Slashdot Mirror
UK Gov't Says "No Evidence" IE Is Less Secure
aliebrah writes "Lord Avebury tabled a parliamentary question in the UK regarding the security of Internet Explorer and whether the UK government would reconsider its use. He got an answer from the UK Home Office that's unlikely to please most Slashdot readers. The UK government contends that 'there is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure.'"
That's very likely true, as the stupidity of the user remains the weakest factor in security.
Every experiment which ends in a big bang is a good experiment.
I think the late great Bill Hicks would have said this best "Suckers of Satans cock, every last one of 'em"
Couldn't agree more. Show me some evidence man!
Someone... quick... grab the evidence!
Sorry, how many users are actually using the latest fully patched version of IE? Google is still trying desperately to phase out IE 6, of which there are still many users. Perhaps as a "neutral" gesture to throw MS a bone, they could make an announcement saying "Upgrade to the latest IE8, or to another browser such as Firefox, Chrome, etc. Your current version of IE is probably ass^H^H^Hinsecure".
"The value of a man resides in what he gives,
and not in what he is capable of receiving."
--Albert Einstein
It's one thing to say there is insufficient evidence, but *no* evidence?!
that parliamentary questions aren't meant to please, especially politicians. It's more of a time for the civil service to cover their asses in front of politicians.
...when large corporations are stuffing their pockets.
... is an idiot.
In UK governmental English, "to table" apparently means something like "to propose" or "to bring up for consideration", almost exactly the opposite of the U.S. meaning, which is "to withdraw from further consideration".
I guess there's some international disagreement over whether this mythical table is where you put things to be considered, or where you put things to die. Perhaps to Britons, putting things on a table is officially proposing them, whereas to Americans, if it's on the table it's inert, and if you want it proposed, you had better have it in your hand waving it in someone's face.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
To a certain extent, other browsers benefit from their low levels of use. IE is SO common that pretty much all sophisticated attacks target it. Given that a targeted attack on the uk gov't will target whatever browser they use, switching browser doesn't make all that much sense. And these aren't the days of IE6 anymore.
Thanks to the China exploit most IE versions out there execute arbitrary code just by visiting a web site. I don't think this is true for any other browser: e.g. when new vulnerabilities are discovered in Firefox they are patched quickly (Microsoft sits on bugs for months or years) and most user actually upgrade to the latest Fx version because they don't have to fear that a security upgrade will cripple their computer.
There's a hidden treasure in Python 3.x: __prepare__()
This is evidence for the fact that nowadays, decisions aren't made by politicians anymore, but by lobbyists. Politicians are just the muppets who stand in front of the camera. Best example is my country, Germany, where the FDP is doing this openly, it is called "clientel politics" here.
A fully patched IE8 running on either Vista or Windows 7 is far safer than Firefox. Why?
- Low privileged mode. IE8 runs with lower rights than the logged in user, Firefox doesn't...
- DEP is turned on for IE8 by default. Firefox has to be added (or the "all applications" option).
- IE8 patches can be deployed from the Domain very easily. Firefox on a corporate network is a pain in the butt...
Now I entirely grant that this is Microsoft's browser running on Microsoft's OS and thus it gains unfair advantages but that doesn't change the facts or reality of the situation.
While user stupidity remains a large factor in security breaches, Microsoft's products are the products which allow for the most user stupidity - and everything which is supposed to prevent that, is broken by design.
So, question remains: why is the UK government still using software which is broken by design?
It's the UK government. It's very likely that whatever they say, the opposite is true.
They just need grow suspicious of IE harboring WMDs. Then the lack of evidence wouldn't be a problem at all.
They just love 'em, dont they? Monsanto, Microsoft, mmmm.
(More on topic -- of course each browser has its weaknesses. It's not as much technical as it is process, I think)
What would the cubicle spooks at the UK Government Communications Headquarters do without MS?
They would have to learn to hack real operating systems and would have messy logs to correct everytime.
No more UFO hunters with perl scripts.
Forward intelligence teams and community policing with their 'sneak and peek' anti gang, eco and domestic terrorist operations.
All the ex spooks selling back MS cracks, ip loggers, websites, tools with polished gui's at dreamy consulting fees.
Then you have the bureaucrat with a rolodex who wants to get into the private sector. First rule, dont burn the US monopolies.
Add to that the 30 something point and click MS tech clones advising the MP's.
MS has many friends around the world who love sloppy networked computing.
Never believe anything until it's been officially denied.
Domestic spying is now "Benign Information Gathering"
The latest patched version of Internet Explorer fixed the bugs that Microsoft found. The latest patched version of other browsers fixed the bugs that other browser-manufacturers found. Ergo, there is no evidence that the latest patched version of Internet Explorer are less secure, since the officially "known" security features have been fixed.
In fact, there's no evidence that there are any bugs at all in the latest patched versions of any software ever written, unless the manufacturers have explicitly stated that there are. In which case, in order for policymakers to accept such a report, they would need to prove that this is the case, by lobbying the government to the effect that their software is inferior.
I don't believe in time. It's a grand conspiracy designed to sell watches.
and shit tastes good.
1. This is the POLITICAL part of government and is as easily bought as ISO, maybe easier.
2. Look at the record of UK Government IT projects.
3. It is not IE that makes Windoze insecure, it is the OS and the design philosophy
-- COM is a security disaster
-- executing any vaguely executable rubbish based on its extension is a disaster
4. Backward compatibility, and a zillion features that assume an essentially insecure and trusted
world are a disaster. M$ has no way out.
UK Gov't Says "No Evidence" condoms lower the risk of pregnancy and STD transmission
I don't know why it would "not please" Slashdot readers. I am very pleased. That is the funniest thing I've read all week.
Nothing like a good laugh to start your morning.
Reread your post.
You say
"But the study was on whether the implementation of other browsers beside IE would increase security"
Then go to say that user error is why this wouldn't change IE's state. Then you go and say:
"the choice of browser would not affect the level of security much."
So which is it? Is it that it doesn't change security or it does change security?
You can't have both.
Are these the same people who said IRAQ was full of WMDs and terrorists?
No sig today...
I fucking hate our government. Seriously. They just all appear compeltely incompetent.
-- Lattyware (www.lattyware.co.uk)
... maybe:
http://www.computerweekly.com/Articles/2009/05/11/235953/Is-the-Microsoft-public-sector-deal-good-value-for-Britain.htm
"And the meaning of words; when they cease to function; when will it start worrying you?"
UK Gov isn't running Vista or 7, nor IE8. In fact almost nobody is using that combination (and note that you are still vulnerable to several attacks under both because you can't run flash or acrobat web plugin with execution privileges turned off and that change doesn't fix Vista completely either).
So in very many ways, your point is wrong. Might as well say running FF on a VM image of Linux which would be even MORE secure.
Nobody does that, but it would be.
Let's face it, the only fact that makes IE less secure vs Firefox et al, and Windows less secure than OS X et al., is the market share (which makes them bigger targets).
Whether anything is more secure when both often need patches can be argued all day. What should matter and is scientific, is the percentages or users who have been compromised. If you want to be a nitpicky, then compare the same demographics, most preferably the highest risk and or biggest selection. (Perhaps more IT centered people do not use I.E. and can skew the results for an example, but I would take that as a sign myself if that were the case...)
This approach centers on "real" and verifiable end result solutions and ignores time wasting arguments. In other words, what really matters will be assessed and highest yield of success suggestions given.
Like a city whose walls are broken down is a man who lacks self-control.
"The reason for this statement by the UK government is very simple - it has intranet and business systems in virtually every government department which work only with IE. They frequently ridiculously old versions at that - IE6 take a bow - giving the lie to the "latest, fully patched" comment anyway. There is no way that the UK government is going to incur the conversion costs for these systems at this moment given the state of its books at the moment. Stating that IE was insecure would create an inexorable pressure to do exactly that. This statement has nothing to with security, and everything to do with internal government politics.
The quote bears no reflection of any opinion on the security or quality of IE in general. The "user" being referred to in the quote is UK government staff, using UK government IT, and his response is wholly within that context. As is very often the case on Slashdot (and, to be fair, much of the media), the summary shifts the context slightly and then omits significant information and thus infers something other than what was communicated at the time.
Immediately after the quoted text, unmissable except by the most... Let's give the benefit of the doubt and say hurried of submitters and editors, is the following: (my emphasis added for the most hurried of Slashdot readers)
only need to google it for chrissakes:
IE ~ 1200: http://www.google.com/#hl=en&q="internet+explorer"+site%3Awww.us-cert.gov
Firefox ~ 800: http://www.google.com/#hl=en&q="firefox"+site%3Awww.us-cert.gov
boycott slashdot February 10th - 17th check out: altSlashdot.org
I can think of two reasons that Firefox would have to use a lot of memory: DOM caching and plug-in leaks. DOM caching stores information about pages you have recently visited so that the back button, undo close tab (Cmd-Shift-T), and undo close window (Cmd-Shift-W) work quickly. As for plug-in leaks, use Flashblock and they will be less noticeable, which should hold you over until Firefox implements Chrome-style multiprocessing.
Evidence was gathered on a Tuesday.
Sorry, but gray text on gray background is making my eyes bleed.
It's not up to Microsoft how Windows is installed on a computer delivered to an end-user. It's companies like Dell, HP and computer shops who actually install Windows.
They (Dell, HP and computer shops) need to learn to install Windows properly: ntfs, no automatic login to admin user, least-privileged account, etc, etc, etc.
And power-users don't use pre-installed OSes anyway, correct? So the main problem is with users who use computers with a pre-installed OS.
The combination of computer illiterate politicians and Microsoft consultant advisers is as near corruption as you can get without it necessarily being illegal (and I am not discounting the latter possibility either).
Follow the money.... who gets what from who?
If you want your life to be different, live it differently.
I know that RBS, the new financial wing of the govt, uses IE6 mostly. I would hazard a guess that, like most institutions, windows 7 is not installed in all govt depts. Therefore this bleat of "fully patched IE8 blah, blah" is obfuscation and circumvents the point... like most "information" our govt pumps out.
In other news, British Govt insists the nose on your face is not plain.
This is what happens when you go to monkeys for advice instead IT security professionals.
The UK government needs to stop consulting with people who claim to know what the hell they are advising on and actually go to professionals for advice.
You want evidence, even though the UK tax payers have paid you to do the research, which you haven't and probably didn't for an in ordinate fee, which you took for your "Opinion," Which isn't worth squat Lord Avebury. You absolute joke.
Here, for free is evidence and I think it's high time Lord Avebury looked for a new job.
Microsoft Internet Explorer :
http://secunia.com/advisories/product/21625/?task=statistics
Unpatched 38% (3 of 8 Secunia advisories)
Mozilla Firefox 3.6 :
http://secunia.com/advisories/product/28698/
Unpatched 0% (0 of 0 Secunia advisories)
Google Chrome 4.x :
http://secunia.com/advisories/product/28713/
Unpatched 100% (1 of 1 Secunia advisories)
Opera 10.x :
http://secunia.com/advisories/product/26745/
Unpatched 0% (0 of 3 Secunia advisories)
Once again, we are faced with a situation where someone who is not a professional, is asked for their "Opinion" in a serious policy making decision.
It is like the blind leading the blind and it MUST stop now.
"Less secure" than what? Older versions of IE ?
"there is no evidence that moving from the latest fully patched versions of Internet Explorer to other browsers will make users more secure."
So if you have Windows 7 with all patches and MSIE 8 with all patches
INCLUDING NONPUBLIC MICROSOFT INTERNAL PATCHES (to fix bugs not patched for yet)
then yes you could be just as safe as if you had another browser.
But what are the chances that somebody will be able to get all the patches without getting tagged?
Any person using FTFY or editing my postings agrees to a US$50.00 charge
I'm surprised they could hear anyone asking questions given the difficulty in hearing things through sand.
Thru all those dollar bills that were used to buy them off with.
---- Booth was a patriot ----
In a monoculture the attack surface is large since everyone is using the same code and therefore vulnerable to the same bugs. Just moving users onto a mix of other browsers lowers the attack surface even if each individual browser has its own fair share of bugs.
The "user" being referred to in the quote is UK government staff, using UK government IT, and his response is wholly within that context.
The Slashdot story may have 'shifted the context', but this may be less significant than the shift in the original answer. The question by Lord Avebury was about 'public sector' users. The answer however was restricted to government staff. In much normal usage, public sector does not equal goverment. "Public sector" includes health service, local goverment, quangos, et.c. The term "goverment" may or may not include these, though it does usually exclude quangos. In any case, the public sector group includes a variety of IT management methods and it is quite likely that some of these have less adequately managed IT than others.
Isn't it better to go by track record than direct evidence for "current safety" simply because exploits are discovered and not readily known? If IE has a bad track record and Firefox doesn't, it might indicate that Firefox is still secure as there may be undiscovered or undisclosed exploits in IE due to shitty security programming that the UK gov't simply doesn't know about. Additionally, future updates could introduce more bugs.
You can't "fully patch" IE because Microsoft has never released a patch that completely turns off the biggest security hole in IE... the tight integration with the desktop and the irreparably flawed "security zones" model.
In other news tonight, Microsoft says there is no evidence that the UK received any payment in the claim that the UK Gov't says there is no evidence showing IE is less secure.
It might be true, it might not. But why do we need to governments to tell us what is secure and isn't?
Im a troll because I disagree with you.
What I notice is that the headline and most of the discussion here talk about the security of "IE", while the Home Office said "the latest fully patched versions of Internet Explorer". There seems to be little understanding that these aren't synonyms.
But does anyone here work for an organization of any sort (government, industry, academia, whatever) that requires that everyone use "the latest fully patched versions of Internet Explorer"?
In all the cases that I know of, when there's such standardization, it's for releases that existed shortly before the standard was established. It's now years later, and the standard is still in place (though often violated by workers who want better security or more features).
A number of people have written about organizations that are still standardized on IE6 and don't permit upgrades to IE8. Is there any data available on how widespread this might be? In my experience, such data is hard to come by, since both governments and private corporations tend to be secretive about their inner workings.
So could the Home Office be pushing for upgrades to W7+IE8? Nah; I thought not.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
We need a Galileo to try to convince them of the evident, even if they want to believe/understand our proofs.
matters like these. with their paranoid attention to detail, psychopathic inclination to procedure, and ungodly patience with working on intricate technical details, any word from germans in that area would trample any word from britain at any point for me.
the fact that u.k. government has been shitting and screwing up in every other field for the last 10 years does not help either.
Read radical news here
It's a logical truth -- there is no evidence that the latest patched IE is less safe than any other browser. By definition the latest patched IE should have all known security bugs (excluding the user) patched.
There's no _evidence_ that a single extra security problem exists in IE today. However, we all know the next one is just around the corner.
Congratulations Microsoft for once again proving the robustness of its systems.The approval of the UK government shows the world that softwares that undergo serious engineering processes are far superior than "free" softwares developed by uncoordinated undertrained teams. Microsoft had already proven its pioneerism when it was the first company to release a 64 Bits Browser, thus ensuring more security and protection against malwares while surfing the web. It's only fair that Bill Gates is a billionaire, after all, he created the company that allowed the pervasive computing we see today that is the very own foundation of the Internet.
Or have you forgotten the proof against Mad Cow disease being to feed your kid beef?
Labour got elected because the entire country was fed up with the sleaze of the conservatives. Watch all 30+ seasons of Have I Got News For You. It is amazing to see the transformation over the years. Blair was a hero, simply for not being the conservatives. The problem, he was.
This is what happens in a democracy when people vote for their wallet, not the country as whole, or their own long term future (the real one, not the one where you will hire Bill Gates as a butler).
Take the railroads (and american readers, please remember that in the denser populated areas, trains make more sense, and in old cities like london, public transport is the only solution, no space for millions of SUV drivers), the conservatives want low taxes and railroads are very very expensive. They provide a lot, but it is oh so tempting to cut down on maintenance just a bit. And then another bit. And a bit more. And then a big "accident" happens and the entire country grinds to a halt and for what? Lower taxes? No... for the promise of lower taxes but actually tax increases. Because everytime a tax seems to be lowered it comes down DOUBLE in some other form AND then afterwards you got to pay for the mess that the cost cutting measure cost. Such as fixing all the railroads in a hurry and months of disrupted service.
But Blair couldn't do anything about it. Left/Right european governments are basically about one spending to fix the cost cutting of the other side BUT neither side getting the full effect because then the populations gets fed up with the effects and switches their votes around.
Left wing build railroads, but raise taxes for it. People get fed up. Right wing cut spending, the railroads decline, people get fed up, long before any real tax cuts could be realized. And so on, back and forth.
It is the reason dictatorships "work". Consistent long term policy. Dubai and such places seem to make things happen because one person says "make it so" and nobody can turn it around in two years time.
In some ways, the left in England and America, should have just called it quits. Obama should have just said, "later rednecks" and watch the republicans ruin the entire country. Now he is being blamed for not being able to fix eight years of mis-management. Sometimes the top-job really isn't worth having.
And samething roughly happened in the UK. Blair got in, but with what? A labour party twisted between old and new labour. A economy down the drain, decades of cost cutting having put the country on the edge of disaster and a party that had no experience in leading with many of the people who did have a clue as "corrupted" as the conservatives by being in cosy jobs for to long.
People now are voting conservative again the UK. Right... that is going to solve things. These were the same people you threw out before. Think they changed their ways?
People often say that democracy is the worsed form of government, bar everything else. Perhaps that is true, but I think democracy also has a shelf life. Have it for to long and it start to rot.
The guy I am responding to says government needs to understand the scientific method. How can they? The voter doesn't, and they still are the ones who elect the guy in charge. The moment the voter can vote for a leader with bad teeth who doesn't smooth talk and isn't all that likeable but gets the boring accounting job that is government done, then we can move forward.
Exactly WHAT is Obama, or Blair, or any modern leader good at, except making speeches? And yet, we expect these people to turn our country around.
There are people who can do that. The kind of people who are hired to handle banktupt companies or turn companies around from the brink of disaster. They are very grey, very quiet, often downright ugly, little men who read papers a lot and don't attract much attention at all. And they tend to stay the hell away from anything to do with politics because NO solid leadership can ever be based on a popularity vote.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
that was sure there were WMDs in Iraq
We can't trust companies because they have obvious profit motives. Leaves only one thing.
We use governments to test the water, the food, the air, the cars, everything pretty much which is essential to our lives but we do not have individually the resources to test.
The government doesn't test my cooking (that is what kids are for) because I have means to test that myself (if the milk still comes out of the carton, it is fresh enough for guests) but I do not have the means to test a can of Coke I buy on the street, so I expect/need someone else to check that these things are not made by just putting any old sugar and water and rust together, but only properly tested sugar, water and rust.
I would reason that computers have become such a common part of our lives and that we can get into so much trouble if we get it wrong, that government warning us about unsafe products, is the right thing to do.
Or wouldn't you want forced warnings and recalls if the brakes on your car turn out to be faulty? Guess who does that? You car maker? Think again, goverment regulators, my those guys just seem to be everywhere don't they.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Isn't this the very same government who said there were weapons of mass destruction. It's a little like the blind leading the blind.
What broser could be secure on Windows? Almost any brouser is OK on Linux but no one on Windows. Vulnerability of OS and availability ob billions viruses, troyans makes useless any broser and whole computer on Windows.
...and yet they had evidence of WMDs in Iraq.
That the UK government does not read Slashdot. Fools!
"I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
The level/degree of proof the UK government seems to be requiring for this is the 'scientific' type. For most things in life, statistical analysis tends to be enough.
What this guy said is akin to saying that North Korea has the strongest army in the world, because there's no proof to the contrary.
Pick any of these:
1) Lackluster/no security features.
2) Lack of improvement over the years. One of the cardinal rules for security is continual improvement.
3) Repeated exploit of said piece of crap.
4) Microsoft itself more-or-less admitting it's insecure and unrepairable - they effectively abandoned it years ago.
5) Anecdotal evidence from tens of thousands of computer repair types; I guarantee you IE is the vector for 9 out of 10 malware infections, and most of those are probably IE.
I'd wager they've been paid off. Anyone with even the slightest amount of intellect can look at the information available and determine that IE6 is rubbish. It's a hell of a lot less proof than most governmental bodies act - often, said bodies act in direct contradiction to the facts for the purpose of special interests money.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Re: "does anyone here work for an organization of any sort (government, industry, academia, whatever) that requires that everyone use "the latest fully patched versions of Internet Explorer"? Answer is yes. See http://nvd.nist.gov/fdcc/index.cfm
As someone who has worked in the U.S., the U.K. and continental Europe, I have to say that both public and private sectors in the UK have an unparalleled blind allegiance to Microsoft. It's like nothing I've ever seen.
I recall seeing a timeline of the Internet's development at a display in London, and the first two dots were the 1973 launch of DARPAnet and then, incredibly, the founding of Microsoft in 1979. There was no dot for anything from Britain's own Tim Berners-Lee, for the development of DNS by Mockapetris, or other real milestones.
Honestly, it's sad to see what has happened to the land of Francis Bacon, Newton, Babbage and Turing. The UK today seems run by men without an original thought in their entire being, who slavishly follow fads from American business schools and figure one is always right if you tie your fortunes to those of Microsoft. This doesn't bode well for the future of that island nation, is all I can say. You can't rely forever on frothy financial instruments to fund purchases of food, energy and all technology from someone else.
With closed source software, you're at the mercy of the manufacturer when it comes to even getting an acknowledgment of security issues, let alone receiving fixes in a timely fashion or before damage is already done.
This argument endlessly amuses me. Do you really think the exact same thing is not true of OSS-based browsers such as Firefox and Chrome?
Hint #1: If you have not personally evaluated the source code of the browser you are using, nor employed a skilled specialist to do so for you, then you are just as dependent on other parties over whom you have no direct control to identify and patch security issues before the bad guys exploit them. The theoretical possibility that you can examine the source code is just security theatre unless you actually spend the time and resources to do it.
Hint #2: Which OSS browser do you think has a public bug database listing all known vulnerabilities, whether or not they have yet been patched, and keeps that database updated immediately every time a new vulnerability is reported?
With Firefox, there is generally a very high degree of transparency when it comes to security problems.
Unless you are one of the select few with access to the full security issue process, you don't know that.
Additionally, fixes are pushed out quickly.
Or that.
Although Firefox continues to gain market share, the actual damage caused by exploits continues to remain quite low. That's certainly not the case with IE, and as long as it's closed source that won't change.
Or any of that.
If you really don't see the blind spot you're exhibiting here, try answering these simple questions (and be honest with yourself):
If you can't immediately answer those questions, and provide yourself with objective, factual data to support your claims above, then please consider that you may just be projecting your own prejudices based on IE6 from many years ago onto the IE8 of today, while letting your own faith in OSS onto other browsers convince you that they are more secure even though you don't have access to all the facts.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
I will listen to what the UK government has to say about security when they stop losing people's confidential information.
If you ignore the evidence there is no evidence. Arent rose colored glasses great?
um not in my experiance having had to do a lot of consultacy sorting websites out if its a german company I know that it will be shody and to be blunt not up to the standard I would expect for a US or UK company of the eqivelent size Trouble is all the realy clever Enginners in germany want to work for Audi - I suspect that this siphons off bright kids who would do IT as a carear - also as IT as a carear is less structured and there are cultural issues that make IT less appealing - no office with Herr Dr xxx on a brass plaque for example. Even Audi - the No1 employer for techies in Germany has problems executing a cohearant webpresence and rember which major company got banned from google for a few days (BMW)
Answers you won't listen to:
When 20 other people have gone through a door and come back out again, I will assume that it's safe to walk through the door. Likewise though I may not have read all the code in Firefox, if there were any big problems, someone WOULD have seen it: Microsoft do not have half the world's web browser writers,
How many people HAVE the latest version of IE? Now how many NEVER use flash or Adobe plugins? Because they require you turn off the security and then IE8 becomes vulnerable again. Did you know that?
Google would have got dinged. Likewise, please do the same about Firefox. You've narrowed the window so small there's nothing left of the hole.
And how would YOU answer?
IE8 today has many or most of the downsides that IE6 has. Unless you lock it down so much you can't use it.
But FF 3.5 when locked down as much is still usable. Putting it under LIDS makes it much safer. Adding RBAC from NSA makes it yet more secure.
And still usable.
You cannot say the same of IE and Windows.
Check the links again. FF3.5 vulns are less severe. FF vulns include all known vulnerabilities whereas IE8 is unavailable for perusal.
For people living in the UK, someone has created petition on the Number 10 website:
http://petitions.number10.gov.uk/Firefox/
Answer: no one. Microsoft has the only browser that can be centrally managed by an organization trying to remove the weak link of the end-user out of the equation. I'm not trying to say that IE on its own is safer than Firefox or Chrome or the rest. I'm also not saying that Joe Everyman has an enterprise backend managing his IE hotfixes. But if you're a business running Windows on workstations, there's no reason not to manage your IE hotfixes with WSUS and/or GPO's. At the very least, I'd argue that it's safer for the business/government/academic world, where AD dominates the backend.
I was wondering when somebody was going to mention the MonsantoSoft monoculture aspect of all this. As convenient as it may be for brain dead powers that be to all do the exact same thing, it's a bad idea for socient from a safety / engineering-redundancy (reliability) aspect.
Diversity is good for software, plants and animals in the long run.
Yow! I'm supposed to have a plan?
I think is a collateral effect due to the actual EU president which stupidity it's very contagious. It's the spanish 'Mr. Bean'... and his effects are spreading...
Haa,ha,ha,ha...
An spaniard (sick of politics) said.
In the context of the UK government, "There is no Evidence" often means "We haven't actually looked for evidence yet".
The answer is on the Microsoft pages themselves. I'm just singling out one simple example (check where he worked before he joined MS) but it would be unfair on the guy to claim he's the only one: MS employs people from the sectors they want to sell into.
If you have influence in a sector and are planning to leave, MS will pay for your network. It's not unusual - happens everywhere - but I must admit it has worked spectacularly well with New Labour.
It's a sort of reverse McKinsey where leavers get an exit bonus so they'll ring their pals if they need any consulting done.
Duh. The importance of protecting profit overrides the importance of admitting software is insecure (anything Micro$oft). Vacca, vacca, vacca, feoda vacca.
YankDownUnder Veni, Vidi, volo in domum redire
My school uses IE, and i dont care how many computer tech guys say "it's flawless" " we have a firewall" " i program so im safe". WTF!! Windows = Fail!! Get linux or ubuntu on theese machines and youll never go wrong.. Stupid Government being sucked in by the microshit networks
What I take from this is that IE7 and IE8 is just as insecure (or even less secure) as IE6.
Well, yet another failure by our.. crap.. government. I'm suprised more people haven't noticed the crappy decisions it makes. As many of you know, a few months ago the drugs adviser for sacked for doing his job. He advised people that cannabis is not as harmful or addictive as alcohol and tobacco, things most of us already know. And he got sacked. Gordon brown is more than half blind, which explains why he can't see the REAL WORLD. Have any of the labour MPs ever used the internet, or even used a computer? It seems none of them have any idea how it works, you just plug in the magic box and magic happens. At least, next general elections, labour will be gone. That there is no doubt of. They're all bloody useless.
This is a government saying this. A government. A bunch of bureaucrats with a complete loss of contact to the world.
Do you think them capable of tying their own shoelaces, let along find useful information?
Free PC version of ChipWits at http://www.breueronline.de/klaus/chipwits/
matters like these. with their paranoid attention to detail, psychopathic inclination to procedure, and ungodly patience with working on intricate technical details, any word from germans in that area would trample any word from britain at any point for me.
the fact that u.k. government has been shitting and screwing up in every other field for the last 10 years does not help either.
So what you really mean is that you just don't like Brits and this just confirms your opinion?
if i didnt like brits, i would just outright say it here out loud. i dont have any hesitations. if you noticed, im not posting anonymous either.
Read radical news here
A reply from Walter Snow
"Apple's issued a update to fix a security hole in the fundamental Internet SSL/TSL protocol. There is a SERIOUS problem in the TLS (Transport Layer Security) part of this protocol. The problem is NOT an implementation issue, but a TSL protocol DEFINITION issue.
This SSL/TSL protocol definition issue allows a hacker to become a "man-in-the-middle" who can view and modify all SSL communications between a secure browser client and a secure server. Everyone using the Internet is going to have to address this problem, because all internet financial transactions use the SSL protocol, and the protocol itself must be changed to prevent something called "TLS renegotiation" or else no financial transaction on the Internet is secure or safe. Every software vendor will have to supply a "no-renegotiation" patch for their implementation of SSL, every user browser will also have to be patched, and every business will have to apply the appropriate patch all their servers. Until this is done, any attempt to buy, sell, or move money on the Internet is not secure - and therefore not safe.
This SSL/TSL protocol security gap has been public knowledge ever since 11/05/2009, when it leaked out to the press in the wake of the Iranian government's hack of Twitter, though it had been known to Carnegie Mellon and the Federal US-CERT even earlier (August of 2009). The problem is reported on the Carnegie Mellon CERT and Federal Cybersecurity US-CERT web sites as VU#120541.Software vendors were officially notified of the problem by US-CERT on 11/05/2009.
More of this here: http://www.phonefactor.com/sslgap/ and here http://www.phonefactor.com/blog/implications-twitter-attack-ssl-gap.php by the group that first discovered it last August. Or Google VU#120541 and read the posts.
But here is the kicker - even though it has been known publicly since 11/05/2009, and many responsible vendors like Apple have provided patches for their software, MICROSOFT HAS APPARENTLY NEVER ACKNOWLEDGED THAT THIS VULNERABILITY EVEN EXISTS IN THEIR SOFTWARE. They have not provided a patch, nor have they indicated they are even working on a patch. I found nothing about the problem on the MSDN website except a few user questions about it on community bulletin boards that were NOT responded to (by Microsoft). I found is nothing on Microsoft TechNet either. And of course nothing in any Microsoft Security Bulletins."