New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe

An anonymous reader writes "Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser. 'We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,' Dustin Childs of Microsoft Trustworthy Computing told TNW. 'We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.'"

I do feel sorry for XP users

I tried out IE 10 and it was great. It downloaded firefox and chrome even better than ever. People who haven't updated should. Too bad XP users can't use it though.

Re:I do feel sorry for XP users

[slackware+3.6]

How do I install IE in Ubuntu? I can't find it in the repositories.

Re:I do feel sorry for XP users

[ClaraBow]

I know you were joking, but IE remains the only major browser that runs on one platform only. I'm sure Microsoft will port it to other platforms someday!

Re:I do feel sorry for XP users

There used to be versions for Mac, Solaris, and HP-UX

Re:I do feel sorry for XP users

[Runaway1956]

You call it a problem. I see that as a tremendous advantage. Instead of installing my OS, then searching my drawers and closets for CD's and floppies, or downloading stuff from random sites, I just go to my trusted repository to install everything I need. All my downloads come from a single place, all of it having been vetted for malware and/or security holes. It's really great, IMHO. All updates come from the same source, there's no need for me to have my system tray loaded with icons that continuously check for updates.

Of course, if I find something interesting in the tubes, it may or may not be in the repositories. Then, I have to strain my mind real hard to find the half dozen commands needed to install alien software. If my feeble mind should fail to recall any of those commands, I can always google for them.

I really like things the way they are. My wife isn't even tempted to install some Dancing Ponies screensaver. It's not in the trusted repository, so she doesn't mess with it.

Re:I do feel sorry for XP users

[chronokitsune3233]

That's true, but IIRC Macs weren't affected by such vulnerabilities usually. After all, Macs were different that they needed their own separate engine (Tasman) apart from Trident, which was used on MS Windows, Solaris and HP-UX. To be honest, I remember being a kid and playing in IE on a Mac at school. IE used to be cool. Now I know better. Still, IE/Mac rocked in its day!

Re:I do feel sorry for XP users

[Trilkin]

Funny how this comes from a community that complains about walled gardens and vendor lock-in.

Re:I do feel sorry for XP users

[EETech1]

www.codeweavers.com/compatibility/search?name=internet+explorer&search=app

I actually had to for my friend. He loves using Ubuntu since I converted his work laptop, then all his home computers, but there was some stupid IE only website that he had to use to make reservations for his business.

It is not perfect, but it gets the job done, and works much better than Virtual Box on his old laptop. Much less pwnage running under Wine too.

Cheers!

Re:I do feel sorry for XP users

[kthreadd]

Where is the walled garden and vendor lock-in? Ubuntu distributes a lot of software to its users, that doesn't take away any rights to run any other software. Just build it from source or install a prebuilt binary.

Re:I do feel sorry for XP users

[kiddygrinder]

sudo apt-get winetricks
winetricks ie8
unfortunately ie versions later than 8 are not supported in linux, you should upgrade to a superior operating system if you wish to experience the same bullshit you've been putting up with for 10 years (sorry, i'm a web dev)

Re:I do feel sorry for XP users

[ae1294]

I know you were joking, but IE remains the only major browser that runs on one platform only. I'm sure Microsoft will port it to other platforms someday!

You haven't heard? Microsoft has been working hard to finish porting IE6 to Linux. They seem to be targeting their ads mostly to business clients whom use Active X. I wonder why Microsoft would support the Linux community, have they gave up being evil???

Re:I do feel sorry for XP users

[westlake]

Funny how this comes from a community that complains about walled gardens and vendor lock-in.

Take a look at these screen shots of the Ubuntu Software Center. Looks a lot like the Windows Store, doesn't it?

Heck, most of the apps featured here are available for the Windows platform.

It is necessary to explain the Ubuntu isn't targeting the geek who compiles from source or is willing to navigate the depths and complexities of app-get?

Mind you, I was not a happy camper when installing the simplest of Internet radio apps and the Chromium browser Software Center did not install the essential (and different !) dependencies required to play audio.

Re:I do feel sorry for XP users

[davester666]

It rocked because it was a completely different browser from IE on x86. The only thing it had in common with the Windows version was that it was non-standard in similar [but not the same] ways.

Re:I do feel sorry for XP users

[phantomfive]

If Apple allowed me to install my own software on an iPhone without rooting it, I wouldn't care what they do with their app store. I would probably buy an iphone in that case.

But they don't so, I don't.

Re:I do feel sorry for XP users

[techno-vampire]

Just have him install User Agent Switcher and have it pretend to be MSIE 10 when he goes there.

Re:I do feel sorry for XP users

[EETech1]

IIRC it loads some kind of IE only plugin to do the 'secure' ordering and reservations, but I will give that a try. I gotta pay him a holiday visit anyways. I didn't see him@ Target this Christmas eve. First time since Target opened here about 10 years ago:) I can't imagine he had all his shopping done ahead of time!

What better way to say happy holidays than to remove the last remaining piece of Microsoft software from his life and update his 10.04 Ubuntu install to Mint 14!

Thanks and Happy New Year!

Re:I do feel sorry for XP users

[marcosdumay]

It's here. You also can get it from your distro's reposotory.

It's very usefull to test pages in development. Also, you can install several versions of IE at the same Ubuntu computer. But it probably won't emulate this bug, so you won't have the complete experience of having your computer owned (by this exploit).

Re:I do feel sorry for XP users

[marcosdumay]

All the proplems of a walled garden go away when you remove the walls. Everybody likes having a well maintainted garden to play.

Re:I do feel sorry for XP users

[Billly+Gates]

Anyone else noticed that for years the MacOSX version of Office was so much better and prettier than on Windows?

I wondered for awhile which side the developers on Redmond were on? Granted today Office 2010 and IE 10 for Windows have caught up. I guess the old Windows apis must have been really bad if they couldn't get them to be as good as another competitors OS.

Re:I do feel sorry for XP users

[chronokitsune3233]

Indeed I did notice.

Office v. X on OS X 10.0 at school rocked my socks all around. I honestly would have enjoyed staying at school and typing papers there instead of going home and using Office 2000 on Windows! At least it wasn't Office XP, though!

Simply put, when it comes to a UI, Apple knew their stuff when it came to OS X. Nothing blends better than UI elements from the official framework of the OS itself! :-P

(Some "Task Panes" were harmed in the writing of this post. The Ribbons managed to flee after realizing they were next.)

Re:I do feel sorry for XP users

[tepples]

Take a look at these screen shots of the Ubuntu Software Center. Looks a lot like the Windows Store, doesn't it?

Try this: Edit > Software Sources > Other Software > Add, then paste in the apt line from a publisher's web site. How do you do that in Windows Store? Oh wait, you can't without an expensive sideloading license.

Re:I do feel sorry for XP users

[smash]

IE is cross-platform. x86, x64, XP, Vista, Windows 7, Windows 2003, Windows 2008, etc.

/msdrone

Re:I do feel sorry for XP users

[smash]

Serious post - I'm sure microsoft will re-port IE to other platforms if/when Windows looks like losing significant market share. The OS is becoming irrelevant, and the browser is becoming more and more important as a platform for application development.

Eventually, I'm sure they'd prefer to have a higher share of the browser market by supporting multiple platforms, than seeing the browser share shrink with Windows. With the epic failure of Windows 8, it may happen sooner than we expect.

Re:I do feel sorry for XP users

[smash]

So you mean, just like apple then? With the single exception of needing a $99 developer certificate if you want to do it yourself - which has the additional benefit of being able to optionally enforce code-signing on your machine so that you can verify that the binaries you think you're running are actually as shipped from the developer..

Re:I do feel sorry for XP users

[phantomfive]

Basically, and I've tried to think of a nice way to say this, Fuck you and anyone else who comes up with such a horrid solution. It's not even a complete solution since you can only install some software through that method, you can't install any software you like.

This has been the pain I've had with the iphone since it was released (that is, eight months after it was released when the dev kit came out).

Re:I do feel sorry for XP users

[smash]

What can't you do with this method? Install warez? Seriously - i'm keen to know if there is a genuine reason why this will not work other than perhaps cost, or piracy related reasons.

Re:I do feel sorry for XP users

[phantomfive]

Then sorry for being unnecessarily rude.

If you don't have root on your device, there are certain APIs you can't call. You can't write your own shell because you don't have fork(), for example. You can't launch other applications. I'm pretty sure you can't call the automation/Accessibility APIs without root either. You also can't have a process running constantly in the background. You can't access the voice-reading APIs. I'm pretty sure you can't disable the button, but I haven't tried on a non-rooted device. You can't inject touches.

I don't feel sorry for those IE users

[Kergan]

Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

Re:I don't feel sorry for those IE users

[Kergan]

Why would anyone deserve to get hacked for just running an old version of a software?

Because the immense majority of them are corporate users whose IT managers should know better.

Re:I don't feel sorry for those IE users

[yuhong]

Well, clearly MS disagrees. In fact, a week or so ago I reported a security bug that only affects IE7 (as far that I have tested) to ZDI. I will not reveal any more details until it is patched, of course.

Re:I don't feel sorry for those IE users

[rizole]

Fair enough - never mind the collateral damage eh, carpet bombing is a proportionate and reasonable response.

Re:I don't feel sorry for those IE users

[PNutts]

Why would anyone deserve to get hacked for just running an old version of a software?

Because the immense majority of them are corporate users whose IT managers should know better.

IT Managers manage the entire attack surface area, which is why corporate users are typically behind a number of defenses that shield them from malware. And corporations often have policies in place that govern use of the browser/internet. Yes, it's still possible to go out and get zapped. Where I work that person will have a visit from the Security Dept. to be reminded of our policies and explain their browsing / download history. IMHO it boils down to more of a user problem than an old version technology problem. One person can be safe on IE 7 and someone else can get popped on Windows 8.

Re:I don't feel sorry for those IE users

[kiddygrinder]

lol, ac, you so funny

For Microsoft, vulnerabilities are profitable.

[Futurepower(R)]

It's not surprising to me that a Microsoft product would have a vulnerability that might encourage people to pay more money to Microsoft.

With so little U.S. government supervision of abuses, having a virtual monopoly allows many tricky ways of making money.

Re:The remaining (ironic) reason I still use IE

[jones_supa]

Try using a 10.x version from Adobe's Flash Player Archive.

Conspiracy theory

[MLBs]

Microsoft has wanted for ages that those users upgrade.
Would they resort to this method to scare people into upgrading?

Gotta love the summary

[MyLongNickName]

Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
Then: People using Internet Explorer 9-10 are not impacted.""

Could someone please tell me which versions are vulnerable and which ones are not?

Re:Gotta love the summary

[Nyder]

Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
Then: People using Internet Explorer 9-10 are not impacted.""

Could someone please tell me which versions are vulnerable and which ones are not?

It clearly states multiple times that IE 6-8 is affected and 9 & 10 aren't.

Re:Gotta love the summary

[ahabswhale]

What if I'm running IE10 in IE8 mode?

Re:Gotta love the summary

[MyLongNickName]

It is called a joke. Sorry you didn't get it, but I promise not to make fun of slow individuals like yourself.

Re:Microsoft Trustworthy Computing(sic)

Your lithium is wearing off.

Arrogant Computing Users

[tuppe666]

Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything, and have been rarely been out of education, some things take years to learn. The truth is why should everyone be executed to be experts at computing.The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

Re:Arrogant Computing Users

[Kergan]

But then, your argument completely falls apart because these users are mostly corporate users whose IT managers should know better.

Households users either worry about it and upgrade themselves, or have more savvy family or friends who do it for them. Do you leave your grand parents, parents or friends with a batshit crazy outdated browser lying around? Of course not. You upgrade it when you notice, and you ideally configure the PC to do so automatically in the future.

Re:Arrogant Computing Users

[VortexCortex]

The truth is why should everyone be executed to be experts at computing.

One does not simply avoid getting Malware. Only the dead can know peace from this evil.

Re:Arrogant Computing Users

[Velex]

The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

There's nothing sad about this. Not everybody needs a general purpose computer. What they want is a Facebook machine, a Tumblr machine, a Youtube machine, and a Netflix machine. And give it to them. I'm sick and tired of hand-holding users who can't handle a general-purpose computer that can run more than 1 thing at once. I don't run Windows at home. I don't get paid to do support. When something blows up, I get called over to read over the dialogs and apply common sense, because I'm the "computer guy," and apparently anything on a computer is illegible to anyone who isn't a "computer guy." Maybe there's a small hope that when folks get their MyFace device, they'll take responsibility for knowing how to operate it themselves.

Where your post really baffles me is this:

I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything

When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

Back when I used to try to help people improve their computing experience, I would regularly recommend Firefox and install it for them after cleaning up a ton of malware.

Then a month later when they were drowning in malware again, what did I find? They were back to using IE.

I'm afraid GP is correct, but partially. If a home user is still using IE on XP, they've probably already been warned multiple times by experts, and they deserve whatever happens to them.

However, as others have pointed out, the most likely to be affected by this is corporate users. I've started to run into web apps at work that refuse to work under IE 8, but guess what? Installing Firefox or Chrome isn't even an option because we have vendor lockin to a call center vendor that insists on using IE 8 despite what the default browser is. I also have a feeling that there's no way the company will pay to upgrade about 30 agent stations from XP to 7. After all, why should they? The vendor we're locked into considers Vista support experimental, and it's not like XP's gotten rusty and is breaking down or anything.

This is just a sad, sad tale of vendor lockin and short-sightedness by closed-source corporate software developers. Welcome to the world of closed-source! Yes, we know it's broken, but shit we can do about it! It's closed-source, and the vendor I was talking about, Microsoft, and any other closed-source vendor doesn't give a shit how much pain they cause end users.

Re:Arrogant Computing Users

[kiddygrinder]

heh, are you on crack, the next big thing will be phone hacking. and yes, if you are not a doctor you should still take care of your health, it is still your responsibility to get some exercise. and yes, if you have a car you should probably take care of it, change the oil and whatnot and book it in for a regular service. and yes, if you have a leaky tap you should just change the washer, and yes, if you want to make violins... i'm not even sure how this is even a relevant comment

Re:Arrogant Computing Users

[kiddygrinder]

When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

pretty sure the op struggles to get food to dock with his food hole

Re:Arrogant Computing Users

[Billly+Gates]

When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

pretty sure the op struggles to get food to dock with his food hole

The big boys at work who buy these $100,000 SAP, Oracle, Kronos, Manpower, Siebel, and other crapware do so because they get a ROI. Bitch about being geeky to this non tech user who just blew $500,000 upgrading everything from IE 6 to cutting edge IE 8 (in his mind) will fire you with such a doctors analogy on the spot. That or he will look at you funny and ask if you replaced the toner on his printer yet? ... pff cost center peon.

This man writes your paycheck and he tells you what you support you either support that browser or get another job! In this economy that should not be hard. I know many computer science students who are making $10/hr working at call centers in Florida DESPERATE TO GET YOUR JOB as to them they need a break.

Geektalk doesn't matter boy and is an arrogant assumption if it is not certified for their work they consultant with 6 figures in it then it doesn't exist! IE 8 is here to stay!

Re:Arrogant Computing Users

[kiddygrinder]

heh, they ask for a piece of shit and they get a piece of shit, what does that have to do with anything?

Re:Arrogant Computing Users

[Billly+Gates]

heh, they ask for a piece of shit and they get a piece of shit, what does that have to do with anything?

That POS you call it, does wonders to productivity. You are looking at it through a geek lense of HTML 5 features and multimedia support. My boss looks at it though how much can IT raise the shareprice. These corporate apps might not look as pretty as www.engadget.com on a HTML 5 browser with cool effects, but can display and automate business processes well.

They wont support anything above IE 8 yet (maybe 1 or 2 do as of the last 6 months) because XP wont die and IE 8 is the common gateway that runs on both operating systems. It works.

That is mine and the other guys point. Sometimes it is cooler being a geek at home running cutting edge stuff than at work, but work has different priorities than having a less bug free and prettier browser. It is about productivity, saving money, and working with what they already have.

Obligatory update patch

[linebackn]

Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/

Poor method of Gaining Customers.

[tuppe666]

Microsoft has wanted for ages that those users upgrade.
Would they resort to this method to scare people into upgrading?

Microsoft aren't even getting a sales bump from launching a new version of their platform, providing a shitty experience on their platform has them running to any other platform, and have yet to transition to the new world, where they are not the Daddy!. Android is set to surpass them next year. I'd argue it was more to provide advantages over previous versions of their OS when really their is very little real advantages present. Simply leaving the older unmaintained version insecure is simply a bonus.

Re:Poor method of Gaining Customers.

[MLBs]

Well, I didn't suggest it was a smart move, just a move that could fit.

Not an Update Patch

[tuppe666]

Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/

Its a work around.

Re:The remaining (ironic) reason I still use IE

[Kergan]

Have you tried actually uninstalling Flash? When you do, YouTube serves an html5 video.

People use IE?

[Gothmolly]

Who uses IE?

Re:People use IE?

[ahabswhale]

noobs

Re:People use IE?

[PNutts]

Who uses IE?

I'd throw out some numbers but they are skewed towared the site measuring them. Wikipedia pulls some sites together in one place.

What about Compatibility View?

[93+Escort+Wagon]

Compatibility View seems to turn IE 8-10 into IE 7... And I find people using it all the bloody time (and for no good reason other than they didn't like how the newer version CORRECTLY rendered some random page they were used to seeing broken!). So is Compatibility View immune to the exploit? I'm unclear whether IE has a separate engine for this or just uses some bizarre CSS definitions to achieve the brokenness...

Re:What about Compatibility View?

[ahabswhale]

Don't forget that IE also has a selectable document mode. So, I'd like to see a full matrix of browser modes and document modes that are effected (if it applies).

Re:What about Compatibility View?

[Billly+Gates]

I wonder that too.

Many corps who use IE 9 (still few) but it in IE 7 mode typically because of one tiny app used by HR wont render right so they make a group policy for the whole company. This eliminated youtube and facebook support which the PHBs even like!

Earlier Submission

[deeqkah]

The better story about this vulnerability is the fact that the entire delivery of the malware (from a compromised US foreign policy think tank, no less), was limited to people with the ability to view English (American English), Russian, Japanese and traditional Chinese characters. It's supected of being a 'watering hole' attack. Read more from the earlier submission which didn't include bullshit link bait for advertising dollars.

Re:Other browsers don't get exploits too?

[Runaway1956]

Firefox addons give you site-by-site preferences. Take a look at NoScript. I'm pretty sure some others do as well, but I use NoScript all the time. It's probably not the best thing since sliced bread, but it comes close.

Thank you for your example.

[tuppe666]

Terrible analogies. Before you go around driving a car by yourself, you typically learn how to drive a car with the help of others so you don't put others in danger, right?

...but not replace the engine.

Re:The remaining (ironic) reason I still use IE

[bmo]

I believe those fall back to Silverlight mode.

Try Gnash.

--
BMO

Seriously...

[ArcadeMan]

Who uses Windows?

It has to be said.

[AliasMarlowe]

TFA implies that IE9 and IE 10 users are not vulnerable to this attack. Well, neither are Firefox users, nor Opera users, nor Chromium users, nor Safari users, nor ... and the list goes on and on. Oh and obviously people using BSD or Linux or Mac are not vulnerable either.

Re:It has to be said.

[dreamchaser]

Unfortunately a lot enterprises use web applications internally that are dependent on specific IE versions. No, not a good idea, but still true.

Re:It has to be said.

[WhatAreYouDoingHere]

Yeah... I don't recall ever seeing any kind of major exploit with lynx ... ah, good ol' lynx.

Re:It has to be said.

[TheRealMindChild]

In my experience, the dependency came from the promise of Microsoft supporting their "web platform" moving forward. Then everyone was "YOU EXPOSED THE WHOLE SYSTEM OF COM LIBRARIES TO THE SCRIPTING ENVIRONMENT!!!!", so they started trying to please that crowd with nonsense like ActiveX killbits. You can't please everyone.

Re:It has to be said.

An exploit in Lynx which allowed an attacker to execute arbitrary code was patched in the latest Ubuntu releases just last month.

Re:It has to be said.

[smash]

In an article about an IE-specific exploit, Firefox, Chrome, Safari, Dolphin, Iceweasel, Opera, etc are irrelevant. My car isn't vulnerable to the exploit either.

If the article title was "most browsers vulnerable to blah zero-day" then sure, mentioning non-vulnerable non-ie browsers would be relevant.

Re:It has to be said.

[smash]

Haven't seen much in the way of actual functionality beyond basic HTML parsing in Lynx either.

...Yes...Seriously?

[tuppe666]

who uses IE?

...about 54% according to Net Application, and has been rising for the past four months. Thank god for Mobile computing is all I can say.

Portablility a feature

[tuppe666]

They are past tense.

It shows that their code was [and maybe he potential to be ]portable, admittedly last version for the Mac was 9 years ago 5.2.3 http://en.wikipedia.org/wiki/Internet_Explorer_for_Mac. Microsoft admit their own inadequacy by not just producing code incompatible with other platforms, but even versions of its their own platform. The sad fact is they have lost half their market to competing platform even though though they bundle it with their monopolistic product. Nobody would ever install it on alternative platforms. Although Microsoft not doing so is a sign that they are not planning on competing though improving their products.

Re:Portablility a feature

[disambiguated]

Negative. The Mac and *nix versions of IE were completely separate code bases, developed by completely separate teams.

Re:Portablility a feature

[makomk]

With a completely seperate rendering engine with different quirks, too, at least in the case of the Mac version.

Re:The remaining (ironic) reason I still use IE

[Kergan]

But how will that work on popular YouTube-like sites that aren't really YouTube?

Most larger sites tend to serve html5 video due to the 250 million or so iOS users.

Not all of them do so properly yet, however. Specifically, a number of sites still check the user agent, rather than for Flash presence. On Safari, you can work around this by enabling the developer toolbar in the settings -- you use it to make the browser advertise itself as an iPad, which reloads, and more often than not things will then work without a hiccup. Being based on Webkit, I'd be surprised if Chrome doesn't have a similar developer toolbar.

Along the same lines, some of the embed code that news sites offer always work when it's used on 3rd party sites. When this occurs, there's a good chance that the video actually works on the news site itself. Most sensible bloggers will post the link to the original along with the embedded video; when not, it's usually a google away and, more often than not, on youtube as well.

At any rate, I've been living without Flash at all for the past two years or so. Admittedly, I never played Flash games, nor used it for much other than youtube videos, so your mileage may vary. For what it's worth, I don't miss it at all.

Re:Microsoft Trustworthy Computing(sic)

[marcello_dl]

Nothing wrong happened.

Redmond, CEO office. Ballmer is practicing chair throwing against a human wall of Microsoft interns.
Fling......
"OUCH! THANK YOU SIR MAY I HAVE ANOTHER ONE SIR!"
Fling.....

A well dressed executive gets in, and says: "Your Sanctity, I have some bad news and some good news. We have a new vulnerability on IE"
Ballmer mutters among himself: "Damn, with the undisclosed ones it's the fifth one today... and it's only 10 am..."
The chairs get thrown with more energy. The human wall crumbles.
Finally Ballmer adds: "And the good news are?"
- "Well, it affects only IE on XP and below"
- "No fucking problem, then! God, I have to give those russian hackers a medal. You know what? let's go have a drink. CHAMPAGNE!"

Re:The remaining (ironic) reason I still use IE

[xenoc_1]

Chrome comes with a built-in, supported-by-google. inline-process version of Adobe Flash. Yes, even in Linux, in fact that is the only supported Linux version of Flash going forward. Sounds to me like you have a misconfigured Chrome with it using the separate Adobe Flash Netscape-type plugin, the one you have for Mozilla-based products. Chrome's built-in Flash works fine, even on relatively low-resource machines. Since you are on Windows, you should be able to use it without problems on anything approximating an 8-year-old machine or newer. Unless you have totally horked your system, in which case have fun..

Microsoft Trustworthy Computing.

[1s44c]

LOL. What?

The only way to make Microsoft software trustworthy is to cut power to the computer.

URL

[DrYak]

http://youtube.com/html5
to manually enable/disable HTML5 video.
if you're logged in, this preference can even be saved.

Youtube automatically detects which codecs are supported (Chrome and Firefox both support WebM. Chrome also supports H.264. Older versions of Firefox don't (due to licensing restrictions), newer version of Firefox will tap into whatever system codecs is available for firefox to use: GStreamer on Linux, DirectShow in Windows, hardware codecs wherever supported).

Also, video ads require flash to play.

Re:no more xp

[1s44c]

Sorry if this is a dumb question, but what does the monthly cost of internet access have to do with it?

Re:New IE Vulnerability: The answer my friend..

[1s44c]

MS's security record isn't all that great either

And the understatement of the year award goes to Anonymous Coward.

Re:haha

Good idea. Risk getting malware by not installing an anti-malware tool and a current version of a browser. Providing any reason for your actions would make your tin foil hat harder to see.

Except is not a car analogy...

[tuppe666]

This is where car analogies fall apart, the engine of a computer is the CPU, but they are usually much easier to change than a car engine except when then are surface mounted. But no I wouldn't expect the average user to be able to change a CPU, but installing a new web browser is something every computer user should be able to do, it isn't really any harder than sticking a new satnav to your windscreen and plugging the cord in the cigarette lighter socket.

....Its a skill analogy...It could have been butcher; baker and marine biologist. This week indirectly I paid hundreds of people for their skills, some as basic as *packing*,and vast majority of them were completed better than I ever could, and many would require thousands of hours to become an expert.

As a side note the CPU in the Car...is part of the driver ;)

Re:no more xp

[PNutts]

lol - I completely missed that.

I supposed it won't do any good to mention this

[PNutts]

Older browser version with vulnerability -> JavaScript -> Flash ActiveX -> Java -> sad clown face. Should anyone be surprised? Here's a link to the CERT KB for more information.

Is installing new software hard :)

[tuppe666]

But no I wouldn't expect the average user to be able to change a CPU, but installing a new web browser is something every computer user should be able to do

Here is the thing I disagree. Windows is crap in he context of this discussion, and Linux is a dream(and Android /iOS). Because installing is hard. Let me paint a typical scenario...Windows is running slowly!! The problem is not one thing; its everything, There is 4 unused bittorrent clients, A half uninstallled version of MobileME (how do you get rid of that icon...what is Mobile ME), there is a dozen links to defunct printers; scanners; wireless dongles and additional crap it installs. There is a whole host of things running in the background Bollox.exe is using a lot of CPU. There is Firefox 3.6, and IE with several toolbars how did they get there...both Yahoo and Google. A typing Tutor Program, that records every damn keystroke, and several programs that update and load Adobe/Office products in the background to speed up its loading while crippling everything else...and that outdated virus scanner...still searches, but never fixes or updates...until it gets fed some money!...and this is the EVERY PC.

Please don't pretend things are easy because they are for you.

Ubuntu has PPAs, and Android has the same thing

[tepples]

Ubuntu lets a machine's owner install a third-party repository called a PPA after the owner has decided to trust the PPA's operator. Android allows the same thing: owners of devices with Google Play Store can turn on "Unknown sources" and install SlideME and Amazon Appstore, and owners of Kindle devices can turn on "Unknown sources" and install SlideME. Windows RT, the "Modern UI" environment of Windows 8, iOS, and the consoles, on the other hand, don't let a device's owner add repositories.

This video is not available on mobile

[tepples]

Not all of them do so properly yet, however. Specifically, a number of sites still check the user agent, rather than for Flash presence.

And other sites check for Flash Player and HTML5 and raise an error "This video is not available on mobile" if HTML5 is detected but Flash Player is not. Still other sites support only AVC, which won't work on browsers that support only the freely licensed VP8. Presence of Flash Player guarantees presence of AVC.

Re:The remaining (ironic) reason I still use IE

[bmo]

It was a joke...

You were supposed to laugh.

*bmo pouts*

--
BMO

Re:The remaining (ironic) reason I still use IE

[kiddygrinder]

replying to an ac, i must be drunk. try chrome with tampermonkey and the Download YouTube Videos as MP4 script. i can barely bother putting up with the streaming any more

Re:Uh, every business on the planet!

[Billly+Gates]

Until Oracle, Kronos, Siebel, DerpMaster, Manpower, Sap, and about 85% of all intranet app makers support anything above IE 8 the answer to any recent or different browser is a resounding NO!

Part of me feels they do so on purpose to hurt Microsoft so they can sell cloud solutions and make the pc platform and internal intranet apps higher TCO (Sap and Oracle) and we all need to suffer in the process by not having HTML 5 yet.

College kids reading this. Be prepared for disappointment in the real world as your paycheck comes at a price. THe real world is not so liberal and open to alternative and cutting edge things as your school is.

Re:mod parent up!

[Billly+Gates]

This user is precisely why IE 8 is still high, besides a few gray hair surfers with XP who click on the blue E like they normally since 2001 all the users are corporate. Many have finally just left IE 6 and to them IE 8 is a GREAT improvement sadly enough.

Geeks who do not work in corporate IT do not get it as these systems are not like their own pcs in their dorm rooms where it is free and easy to switch.

The same bean counters who sign for these $$$$ IE 8 only apps also sign your paycheck! If your cool browser doesn't work with these expensive investments it doesn't get deployed. The same bean counter will be happy to fire you too as you are a cost and he is an all so important profit center in his eyes ... vomits.

Re:The remaining (ironic) reason I still use IE

[Billly+Gates]

It is not old flash. The issue is GPU acceleration. Chrome auto updates to the latest flash.

One of the reasons to retire XP is its horrible GPU acceleration which will become more and more of a deal as phones and tablets offer the best smooth scrolling and visual experiences with the xception of Windows 8. Windows 7 is smoother but still flickers due to WDDM 1.1.

Intel makes some very crappy graphics a half decade ago. 915 is the IE 6 of directX and OpenGL developers with so many shit needing quirks due to Intel wanting everything in software to sell more expensive CPUs. It simply cant handle h.264 and 1080p with motion blur, smooth font rendering, and other things mixed with an 11 year old GDI XP subsystem. Chrome uses more resources to appear faster which makes it crash more.

I think it is time this grandparent traded his computer in for a new one.

While some may know of these exploits, many don't

[Trax3001BBS]

Recently http://battlelog.battlefield.com/ (Battle Field 3 web interface)
stopped supporting IE 8.
http://battlelog.battlefield.com/bf3/news/view/2832654782553529670/

A clan member asked what they could do about it, I told her to use a different browser.
they came back: I suppose you expect everybody to have two browsers installed.

Actually I did, the only browser they used was an out of date IE. Playing games on-line,
having a functioning chat system installed; one would think they'd have an above average
knowledge of Internet security (#1 being not to use IE).

I'm sure many are being hit by malware and exploits that have been know for years.

Re:The remaining (ironic) reason I still use IE

[LinuxIsGarbage]

Intel makes some very crappy graphics a half decade ago. 915 is the IE 6 of directX and OpenGL developers with so many shit needing quirks due to Intel wanting everything in software to sell more expensive CPUs. It simply cant handle h.264 and 1080p with motion blur, smooth font rendering, and other things mixed with an 11 year old GDI XP subsystem.

GMA 915 is also a pile of garbage because it could not handle WDDM, thus could not run Aero, and Intel bullied Microsoft into considering GMA915 "Vista capable". I also have some old Pentium III's with GMA 815. That's a real pile of shit too. Can't support VESA modes higher than 640x480x16 color, and just flat out garbage. Apparently Intel tried selling it as a standalone GPU on a daughter card at some point.

The GMA 500 found on Atom Z series was a steaming pile of crap too. A PowerVR design with decent specs, driver support on all operating systems (XP, Vista/7, Linux) was beyond terrible.

Intel keeps trying to outdo itself with crappy GPUs.

Re:haha

[smash]

Install IE9. If you're going to run any version of IE, IE9 is so much better than IE8 (or previous) it isn't even in the same sport, let alone the ballpark. But yes, Vista and XP users are screwed, as IE9 is not available for them.

Re:haha

[smash]

They are. The malicious software removal tool is a monthly "poor mans virus scanner", not a single install.

Re:The remaining (ironic) reason I still use IE

[smash]

If you were running an operating system from the last 6 years that wouldn't be the case.