US and UK Governments Advise Avoiding Internet Explorer Until Bug Fixed

martiniturbide (1203660) writes "Reuters is reporting that 'The U.S. and UK governments on Monday advised computer users to consider using alternatives to Microsoft Corp's Internet Explorer browser until the company fixes a security flaw that hackers used to launch attacks.' The article states that 'The Department of Homeland Security's U.S. Computer Emergency Readiness Team said in an advisory released on Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system.'"

Oh Noes!

[Ol+Olsoc]

How are people going to download Firefox?

Re:Oh Noes!

I telnet to getfirefox.org, you insensitive clod!

Re:Oh Noes!

I telnet to getfirefox.org, you insensitive clod!

Why telnet if you can use butterflies to communicate with the server.

Re:Oh Noes!

[jonyen]

I telnet to getfirefox.org, you insensitive clod!

Why telnet if you can use butterflies to communicate with the server.

Using butterflies would cause too many latency issues, whether you're using the butterflies for direct transmission or generating cosmic rays via the butterfly effect.

Re:Oh Noes!

[Penguinisto]

Wuss: real men just use wget.

Re:Oh Noes!

Easy. Microsoft suckasses in the I.T. department.

Re:Oh Noes!

[Penguinisto]

Crap - *now* they tell me. I had to use IE (v.$latest in Windows 7) to get an .iso from MSDN, because the damned site screams and complains if you use anything else.

Re:Oh Noes!

[tepples]

With the numerous gaping holes in security discovered in IE over the years, it's incredible that people are still using it. I guess they don't know there are alternatives?

Someone who knows of alternatives may happen not to have ready access to another PC that already has Firefox. It's not like you can get public releases of Firefox through FTP anymore:

220- releases.mozilla.org now points to our CDN distribution network and no longer works for FTP traffic
[...]
230- Notice: This server is the only place to obtain nightly builds and needs to
230- remain available to developers and testers. High bandwidth servers that
230- contain the public release files are available at ftp://releases.mozilla.org/
230- If you need to link to a public release, please link to the release server,
230- not here. Thanks!
230-
230- Attempts to download high traffic release files from this server will get a
230- "550 Permission denied." response.

Re:Oh Noes!

[viperidaenz]

Real men use telnet to port 443.

Re:Oh Noes!

[sharknado]

Butterfly communication has become unreliable due to destruction of milkweed corridors. http://thinkprogress.org/clima...

Re:Oh Noes!

[sharknado]

Real men don't need a port. They make their own.

Re: Oh Noes!

[niftydude]

Just because you trust Microsoft the company, doesn't mean that one of their webservers hasn't been hacked and had an exploit installled by a third party. Especially if you consider that MS web admins are probably using ie, and so may have had their work computers exploited.

Re:Oh Noes!

[SeaFox]

The telnet client is not installed by default on Windows anymore. You'd have to teach people how to add it from the control panels.

Re:Oh Noes!

[SeaFox]

How are people going to download Firefox?

You can open a Windows Explorer window and use it to access FTP servers.

Re:Oh Noes!

[SeaFox]

Not directly through Mozilla. But there are third-party FTP servers run by trustworthy organizations that host it I'm sure.

Re:Oh Noes!

[VortexCortex]

How are people going to download Firefox?

Open the command terminal* : [Towel Key + R]
  "cmd" [Enter]

In the resultant terminal:

ftp
open ftp.mozilla.org

The username and password are both "anonymous" (sans quotes).

cd pub/mozilla.org/firefox/releases/latest/win32/en-US
ls
binary
get "Firefox Setup [version].exe"
bye

Firefox Setup [version].exe

Replace [version] above with the version number you wish to download. You may also "lcd [directory]" to change the local directory the download will appear in. Selecting a 64 bit version of Firefox or downloading and installing Internet Explorer on GNU/Linux is a trolling exercise left to the reader.

* Known as the "Super Key" more recently by some -- A possible mutation by association considering that towels are super.
Translator's note: The labels have been removed from the largest and most important key of all boards to prevent human rediscovery of its true purpose;
However, traces of the vestigial memory remains after the wipe hilariously causing them to naturally associate the unlabeled key with our "Space Bar".
For so long as the humans remain contently oblivious the situation has been deemed "mostly harmless".

Re:Oh Noes!

[fizzer06]

Home-Built TTL Computer Processor (CPU) http://cpuville.com/

Re:Oh Noes!

[The+New+Guy+2.0]

There really should be some effort to distribute Firefox on SD card or other non-download media, or at least a placeholder that contacts mozzila.org without needing Internet Explorer. We've been reading about this kind of thing on Slashdot for years now.

Re:Oh Noes!

[quenda]

Real men design and make their own CPU first.

Real men don't need a CPU. They just whistle into the modem and listen to the response.

Re:Oh Noes!

[rvw]

Real men punch cards!

Re:Oh Noes!

[jones_supa]

In PowerShell:

pkgmgr /iu:"TelnetClient"

Re:Oh Noes!

[jones_supa]

Bull. Real men telnet to Port 80.

Real men realize that "Telnet" is not synonym to "raw connection".

Yeah, it will probably work just fine, but in theory you're not supposed to connect a Telnet protocol client to HTTP protocol server.

Re: Oh Noes!

[dave420]

IIS is remarkably secure.

Re:Oh Noes!

[nobodie]

I teach a writing class at a community college and had to install Firefox on the lab computers myself (very clever workaround for the required authority to sign the install: just click "no" when the ID and password popup comes up. How does this work again???). But getting the students to drop IE is like pulling teeth. The first thing they do is open up 5 instances of IE for their personal crap and then complain how slow the 7+ year old equipment is. I.m using course management (cloud based) software that runs best (as in was built for) on Firefox. It makes a difference, but when I remind them to open Firefox they still want to keep an instance of IE (or 5) open in case they want to "go online."
I used to do a search example of the difference between Bing and Google as part of the class (a few years ago) but then Bing started to run a Google search instance on the backend and show those results, so there weren't any differences for quite a while.

On it!

[American+AC+in+Paris]

Downloading Mosaic as we speak!

Re:On it!

[mlts]

yum -y install lynx

Whew. OK here.

Re:On it!

[Hamsterdan]

That is one heck of an addictive game sir... congrats...

Re: On it!

[sonamchauhan]

Dammit, get a *secure* browser!
Go HotJava all the way...
http://en.wikipedia.org/wiki/H...

Government

How many government employees have no choice but to use IE themselves?

Re: Government

Numerous NYS web pages whos use is MANDATED for local government REQUIRES IE 8. For the Win7 machines (dictated by HIPPA as securable) we have to disable ActiveX security, add it to trusted sites, AND fire up the developer tools to get it into IE 7 compatability. The page I am specifically thinking of is the Department of Health... you know where all your medical records are.

Security is poorly spun illusion at this point. If the feds wanted the Internet to be secure then they should have reigned in the spooks in the beginning.

Re:Government

[JosKarith]

All of them. Numerous embedded systems are built around IE for UK government - I know this for a fact as I'm working for them at the moment.

minor edit...

[waddgodd]

you could have stopped after "explorer" and had just as valid a recommendation...

Kinda funny...

... Internet Explorer 8 is the only authorized browser that my workplace (a government agency) lets us use.

Re:Kinda funny...

[tepples]

If your position does not require use of a browser, use no browser until it is repaired. If your position requires use of a browser, print out the advisory at home and show it to your supervisor.

Re:Kinda funny...

[tepples]

Then let me rephrase: If your position does not require use of a browser, use no browser until the day Microsoft issues the update.

Too wordy

[CodeheadUK]

About three words too many.

Convenient timing.

[nurb432]

Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched, in effect. I expect only the latest version of IE to be patched, which will NOT run on XP even if you wanted to.

Re:Convenient timing.

How about MS's public statement that they've stopped providing security updates for XP as of earlier this month?

Re:Convenient timing.

[koreanbabykilla]

Care to cite any sources you have refuting this?

I was firmly under the impression XP updates are no more unless you are a huge company/government.

Source: http://windows.microsoft.com/e...

The solutions listed are:
"Upgrade" to win8.
Buy a new computer.

What the fuck makes you think they are 100% going to patch versions that work on XP?
I would even settle for why you believe it to be "likely not true"

Re:Convenient timing.

[viperidaenz]

IE6, 7 and 8 will be patched for Windows Server 2003, which uses the same IE binaries.

Re:Convenient timing.

[viperidaenz]

My assumption would be that they're going to patch the version that runs on Windows 2003, which is the same as the one that runs on XP.

Re:Convenient timing.

[edxwelch]

yeah and as no other browser works on XP, people have no choice but to ugrade :-O

Re:Convenient timing.

[nurb432]

And some enterprise apps will choke on them, leaving your suggestion useless.

Re:Convenient timing.

[nurb432]

While it may happen, i wouldn't blindly assume that. They want people off 2003 as well.

Re:Convenient timing.

[triffid_98]

I'm fairly sure that the corporate customers running 2003 might take exception to that, and by "take exception" of course we mean sue.

That OS doesn't officially EOL until next year.

Re:Convenient timing.

[Tough+Love]

Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched...

A rational observer would view that as borderline suicidal on Microsoft's part. I'm guessing that Satya will go the suicide route and I applaud.

Re:Convenient timing.

[Ol+Olsoc]

Care to cite any sources you have refuting this?

I was firmly under the impression XP updates are no more unless you are a huge company/government.

Source: http://windows.microsoft.com/e...

The solutions listed are: "Upgrade" to win8. Buy a new computer."

Whoops - you missed a couple:

Buy a Mac

Run Linux

Go Chrome

FTFY

I could really give a Rat's ass if Microsoft blew up every OS they had, because Microsoft is on the fast track to being the outlier, the misfit, the non standard OS.

Writing programs for specific versions of IE is just the sort of short sighted stupidity that tells us that Microsoft shills are just what we think they are - incomparably unintelligent. Did these asshats think that the web and it's technology was going to magically stop at IE 6? Unforgivible, and almost criminally stupid.

Quick now, come back with your "installed user base meme" before it becomes irrelevant. Let us all now bow before the superior Microsoft Operating system before it goes the way of Zeus or Dagon, or the idea that we should all eat shit, because all those houseflies cannot be wrong.

Re:Convenient timing.

[Ol+Olsoc]

Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched...

A rational observer would view that as borderline suicidal on Microsoft's part. I'm guessing that Satya will go the suicide route and I applaud.

I'll bring the orange slices.

Re: Convenient timing.

[Dr_Barnowl]

Mum has been running on Linux for as long as I can remember now ; she had to remind me that it was well before 2012 that I first installed Ubuntu for her. For her needs, it's ideal, and I don't have to worry about her getting horrible malware, or falling prey to the scammers who ring up and claim to be "from Windows Support" - you tell them you're running Linux and they hang up pretty quickly.

Re:Convenient timing.

[viperidaenz]

So they'd want to force their paying customers to migrate their servers? Why would they stay a customer of a company who doesn't honour agreements?

Microsoft don't want Windows 2003 customers off Windows, they want them on the next current version they're selling.

Re:Convenient timing.

[ImprovOmega]

This will also affect vanilla Windows 7 installs and Vista as well. As those are still under support I would expect Microsoft to issue an IE patch for version 7-11, but just not make a specific patch for IE7/8 on Windows XP. Kind of like how IE6 patches for Windows 2000 stopped happening after 2010.

Re:Convenient timing.

[ImprovOmega]

2003 is supported until 2015, this is true, but the codebase is sufficiently different that the 32-bit Windows 2003 patch won't directly run on Windows XP. Now the 64-bit 2003 patch will run on XP-64 but only because XP-64 is exactly Server 2003 64-bit with some XP logos thrown about (good luck finding drivers for that on standard desktops).

we have to use "legacy mode" aka IE6

[swschrad]

that pesky Visual Basic in all those hack apps...

Re:meanwhile, sensible people everywhere ...

[nurb432]

And when your purchased app *requires* it.. ?

Internet Explorer? What's that?

[MindPrison]

I can't remember the last time I used IE(some version), seriously...I can't...must be like 8-10 years ago, or the numerous times I used a Windows computer...tried to follow an e-mail link that wanted me to use IE....when I denied it...just wanted to fire up my FireFox, so many times MS tried to force me to use IE, and I always ignored it because it never gave me what I want in the first place. Good riddance. RIP IE.

Re:Internet Explorer? What's that?

[Tough+Love]

I can't remember the last time I used IE(some version), seriously...I can't...must be like 8-10 years ago, or the numerous times I used a Windows computer...tried to follow an e-mail link that wanted me to use IE....when I denied it...just wanted to fire up my FireFox, so many times MS tried to force me to use IE, and I always ignored it because it never gave me what I want in the first place. Good riddance. RIP IE.

The only PC I saw lately where somebody habitually clicks the E instead of the Fox is completely malware ridden to the point of unusability. I figure, leave it that way, there's no point cleaning it up, it will be that way again in a day or two. Eventually I will stick in a new hard disk with Ubuntu on it and there will be no need to explain why it's better.

Don't forget this Flash 0-day

[trawg]

A 0-day for Adobe Flash was also patched today.

For some reason I had three different and separate updates I had to do to fix this:

1) Chrome automatically updated something and was running the latest version when I checked

2) The plugin that Firefox uses only seems to look for updates when I reboot. I found this guide to trigger the update manually, which basically then resulted in it just opening a browser window & making me download an update .exe.

3) Even after that, IE still reported running the older version. I ran Windows Update manually and discovered there was an separate patch in there for Flash for IE.

Pretty awesome.

Re:Don't forget this Flash 0-day

[DMUTPeregrine]

IE uses an ActiveX plugin for Flash, Firefox uses an nsplugin, Chrome has it built in. So yes, three different flash plugins, and three ways to update.

Re:Don't forget this Flash 0-day

[Trax3001BBS]

IE uses an ActiveX plugin for Flash, Firefox uses an nsplugin, Chrome has it built in. So yes, three different flash plugins, and three ways to update.

I've always seen the ActiveX as not installed

Flash Driver:
ActiveX Version: Not Installed
Plug-in Version : latest version

I show no default ActiveX running on my Win system other than
HHCtrl Object - hhctrl.ocx
Microsoft RPD Client Control - mstscax.dll ( Remote Desktop ActiveX control - go figure)
Which I've disabled.

And thanks for the word on the flash update, one of the requirements anymore, like it or not; I can't even access my router with out flash.

Re:Don't forget this Flash 0-day

[Trax3001BBS]

That simply sounds like you are using something else than Windows 8. The Windows updates for the Flash plugin are only delivered in Windows 8.

Win7, it's always said the ActiveX plug in wasn't installed no matter the Win version.

I still use the old Opera that has short-cuts, I type in Flash as a URL and go to
http://download.macromedia.com... Link will download install_flash_player.exe

None of this oh damn I installed Mcafee by mistake :}

Don't buy garbage, or set UA header

[raymorris]

a) Don't buy garbage, stuff that works only in a specific version of a specific browser.

b) 90%+ plus, you can just set the user agent header in Seamonkey, Firefox, or Chrome to SAY it's IE and things work just fine.

Re:Don't buy garbage, or set UA header

[tepples]

Don't buy garbage, stuff that works only in a specific version of a specific browser.

Three software products dominate a particular vertical market. When your employer chose to adopt one of these products, all three were garbage by your definition. Are you recommending that people in the affected industry resign en masse and retrain for a different industry?

90%+ plus, you can just set the user agent header in Seamonkey, Firefox, or Chrome to SAY it's IE and things work just fine.

Which works fine until an ActiveX control fails to load, or an IE-specific event listener fails to attach.

Re:Don't buy garbage, or set UA header

[nurb432]

And once you get out of school, get a job, and move out of your mothers place, you will understand now the world actually works.

Until then, you only make yourself look stupid with those juvenile and clueless statements. Leave things to us adults.

Re:Don't buy garbage, or set UA header

[Tough+Love]

And once you [blah blah blah] you will understand now the world actually works

I thought it works on Android now?

Re:Don't buy garbage, or set UA header

[Ol+Olsoc]

And once you get out of school, get a job, and move out of your mothers place, you will understand now the world actually works.

Until then, you only make yourself look stupid with those juvenile and clueless statements. Leave things to us adults.

Well then, enjoy your Internet Explorer 6 app support and fully expect that you will be out of a job at some point because those people you are mandated to work for make really stupid decisions.

The world works a certain way for professional victims, and a different way for others. On one extreme there are people who won't put up with anything they don't like, and ther is your world. Neither work out well.

So if you have to shovel shit out of the sewers? Just be happy that you have a job, citizen. You will get just as much shit as you are willing to put up with.

Some people don't care

AC because my boss reads /.

My boss, in all his good business instincts and mostly great technical attributes, insists on installing java and downgrading all computers to ie9 instead of going with 11. Now I know 11 had issues with compatibility from time to time, but I am hard pressed to believe that running ie9 with Java is a great way to stay virus free.

Then again we are in the small business and home user repair market maybe he is just trying to go for reoccurring client repairs

Re:Some people don't care

[edman007]

Don't worry, I work in a government agency, IE8 is the only authorized browser (with java of course), and if you gained access to that computer you would have plenty of access to sensitive (but not classified) stuff.

Re:Some people don't care

[The+New+Guy+2.0]

Warning to IE8 fans... it goes away with Windows Vista, which is the next Windows OS to cross the "no longer supported" line like Windows XP did this month.

Re:Some people don't care

[FireFury03]

AC because my boss reads /.

My boss, in all his good business instincts and mostly great technical attributes, insists on installing java and downgrading all computers to ie9 instead of going with 11. Now I know 11 had issues with compatibility from time to time, but I am hard pressed to believe that running ie9 with Java is a great way to stay virus free.

Then again we are in the small business and home user repair market maybe he is just trying to go for reoccurring client repairs

I wonder if there is any kind of liability resulting from the gross incompetence of installing old, known to be insecure, software on customers' machines instead of the latest release with the latest security fixes...

(Also, doesn't Windows auto-update to IE 11 anyway? Or are you turning of auto-updates too?!)

Re:Some people don't care

[L4t3r4lu5]

Building a Windows 7 workstation at the moment. IE10 and IE11 are recommended updates, not installed by default. Only "Important" (E.g. Fix compatibility issues) and critical updates are installed automatically.

nothing unusual imho

[callmetheraven]

could lead to "the complete compromise" of an affected system

= any browser that isn't Firefox+NoScript.

Bootstrap with a mobile device

[tepples]

Use your Android device to download the Firefox for Windows installer, then connect the device to your PC through USB. Or use a computer at a public library to download Firefox to a USB flash drive.

Re:Bootstrap with a mobile device

[mlts]

Don't forget to check the Authenticode signature on the Firefox package (and check the key and CA as well...) Before anything gets installed on Windows, I check the signatures. I've been surprised, and quite glad that I've done so, as some download places "repackage" the installers for other programs and re-sign the executables... and usually there are unwanted (well, more accurately, potentially unwanted) additions.

Re:Bootstrap with a mobile device

[Flavianoep]

I wonder how can an Android phone be safer than Internet Explorer 11 on Windows 6.X.

Could they....

[Moppusan]

Couldn't they have just said "Don't use Internet Explorer, anytime, anywhere, ever?" That's so much easier.

Re:Could they....

[Anomalyst]

Couldn't they have just said "Don't use Microsoft Products, anytime, anywhere, ever?" That's so much easier.

FTFY

Re:Could they....

[viperidaenz]

Except IE + EMET is the only browser configuration to never be exploited at pwn2own.

Actual recommendation from US gov

[jader3rd]

"US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds."
But don't confuse that with recommending not to use the browser.

Re:Actual recommendation from US gov

[whoever57]

"US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds."

But don't confuse that with recommending not to use the browser.

Don't confuse a partial reading of the page with the full text, which goes on to say:

Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.

Re:Actual recommendation from US gov

What's your point? If you are still using XP today, then you absolutely DESERVE each and EVERY millisecond of strife, frustration, aggravation and angst that's coming your way. It's already been deprecated for SEVEN years you luddite fucktard, if you couldn't or wouldn't find a measly $100 in SEVEN, FUCKING, YEARS, then please refer again to my second sentence above.

-AC

Re:Actual recommendation from US gov

[Bill+Dog]

Don't confuse what's offered as a last-ditch possibility with the actual recommendation.

Re:Left out of the commentary..

[mlts]

Sadly, EMET isn't that often used. It really should be part of the OS and turned on by default similar to the NX protection. Then in a few OS revs, being active for all programs and not just IE, Office, and MS stuff. Other operating systems add security restrictions that are overall good for the ecosystem, but require major program changes left and right. Android's locking down of SD cards and SELinux set to enforce is one example.

I do know that XP does have support to some businesses and organizations. I wonder how long until those fixes wind up on the usual sites. IMHO, there is something ironic about having to pirate software to obtain security fixes.

Recommended browser for old XP machines?

[alexo]

What is the recommended free browser to install on an old XP machine, preferably along with an IE-like skin for the older generation?

Re:Recommended browser for old XP machines?

[SeaFox]

I'd say Firefox with Adblock Plus, so they wont get fooled by malicious ads on sites.

Re:Recommended browser for old XP machines?

[networkzombie]

You, sir (Ol Olseoc), are what makes forums suck, as not only did you not answer the question, but you inserted you own perverted solution. That said, on an XP system you should install EMET 4.1 (http://www.microsoft.com/en-us/download/details.aspx?id=41138) for Windows XP. It will mitigate this and many other issues. You should not be running Windows XP without it, now that XP is EOL. Also, use a third party Antivirus solution like Kaspersky or NO32. And for the love of Dog, do not use Java, flash, or Adobe %products%.

Re:Recommended browser for old XP machines?

[deviated_prevert]

That said, on an XP system you should install EMET 4.1 (http://www.microsoft.com/en-us/download/details.aspx?id=41138) for Windows XP. It will mitigate this and many other issues. You should not be running Windows XP without it, now that XP is EOL. Also, use a third party Antivirus solution like Kaspersky or NO32. And for the love of Dog, do not use Java, flash, or Adobe %products%.

You are forgetting the simple fact that no matter how good emet gets at doing the job of stopping remote exploits the problem is the person behind the keyboard. Do you really think that the majority of people who use XP are capable of understanding what heap execution prevention is? Or understanding what a freaking .dll is? Considering the fact that any OS that can arbitrarily run executable binary code directly off the internet is broken by design. It was ridiculous for Microsoft to release a remote controlled OS for granny and grandpa to use in the first place. The very concept of data execution prevention should not even need to exist and it was never needed in the first place. Internut Exploiter is broken and needs to be shot once and for all!

PS Having read about the specs for emet on WinXP I notice it does not run as a service and must be launched for the set policies to protect the stack, so unless grandma and grandpa can figure out how to set it up, get it to make exceptions for drm software like silverblight and other common DIGITAL RIGHTS SOFTWARE like Digital Editions, which is used by just about everybody who reads books from libraries on loan and a swack of other DRM stuff like the code that runs cds, dvd, bluerays and a whole host of other devices that use drm data execution blocking locks.

I can set up emet and configure it to work with all the individual programs without a problem but you can bet that most users will install it, boot it up once and go OH SHIT WTF and just never use it or set it up correctly. That is why the trusted computing nerds at Microsoft do not wave it around and say "here you go we have a way to finally fix XP so that it is secure!"

Re:Recommended browser for old XP machines?

[Ol+Olsoc]

You, sir (Ol Olseoc), are what makes forums suck, as not only did you not answer the question, but you inserted you own perverted solution.

How odd. I gave a perfectly good answer, for those who might take a little telling.

XP users are in a hard place right now. They are probably using older computers that won't ever be able to handle Windows 7 or 8.

Buy a new computer? Probably not. When these folks should have upgraded was when Microsoft introduced us to Vista. Which was when they found out they not only needed new computers, but new peripherals, because of lack of drivers. And Vista stunk. So they lost trust and waited. Now it is Windows 8 for them? New computer, and Windows 8. Windows 7 is only going to be available for so long also - you pretty much have to special order it on a new or refurb computer.

So the question of what browser to use on an XP computer is almost pointless.

A Linux Mint install operates closely enough to XP that the user won't have too much culture shock, and the user gets a Web browser, an Office suite, a slew of programs and games, and will function quite nicely as Grandma's computer.

I didn't answer? Why yes, yes I did. The problem was you didn't like my answer.

Re:On it! (link)

[SpaceLifeForm]

Mosaic Link

Of course, it is a bit dated, and some of the bits may be rusty.

so you followed my suggestion. Example?

[raymorris]

> When your employer chose to adopt one

If your employer did that before you arrived, or over your strong objections, then you followed my advice - you didn't buy garbage. Unfortunately someone else did.

However, I've dealt with a few different businesses and can't think of such a situation where all three leading solutions are ActiveX / IE only. I can think of one where for the GUI, you had to choose between ActiveX, Java, or a local client. A network CLI was also available. I'm curious what case you have in mind?

If I ddid run into a theoretical situation where a critical piece of software would rely on ActiveX, and therefore put the enterprise at the mercy of changing IE versions, I'd look at the broader picture and evaluate the business processes that are setting up that risk.

Yes: Convenient timing.

[Futurepower(R)]

Not the FULL story, but quite complete: Microsoft Windows XP "end of life": What to do?. Short version: Microsoft makes more money if there are more vulnerabilities.

sorry you screwed yourself

[raymorris]

I'm sorry you got fucked. To avoid putting yourself in that situation again, you might want to do two things. First, recognise that vendor lock-in is a risk to the enterprise, and that risk has an accountable cost. When you choose to be locked into TWO vendors, the software vendor AND a supported version of IE, your risk is the multiple of two components.

Secondly, when you find yourself in a situation where such a risk seems unavoidable, broaden your perspective to look at the business processes that create that context. Perhaps there is no acceptable software that meets the defined requirements. In that case, you can take another look at the requirements from a broader enterprise perspective.

As you may know, I've been running businesses for 25 years, and we've NEVER put ourselves in the position of sole-vendor risk like that. It takes forethought, but it absolutely is possible to avoid that situation.

World's smallest violin

[fibonacci8]

playing my heart bleeds for you.

Or the NANDputer

[tepples]

Now try building almost an entire computer out of one kind of logic gate and a $#!+ ton of wires. But it still won't help you get on the Internet.

Sigh, another day another IE dilemma.

[Trax3001BBS]

I don't allow Internet explorer to run, nor have I since Win 3.x. To do so is an equivalent of Russian roulette, it may be good today, but tomorrow it's in the news for a hack out a week ago.

My first use of IE was to log on to Microsoft. I went to the downloads, found a game that sounded good and downloaded it. Only it didn't download, it started installing itself; I unplugged the computer.

It went against everything I saw as safe hex. I know now it was due to ActiveX another bad news MS creation.

I went to Netscape, then to Opera (neither run ActiveX) - Now I guess FireFox as Opera has stepped out.

I use Winpatrol and disable all ActiveX (but two that are required for a game I play (for features I don't use)). My firewall is set to block IE (first thing I do), it will load but it can't cause any damage.

Re:Sigh, another day another IE dilemma.

[Trax3001BBS]

>I don't allow Internet explorer to run, nor have I since Win 3.x

IE was introduced with Windows 95 OSR 2.1, IIRC.

Your right it wasn't 3.1, but 95. I don't know what version, it was the client that came with NT 4.0.

Why "until"?

[ignavus]

Just avoid Internet Explorer all the time.

Re:meanwhile, sensible people everywhere ...

[donaldm]

And when your purchased app *requires* it.. ?

If your "purchased' app requires a specific web browser then you have been royally ripped off.

US-CERT changed its web site.

[martiniturbide]

I noticed that US-CERT changed it site. It said "the complete compromise", but now the web site says "could allow unauthorized remote code execution."

It said "US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available. ", now it says "US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser."

Check the Google cache against the versus actual site.

Re:NSA hole becomes public

[CaptSlaq]

[citation needed]