New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe

An anonymous reader writes "Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser. 'We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,' Dustin Childs of Microsoft Trustworthy Computing told TNW. 'We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.'"

I do feel sorry for XP users

I tried out IE 10 and it was great. It downloaded firefox and chrome even better than ever. People who haven't updated should. Too bad XP users can't use it though.

Re:I do feel sorry for XP users

[slackware+3.6]

How do I install IE in Ubuntu? I can't find it in the repositories.

Re:I do feel sorry for XP users

[ClaraBow]

I know you were joking, but IE remains the only major browser that runs on one platform only. I'm sure Microsoft will port it to other platforms someday!

Re:I do feel sorry for XP users

There used to be versions for Mac, Solaris, and HP-UX

Re:I do feel sorry for XP users

How do I install IE in Ubuntu? I can't find it in the repositories.

That right there is one of the biggest problems with Ubuntu. No one knows how to install anything unless it's in the archive mostly imported from Debian, or if "someone on the Internet" has set up a PPA with what we can only assume is the correct software.

Re:I do feel sorry for XP users

but IE remains the only major browser that runs on one platform only

See that "runs" word there? It is present tense.

There used to be versions for Mac, Solaris, and HP-UX

See those "used to be" words there? They are past tense.

Is this getting through to you?

Re:I do feel sorry for XP users

[Runaway1956]

You call it a problem. I see that as a tremendous advantage. Instead of installing my OS, then searching my drawers and closets for CD's and floppies, or downloading stuff from random sites, I just go to my trusted repository to install everything I need. All my downloads come from a single place, all of it having been vetted for malware and/or security holes. It's really great, IMHO. All updates come from the same source, there's no need for me to have my system tray loaded with icons that continuously check for updates.

Of course, if I find something interesting in the tubes, it may or may not be in the repositories. Then, I have to strain my mind real hard to find the half dozen commands needed to install alien software. If my feeble mind should fail to recall any of those commands, I can always google for them.

I really like things the way they are. My wife isn't even tempted to install some Dancing Ponies screensaver. It's not in the trusted repository, so she doesn't mess with it.

Re:I do feel sorry for XP users

No they won't. IE is part of Windows. Microsoft wants IE to be the best browser and they want the best browser to be available only on Windows.

Yes, I know they still have a lot of work ahead of them.

Re:I do feel sorry for XP users

[chronokitsune3233]

That's true, but IIRC Macs weren't affected by such vulnerabilities usually. After all, Macs were different that they needed their own separate engine (Tasman) apart from Trident, which was used on MS Windows, Solaris and HP-UX. To be honest, I remember being a kid and playing in IE on a Mac at school. IE used to be cool. Now I know better. Still, IE/Mac rocked in its day!

Re:I do feel sorry for XP users

> Microsoft wants IE to be the best browser

No, they want it to be the only/major browser. Being best has nothing to do with it. Microsoft is developing it after IE 6 only because Firefox got such big market share that they had to react. Why they want this used to be obvious. A lot of websites used to work only with IE (remember activeX?), so if IE was major browser, this would not change and people would have to use Windows so they could use IE, so they could the web. Firefox broke the IE-only web also. I was one of those thousands who sent dozens of emails to web master about their website not working with Firefox with recent market share statistics showing how popular Firefox was. Nowadays all of those websites run nicely with both browsers (and as a side effect, with other browsers also).

Microsoft is still trying to get the web back to their pocket using silver light (which they have now also abandoned as a failed strategy), luckily it never got as big market share as activeX did, or we would have been back where we started.

Re:I do feel sorry for XP users

I think you have to run it in a VM, and then you can search for Firefox or Chrome using Bing.

Re:I do feel sorry for XP users

[Trilkin]

Funny how this comes from a community that complains about walled gardens and vendor lock-in.

Re:I do feel sorry for XP users

It was a fucking joke, it wasn't a indication he didn't know how to install a program outside of the repositories.

It is easier to install a random program in Ubuntu than it is in Windows assuming there is a deb package for it*. All you have to do is download the deb and double-click it and Ubuntu's software manager will load and install it for you, I say it is easier than Windows because you don't have to deal with the shitty installers that Windows programs always seem to use.

*And if there isn't one, or at least a dedicated installer then it isn't a fair comparison.

Re:I do feel sorry for XP users

[EETech1]

www.codeweavers.com/compatibility/search?name=internet+explorer&search=app

I actually had to for my friend. He loves using Ubuntu since I converted his work laptop, then all his home computers, but there was some stupid IE only website that he had to use to make reservations for his business.

It is not perfect, but it gets the job done, and works much better than Virtual Box on his old laptop. Much less pwnage running under Wine too.

Cheers!

Re:I do feel sorry for XP users

[kthreadd]

Where is the walled garden and vendor lock-in? Ubuntu distributes a lot of software to its users, that doesn't take away any rights to run any other software. Just build it from source or install a prebuilt binary.

Re:I do feel sorry for XP users

What is this Ubuntu? Does it run on Windows?

Re:I do feel sorry for XP users

[kiddygrinder]

sudo apt-get winetricks
winetricks ie8
unfortunately ie versions later than 8 are not supported in linux, you should upgrade to a superior operating system if you wish to experience the same bullshit you've been putting up with for 10 years (sorry, i'm a web dev)

Re:I do feel sorry for XP users

[ae1294]

I know you were joking, but IE remains the only major browser that runs on one platform only. I'm sure Microsoft will port it to other platforms someday!

You haven't heard? Microsoft has been working hard to finish porting IE6 to Linux. They seem to be targeting their ads mostly to business clients whom use Active X. I wonder why Microsoft would support the Linux community, have they gave up being evil???

Re:I do feel sorry for XP users

Oddly this is why I switched to Windows 7 from Fedora.

It works out of the box with no drivers unlike Linux. Update your info as this was true with 11 year old XP.

Re:I do feel sorry for XP users

[westlake]

Funny how this comes from a community that complains about walled gardens and vendor lock-in.

Take a look at these screen shots of the Ubuntu Software Center. Looks a lot like the Windows Store, doesn't it?

Heck, most of the apps featured here are available for the Windows platform.

It is necessary to explain the Ubuntu isn't targeting the geek who compiles from source or is willing to navigate the depths and complexities of app-get?

Mind you, I was not a happy camper when installing the simplest of Internet radio apps and the Chromium browser Software Center did not install the essential (and different !) dependencies required to play audio.

Re:I do feel sorry for XP users

I have first hand knowledge that you are wrong.

Pointing to behavior ten years ago and saying they are following the same strategy today is kind of ridiculous. Microsoft thrives on competition. The best argument to get work funded there is to say that there are competitors doing it. When IE had >90% market share, the IE team was defunded because there was no competition.

Silverlight is part of DevDiv. Their strategy is different and separate from Windows. Microsoft is full of silos like this with competing strategies. I suspect that Silverlight was killed because it directly conflicted with the new Window's strategy of embracing HTML.

Although you are right that they would love to get 90% share again. But I don't think anyone there thinks that is a realistic goal. And if they did, they would probably stop funding development until other browsers caught up again.

Re:I do feel sorry for XP users

[davester666]

It rocked because it was a completely different browser from IE on x86. The only thing it had in common with the Windows version was that it was non-standard in similar [but not the same] ways.

Re:I do feel sorry for XP users

[phantomfive]

If Apple allowed me to install my own software on an iPhone without rooting it, I wouldn't care what they do with their app store. I would probably buy an iphone in that case.

But they don't so, I don't.

Re:I do feel sorry for XP users

[techno-vampire]

Just have him install User Agent Switcher and have it pretend to be MSIE 10 when he goes there.

Re:I do feel sorry for XP users

For a while there back in the late 90s / early 2000s, it seemed like they might actually pull it off.

they still have a lot of work ahead of them

Nah.. That ship has sailed.

Re:I do feel sorry for XP users

[EETech1]

IIRC it loads some kind of IE only plugin to do the 'secure' ordering and reservations, but I will give that a try. I gotta pay him a holiday visit anyways. I didn't see him@ Target this Christmas eve. First time since Target opened here about 10 years ago:) I can't imagine he had all his shopping done ahead of time!

What better way to say happy holidays than to remove the last remaining piece of Microsoft software from his life and update his 10.04 Ubuntu install to Mint 14!

Thanks and Happy New Year!

Re:I do feel sorry for XP users

[marcosdumay]

It's here. You also can get it from your distro's reposotory.

It's very usefull to test pages in development. Also, you can install several versions of IE at the same Ubuntu computer. But it probably won't emulate this bug, so you won't have the complete experience of having your computer owned (by this exploit).

Re:I do feel sorry for XP users

[marcosdumay]

All the proplems of a walled garden go away when you remove the walls. Everybody likes having a well maintainted garden to play.

Re:I do feel sorry for XP users

[Billly+Gates]

Anyone else noticed that for years the MacOSX version of Office was so much better and prettier than on Windows?

I wondered for awhile which side the developers on Redmond were on? Granted today Office 2010 and IE 10 for Windows have caught up. I guess the old Windows apis must have been really bad if they couldn't get them to be as good as another competitors OS.

Re:I do feel sorry for XP users

[chronokitsune3233]

Indeed I did notice.

Office v. X on OS X 10.0 at school rocked my socks all around. I honestly would have enjoyed staying at school and typing papers there instead of going home and using Office 2000 on Windows! At least it wasn't Office XP, though!

Simply put, when it comes to a UI, Apple knew their stuff when it came to OS X. Nothing blends better than UI elements from the official framework of the OS itself! :-P

(Some "Task Panes" were harmed in the writing of this post. The Ribbons managed to flee after realizing they were next.)

Re:I do feel sorry for XP users

[tepples]

Take a look at these screen shots of the Ubuntu Software Center. Looks a lot like the Windows Store, doesn't it?

Try this: Edit > Software Sources > Other Software > Add, then paste in the apt line from a publisher's web site. How do you do that in Windows Store? Oh wait, you can't without an expensive sideloading license.

Re:I do feel sorry for XP users

[smash]

IE is cross-platform. x86, x64, XP, Vista, Windows 7, Windows 2003, Windows 2008, etc.

/msdrone

Re:I do feel sorry for XP users

[smash]

Serious post - I'm sure microsoft will re-port IE to other platforms if/when Windows looks like losing significant market share. The OS is becoming irrelevant, and the browser is becoming more and more important as a platform for application development.

Eventually, I'm sure they'd prefer to have a higher share of the browser market by supporting multiple platforms, than seeing the browser share shrink with Windows. With the epic failure of Windows 8, it may happen sooner than we expect.

Re:I do feel sorry for XP users

[smash]

So you mean, just like apple then? With the single exception of needing a $99 developer certificate if you want to do it yourself - which has the additional benefit of being able to optionally enforce code-signing on your machine so that you can verify that the binaries you think you're running are actually as shipped from the developer..

Re:I do feel sorry for XP users

[smash]

$99/yr (or roughly 30c/day) to get the development software and a code-signing certificate and the functionality is yours. You're free to develop in HTML, Javascript and CSS if you don't want to pay for a certificate to sign code with.

Re:I do feel sorry for XP users

[phantomfive]

Basically, and I've tried to think of a nice way to say this, Fuck you and anyone else who comes up with such a horrid solution. It's not even a complete solution since you can only install some software through that method, you can't install any software you like.

This has been the pain I've had with the iphone since it was released (that is, eight months after it was released when the dev kit came out).

Re:I do feel sorry for XP users

support of infiltrate? :D

Re:I do feel sorry for XP users

[smash]

What can't you do with this method? Install warez? Seriously - i'm keen to know if there is a genuine reason why this will not work other than perhaps cost, or piracy related reasons.

Re:I do feel sorry for XP users

[phantomfive]

Then sorry for being unnecessarily rude.

If you don't have root on your device, there are certain APIs you can't call. You can't write your own shell because you don't have fork(), for example. You can't launch other applications. I'm pretty sure you can't call the automation/Accessibility APIs without root either. You also can't have a process running constantly in the background. You can't access the voice-reading APIs. I'm pretty sure you can't disable the button, but I haven't tried on a non-rooted device. You can't inject touches.

The remaining (ironic) reason I still use IE

There is only one site on which I still use IE--YouTube! For some strange reason, Flash doesn't work very well in Chrome with my old XP machine. In a short time, XP itself will be not be maintained, so it's a curious state of affairs. IE doesn't perform as well as it did before either. I assume this is Flash demanding more of the CPU; but it's not a priority for me to figure this out. Unfortunately I haven't find a way to "nice" a plug-in like Flash, so regardless of which browser I'm using Flash gets interrupted due to mouse movements. This never used to be a problem. It happens in both IE and Chrome; but it's worse in Chrome. I don't know of Adobe is waging war on Google here, or if they just carelessly forgot to request priority in the plugin. It's annoying anyway...

Re:The remaining (ironic) reason I still use IE

[jones_supa]

Try using a 10.x version from Adobe's Flash Player Archive.

Re:The remaining (ironic) reason I still use IE

The only site where I'm forced to use that piece of shit IE 8 is for the windows upgrade website.
Talk about an idiot decision tying the operating system upgrade mechanism to a specific browser.
Damn Microsoft.

Oh well, for everything else Opera and Firefox suffice.

Re:The remaining (ironic) reason I still use IE

[Kergan]

Have you tried actually uninstalling Flash? When you do, YouTube serves an html5 video.

Re:The remaining (ironic) reason I still use IE

Have you tried actually uninstalling Flash? When you do, YouTube serves an html5 video.

But how will that work on popular YouTube-like sites that aren't really YouTube?

Like, for instance, RedTube, Xvideo and XHamster?

Do these switch to HTML-5 too?

 

 

Re:The remaining (ironic) reason I still use IE

[bmo]

I believe those fall back to Silverlight mode.

Try Gnash.

--
BMO

Re:The remaining (ironic) reason I still use IE

Yeah, I know xhamster looked like it required Flash for awhile, but after my Android tablet stopped supporting Flash, I was, after a short time, still able to look at boobies. Took them a little while, but there's no problem now.

Re:The remaining (ironic) reason I still use IE

I just tried disabling Flash in Chrome, and all I get is a little thing where the video should be, telling me I need Flash. Were you saying I should uninstall Flash from IE? That doesn't really solve my problem, namely the sole remaining dependency in IE, and the poor performance of Chrome on my older hardware. I don't think I should have to totally uninstall Flash from Chrome to get HTML5 vid, should I?

Re:The remaining (ironic) reason I still use IE

[Kergan]

But how will that work on popular YouTube-like sites that aren't really YouTube?

Most larger sites tend to serve html5 video due to the 250 million or so iOS users.

Not all of them do so properly yet, however. Specifically, a number of sites still check the user agent, rather than for Flash presence. On Safari, you can work around this by enabling the developer toolbar in the settings -- you use it to make the browser advertise itself as an iPad, which reloads, and more often than not things will then work without a hiccup. Being based on Webkit, I'd be surprised if Chrome doesn't have a similar developer toolbar.

Along the same lines, some of the embed code that news sites offer always work when it's used on 3rd party sites. When this occurs, there's a good chance that the video actually works on the news site itself. Most sensible bloggers will post the link to the original along with the embedded video; when not, it's usually a google away and, more often than not, on youtube as well.

At any rate, I've been living without Flash at all for the past two years or so. Admittedly, I never played Flash games, nor used it for much other than youtube videos, so your mileage may vary. For what it's worth, I don't miss it at all.

Re:The remaining (ironic) reason I still use IE

[xenoc_1]

Chrome comes with a built-in, supported-by-google. inline-process version of Adobe Flash. Yes, even in Linux, in fact that is the only supported Linux version of Flash going forward. Sounds to me like you have a misconfigured Chrome with it using the separate Adobe Flash Netscape-type plugin, the one you have for Mozilla-based products. Chrome's built-in Flash works fine, even on relatively low-resource machines. Since you are on Windows, you should be able to use it without problems on anything approximating an 8-year-old machine or newer. Unless you have totally horked your system, in which case have fun..

Re:The remaining (ironic) reason I still use IE

Youporn and Porntube work nicely in non-flash supporting Chrome on my Android tablet, Redtube made Chrome download some random apk which I refused to install, I don't know about others.

Re:The remaining (ironic) reason I still use IE

The only site where I'm forced to use that piece of shit IE 8 is for the windows upgrade website.
Talk about an idiot decision tying the operating system upgrade mechanism to a specific browser.
Damn Microsoft.

Oh well, for everything else Opera and Firefox suffice.

That would be idiotic if it were true. But it's not. I remember when this was a mostly technical site.

Re:The remaining (ironic) reason I still use IE

No support for v10 swv's in gnash, unfortunately. Yet.

Re:The remaining (ironic) reason I still use IE

[bmo]

It was a joke...

You were supposed to laugh.

*bmo pouts*

--
BMO

Re:The remaining (ironic) reason I still use IE

[kiddygrinder]

replying to an ac, i must be drunk. try chrome with tampermonkey and the Download YouTube Videos as MP4 script. i can barely bother putting up with the streaming any more

Re:The remaining (ironic) reason I still use IE

[Billly+Gates]

It is not old flash. The issue is GPU acceleration. Chrome auto updates to the latest flash.

One of the reasons to retire XP is its horrible GPU acceleration which will become more and more of a deal as phones and tablets offer the best smooth scrolling and visual experiences with the xception of Windows 8. Windows 7 is smoother but still flickers due to WDDM 1.1.

Intel makes some very crappy graphics a half decade ago. 915 is the IE 6 of directX and OpenGL developers with so many shit needing quirks due to Intel wanting everything in software to sell more expensive CPUs. It simply cant handle h.264 and 1080p with motion blur, smooth font rendering, and other things mixed with an 11 year old GDI XP subsystem. Chrome uses more resources to appear faster which makes it crash more.

I think it is time this grandparent traded his computer in for a new one.

Re:The remaining (ironic) reason I still use IE

Many youtube videos still need flash, unfortunately. I try to disable flash most of the time, because I hate that sack of fleas.

Re:The remaining (ironic) reason I still use IE

[LinuxIsGarbage]

Intel makes some very crappy graphics a half decade ago. 915 is the IE 6 of directX and OpenGL developers with so many shit needing quirks due to Intel wanting everything in software to sell more expensive CPUs. It simply cant handle h.264 and 1080p with motion blur, smooth font rendering, and other things mixed with an 11 year old GDI XP subsystem.

GMA 915 is also a pile of garbage because it could not handle WDDM, thus could not run Aero, and Intel bullied Microsoft into considering GMA915 "Vista capable". I also have some old Pentium III's with GMA 815. That's a real pile of shit too. Can't support VESA modes higher than 640x480x16 color, and just flat out garbage. Apparently Intel tried selling it as a standalone GPU on a daughter card at some point.

The GMA 500 found on Atom Z series was a steaming pile of crap too. A PowerVR design with decent specs, driver support on all operating systems (XP, Vista/7, Linux) was beyond terrible.

Intel keeps trying to outdo itself with crappy GPUs.

Re:The remaining (ironic) reason I still use IE

[smash]

If you were running an operating system from the last 6 years that wouldn't be the case.

I don't feel sorry for those IE users

[Kergan]

Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

Re:I don't feel sorry for those IE users

Why would anyone deserve to get hacked for just running an old version of a software?

Re:I don't feel sorry for those IE users

[Kergan]

Why would anyone deserve to get hacked for just running an old version of a software?

Because the immense majority of them are corporate users whose IT managers should know better.

Re:I don't feel sorry for those IE users

And those corporate users are manipulating your confidential information such as: SSN, bank loans, financial information, your health status, insurance information, etc.

Want those leaked out on the internet?

Re:I don't feel sorry for those IE users

[yuhong]

Well, clearly MS disagrees. In fact, a week or so ago I reported a security bug that only affects IE7 (as far that I have tested) to ZDI. I will not reveal any more details until it is patched, of course.

Re:I don't feel sorry for those IE users

[rizole]

Fair enough - never mind the collateral damage eh, carpet bombing is a proportionate and reasonable response.

Re:I don't feel sorry for those IE users

Nope. That's exactly why they should upgrade. At least to Linux Mint if not OS X. Either way would free them from worrying about IE (and Windows) security issues.

Re:I don't feel sorry for those IE users

You are kidding right?

Those corporations would either choose between:

- IBM WebSphere / DB2 / IBM HTTP Server / J2EE (Expansive)

- Microsoft IIS / SQL Server / ASP.NET

over RedHat Linux / Apache / Apache Tomcat / J2EE (inexpansive)

Even if that means that they would have 80% of their stuff in Java and 20% in .NET

Not kidding.

Re:I don't feel sorry for those IE users

Because the immense majority of them are corporate users whose IT managers should know better.

Devils advocate here.

I'm still waiting on your check to pay for our ERP vendor to release a version of software that runs under Windows 7, your other check to pay for upgrading all the intranet/internal web apps, and your final check to pay for the licenses needed to do so (client, server, and cal)

It seems management isn't interested in writing such a check to completely replace what doesn't appear broken to them. You personally won't put your money where your mouth is either.

So as an IT manager, clearly you expect me to purchase multiple millions of dollars of software out of my pocket, after insulting my intelligence claiming I am not aware of the issues.
You go on to blame me for their situation (using Microsoft products) that was already in place more than a decade before I even knew this company existed let alone worked for them.
You then refuse to provide me a replacement job making at least what I currently do, to follow your second suggestion to quit my current job where the bean counters won't listen to the guy that explains why it is broken despite us being lucky and not appearing so right at the moment.

P.S. Thanks for the baseless insult too.

Re:I don't feel sorry for those IE users

[PNutts]

Why would anyone deserve to get hacked for just running an old version of a software?

Because the immense majority of them are corporate users whose IT managers should know better.

IT Managers manage the entire attack surface area, which is why corporate users are typically behind a number of defenses that shield them from malware. And corporations often have policies in place that govern use of the browser/internet. Yes, it's still possible to go out and get zapped. Where I work that person will have a visit from the Security Dept. to be reminded of our policies and explain their browsing / download history. IMHO it boils down to more of a user problem than an old version technology problem. One person can be safe on IE 7 and someone else can get popped on Windows 8.

Re:I don't feel sorry for those IE users

[kiddygrinder]

lol, ac, you so funny

Re:I don't feel sorry for those IE users

I'm still waiting on your check [...]

No problem.. If you'll just log into our web site (IE6 only) and enter your bank account information, we'll be happy to wire those payments over to you right away!

Re:I don't feel sorry for those IE users

Anyone working in an IT dept that's enforcing a policy of still using IE6 on a corporate network needs to go and find themselves another job/career. If they are actually allowing users of this dinosaur out onto the internet, they are quite simply incompetent (or their employer is so cheap they should just leave).

Re:I don't feel sorry for those IE users

Great. Please tell me where to find IE8 or higher for windows 2000?

For Microsoft, vulnerabilities are profitable.

[Futurepower(R)]

It's not surprising to me that a Microsoft product would have a vulnerability that might encourage people to pay more money to Microsoft.

With so little U.S. government supervision of abuses, having a virtual monopoly allows many tricky ways of making money.

Conspiracy theory

[MLBs]

Microsoft has wanted for ages that those users upgrade.
Would they resort to this method to scare people into upgrading?

Gotta love the summary

[MyLongNickName]

Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
Then: People using Internet Explorer 9-10 are not impacted.""

Could someone please tell me which versions are vulnerable and which ones are not?

Re:Gotta love the summary

6,7,8 trollbait

Re:Gotta love the summary

[Nyder]

Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
Then: People using Internet Explorer 9-10 are not impacted.""

Could someone please tell me which versions are vulnerable and which ones are not?

It clearly states multiple times that IE 6-8 is affected and 9 & 10 aren't.

Re:Gotta love the summary

*woosh*

Re:Gotta love the summary

[ahabswhale]

What if I'm running IE10 in IE8 mode?

Re:Gotta love the summary

Are you retarded? All of those sentences are consistent with each other.

This is a serious question. I would genuinely like to know if you have been diagnosed with some type of learning disability.

Re:Gotta love the summary

[MyLongNickName]

It is called a joke. Sorry you didn't get it, but I promise not to make fun of slow individuals like yourself.

Re:Microsoft Trustworthy Computing(sic)

Your lithium is wearing off.

New IE Vulnerability: The answer my friend..

Is Firefox. (Opera is a good 2nd choice)

Funny how MS doesn't readily patch things that are not on its immediate marketing agenda. No patches for IE 7 so if you insist on using a standard broken product like IE, you need to use Windows 7. Next will be patched browsers that are only available on Windows 8. I Remember MS Office 2000+ had a similar pattern: Want critical bugs fixed, BUY the latest version. (Many bugs were only fixed on the next iteration even when acknowledging the bugs). Firefox on the other hand, works on ALL of these platforms (as well as MacOS, Linux, etc..) and you don't have to pay for bug/security fixes. Plus IE had a way of spitting on W3C standards for years (and to an extent still is).

MS's security record isn't all that great either: IIS Web server vulnerabilities by default (rather than locking them down), ActiveX on the Internet (later disabled by default after numerous security issues), MS Specific HTML/Javascript breaking standards. Perhaps if the market share of IE goes down to, say 30%, Balmer and his cohorts will get a clue. Until then, don't expect this culture or its security/standards issues to change anytime soon.

Re:New IE Vulnerability: The answer my friend..

[1s44c]

MS's security record isn't all that great either

And the understatement of the year award goes to Anonymous Coward.

Arrogant Computing Users

[tuppe666]

Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything, and have been rarely been out of education, some things take years to learn. The truth is why should everyone be executed to be experts at computing.The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

Re:Arrogant Computing Users

Terrible analogies. Before you go around driving a car by yourself, you typically learn how to drive a car with the help of others so you don't put others in danger, right? Why should ignorant computer users get a pass?

Re:Arrogant Computing Users

[Kergan]

But then, your argument completely falls apart because these users are mostly corporate users whose IT managers should know better.

Households users either worry about it and upgrade themselves, or have more savvy family or friends who do it for them. Do you leave your grand parents, parents or friends with a batshit crazy outdated browser lying around? Of course not. You upgrade it when you notice, and you ideally configure the PC to do so automatically in the future.

Re:Arrogant Computing Users

[VortexCortex]

The truth is why should everyone be executed to be experts at computing.

One does not simply avoid getting Malware. Only the dead can know peace from this evil.

Re:Arrogant Computing Users

Yes you do. There someone said it.

Re:Arrogant Computing Users

Oh it is rather easy, just use Linux, like my 3 year old kid does.

Re:Arrogant Computing Users

[Velex]

The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

There's nothing sad about this. Not everybody needs a general purpose computer. What they want is a Facebook machine, a Tumblr machine, a Youtube machine, and a Netflix machine. And give it to them. I'm sick and tired of hand-holding users who can't handle a general-purpose computer that can run more than 1 thing at once. I don't run Windows at home. I don't get paid to do support. When something blows up, I get called over to read over the dialogs and apply common sense, because I'm the "computer guy," and apparently anything on a computer is illegible to anyone who isn't a "computer guy." Maybe there's a small hope that when folks get their MyFace device, they'll take responsibility for knowing how to operate it themselves.

Where your post really baffles me is this:

I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything

When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

Back when I used to try to help people improve their computing experience, I would regularly recommend Firefox and install it for them after cleaning up a ton of malware.

Then a month later when they were drowning in malware again, what did I find? They were back to using IE.

I'm afraid GP is correct, but partially. If a home user is still using IE on XP, they've probably already been warned multiple times by experts, and they deserve whatever happens to them.

However, as others have pointed out, the most likely to be affected by this is corporate users. I've started to run into web apps at work that refuse to work under IE 8, but guess what? Installing Firefox or Chrome isn't even an option because we have vendor lockin to a call center vendor that insists on using IE 8 despite what the default browser is. I also have a feeling that there's no way the company will pay to upgrade about 30 agent stations from XP to 7. After all, why should they? The vendor we're locked into considers Vista support experimental, and it's not like XP's gotten rusty and is breaking down or anything.

This is just a sad, sad tale of vendor lockin and short-sightedness by closed-source corporate software developers. Welcome to the world of closed-source! Yes, we know it's broken, but shit we can do about it! It's closed-source, and the vendor I was talking about, Microsoft, and any other closed-source vendor doesn't give a shit how much pain they cause end users.

Re:Arrogant Computing Users

[kiddygrinder]

heh, are you on crack, the next big thing will be phone hacking. and yes, if you are not a doctor you should still take care of your health, it is still your responsibility to get some exercise. and yes, if you have a car you should probably take care of it, change the oil and whatnot and book it in for a regular service. and yes, if you have a leaky tap you should just change the washer, and yes, if you want to make violins... i'm not even sure how this is even a relevant comment

Re:Arrogant Computing Users

[kiddygrinder]

When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

pretty sure the op struggles to get food to dock with his food hole

Re:Arrogant Computing Users

[Billly+Gates]

When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

pretty sure the op struggles to get food to dock with his food hole

The big boys at work who buy these $100,000 SAP, Oracle, Kronos, Manpower, Siebel, and other crapware do so because they get a ROI. Bitch about being geeky to this non tech user who just blew $500,000 upgrading everything from IE 6 to cutting edge IE 8 (in his mind) will fire you with such a doctors analogy on the spot. That or he will look at you funny and ask if you replaced the toner on his printer yet? ... pff cost center peon.

This man writes your paycheck and he tells you what you support you either support that browser or get another job! In this economy that should not be hard. I know many computer science students who are making $10/hr working at call centers in Florida DESPERATE TO GET YOUR JOB as to them they need a break.

Geektalk doesn't matter boy and is an arrogant assumption if it is not certified for their work they consultant with 6 figures in it then it doesn't exist! IE 8 is here to stay!

Re:Arrogant Computing Users

[kiddygrinder]

heh, they ask for a piece of shit and they get a piece of shit, what does that have to do with anything?

Re:Arrogant Computing Users

[Billly+Gates]

heh, they ask for a piece of shit and they get a piece of shit, what does that have to do with anything?

That POS you call it, does wonders to productivity. You are looking at it through a geek lense of HTML 5 features and multimedia support. My boss looks at it though how much can IT raise the shareprice. These corporate apps might not look as pretty as www.engadget.com on a HTML 5 browser with cool effects, but can display and automate business processes well.

They wont support anything above IE 8 yet (maybe 1 or 2 do as of the last 6 months) because XP wont die and IE 8 is the common gateway that runs on both operating systems. It works.

That is mine and the other guys point. Sometimes it is cooler being a geek at home running cutting edge stuff than at work, but work has different priorities than having a less bug free and prettier browser. It is about productivity, saving money, and working with what they already have.

Other browsers don't get exploits too?

See subject-line above, & answer it please... thank-you!

* Users DO have the option of using other webbrowsers, but again, see my question above!

(It never EVER seems to stop here, all the "anti-microsoft" sentiments... oh well! It's "/."...)

APK

P.S.=> Besides - the mitigating measures they noted in disabling javascript &/or Active X? That's a great measure... (as well as using the EMET tool, which helps spot potential openings in the OS itself, helps to "security-harden" the whole show as well)... & yes, it'd work here too.

However - I truly *wish* that IE (yes, I use IE10 on Windows 7 64-bit here) had an ability like Opera has - which is a "by site preferences" option! I am not even SURE if FireFox does that (Chrome MAY now though iirc). I haven't used either in awhile, probably 1++ yr. for Chrome (just to try it to "see how the other 1/2 lives") & perhaps 6++ months for PaleMoon or WaterFox 64-bit builds of FF.

Since that way? I only use scripting, cookies, extensions of any type, plugins, & frames/iframes (often used sources for attack) ONLY WHERE I NEED THEM!

Which is usually on banking or online shopping/e-commerce type sites MOST of the time...

The rest of the websites I visit default to my "global policy" (which NO sites use any of those)...

That way? No way to 'blast me', essentially, + I surf way, Way, WAY faster without them present (since most sites I have found do NOT really TRULY require them operating for me to get what I need there - information!)...

... apk

Re:Other browsers don't get exploits too?

[Runaway1956]

Firefox addons give you site-by-site preferences. Take a look at NoScript. I'm pretty sure some others do as well, but I use NoScript all the time. It's probably not the best thing since sliced bread, but it comes close.

Obligatory update patch

[linebackn]

Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/

Poor method of Gaining Customers.

[tuppe666]

Microsoft has wanted for ages that those users upgrade.
Would they resort to this method to scare people into upgrading?

Microsoft aren't even getting a sales bump from launching a new version of their platform, providing a shitty experience on their platform has them running to any other platform, and have yet to transition to the new world, where they are not the Daddy!. Android is set to surpass them next year. I'd argue it was more to provide advantages over previous versions of their OS when really their is very little real advantages present. Simply leaving the older unmaintained version insecure is simply a bonus.

Re:Poor method of Gaining Customers.

[MLBs]

Well, I didn't suggest it was a smart move, just a move that could fit.

Re:Poor method of Gaining Customers.

The older versions of IE are maintained. There will be a security patch for this.

Damn. Good thing I'm still using Mosaic.

Damn. Good thing I'm still using Mosaic.

Not an Update Patch

[tuppe666]

Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/

Its a work around.

Re:Not an Update Patch

Obligatory: whoosh

Re:Not an Update Patch

humor fail.

Fuck off back to Usenet ..

Fuck off back to Usenet, there's someone there criticizing MICROS~1 ..

People use IE?

[Gothmolly]

Who uses IE?

Re:People use IE?

[ahabswhale]

noobs

Re:People use IE?

[PNutts]

Who uses IE?

I'd throw out some numbers but they are skewed towared the site measuring them. Wikipedia pulls some sites together in one place.

What about Compatibility View?

[93+Escort+Wagon]

Compatibility View seems to turn IE 8-10 into IE 7... And I find people using it all the bloody time (and for no good reason other than they didn't like how the newer version CORRECTLY rendered some random page they were used to seeing broken!). So is Compatibility View immune to the exploit? I'm unclear whether IE has a separate engine for this or just uses some bizarre CSS definitions to achieve the brokenness...

Re:What about Compatibility View?

[ahabswhale]

Don't forget that IE also has a selectable document mode. So, I'd like to see a full matrix of browser modes and document modes that are effected (if it applies).

Re:What about Compatibility View?

[Billly+Gates]

I wonder that too.

Many corps who use IE 9 (still few) but it in IE 7 mode typically because of one tiny app used by HR wont render right so they make a group policy for the whole company. This eliminated youtube and facebook support which the PHBs even like!

Earlier Submission

[deeqkah]

The better story about this vulnerability is the fact that the entire delivery of the malware (from a compromised US foreign policy think tank, no less), was limited to people with the ability to view English (American English), Russian, Japanese and traditional Chinese characters. It's supected of being a 'watering hole' attack. Read more from the earlier submission which didn't include bullshit link bait for advertising dollars.

Thank you for your example.

[tuppe666]

Terrible analogies. Before you go around driving a car by yourself, you typically learn how to drive a car with the help of others so you don't put others in danger, right?

...but not replace the engine.

Re:Thank you for your example.

This is where car analogies fall apart, the engine of a computer is the CPU, but they are usually much easier to change than a car engine except when then are surface mounted. But no I wouldn't expect the average user to be able to change a CPU, but installing a new web browser is something every computer user should be able to do, it isn't really any harder than sticking a new satnav to your windscreen and plugging the cord in the cigarette lighter socket.

Not everyone has a choice

Some big corporations are still using IE6, including banks and government, some upgraded to IE7 or IE8 (quite recently!).

You go to a Hotel? There is a PC desk there, and it is a lockdown XP / IE6 machine.
No other choice, can't install or run a newer browser either.

Doctors in a hospital looking for your record? XP / IE7.

Banks looking for your employer website and mortgage intranet application usage? XP / IE6.

Some corporation do not allow you to install anything by policy, you are not Administrator on your own machine.

The list goes on and on... you would be surprised.

If it *works*, then don't *fix* it. Even if there is a security bug fix, especially if it breaks intranet apps ?!?

Seriously...

who uses IE?

Seriously...

[ArcadeMan]

Who uses Windows?

It has to be said.

[AliasMarlowe]

TFA implies that IE9 and IE 10 users are not vulnerable to this attack. Well, neither are Firefox users, nor Opera users, nor Chromium users, nor Safari users, nor ... and the list goes on and on. Oh and obviously people using BSD or Linux or Mac are not vulnerable either.

Re:It has to be said.

[dreamchaser]

Unfortunately a lot enterprises use web applications internally that are dependent on specific IE versions. No, not a good idea, but still true.

Re:It has to be said.

[WhatAreYouDoingHere]

Yeah... I don't recall ever seeing any kind of major exploit with lynx ... ah, good ol' lynx.

Re:It has to be said.

[TheRealMindChild]

In my experience, the dependency came from the promise of Microsoft supporting their "web platform" moving forward. Then everyone was "YOU EXPOSED THE WHOLE SYSTEM OF COM LIBRARIES TO THE SCRIPTING ENVIRONMENT!!!!", so they started trying to please that crowd with nonsense like ActiveX killbits. You can't please everyone.

Re:It has to be said.

An exploit in Lynx which allowed an attacker to execute arbitrary code was patched in the latest Ubuntu releases just last month.

Re:It has to be said.

[smash]

In an article about an IE-specific exploit, Firefox, Chrome, Safari, Dolphin, Iceweasel, Opera, etc are irrelevant. My car isn't vulnerable to the exploit either.

If the article title was "most browsers vulnerable to blah zero-day" then sure, mentioning non-vulnerable non-ie browsers would be relevant.

Re:It has to be said.

[smash]

Haven't seen much in the way of actual functionality beyond basic HTML parsing in Lynx either.

...Yes...Seriously?

[tuppe666]

who uses IE?

...about 54% according to Net Application, and has been rising for the past four months. Thank god for Mobile computing is all I can say.

When I use(d) FireFox? NoScript is RIGHT there

Always! Good choice on your part too - I think it's the GREATEST addon FF has for security in fact!

APK

P.S.=> I also wouldn't doubt that @ least BY NOW, FF has such an addon as you describe for "by site preferences" like Opera has natively built-in. FF has the biggest community building addons for & around it, hands-down... @ least, afaik!

... apk

Not surprised @ all, & why...

ASP.NET coder here over time, via Visual Studio 2002-2005, but... NOT by choice though - as I think "web-programming" is for 'noobz' (don't be offended if you do it yourself though, I just feel that way vs. coding native apps in C/C++/Delphi is all), but you have a point!

* Good "exception point" in fact... kudos!

APK

P.S.=> Your post also reminds me of Korea - they're "HUGE" on ActiveX too...

... apk

Portablility a feature

[tuppe666]

They are past tense.

It shows that their code was [and maybe he potential to be ]portable, admittedly last version for the Mac was 9 years ago 5.2.3 http://en.wikipedia.org/wiki/Internet_Explorer_for_Mac. Microsoft admit their own inadequacy by not just producing code incompatible with other platforms, but even versions of its their own platform. The sad fact is they have lost half their market to competing platform even though though they bundle it with their monopolistic product. Nobody would ever install it on alternative platforms. Although Microsoft not doing so is a sign that they are not planning on competing though improving their products.

Re:Portablility a feature

I would install IE on my linux box just to get rid of the XP virtual machine I have to run in order to access newer Cisco routers and switches as well as the older Dell switches.

Re:Portablility a feature

[disambiguated]

Negative. The Mac and *nix versions of IE were completely separate code bases, developed by completely separate teams.

Re:Portablility a feature

[makomk]

With a completely seperate rendering engine with different quirks, too, at least in the case of the Mac version.

no more xp

As a tech that insists on bringing value to customers, i no longer work on xp machines. I can hand them a linux live cd or offer to accompany them to the local computer store.
an xp machine on the internet is just stupid, considering the monthly cost of internet access.

Re:no more xp

[1s44c]

Sorry if this is a dumb question, but what does the monthly cost of internet access have to do with it?

Re:no more xp

[PNutts]

lol - I completely missed that.

Re:no more xp

Sorry if this is a dumb question, but what does the monthly cost of internet access have to do with it?

Two months internet access buys you an upgrade to a newer OS

Re:Microsoft Trustworthy Computing(sic)

[marcello_dl]

Nothing wrong happened.

Redmond, CEO office. Ballmer is practicing chair throwing against a human wall of Microsoft interns.
Fling......
"OUCH! THANK YOU SIR MAY I HAVE ANOTHER ONE SIR!"
Fling.....

A well dressed executive gets in, and says: "Your Sanctity, I have some bad news and some good news. We have a new vulnerability on IE"
Ballmer mutters among himself: "Damn, with the undisclosed ones it's the fifth one today... and it's only 10 am..."
The chairs get thrown with more energy. The human wall crumbles.
Finally Ballmer adds: "And the good news are?"
- "Well, it affects only IE on XP and below"
- "No fucking problem, then! God, I have to give those russian hackers a medal. You know what? let's go have a drink. CHAMPAGNE!"

#WindowsRage

#WindowsRage #WindowsRage #WindowsRage #WindowsRage

Re:haha

I guess IE8 on my windows 7 virtual machine will stay vulnerable, because i'm not going to install "Windows Malicious Software Removal Tool"

Microsoft Trustworthy Computing.

[1s44c]

LOL. What?

The only way to make Microsoft software trustworthy is to cut power to the computer.

URL

[DrYak]

http://youtube.com/html5
to manually enable/disable HTML5 video.
if you're logged in, this preference can even be saved.

Youtube automatically detects which codecs are supported (Chrome and Firefox both support WebM. Chrome also supports H.264. Older versions of Firefox don't (due to licensing restrictions), newer version of Firefox will tap into whatever system codecs is available for firefox to use: GStreamer on Linux, DirectShow in Windows, hardware codecs wherever supported).

Also, video ads require flash to play.

Re:URL

Top-level AC here, I played with it a bit more. It turns out Chrome loads *two* flash plugins. There's Adobe's flash, and their own version called "pepper flash". Disabling pepper actually fixes my YouTube performance problem, but Chrome warns that Adobe's Flash is out of date.

When I go to update Adobe's Flash, guess what? I get to their web site, but the checkbox to avoid McCafee's free trial and tribulation ware is... wait for it... SET TO YES AND IMPOSSIBLE TO UNCLICK. Yes. I wish I were making that up. Anybody else have that problem? I'll have to try updating Adobe's Flash with pepper enabled. Maybe the box is possible to toggle with pepper loaded, but this seems like the runaround from Adobe to me.

Actually, the PDF viewer is getting like that too--trying to jam toolbars and virus malware at people. Fuck them. Fuck them hard. I don't know what I'm doing wrong, but I can only get Flash to work, not H TML 5.

I can't wait for Windows 9. Maybe I'll try Ubuntu again. It's been a while...

Re:haha

Good idea. Risk getting malware by not installing an anti-malware tool and a current version of a browser. Providing any reason for your actions would make your tin foil hat harder to see.

Re:haha

Are you sure the Malicious Software Removal Tool is a mandatory install with IE? I thought they were separate.

Except is not a car analogy...

[tuppe666]

This is where car analogies fall apart, the engine of a computer is the CPU, but they are usually much easier to change than a car engine except when then are surface mounted. But no I wouldn't expect the average user to be able to change a CPU, but installing a new web browser is something every computer user should be able to do, it isn't really any harder than sticking a new satnav to your windscreen and plugging the cord in the cigarette lighter socket.

....Its a skill analogy...It could have been butcher; baker and marine biologist. This week indirectly I paid hundreds of people for their skills, some as basic as *packing*,and vast majority of them were completed better than I ever could, and many would require thousands of hours to become an expert.

As a side note the CPU in the Car...is part of the driver ;)

I supposed it won't do any good to mention this

[PNutts]

Older browser version with vulnerability -> JavaScript -> Flash ActiveX -> Java -> sad clown face. Should anyone be surprised? Here's a link to the CERT KB for more information.

Is installing new software hard :)

[tuppe666]

But no I wouldn't expect the average user to be able to change a CPU, but installing a new web browser is something every computer user should be able to do

Here is the thing I disagree. Windows is crap in he context of this discussion, and Linux is a dream(and Android /iOS). Because installing is hard. Let me paint a typical scenario...Windows is running slowly!! The problem is not one thing; its everything, There is 4 unused bittorrent clients, A half uninstallled version of MobileME (how do you get rid of that icon...what is Mobile ME), there is a dozen links to defunct printers; scanners; wireless dongles and additional crap it installs. There is a whole host of things running in the background Bollox.exe is using a lot of CPU. There is Firefox 3.6, and IE with several toolbars how did they get there...both Yahoo and Google. A typing Tutor Program, that records every damn keystroke, and several programs that update and load Adobe/Office products in the background to speed up its loading while crippling everything else...and that outdated virus scanner...still searches, but never fixes or updates...until it gets fed some money!...and this is the EVERY PC.

Please don't pretend things are easy because they are for you.

Re:Is installing new software hard :)

...and this is the EVERY PC.

Please don't pretend things are easy because they are for you.

FUD much? Please don't pretend that everyone manages PC's as badly as you do or describe.

Ubuntu has PPAs, and Android has the same thing

[tepples]

Ubuntu lets a machine's owner install a third-party repository called a PPA after the owner has decided to trust the PPA's operator. Android allows the same thing: owners of devices with Google Play Store can turn on "Unknown sources" and install SlideME and Amazon Appstore, and owners of Kindle devices can turn on "Unknown sources" and install SlideME. Windows RT, the "Modern UI" environment of Windows 8, iOS, and the consoles, on the other hand, don't let a device's owner add repositories.

This video is not available on mobile

[tepples]

Not all of them do so properly yet, however. Specifically, a number of sites still check the user agent, rather than for Flash presence.

And other sites check for Flash Player and HTML5 and raise an error "This video is not available on mobile" if HTML5 is detected but Flash Player is not. Still other sites support only AVC, which won't work on browsers that support only the freely licensed VP8. Presence of Flash Player guarantees presence of AVC.

Cat got tongue?

I use Windows XP but you are nuts if you believe I use IE for anything more that see if it doesn't freak my webpages. ;) Also IE alone is not a reason for upgrade. Windows 7 is my second partition OS aka Plan B, thanks several apps that don't run well from XP. Try Linux? No thanks, maybe when is a OS for the home (real apps for home office/games/animation/design, not half baked experiments) user and really supports more hardware. That won't happen soon.

microsoft trying to force upgrades again

go fuckin stuff windows 8 up your secure arse with a boot

shoot the exploiters!

I say kill them and the brains that invented the exploit.
The end. (well unless they documented it online)
Then I say to them kudos for spreading nonsense.

This is the turd RIECH. Kill all the people who don't comply with common sense.

Re:shoot the exploiters!

I think you should ask Mr Ballmer for a rectal massage. It has been too long you got the last one from him. You are getting a little strange.

blah blah blah

everyone wants justice for stupid is as stupid does though no one is willing to admit that people will create and push the envelope no matter what the law or the "TURD" Riech has to say.

Re:Uh, every business on the planet!

[Billly+Gates]

Until Oracle, Kronos, Siebel, DerpMaster, Manpower, Sap, and about 85% of all intranet app makers support anything above IE 8 the answer to any recent or different browser is a resounding NO!

Part of me feels they do so on purpose to hurt Microsoft so they can sell cloud solutions and make the pc platform and internal intranet apps higher TCO (Sap and Oracle) and we all need to suffer in the process by not having HTML 5 yet.

College kids reading this. Be prepared for disappointment in the real world as your paycheck comes at a price. THe real world is not so liberal and open to alternative and cutting edge things as your school is.

Re:mod parent up!

[Billly+Gates]

This user is precisely why IE 8 is still high, besides a few gray hair surfers with XP who click on the blue E like they normally since 2001 all the users are corporate. Many have finally just left IE 6 and to them IE 8 is a GREAT improvement sadly enough.

Geeks who do not work in corporate IT do not get it as these systems are not like their own pcs in their dorm rooms where it is free and easy to switch.

The same bean counters who sign for these $$$$ IE 8 only apps also sign your paycheck! If your cool browser doesn't work with these expensive investments it doesn't get deployed. The same bean counter will be happy to fire you too as you are a cost and he is an all so important profit center in his eyes ... vomits.

While some may know of these exploits, many don't

[Trax3001BBS]

Recently http://battlelog.battlefield.com/ (Battle Field 3 web interface)
stopped supporting IE 8.
http://battlelog.battlefield.com/bf3/news/view/2832654782553529670/

A clan member asked what they could do about it, I told her to use a different browser.
they came back: I suppose you expect everybody to have two browsers installed.

Actually I did, the only browser they used was an out of date IE. Playing games on-line,
having a functioning chat system installed; one would think they'd have an above average
knowledge of Internet security (#1 being not to use IE).

I'm sure many are being hit by malware and exploits that have been know for years.

And Then

..that security-broken IE6 "in the intranet" is used to open an html-coded email attachment from Chicom ltd. That run that IE6-based virus and send 30 years of hard-won R&D data to Shenzen, to be used for outfoxing an American company who will have to lay of their workers as a consequence.
Alternatively, American R&D data will end up in Chengdu, to be used to beef up China's new stealth fighter.

You see - All The Joys Of Internet Explorer !

No Need For Acrobat Reader

I have not used Acrobat Reader for a long time. It is insecure as hell and the primary vector for infections by Chinese intelligence. I use evince and that is perfectly OK for me.

Nice !!

So your multi-billion dollar corporation cannot afford a few millions to get a proper IT system (one that works without insecure crapola), because they have to stuff that money to their shareholders RIGHT NOW. Fuck all the customer and R&D data, quarterly results rule !!

YOU are NOT going to like this but...

"FIXED" already (well, easily mitigated fixed, that is) -> http://www.neowin.net/news/microsoft-releases-fix-it-patch-for-ie6-8-exploit

* And, there you are...

APK

P.S.=> At the very least? MS, as per their usual, @ least does the 'automating' of the hacks needed to stop these things from 'insta-NUKING' folks, via these "Fix-It" patches - until a FULL patch comes out, & odds are?? 2nd Tuesday of the month (Happy New Year 2013 everyone by-the-by), it will be fixed (hopefully)...

... apk

Re:haha

[smash]

Install IE9. If you're going to run any version of IE, IE9 is so much better than IE8 (or previous) it isn't even in the same sport, let alone the ballpark. But yes, Vista and XP users are screwed, as IE9 is not available for them.

Re:haha

[smash]

They are. The malicious software removal tool is a monthly "poor mans virus scanner", not a single install.