  
  By "globally" do you mean "in your head"?
  No, I mean "globally".
  See this for an example: http://my.opera.com/haavard/blog/2010/01/02/odd-browser-stats
  Google *themselves* claim 40 million Chrome users. Opera Mini alone has more users than Chrome, not to mention the desktop version. And yet Chrome is represented by having ten times Opera Mini's market share according to those stats sites. Right...
  There's also this http://my.opera.com/dstorey/blog/2009/03/16/a-look-at-desktop-market-share-cis-edition this http://my.opera.com/dstorey/blog/2009/03/16/desktop-market-share-former-yugoslavia-edition and this http://my.opera.com/dstorey/blog/desktop-market-share-baltic-edition and this http://my.opera.com/dstorey/blog/desktop-market-share-central-eastern-europe-edition ...
  Whether you like it or not, Opera is *massive* in Europe and has a far greater market share than you'd like to believe.
  For that reason, the stupid code on "IE6 No More" site is insulting.
33. Re:Enough is enough! by Mister+Whirly · 2010-01-19 10:34 · Score: 1
  
  That wouldn't be very defiant now, would it? Maybe it is YOU who needs spelling lessons. "Defiantly" is a word, and is spelled correctly. And (completely unintentionally most likely)the meaning actually works in this case.
  
  --
  "But this one goes to 11!"
34. Re:Enough is enough! by Anonymous Coward · 2010-01-19 10:49 · Score: 0
  
  umm, run portable firefox without actually installing anything? install chrome to your appdata folder? there has got to be a way.
35. Re:Enough is enough! by anexkahn · 2010-01-19 10:49 · Score: 1
  
  or exploit their flaw to install a better browser :)
  
  --
  Curious about Storage and Virtualization? Check out
36. Re:Enough is enough! by twidarkling · 2010-01-19 10:53 · Score: 1
  
  I love you in a completely platonic fashion.
  
  --
  Canada: The US's more awesome sibling.
37. Re:Enough is enough! by bunratty · 2010-01-19 10:55 · Score: 1
  
  Opera is massive in Eastern Europe. On Russian, Ukrainian, and Polish sites it makes sense to push Opera. But does it make sense to push Opera to English users, based on Opera usage on mobile devices, when most visitors to the site are using a desktop browser? A study done by a Mozilla employee shows users are more willing to switch to Chrome or Firefox. Few users of non-Opera browsers are willing to switch to Opera.
  
  --
  What a fool believes, he sees, no wise man has the power to reason away.
38. Re:Enough is enough! by bunratty · 2010-01-19 11:01 · Score: 1
  
  You can also get the FrontMotion Firefox MSI. Mozilla is also working on their own MSI builds of Firefox.
  
  --
  What a fool believes, he sees, no wise man has the power to reason away.
39. Re:Enough is enough! by xactuary · 2010-01-19 11:07 · Score: 0
  
  It's not a bug, it's a feature! Call it a web application, for the purpose of wiping your hard drives which, from time to time, everyone needs to do.
  
  --
  Say hello to my little sig.
40. Re:Enough is enough! by LostCluster · 2010-01-19 11:10 · Score: 1
  
  What's the app and why does it insist on IE6? Can it be tested on one IE8 virtual machine? If the app vendor was still around they most likely would love to sell an upgrade...
41. Re:Enough is enough! by FictionPimp · 2010-01-19 11:14 · Score: 1
  
  That is no longer a valid excuse. The cost of upgrading to apps that support a recent version of IE should be significantly less then the cost of cleaning up after IE6.
  Of course their not going to do it until it bites them in the ass over and over, which is why I am happy every time I see an IE6 user get exploited. I've spent the last year of my life re-writing applications to be browser neutral for my job, so at least some companies are getting it.
42. Re:Enough is enough! by FictionPimp · 2010-01-19 11:15 · Score: 1
  
  We are looking to migrate to IE8 in the next 3 months actually. We are currently on IE7. All of our applications work in any browser now. The only main issue is testing that the IE8 push won't break any workstations.
43. Re:Enough is enough! by FictionPimp · 2010-01-19 11:16 · Score: 1
  
  How about you gauge the cost of a security breach that will eventually happen against the cost of not using legacy applications.
44. Re:Enough is enough! by Anonymous Coward · 2010-01-19 11:17 · Score: 0
  
  I'm uploading the IE6 No More [ie6nomore.com] code to my website now.
  Woa, that's epic. The 2 Firefox and 1 Opera users that have have seen your site last month will also agree.
45. Re:Enough is enough! by washu_k · 2010-01-19 11:32 · Score: 1
  
  Not in my experience. We still have IE6 on over 90% of the desktops where I work, mostly due to legacy apps. While we do get the occasional problem with it, 90%+ of the drive by downloads are from buggy JREs from Sun that we can't upgrade due to other legacy apps. Most of the Java apps are still far newer than the IE6 ones and less likely to be replaced anytime soon.
  
  Most of the remaining drive by downloads are Adobe Flash or Reader related. IE6 is really a small problem and cost in comparison.
46. Re:Enough is enough! by PopeRatzo · 2010-01-19 11:39 · Score: 2, Funny
  
  Oh, an Opera website says it's widely used on in the former Yugoslavia!
  Tell you what: Find some market share data not on an Opera website and we can talk.
  What's really funny is, if you click on the first link in the story on the Opera website, do you know what it links to? (wait for it...)
  That's right, the first link in the Opera article about how they have more users than Chrome links to the market share data that I sited above, which shows Chrome at more than twice Opera's market share.
  In fact, the story that the Opera story links to breaks out the market share for Opera Mini (0.53%), which, if you add it to the market share for Opera (2.43%) still comes to considerably less than Chrome's 4.63%. And those are December numbers. If you look at more recent numbers (see the link in my comment above) Chrome's lead is bigger.
  Maybe it's possible to have more users and still less market share, but it's more probably that Opera is being a little bit, um, exuberant in their analysis of the statistics. It wouldn't be the first time that a company painted an extra-rosy picture of the facts.
  
  --
  You are welcome on my lawn.
47. Re:Enough is enough! by Gilmoure · 2010-01-19 11:40 · Score: 1
  
  Yup, my company has had to spend some cash on developers to upgrade various web apps that only work with IE6. We were warning them about this in 2007 but it took transitioning to Vista and IE7 to finally get them to cut loose with the $$$. Silly management.
  
  --
  I drank what? -- Socrates
48. Re:Enough is enough! by Runaway1956 · 2010-01-19 11:44 · Score: 1
  
  Platonic? What new form of deviancy is this? Next, we'll be hearing of platonic rights, and platonic marriages, and platonic tax deductions! There should be a law!
  BTW - to all you virgins out there: THANKS FOR NOTHING!!
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
49. Re:Enough is enough! by LostCluster · 2010-01-19 11:47 · Score: 1
  
  If Google started saying "You can't search until you upgrade!" they'd get the clue rather quickly. Google has reason to kill off IE6... it was the weapon used to attack them in China. Your IT desk likely uses Google multiple times a day... so a Google outage would get attention rather quickly.
50. Re:Enough is enough! by binary+paladin · 2010-01-19 11:52 · Score: 1
  
  Tell that to YouTube.
  Thankfully, next-gen webapps are going to be the death of IE6 because in another year nothing is going to support it anymore. IE7 will die at a much faster pace.
51. Re:Enough is enough! by Runaway1956 · 2010-01-19 11:58 · Score: 2, Informative
  
  "If it ain't broke don't fix it"
  Correct. And, it's time to make the decision makers understand that it's broken. If it isn't broken enough to convince them, then LET'S BREAK IT MORE!!
  Most of the rest of what I read here today is just so much whining and sniveling, from one side or the other.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
52. Re:Enough is enough! by Hurricane78 · 2010-01-19 12:22 · Score: 1
  
  If you got more free CPU power than all super-computers combined, you would just throw that away?
  I don’t think so... ^^
  I’d go straight to cracking every important security code on the planet. Federal reserve, CIA, every intelligence agency of every important country, every military lab, every weapons remote control (especially for nukes). And then I’d start making one single demand. One that would be impossible to undo, and would change the world forever.
  Meet it or you’re done.
  Pff, you gotta think big! You’re just not made to join my Evil (actually Good) Overlord World Domination Club!
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
53. Re:Enough is enough! by h4rr4r · 2010-01-19 12:27 · Score: 1
  
  You do realize you can make your own msi's right?
  Very easy, there is even free software to do it.
54. Re:Enough is enough! by icebraining · 2010-01-19 12:31 · Score: 1
  
  Using IE6 for that app, other browser for all the rest. Unless you're prohibited from running another browser; then having sites lock IE6 off can accelerate the transition, so they're helping you in the long run.
  
  --
  Dilbert RSS feed
55. Re:Enough is enough! by Beardo+the+Bearded · 2010-01-19 12:31 · Score: 1
  
  I don't have admin rights and USB devices are restricted.
  I had to get permission to plug in a USB-charged bike light.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
56. Re:Enough is enough! by FatdogHaiku · 2010-01-19 13:15 · Score: 1
  
  Why not just exploit their browser's security flaws and wipe their hard drive?
  That way they learn their lesson about safe browsing the old fashioned way.
  Because I like my asshole at it's current diameter, and I fear that blatantly violating the law could soon be followed by someone blatantly violating said asshole...
  
  What I do is go to every machine I am asked to look at and I add this reg key (with owners permission):
  _______________________________
  Windows Registry Editor Version 5.00
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe] "Debugger"="cmd.exe /c echo %time% %date% >> c:\\ExecBlocked.log"
  _______________________________
  You can delete it manually or just put a minus inside the first square bracket to remove the block...
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
57. Re:Enough is enough! by ikarigullwing · 2010-01-19 13:54 · Score: 1
  
  Hear hear!
58. Re:Enough is enough! by indi0144 · 2010-01-19 14:37 · Score: 1
  
  >> have you tried carpet bombing a small third world country today?
  
  Why not, seem to be the latest fad, but just until MTV does a reality for that.
  
  More on topic, You can recover your data, but you can't recover human lives. If you kill someone to teach him a lesson, well... If you fuck the productivity/pocket for someone for a few days SURE they will get the facts. Illegal? maybe the same as vendor lock some PHB to IE6 powered crap, Immoral? Stopping web development for years it is.
  
  That said, let there be an idea storm:
  
  http://slashdot.org/comments.pl?sid=1515018&cid=30816840
  
  I bet this all reduces to the fact that if we bitch too loud IE6 will lower marketshare and scrip kiddies will be on emo mode.
59. Re:Enough is enough! by v1 · 2010-01-19 14:45 · Score: 1
  
  I don't have admin rights and USB devices are restricted.
  So you're telling us that your company's security relies on telling their employees what usb devices not to plug in?
  Isn't that like replacing your deadbolt with a "DO NOT ENTER" sign?
  
  --
  I work for the Department of Redundancy Department.
60. Re:Enough is enough! by Anonymous Coward · 2010-01-19 14:55 · Score: 0
  
  Why not just exploit their browser's security flaws and wipe their hard drive?
  Better suggestion, exploit their browser's security flaws and upgrade their browser for them!
  Not only does this help them, it helps all the other internet users by removing more potential bots.
  Car analogy: It is like going around and replacing bald tyres on cars with fresh ones at no cost to the owner (as opposed to your original suggestion of torching the car). The car may drive slightly differently, but it will be safer for them and everyone around them.
61. Re:Enough is enough! by aliddell · 2010-01-19 15:10 · Score: 1
  
  Sweet deal. You missed the point, unfortunately. Language involves consciously conveying your meaning through your choice of medium, not stumbling onto an unrelated meaning entirely by accident.
  
  --
  What do you think, sirs?
62. Re:Enough is enough! by Anonymous Coward · 2010-01-19 15:38 · Score: 0
  
  I don't have admin rights and USB devices are restricted.
  I just told you that you do not need admin rights. Either one of the solutions I mentioned in my previous post will work with a limited user account. No need for usb either, just download portable firefox to your desktop and run the executable file. Or are you prevented from downloading anything containing an executable?
  If this works then you _should_ also be able to install Chrome (or Chromium), because they will only install to the user's local appdata folder, rather than Program Files. This is exactly what I plan to do when my company moves everyone to thin clients and virtualized desktops (right now I have a laptop with admin rights).
  
  I had to get permission to plug in a USB-charged bike light.
  LOL that is ridiculous. I'm glad I don't have to work there.
63. Re:Enough is enough! by jhol13 · 2010-01-19 15:40 · Score: 1
  
  My reply would be: "I hope you are happy with Windows 95, and, btw, thanks for not competing with us."
64. Re:Enough is enough! by Hucko · 2010-01-19 16:40 · Score: 1
  
  Mutation in action baby; not much to say now that your intelligent design has been trumped?
  
  --
  Semi-automatic amateur armchair Australian philosopher; conjecture ready at any moment...
65. Re:Enough is enough! by Anonymous Coward · 2010-01-19 17:17 · Score: 0
  
  Hurry! Someone register ie7nomore.com, ie8nomore.com, ie9nomore.com...
66. Re:Enough is enough! by Killjoy_NL · 2010-01-19 20:16 · Score: 1
  
  whoops, replying to undo a troll mod, I missclicked, sorry, wanted to go for funny.
  
  --
  This is the sig that says NI (again)
67. Re:Enough is enough! by myspace-cn · 2010-01-19 20:33 · Score: 1
  
  Damn good thing you didn't install PROTOOLS cause IE8 breaks that.
68. Re:Enough is enough! by Anonymous Coward · 2010-01-19 23:51 · Score: 0
  
  You do realize you completely missed the point?
69. Re:Enough is enough! by aliddell · 2010-01-20 02:14 · Score: 1
  
  Probably need a few thousand generations to find out one way or another. See you then.
  
  --
  What do you think, sirs?
70. Re:Enough is enough! by Anonymous Coward · 2010-01-20 05:00 · Score: 0
  
  Ahh, go on and click it, you sissy.
71. Re:Enough is enough! by Anonymous Coward · 2010-01-20 09:18 · Score: 0
  
  You realize people can change their user agent in their registry, right?
72. Re:Enough is enough! by Anonymous Coward · 2010-01-20 09:45 · Score: 0
  
  I might be wrong about that.
73. Re:Enough is enough! by Anonymous Coward · 2010-01-20 15:59 · Score: 0
  
  Nah, this mutation worked in the first generation.
74. Re:Enough is enough! by H0p313ss · 2010-01-21 06:00 · Score: 1
  
  Slashdot: Rise of the Mutants
  
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
No comment? by VojakSvejk · 2010-01-19 08:31 · Score: 1

I think microsoft have commented on the firestorm... wonder why Ballmer wanted to make it out as no big deal?
1. Re:No comment? by LostCluster · 2010-01-19 08:34 · Score: 1
  
  Yep... Microsoft will never shut down or not censor bing.cn... er, wait a second!
Quoth the TFA by McBeer · 2010-01-19 08:32 · Score: 2, Informative

targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser
IE 6 hasn't been Microsoft's flagship browser for 4 years.

--
Hikery.net - The best hiking site ever. Made by yours truly.
1. Re:Quoth the TFA by LostCluster · 2010-01-19 08:37 · Score: 1
  
  Yep, and it's almost wrong to be asking Microsoft to patch something as old as IE6 or XP at this point. Maybe OS licenses should say "You may use this program for 5 years." instead of perpetually because you're a danger to other people's systems when you don't update to modern software.
2. Re:Quoth the TFA by Anonymous Coward · 2010-01-19 08:48 · Score: 0
  
  Glad I still use IE 5.5 then, to avoid this issue with IE6.
  Actually, its due to limitations. I have a VM running Win95 for old software that I have not found a current replacement for. I ran all of the updates, and it took me to IE 5.5. Trying Firefox 2.0, and it would not allow it to run.
  Luckily, I dont need to browse much, so 5.5 is good enough.
3. Re:Quoth the TFA by poetmatt · 2010-01-19 08:59 · Score: 2, Informative
  
  it does, however, share the same vuln with IE7 and IE8. So maybe it's more appropriate as "microsoft's web browser" (irrespective of version) is at fault.
4. Re:Quoth the TFA by igadget78 · 2010-01-19 09:05 · Score: 2, Insightful
  
  Yep, and it's almost wrong to be asking Microsoft to patch something as old as IE6 or XP at this point. Maybe OS licenses should say "You may use this program for 5 years." instead of perpetually because you're a danger to other people's systems when you don't update to modern software.
  Maybe not, but when you work at a hospital in the IT department and your patient critical applications are still relying on IE6 because the vendor who wrote it sucks and can't figure out how to make it work with an updated browser, you appreciate that Microsoft, however insistant they are on dropping that old clunker of an app, is at least trying to resolve it.
5. Re:Quoth the TFA by IshmaelDS · 2010-01-19 09:20 · Score: 2, Informative
  
  True IE 6 hasn't but if you read the microsoft bulletin it also says that IE 7 and 8 share the vulnerability. http://www.microsoft.com/technet/security/advisory/979352.mspx "Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable."
  
  --
  letting an idiot know they are an idiot is not a game... it's a responsibility. - by Kristopeit, M. D. (1892582)
6. Re:Quoth the TFA by c-reus · 2010-01-19 09:34 · Score: 1
  
  are IE6 and IE8 different browsers or different versions of the same browser?
7. Re:Quoth the TFA by thetoadwarrior · 2010-01-19 09:41 · Score: 2, Informative
  
  Because some companies have contracts with MS that have them on Win2k until (if I recall correctly) until the extended support is over which is this summer so MS can't really tell IE6 users to fuck off completely.
  
  I'm sure they could get out of the contract at an unnecessary cost. MS made this mess and unfortunately we're stuck with it for awhile longer. Hopefully once the extended support is over then companies will start dumping their old stuff and upgrading.
  
  In my opinion this shouldn't matter to most sites because they're not meant for business customers. It doesn't matter if Youtube, for instance, works on IE6 as far as I'm concerned. Anyone on IE6 for their home PC should be excluded until they get a real browser.
8. Re:Quoth the TFA by PopeRatzo · 2010-01-19 09:50 · Score: 1
  
  you work at a hospital in the IT department and your patient critical applications are still relying on IE6
  Do you mind sharing the name of the hospital so I can tell the ambulance driver where not to go the next time I choke on a cheesy poof?
  If they're using IE6 for "critical patient apps" there's probably a good chance that they'll try to cure my blocked windpipe by putting leeches on me or trepanning me or something.
  
  --
  You are welcome on my lawn.
9. Re:Quoth the TFA by Antiocheian · 2010-01-19 09:55 · Score: 1
  
  I am using XP and I "almost" feel guilty after reading your post.
10. Re:Quoth the TFA by Anonymous Coward · 2010-01-19 10:14 · Score: 0
  
  Doctor's journal: Patient complains from a slight breathing issue. Will investigate.
  Patient agrees to trepanning procedure, will perform in the morning.
  Trepanning successful, patient no longer complaining.
  What's the problem again?
11. Re:Quoth the TFA by twidarkling · 2010-01-19 10:59 · Score: 1
  
  I'd say IE 8 is a different beast on the same underlying engine, like a game running on the UT III engine is different than UT III. 7, though, is just 6 with a facelift.
  
  --
  Canada: The US's more awesome sibling.
12. Re:Quoth the TFA by LostCluster · 2010-01-19 11:42 · Score: 1
  
  And I'm sure Microsoft is regretting those agreements now... they'd much rather sell 7 than support 2000.
13. Re:Quoth the TFA by Hurricane78 · 2010-01-19 12:34 · Score: 1
  
  To be fair, IE6 can’t be defined as a browser for 4 years anyway. ;)
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
14. Re:Quoth the TFA by gmhowell · 2010-01-19 13:24 · Score: 1
  
  While your point is made and understood, there are actually a few studies showing that both leeches and trepanning (or a modern day equivalent) have some valid therapeutic uses. No, I'm not going to bother with a cite as they're from some medical journals (dead tree, father is a traditionalist) which are at home.
  
  --
  Jesus was all right but his disciples were thick and ordinary. -John Lennon
15. Re:Quoth the TFA by Anonymous Coward · 2010-01-19 13:58 · Score: 0
  
  I would call IE 8 more of a face lift of IE 7 than IE7 was a face lift of IE6.
16. Re:Quoth the TFA by Anonymous Coward · 2010-01-19 23:22 · Score: 0
  
  Yep, and it's almost wrong to be asking Microsoft to patch something as old as IE6 or XP at this point.
  It's MS who commited themselves to carry on supporting it, so it's a bit bizarre to suggest it's wrong to want them to fullfill that pledge.
  It's also MS who put all the proprietry non-standard crap in IE6 that makes it so hard for some companies to upgrade.
  And as for upgrading to a more recent MS browser, everyone except MS says that IE7 and IE8 are also vulnerable to some degree to this same issue, and proof of concept exploits are probably only a few days away.
Countering attacks? by jhol13 · 2010-01-19 08:33 · Score: 3, Interesting

Microsoft is not "countering the targeted attacks".
Unless of course the German and France CERT teams recommendation to ditch IE is considered one.
1. Re:Countering attacks? by xactuary · 2010-01-19 16:48 · Score: 0
  
  Germany and France: Internet Explorer 8 is the latest in a Maginot Line of browsers.
  
  --
  Say hello to my little sig.
I have the patch details: by rehtonAesoohC · 2010-01-19 08:33 · Score: 4, Funny

It uninstalls all versions of Internet Explorer and installs Firefox with Adblock pre-installed.

Bravo Microsoft!
1. Re:I have the patch details: by NotBorg · 2010-01-19 08:51 · Score: 1
  
  Typical Microsoft patch. It side steps the real issue: not having Noscript pre-installed too.
  
  --
  I want this account deleted.
2. Re:I have the patch details: by Monkeedude1212 · 2010-01-19 08:57 · Score: 2, Funny
  
  It also sets the DNS to itself and caches anything you might have had saved in your browser history.
  That way, you still seemingly visit the same sites you always do, just they never get updated, and you are completely secure from everything on the net!
IE is only good at one thing... by jameskojiro · 2010-01-19 08:36 · Score: 2, Insightful

And that is running Windows Update and it isn't that good at doing that....

--
Tsukasa: All I really want, is to be left alone...
1. Re:IE is only good at one thing... by meheler · 2010-01-19 08:46 · Score: 4, Interesting
  
  The sound of Windows update running is drilled into my mind forever.. Click.. click click click.. click. click.. click click click click click.
  My mind constantly asking "what the.. i haven't clicked a damned thing"
2. Re:IE is only good at one thing... by indraneil · 2010-01-19 08:46 · Score: 1
  
  Just an FYI, but Windows update does not need IE on Vista and beyond
3. Re:IE is only good at one thing... by Quantumstate · 2010-01-19 08:48 · Score: 2, Insightful
  
  All I know is that three certain windows updates have been drilled into my Vista boot process for ever. Did someone really intentionally program an update process so that if it failed it would just try again?
4. Re:IE is only good at one thing... by QuantumRiff · 2010-01-19 08:53 · Score: 2, Informative
  
  Shh, don't tell anyone...
  >wuauclt /detectnow
  Forces the update.exe agent to check.
  
  --
  
  What are we going to do tonight Brain?
5. Re:IE is only good at one thing... by Enderandrew · 2010-01-19 08:55 · Score: 1
  
  I really enjoy that in Vista and 7, Windows Update is a standalone app. I don't have to fire up IE to grab updates.
  
  --
  http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
6. Re:IE is only good at one thing... by Nightspirit · 2010-01-19 09:02 · Score: 1
  
  You clearly haven't used IE in years, or you are just trolling. IE8 handles tabs much better than Chrome or Firefox, and unlike firefox IE is sandboxed (this exploit doesn't affect ie8 in win7), to get similar functionality in firefox you have to install noscript and individually handle every single new website you go to. The problem with IE isn't its compliance to standards or acid tests (no one cares except web developers) it is that its snail slow. The UI is atrocious but firefox really isn't any better. So I'm not accused of astroturfing my main browser is firefox (it used to be chrome, but I got tired of the horrible bookmark system).
7. Re:IE is only good at one thing... by jameskojiro · 2010-01-19 09:16 · Score: 2, Interesting
  
  How many people on slashdot still run XP to avoid the bloat of Vista/7.
  Quite a few I would imagine....
  
  --
  Tsukasa: All I really want, is to be left alone...
8. Re:IE is only good at one thing... by Anonymous Coward · 2010-01-19 09:33 · Score: 0
  
  Or run Mac to avoid the bloat of Microsoft entirely.
9. Re:IE is only good at one thing... by dedazo · 2010-01-19 09:40 · Score: 1
  
  And that is running Windows Update
  Welcome to 2004, where we run WU as a standalone service that does not require IE at all.
  What other unnecessary things do you do with IE? We stopped bathing the cat with it as well. In 2002, if I recall.
  (actually the only thing I use it for these days is OWA, but OWA is so nice that I don't mind at all)
  
  --
  Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
10. Re:IE is only good at one thing... by Nakor+BlueRider · 2010-01-19 09:43 · Score: 1
  
  I don't know, that is probably fading slowly with time. When I bought my laptop it had Vista on it, and rather than downgrade to XP to get the most out of my system, I just installed Ubuntu to speed things up instead. It's probably not all that uncommon of a solution (at least among those who would consider changing their OS in the first place).
11. Re:IE is only good at one thing... by recoiledsnake · 2010-01-19 09:49 · Score: 1
  
  Windows 7 is actually almost as fast as XP. That's really good accounting for the numerous improvements made to the OS in the intervening 9 years. Almost every new software release requires better hardware, including Gnome and KDE.
  
  --
  This space for rent.
12. Re:IE is only good at one thing... by jim_v2000 · 2010-01-19 09:52 · Score: 1
  
  7 isn't particularly bloated.
  
  --
  Don't take life so seriously. No one makes it out alive.
13. Re:IE is only good at one thing... by hairyfeet · 2010-01-19 10:03 · Score: 2, Insightful
  
  And you, dear nightspirit, didn't read TFA did you? Here, let me highlight a relevant passage for you..."While the public exploit only targets Internet Explorer 6 without DEP, Vupen Security has confirmed code execution with Internet Explorer 8 and DEP enabled," the company said in an e-mail. "Enabling DEP will only protect users from current exploits."
  TL:DR? IE8 is totally pwned as well. They just haven't released the script into the wild yet. When they do any script kiddie can pwn ANY MSFT browser, from 6 on up, DEP or not. So I really wouldn't be recommending IE to...well anyone at this point.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
14. Re:IE is only good at one thing... by Yvanhoe · 2010-01-19 10:06 · Score: 1
  
  To be fair it is also a good firefox downloader.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
15. Re:IE is only good at one thing... by Anonymous Coward · 2010-01-19 10:08 · Score: 0
  
  So 9 years later, with 9 years of hardware advances, they can release software that is almost as fast as it was 9 years ago? Astounding!
16. Re:IE is only good at one thing... by Anonymous Coward · 2010-01-19 10:15 · Score: 0
  
  When you really think about it, isn't that kind of silly? If you want to avoid Windows bloat you'd either run Windows 2000, Windows 3.0, or more likely another OS entirely.
17. Re:IE is only good at one thing... by uassholes · 2010-01-19 10:15 · Score: 2, Insightful
  
  How is requiring faster hardware an improvement?
18. Re:IE is only good at one thing... by recoiledsnake · 2010-01-19 10:17 · Score: 1
  
  Err did you fail Reasoning 101? You forget all the new features, UI and security in Windows 7 compared to Windows XP which take up lots of resources. It's the same case with almost any other software, as hardware becomes more powerful, more features are added. If you want ultimate speed, go run Windows 95 or DOS 6.22 or Windows 3.1 on modern hardware, but dont' complain when USB ports don't work.
  
  --
  This space for rent.
19. Re:IE is only good at one thing... by recoiledsnake · 2010-01-19 10:21 · Score: 1
  
  Read my post again. Improvements like better UI, better security, more features etc. etc. need faster hardware.
  
  --
  This space for rent.
20. Re:IE is only good at one thing... by ITJC68 · 2010-01-19 10:31 · Score: 1
  
  I would second that. I have three installations at home of windows 7. Two systems upgraded from Vista. That was by far the best update you could get for windows. Vista = bloated and slow before the service packs and even then was slower. Windows 7 much faster and what Vista should have been to begin with.
21. Re:IE is only good at one thing... by Nightspirit · 2010-01-19 10:33 · Score: 1
  
  Wow, big surprise, security company creates an exploit for money. That doesn't change the fact that the current 0 day doesn't affect IE8 on windows 7. Exploits are found and patched all the time in firefox, safari, and chrome. Hell in the Pwn2Own contests safari is always first to be cracked, Chrome currently has an unpatched critical vulnerability (secunia), and firefox actually has been doing quite well but still really requires noscript to be safe which cripples browsing the internet.
22. Re:IE is only good at one thing... by Antony-Kyre · 2010-01-19 10:33 · Score: 1
  
  And how many on slashdot are stuck with XP SP1 because SP2 causes too many problems? Of course, this means they're stuck with IE6 I believe (as opposed to upgrading to IE7 and IE8).
  But, I think the key lesson is here... why don't we have ActiveX controls and Active Scripting disabled by default? IE is so popular, it is targetted. When FireFox takes IE's place as leading web browser of the world, what do you think will happen? (Maybe not to the same extent as IE.)
23. Re:IE is only good at one thing... by e2d2 · 2010-01-19 10:34 · Score: 1
  
  Psh I don't need a video out. That's just more bloat!
24. Re:IE is only good at one thing... by Anonymous Coward · 2010-01-19 11:13 · Score: 0
  
  And how many on slashdot are stuck with XP SP1 because SP2 causes too many problems? Of course, this means they're stuck with IE6 I believe (as opposed to upgrading to IE7 and IE8).
  jesus fucking christ, you can't be serious. there are people in the world who still run XP SP1?? Not just an old operating system, but an old, unpatched, unsupported, vulnerable version of a microsoft operating system? it sickens me. you really should not be allowed to access the internet with this thing. but I guess if you look hard enough, you can find people running windows 95 or windows 3.1 or even DOS 5 because they just DEPEND on its oldness for one reason or another.
  I will assume that by "problems" you mean hardware incompatibility that has never been fixed after all these years. you should really throw this hardware in the trash if the hardware vendor is THAT incompetent/lazy/cheap. if the hardware is too expensive to just throw away, then you should sue them or something. and then isolate this computer, use it only to interact with this crappy hardware, and do not ever even THINK of connecting to a WAN and opening a web browser on it.
25. Re:IE is only good at one thing... by Anonymous Coward · 2010-01-19 11:50 · Score: 0
  
  I always turn that sound off - why do we need the stupid computer making the same sound the mouse actually made when i clicked it? Surely the "real" click is enough, without the computer having to do its own click as well...
26. Re:IE is only good at one thing... by Hurricane78 · 2010-01-19 12:26 · Score: 1
  
  But only in a frame, inside Firefox. (Just disable the cookie transfer feature. That’s a really stupid idea.)
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
27. Re:IE is only good at one thing... by icebraining · 2010-01-19 12:39 · Score: 1
  
  It depends on your definition of "better". If "better" UI is flashier, yes, it does.
  And security? Really? Why would you need faster hardware for that? Oh, and don't tell me "better encryption", even my P3 can handle that.
  
  --
  Dilbert RSS feed
28. Re:IE is only good at one thing... by Anonymous Coward · 2010-01-19 13:10 · Score: 0
  
  Oh look, a lying astroturfer. Fact is, M$ Windows 7 is only a marginal improvement on XP, if at all. The bloat and DRM such as tilt bits certainly doesn't help.
29. Re:IE is only good at one thing... by mstahl · 2010-01-19 13:26 · Score: 1
  
  This is something I've never really understood. What is the rationale, if any, for making it so that the web browser updates the system? If you uninstall IE, can you still update your system?
30. Re:IE is only good at one thing... by cbhacking · 2010-01-19 17:44 · Score: 1
  
  You seem to be confusing DEP with the Protected Mode sandbox that Nightspirit was actually referring to. On Vista (SP1 or higher) or Win7, using IE8 (which enables ASLR, an additional protection on top of DEP that makes exploits vastly harder), with Protected Mode (requires UAC, and runs th browser at sub-user permissions) enabled, I very much doubt the exploit works.
  In fact, while the article makes no explicit references to ASLR (Address Space Layout Randomization, a defense against DEP work-arounds), it only mentions exploiting IE8 being exploitable on XP. XP doesn't support ASLR (even if a program, such as IE8, is compatible with it). This is one of the many ways in which Vista/Win7 are more secure than XP.
  Additionally, and shame on the article authors for this, they suggest "sandboxing" the browser using the techniques of Chrome... which are in fact a direct copy of the behaviors of IE8 (low-integrity process a.k.a. "Protected Mode" which prevents access to system settings or user files). Note that it never mentions the words "Protected Mode" but suggests that Chrome's sandboxing should be adopted, which makes the author either a pro-Google or anti-MS fanboy, or simply an ignorant lout who didn't do the homework.
  TL;DR? You and the article author both missed the point; IE8 has only been shown to be vulnerable when run without the sandboxing that Vista and Win7 include.
  
  --
  There's no place I could be, since I've found Serenity...
31. Re:IE is only good at one thing... by Ihmhi · 2010-01-19 23:33 · Score: 1
  
  Running Mac to avoid Bloat is like eating pizza to lose weight.
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
32. Re:IE is only good at one thing... by hairyfeet · 2010-01-20 02:53 · Score: 1
  
  The problem with your thinking is this- while I am currently using Windows 7 both you and the above poster are making a BAD assumption, that Vista and Windows 7 have been widely adopted. They HAVE NOT. Last I checked both Vista and 7 together make up less than 25% of the landscape, which the vast majority running XP, which as you pointed out doesn't have the protections that will keep IE8 from getting pwned.
  So your argument is "Well if everyone has a brand new car then breakdowns will never occur" except you ignore that 75% of the population do NOT have the new car and therefor are vulnerable to breakdown. See the problem? In my own area it is 8 out of 10 users on XP, one on Vista, and one on Windows 7. So by your reasoning ONE user ( the Windows 7 one, as IIRC ASLR is "opt in" on Vista) is safe, one possibly safe, and 8 totally boned. Doesn't sound too good in that light does it? Contrast that with if all 10 users switch to FF or Chrome or Opera or any other browser you are looking at 10 out of 10 protected from this zero day, and well I think the choice is clear, don't you?
  This is why I think raising the price of Windows 7 HP right before Xmas and killing the family packs just proves Ballmer is incompetent and needs a good firing. MSFT NEEDS to get as many of their consumer base away from XP as possible, as quick as possible, so they don't have to deal with all the bad press and pwned browsers. Once converted they can then upsell them to Windows 7 Pro or as you point out brag about the much more secure IE and keep them in the MSFT camp. Instead they raised prices which will ensure IMHO that XP will still be the dominant MSFT OS for years, possibly until 2014 or even later as many PCs have passed "good enough" as far as customers are concerned and shops like mine can keep XP clean and going for ages.
  So ultimately yours and the above posters argument doesn't really hold water unless you can get Windows 7 above 50% marketshare (let's face it, ain't nobody buying Vista) and I just don't see that happening before 2014, if then. Even I, the classic early adopter "loves the bleeding edge" type, only have one machine out of the 5 in my family running Windows 7, and thanks to the price hike the other 4 will continue to run XP, along with FF and ABP to cut down on the risk my family members will get pwned. So thanks MSFT, for ensuring that with your greed 3 out of the 4 machines that are capable of running Windows 7 and by extension a safe IE won't be seeing it. Saved me $150 right there you did.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Contribute to the death of IE 6 on your site... by MikeRT · 2010-01-19 08:38 · Score: 2, Informative

Make it painfully clear to IE6 users what they're doing.

My version, which is more educational for them.
1. Re:Contribute to the death of IE 6 on your site... by mjwx · 2010-01-19 15:38 · Score: 1
  
  My version, which is more educational for them.
  Suggested improvements:
  
  IE 6 is "insecure", not "unsecure". Insecure denotes that it lacks security, unsecure denotes that security is simply not switched on (or that it needs to be nailed down, people using IE6 will likely be computer illiterate).
  
  If you are using it for reasons other than your company's IT department forces you to use it
  Kind of redundant. If this is the reason they already know and in that case there is little they can do.
  
  "and badly implements web standards."
  Web Standards are something few people using IE6 will know or care about.
  
  "holding the web back,"
  This makes you sound pretentious, it'll make the fogies and luddites indignant and give them an excuse to forgo upgrading.
  
  IMHO, it's too long. A good idea to be sure but most people using IE6 don't want or need such an explanation. You should narrow it down to something like this.
  
  Internet Explorer 6 is obsolete and insecure. You should upgrade your browser, simply click on any of the links above to begin.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
How to create exploit for IE7-8 by tokul · 2010-01-19 08:39 · Score: 1

Microsoft only has to say that IE6 is vulnerable and IE7-8 can't be exploited using same attack. The net will do the rest.
Goody by Anonymous Coward · 2010-01-19 08:43 · Score: 0

Oh good I was wondering when this would come out.....oh wait I don't use IE nor does anyone with half a brain.
Marketing by Anonymous Coward · 2010-01-19 08:47 · Score: 0

This is MS Marketing to make the Germans accept IE again.
NO, WE WON'T GO BACK TO THAT SH*T !!
Eye Patch ? by Anonymous Coward · 2010-01-19 08:48 · Score: 0

Now we can all be pirates !
The IE Patch by Bigbutt · 2010-01-19 08:49 · Score: 4, Funny

Do you find yourself mysteriously waking up in a back alley more than once a week?
Do you find empty HTML pages littering your desktop and you have no idea where they came from?
Do you discover new directories on your computer?
Get the IE Patch!
It comes in 4 strengths so you can be gradually weaned from the habit.
Week 1. IE 6 Patch. Internet cravings are pretty intense the first week so the IE 6 Patch is there to help you learn how to just say "NO".
Week 2. IE 7 Patch. It's easier to avoid launching IE. You still need to check Amazon or e-Bay from time to time but the edge has been honed down a bit.
Week 3. IE 8 Patch. You find it a lot easier to avoid clicking on the 'e' although you still lapse when you aren't thinking.
Week 4. Firefox. You've mastered the addiction. You're free to browse the Internet worry free. Even looking at the 'e' makes you nauseous.
Congratulations on taking the first step to breaking the IE addiction.
[John]

--
Shit better not happen!
No Opera, and external resources? Oi. by Anonymous Coward · 2010-01-19 08:53 · Score: 1, Insightful

Funny - that site's little code examples don't include Opera as one of the modern browser options. What's the author got against the big o?
Also.. adjust the code so it pulls all its data from your local server; there's no need for that site to know who your visitors are, and there's no need for your page to load any more slowly due to external connections than is absolutely necessary.
Nothing wrong with that by Anonymous Coward · 2010-01-19 08:57 · Score: 0

Nothing wrong with attempting retries, at least as long as you limit the number of attempts.
1. Re:Nothing wrong with that by icebraining · 2010-01-19 12:36 · Score: 1
  
  Yes, there is. If you have a capped internet connection, downloading 100MB of updates can be annoying, but you allow it. Then you return and find out it actually consumed 300MB and it still failed to install it.
  I want it to ask me before retrying!
  
  --
  Dilbert RSS feed
Re:'flagship webbrowser' by Anonymous Coward · 2010-01-19 09:05 · Score: 0

Sorry, I stopped reading after 'MicroSoft'...
So glad by goldaryn · 2010-01-19 09:06 · Score: 1

I'm so glad I upgraded from XP to Windows 7; with multi-core optimisations and improved app performance, I'm compromised faster than ever before!
1. Re:So glad by GaryOlson · 2010-01-19 09:37 · Score: 1
  
  You forgot the most important part of The Compromise Toolkit: Adobe Reader
  
  ...malicious PDFs over the last few years and back tracked a number of compromises .... to know this is a huge problem
  
  --
  Every mans' island needs an ocean; choose your ocean carefully.
Worst Job Ever by cpscotti · 2010-01-19 09:09 · Score: 1

This comes in handy to define the worst job a human can get!
Fixing major flaws in a 10 y.o. completely flawed browser...
You could call it: "Senior Ancient Flaws Engineer" or whatever!..
.. not that maintaining IE8 would be much better but I can bet they pay u more!
Re:'flagship webbrowser' by MightyMartian · 2010-01-19 09:11 · Score: 1

Ten points, m'lad, for Non Sequitur of the Day!!!

--
The world's burning. Moped Jesus spotted on I50. Details at 11.
Re:'flagship webbrowser' by spuke4000 · 2010-01-19 09:13 · Score: 2, Informative

Uhhh... yes the do (as of a few days ago): http://gmailblog.blogspot.com/2010/01/default-https-access-for-gmail.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OfficialGmailBlog+(Gmail+Blog)

--
This post cannot be rebroadcast without the express written constent of Major League Baseball.
To little to late by koan · 2010-01-19 09:19 · Score: 1

And what's going to happen to all those "IE only" web sites the government, public schools and other agencies like to use?

--
"If any question why we died, Tell them because our fathers lied."
1. Re:To little to late by Professor_UNIX · 2010-01-19 09:35 · Score: 1
  
  Also, what about all of us that can't use anything other than IE6 because that's the latest version that Windows98 supports?
2. Re:To little to late by koan · 2010-01-19 09:44 · Score: 1
  
  WHy are you using Windows 95? Get a linux variant. (did I miss the joke?)
  
  --
  "If any question why we died, Tell them because our fathers lied."
3. Re:To little to late by Culture20 · 2010-01-19 09:47 · Score: 1
  
  And what's going to happen to all those "IE only" web sites the government, public schools and other agencies like to use?
  They'll still exist, but the error page might get changed to:
  "This page is IE only. Type '?browser=firefox' at the end of the URL to be automatically moved to the non-IE page. Safari users type '?browser=firefox' too. There are no other browsers *Jedi hand wave*."
4. Re:To little to late by burkmat · 2010-01-19 10:17 · Score: 1
  
  They'll be rewritten to actually work?
  
  Tbh, I think it's already reached the point where any entity creating a new fancy website these days has to comply with standards, simply due to the percentage of users who aren't using IE anymore. All that remains is for the archaic IE-only websites to go extinct.
5. Re:To little to late by LostCluster · 2010-01-19 11:13 · Score: 1
  
  If they were designed when IE6 was current... they're overdue to be rewritten. Another case of not budgeting for the geek jobs until they're broken.
Regarding that so called sobering post. by Anonymous Coward · 2010-01-19 09:26 · Score: 0

.. what a one-sided crock.
If you were under attack from a foreign entity wouldn't you fight back with everything you had? Chicken, meet egg.

Mr. Coleman said China's military is equal to U.S. and Russian military cyberwarfare.
"This is a three-horse race, and it is a dead heat," Mr. Coleman said.
The US has been attacking China for years and vice versa. Let's be honest here. If either let their guard down there'd be more of a victim than a search engine and advertising company.
1. Re:Regarding that so called sobering post. by rickb928 · 2010-01-19 10:26 · Score: 1
  
  And what entity in the U.S. is protecting us from Chinese cyber attacks?
  Just curious. Who would be putting us at risk by 'letting their guard down'?
  
  --
  deleting the extra space after periods so i can stay relevant, yeah.
Stop the madness by xednieht · 2010-01-19 09:32 · Score: 1

Instead of releasing more trash - recall IE. Problem solved.

--

Hope is the currency of fools
Re:'flagship webbrowser' by KlomDark · 2010-01-19 09:50 · Score: 1

I think you might gotten trolled. But I'm not entirely sure. But yes, GMail is now SSL by default.
Flawed stats by SmallFurryCreature · 2010-01-19 09:53 · Score: 1

Opera is on the Wii, DS and of course many a mobile phone whose own browser sucks, but often with a fake user_agent string.

--

MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
"Emergency" reaction by burkmat · 2010-01-19 10:12 · Score: 2, Informative

Wow, so that's... 4 days after full disclosure that they announce their response.

"Could be here as soon as this weekend", which is still more than a week from the exploit being published. That's swell.
Anyone else grateful MSFT doesn't run the fire department?
1. Re:"Emergency" reaction by The+End+Of+Days · 2010-01-19 11:23 · Score: 1
  
  You're right, it would be so much better if they slammed something together and rushed it out the door without testing it.
2. Re:"Emergency" reaction by burkmat · 2010-01-19 13:27 · Score: 1
  
  QA 9 years too late.
  
  On a more serious note, you're right of course that they should test it and have it working before pushing it, but bashing Microsoft is trendy and all the cool kids are doing it, so I can't help but complain it's taking over a week to patch.
Re:Maybe not so glad about WMP by Old+Flatulent+1 · 2010-01-19 10:20 · Score: 1

I just updated to 9.3 after having shut off the reader auto update! However after reading the specifics of how reader before version 9.3 was compromised it is rather telling that the attack vector was a call to a WMP that left open space. It left buffers open but not in the Reader section of the malloc. This would indicate that there might just be another un-patched hole in external program calls to Windows Media Player or perhaps in WMP itself. It would not surprise me if the Reader exploit was actually another WMP exploit involving bad memory allocation practices from Microsoft!
Oh I feel much better now by handfullofsausage · 2010-01-19 11:57 · Score: 1

ie = internet exploiter -- I think a can of cat food has more security than anything MS produces ....
Hindsight by omb · 2010-01-19 12:01 · Score: 1

Browser independence, is what you should have done/insisted on in the first place, which would have resulted in push back on M$ non inter-operable crap.
1. Re:Hindsight by natehoy · 2010-01-19 16:14 · Score: 1
  
  Yes, but recall that:
  1. Intranets and corporate applications don't really value browser independence, because their audiences are captive and their desktops are controlled.
  2. IE6 was in the days of Microsoft toolkits that wrote shitloads of code that only ran on IE6. "Embrace, Extend, Extinguish"
  3. Most companies that run an intranet don't run a large Internet site, and/or they are run by different divisions, frequently on different platforms.
  4. Most vendors don't give a shit about portability, they want to code something for the customer FAST, that runs, get their money, and get the hell out.
  Once a few critical apps or an Intranet are out there based on IE6, they aren't really all that easy to upgrade. You can't just import them into a magic tool and make the Microsoft gungy stuff go away, you have to recode. And that costs money. Money many major corporations would rather spend on details like shipping stuff to their customers and other trite irrelevancies.
  "If it ain't broke" is a serious business case. Maybe not a correct one long-term, but...
  
  --
  "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
Oh, great, back to 'browse and you're owned' by Anonymous Coward · 2010-01-19 12:15 · Score: 0

I wonder if this is why there has been a sudden, dramatic increase in the number of my company's clients who have users getting infected with malware in recent days.
So that's what it takes to get a patch out, MS? by Hurricane78 · 2010-01-19 12:15 · Score: 3, Funny

At least two governments officially stating to avoid IE, others in fear, every single web developer on the country hating you, Google getting hacked, and every security expert on the planet laughing at you?
Wow. Just wow.
May I extrapolate from that, what it would take, to get a real Bugzilla for IE and make it follow recent standards?
My guess: Inter-dimensional time war with Lovecraft’s the old ones, lead by Cthulhu, fighting the Shrike and its army, armed with gamma ray bursts and black holes, using giant stars as ammunition.
On the other hand: That would be awesome!

--
Any sufficiently advanced intelligence is indistinguishable from stupidity.
The Most Popular Meme by omb · 2010-01-19 12:29 · Score: 1

Has been stated and rebutted literally millions of times, the problem with M$ crap is not that it is popular, it is that it is criminally defectively by design, and because of Backward Compatibility, and secret api's shared only with valued customers they absolutely can never fix it. Anyone tells you about OS secrets is selling snake oil.

1. There are 3,500 Windoze api calls, POSIX < 200, Linux ~ 250, new functionality over 10 years,

2. Windoze will execute any crap base on ".ext" so it will just execute ".exe" files, no question, no request permission,

3. COM automation, the keys to the system,

I operate a number of linux boxes, connected directly to the net, and after a while I realised that firewalls were a waste of time and too much a blunt instrument, and that I could trim and lock down most services better on an ad hoc basis. eg TCP wrappers and some, 6 IPTABLES rules. The only thing, recently, is attempted SSH brute force attacks and the suggested, and contorted response to them, which was SysAdmin gone mad. SSH can be patched to restore the retry-delay and back-off algorithms which are used for normal logins, and to tar-pit the attacker, and in my experience this works real well, the botnets go, and dont return.
1. Re:The Most Popular Meme by Anonymous Coward · 2010-01-19 15:43 · Score: 0
  
  What a fucking fag you are! Just look at how you spell, like a thirteen year old giggly girl who thinks it's funny to write Micro$oft. Jesus Christ, aside from your fagginess, not a fucking word of what you said is true. Goddamned Linux turd, take the cock out of your ass and try a system that works. Hint, it ain't Linux.
MSFT surrenders to France? by dmckeon · 2010-01-19 12:35 · Score: 1

Way to go, citizens. March on!
Ignorent Fanboi/Astroturfer by omb · 2010-01-19 12:45 · Score: 1

1. Tabs are Tabs,

2. You only need a sandbox if you have open wounds, IE6 or are Immune Compromised that ie: Windoze* IE*,

3. You don't need NoScript,

4. ACID is a database test, and has nothing to do with HTML compliance, your ass and ignorance is showing!

5. We do care about HTML compliance and a commitment to inter-operate properly since it reduces complexity and simplifies testing, both of which cost a lot of money.

Isn't it time you moved out of your mother's basement?
1. Re:Ignorent Fanboi/Astroturfer by Nightspirit · 2010-01-19 15:32 · Score: 1
  
  1. A browser is a browser. Yes, that is just as retarded as what you said.
  2. You obviously don't use windows. That's fine, but firefox is quite happy to let programs hijack your computer as well (the infamous windows xp antivirus exploit).
  3. You do if you want any sort of protection from drive-by-advertising exploits such the exploit mentioned above. Adblock helps but I've still had things go through that noscript blocks.
  4+5. Makes no difference to the end user. No one switches to firefox because of better web compliance.
It's not IE you need to beware of, it's Google by ysth · 2010-01-19 12:48 · Score: 1

or at least that's the message someone picked up, leading them to pass this warning along to acquaintances:

Speaking of Google, apparently somone has put a virus on Google for anyone who goes there with Internet Explorer.
You have been warned.

I thought that was a really slick marketing twist on someone's part.
Crap by omb · 2010-01-19 12:55 · Score: 1

It should RUN for 10 years on stable HARDWARE.

Only a complete M$ dummy would pull that naive crap, there are SunOS 4 systems still running reliably in server rooms.

I just despair at your credulousness and stupidity.
Best patch for IE? by Lost+Penguin · 2010-01-19 14:50 · Score: 1

www.mozilla.com

--
I am the unwilling control for my Origin.
IE6...sends chills down my spine! by motang · 2010-01-19 15:20 · Score: 1

Sane people don't use IE 6 anymore, that browser needs to die!
Re:0! by Anonymous Coward · 2010-01-19 18:24 · Score: 0

Your mom is my girl friend
I like these "Your browser is out of date" sites by L4t3r4lu5 · 2010-01-19 23:14 · Score: 2, Interesting

They look totally different to the popup-style messages on compromised websites saying "Your Anti Virus is out of date! Download our version!" or "You have been infected by Win32.BullRubbish.exe.foobar! Upgrade to New Anticrap UberVirusWare 2011!"

You're training them to download stuff from the web, from sites they don't regularly visit / don't trust, because a popup told them to.

Well done.

--
Finally had enough. Come see us over at https://soylentnews.org/
They're just jealous. by vegiVamp · 2010-01-20 00:03 · Score: 1

Isn't "browse and we own you" the brunt of the IE EULA, anyway ?

--
What a depressingly stupid machine.
HOSTS files are better than ADBLOCK by Anonymous Coward · 2010-01-20 01:34 · Score: 0

"It uninstalls all versions of Internet Explorer and installs Firefox with Adblock pre-installed." - by rehtonAesoohC (954490) on Tuesday January 19, @03:33PM (#30824104)
HOSTS files are a superior solution vs. Adblock, & here is how + why:
10 POINTS IN FAVOR OF HOSTS FILES vs. ADBLOCK:
----
1.) HOSTS files eat no CPU cycles like browser addons do no less!
2.) HOSTS files are a solution (for security) which also globally extends to EVERY WEBBOUND APP YOU HAVE
3.) HOSTS files are also NOT severely LIMITED TO 1 BROWSER FAMILY ONLY... browser addons, are.
4.) HOSTS files also can speed up (all apps that are webbound) any app you have that goes to the internet.
5.) HOSTS files are EASILY user controlled, obtained (for reliable + regularly updated ones -> http://en.wikipedia.org/wiki/Hosts_file (mvps.org's is a GREAT choice there)) & edited too + via any text editor (which every system has).
6.) HOSTS files aren't as vulnerable to "bugs" either like programs/libs/extensions of that nature are (OR, even DNS servers).
7.) HOSTS files are also EASILY secured well, via write-protection "read-only" attributes set on them, or more radically, via ACL's even
8.) HOSTS files allow you to bypass DNS Server requests logs (via hardcoding your favorite sites into a HOSTS file to avoid not only the TIME taken roundtrip to an external DNS server, but also for avoiding those logs OR a DNS server that has been compromised (see Dan Kaminsky online, on that note)).
9.) HOSTS files will allow you to get to sites you like, via hardcoding your favs into a HOSTS file, FAR faster than DNS servers can by FAR.
10.) HOSTS files also allow you to not worry about a DNS server being compromised, or downed (if either occurs, you STILL get to sites you hardcode in a HOSTS file anyhow in EITHER case).
----
I think that about does it, for that...
APK
P.S.=> However, the NICEST part here is, IS that HOSTS files and ANY BROWSER ADDONS (for any webbrowser also, mind you) work TOGETHER just fine, & for the concept of "layered security" (which is the overall "best of all possible worlds" here)... apk
FriendlyTroll: Don't let the REAL TROLLS get 2U by Anonymous Coward · 2010-01-21 09:57 · Score: 0

"Whether you like it or not, Opera is *massive* in Europe and has a far greater market share than you'd like to believe." - by A Friendly Troll (1017492) on Tuesday January 19, @05:28PM (#30825616)
Per my subject-line above: Well, I BELIEVE YOU, & here are the reasons as to why:
====
A.) For SPEED (& even in javascript for the LONGEST time, until FF's new engines took its place (until Opera 10.50 @ least, because that's gotten a decent "boost" in that area -> http://tech.slashdot.org/article.pl?sid=09/12/22/1911216 (not that it matters though, speeding up javascript is like asking to get infected by malscripted sites &/or adbanners faster imo @ least - that of a "POV" of PC security, mostly)):
http://www.howtocreate.co.uk/browserSpeed.html
and
http://crave.cnet.co.uk/cnetuk/crave/software/0,39029471,49302491,00.htm
AND
http://nontroppo.org/timer/kestrel_tests/
(Opera "rocked the planet" in those cases... bigtime (& ESPECIALLY ON THE MOST USED PLATFORM THERE IS, BAR-NONE, FOR PC-COMPUTING: Windows!))
----
AND, for SECURITY also (less vulnerabilities present over time than IE or FF, per SECUNIA.COM stats):
INTERNET EXPLORER 8.x VULNERABILITIES STATS:(01/21/2010)
http://secunia.com/advisories/product/21625/?task=advisories
(UNPATCHED = 4-8 / 50% (though 1 of them, the "Critical 'Out-of-Band' Cumulative Update IS patched, as of about 1 hr. ago (go get it those of you that use MS OS' that is...)))
---
FIREFOX 3.x VULNERABILITIES STATS:(01/21/2010)
(UNPATCHED = 0-6 / 0% (on this note, as you can see? FF had MORE advisories, over time as I noted, but... they've done a GREAT JOB in stopping that much (now, the same has to be said for their browser addons too, but that too, improves over time as well usually))
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
----
OPERA 10.x VULNERABILITIES STATS:(01/21/2010)
http://secunia.com/advisories/product/26745/?task=statistics
(UNPATCHED = 0-3 / 0% )
Most Critical Unpatched
There are no unpatched Secunia advisories affecting this product, when all vendor patches are applied..
====
Opera ROCKS, period (or, do the stats above make me a liar? I think not...) &, it's been able to pass the "ACID TESTS" for compliance to web-based standards since version 6.x iirc, & it was (iirc) actually the FIRST BROWSER (not development kit) to do so, but when counting dev kits, it was 2nd... correct me if I am "off" here on this last point though, guys, & thanks.
APK
P.S.=> Again though, I tend to believe you (& Opera has a BIG "share-of-market" on MOBILE DEVICES as well, which others seem to overlook QUITE A BIT too)... Once more, imo @ least? Well - Opera's great!
I.E.-> It took me away from being a FireFox user primarily in fact, because of it (& FF + IE have copied Opera's features RAMPANTLY over time (e.g.-> Tabbed Browsing anyone? As far as ADDONS also?? Heh, a LOT of what FF has in browser addons, Opera already has natively (minus the CPU usage + speed hits & security vulnerabilities that webbrowser addons introduce (more than potentially too, ala Greasemonkey having that before (as only 1 single example)))... apk