Still on IE?

posted at 11:15 am on December 17, 2008 by Ed Morrissey

For those still on Microsoft Internet Explorer, perhaps now would be a good time to consider other options.  Hackers have found a hole in IE’s security that stretches through versions 5 through 8 beta, and experts have a fix — find another browser:

Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say. …

Microsoft says it has detected attacks against IE 7.0 but said the “underlying vulnerability” was present in all versions of the browser.

Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.

Microsoft says it will have an emergency patch ready quickly to end the exploit of its system.  They disagreed with recommendations to stop using the browser, saying — I’m not making this up — “I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group. One flaw?  That’s a might big singularity, and the fact that it doesn’t occur on other browsers and that it does on several versions of IE reflects poorly on Microsoft’s programmers and researchers.

I stopped using IE a few months ago.  It’s easier for me to use two different browsers, one for web surfing and the other for blog management tools.  I prefer Firefox for the latter, but used to use IE for surfing until I became so frustrated with its bugs and hangs that I just couldn’t stand using it.  I flirted with Safari, which also was a bit buggy but not bad.  Later, I settled on Opera and have had no problems at all with its operation.  It’s now my default browser.

After this, I suspect that more people will find their way to alternate browsers.  They’ll be pleasantly surprised, and Microsoft may not get them back.

Update: On the other hand, Bit9 has named Firefox the most vulnerable Windows application.  IE doesn’t even get a mention.

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

Comment pages: 1 3 4 5

swash_plate on December 18, 2008 at 1:57 AM

Agreed, knee-jerk Microsoft hatred is just something that comes with people not understanding what they are talking about.

yet Ed made this post and took no time to honestly check and see if Microsoft had released a patch or planned to – which they did. Where is the update that the patch is out? Anyone?

I have a question, everytime a critical vulnerability comes out should you stop using that browser? LMAO! Then you would not be using ANY browser!

Poptech on December 18, 2008 at 2:15 AM

I have yet to find gamers doing much of anything in Linux, except those very few fooling around with Wine and satisfying themselves with the fact that the triple-SLI setup they spent a fortune on is gimped by the architecture of a free operating system. Kind of like building a monster multi-processor rig and powering it with a 400-watt bargain bin power supply.

MadisonConservative on December 17, 2008 at 4:03 PM

There’s a very good reason why Linux is hard for gamers. Windows’ security model has some very big holes to allow the DOS-like direct hardware control needed by the application (game) for very fast frame rates — those terms you threw around like Anisotropic Filtering, et. al are implemented in the GPU and Windows (via its DirectX subsystem) allows direct manipulation of that hardware to order the pipelines in the processor properly; there is no distinction between Vista or XP in this regard. Linux, on the other hand, won’t easily let anyone (other than the OS or a special account) have any form of direct control over the GPU. That’s one reason why, when my machine was briefly “owned” by a hacker (about 20 minutes), the only account he was able to compromise was the “apache” (web server) account — he wasn’t able to compromise the OS or my mailserver or any other users. In fact, since he tried to escape that restriction, the NSA-provided selinux (SEcure Linux) subsystem raised alerts like crazy, detailing to me which components had been compromised. Because of Windows’ relaxed security model, the DirectX application (in fact, most applications) can obtain access to any of the hardware capabilities on the machine, including the virtualization hardware present on the more recent CPUs, thus allowing easy (and silent) installation of “rootkits”.

Have you ever run a game under Windows with a limited user? “limited user” is the one which Windows won’t let modify the registry other than its own user entries. Game engines don’t run well in “limited user” mode, so I’m willing to bet that you are running your games as an administrator. I know my son and daughter are.

And I bet you do your online banking using the same system. My son and daughter don’t, because I won’t let them.

Do you see where I’m going?

My smallest linux box is a NEC Versa 386 laptop with 256MB main memory; my biggest is a 1024-cpu Cell Processor box. Each does its job and does it well. I don’t have time to enter virtual universes with three graphics cards slapped together under SLI interfaces — I’d rather use the CUDA capabilities of the later NVIDIA GPUs to parallel process interesting imagery (only one of my accounts lets me have access to that hardware, and that account is certainly not used for online banking). You are welcome to use the capabilities I’m not interested in to rank your OS as better than mine (as I’m obviously using capabilities you are not interested in to rank my OS as better than yours), but thank heavens this is America and that jet plane flying overhead isn’t required to use your OS.

In other words, each cat his own rat — but my rat is not leaking anything at all….

unclesmrgol on December 18, 2008 at 2:24 AM

I have a question, everytime a critical vulnerability comes out should you stop using that browser? LMAO! Then you would not be using ANY browser!

Poptech on December 18, 2008 at 2:15 AM

If the vulnerability is zero-day, YES! Firefox had that happen once, and I immediately shifted over to Opera for a short while until the patch came out.

Ed isn’t the only one. A whole bunch of security experts basically said the same thing — you need to completely abandon use of IE until this thing is patched. Notice the attack vector, which looks like it could be negated by turning on DEP (see control panel/system), but Windows ships with DEP turned off by default (because a whole bunch of games won’t work with DEP turned on, because they get a bunch of speed by running self-modifying code, and they build data areas to store that code, and DEP won’t let them do that).

The scammers are already taking advantage of Microsoft’s release. If you google “microsoft IE patch” you’ll see three or four ads over on the right side advertising (amazingly) “microsoft patches”. Three of these sites (out of four) on the page I’m viewing (using, of course, Firefox) are flagged with a red “this site dispenses malware” symbol. These are the places people who don’t own legal copies of Windows will go to to get their patches, and they will get exactly what they deserve, and what the rest of us don’t deserve — a free ticket to join a botnet.

I own a legal copy, so microsoft update works just fine for me, thank you.

unclesmrgol on December 18, 2008 at 2:42 AM

I switched to FireFox about a week ago and love it. The spell check feature is great for things like posting comments on HotAir.

conservnut on December 18, 2008 at 6:58 AM

My Vista machine installed update KB960714 this morning, with some mention as an update to IE7.

I have only used IE when absolutely necessary for years now, due to its many security problems. Since checking for details on update KB960714 requires using IE, by design from Micro$oft, I did not check any further.

Anyway, this specific problem MAY be fixed, but there are others. IE is still a just virus waiting to mess up you system IMO.

Right_of_Attila on December 18, 2008 at 6:59 AM

I use Firefox with an add on called NoScript. No script runs on a web page, unless I authorize it, or approved that site/domain to run scripts.

Right_of_Attila on December 18, 2008 at 7:13 AM

My Vista machine installed update KB960714 this morning, with some mention as an update to IE7.

That fix was out BEFORE Ed made the original post. He does not seem to want to update the post with that information though…………. There a reason for that?

Jim708 on December 18, 2008 at 7:53 AM

Fire fox rocks!!!!

grapeknutz on December 18, 2008 at 8:12 AM

If the vulnerability is zero-day, YES! Firefox had that happen once, and I immediately shifted over to Opera for a short while until the patch came out.

Total Myth, this has happened multiple times:

First critical security hole in Firefox 3 (heise online)
Zero-Day Firefox Exploit Sends Mozilla Scrambling (eWeek)
Zero-day security flaw leaves Firefox wide open (The Register)

Ed isn’t the only one. A whole bunch of security experts basically said the same thing — you need to completely abandon use of IE until this thing is patched. Notice the attack vector, which looks like it could be negated by turning on DEP (see control panel/system), but Windows ships with DEP turned off by default (because a whole bunch of games won’t work with DEP turned on, because they get a bunch of speed by running self-modifying code, and they build data areas to store that code, and DEP won’t let them do that).

First of all it is patched, and hysterical so called “security experts” are nothing new. Vulnerabilities in software are discovered daily. What games will not run with DEP enabled? I have it fully enabled on my systems and ALL my games run fine.

The scammers are already taking advantage of Microsoft’s release. If you google “microsoft IE patch” you’ll see three or four ads over on the right side advertising (amazingly) “microsoft patches”. Three of these sites (out of four) on the page I’m viewing (using, of course, Firefox) are flagged with a red “this site dispenses malware” symbol. These are the places people who don’t own legal copies of Windows will go to to get their patches, and they will get exactly what they deserve, and what the rest of us don’t deserve — a free ticket to join a botnet.

unclesmrgol on December 18, 2008 at 2:42 AM

This stuff is exploited before it is publicly known. First of all what idiot clicks on Google ads to install patches? Um ever since XP SP2 Windows automatic updates have turned on by default and windows will auto install the patch. FYI IE7 has a phishing filter which will detect bad sites. Who the hell cares about idiots who own illegal copies of Windows? Is this some sort of joke?

Poptech on December 18, 2008 at 8:42 AM

Anyway, this specific problem MAY be fixed, but there are others. IE is still a just virus waiting to mess up you system IMO.

What a bullshit lie, I have been using IE since version 3 and have never been infected by anything, then again I apply security updates, have an antivirus and antispyware program installed. IE7 is incredibly safe to use.

I use Firefox with an add on called NoScript. No script runs on a web page, unless I authorize it, or approved that site/domain to run scripts.

Right_of_Attila on December 18, 2008 at 7:13 AM

Wow total waste of time using No Script, you set any browser to disable and prompt for scripts. NoScript does nothing but make your internet experience painful and slow.

Poptech on December 18, 2008 at 8:45 AM

That fix was out BEFORE Ed made the original post. He does not seem to want to update the post with that information though…………. There a reason for that?

Jim708 on December 18, 2008 at 7:53 AM

Apparently he wants to promote Firefox by hysterically making things up about IE.

Microsoft out-of-band security update for Internet Explorer

I do this for a living and if you are going to make hysterical posts like this you need to do your homework and check to see what the patch status is FIRST.

Poptech on December 18, 2008 at 8:48 AM

I used Firefox for a long time until it got just as slow and klunky as IE. I’ve since used Opera and Safari which I like, but there are some things I like to do those two cant. I like their speed though. I didnt like Safari’s interface because it’s too dark. It’s like looking into a dark cloud. I’ve settled on Google Chrome. Very fast, streamlined, no klunkiness, and it has the features I want.

abcurtis on December 18, 2008 at 8:49 AM

I love all the knee-jerk reactionary so called security experts giving bad advice here based on having absolutely no idea what they are talking about.

Despite all the hysterical lies by online users who have no idea what they are talking about, IE still has 70% market share.

IE7 IS PERFECTLY SAFE TO USE (I work in IT and have for over 15 years)

Poptech on December 18, 2008 at 8:53 AM

The best browser is Avant Browser. Everyone should at least give it a try.

Avant uses the IE engine. Wouldn’t that make it vulnerable to said topic?

Chest_Rockwell on December 18, 2008 at 8:53 AM

Avant uses the IE engine. Wouldn’t that make it vulnerable to said topic?

Chest_Rockwell on December 18, 2008 at 8:53 AM

Yes it does use the IE engine, the same developer also has an Orca Browser that uses the Firefox Gecko engine. There is no reason to use Avant with IE7 anymore, Avant became popular when IE6 was out due to it adding tabs, an integrated search and other features.

Regardless IE is patched so no one is vulnerable anymore.(once you install the patch)

Poptech on December 18, 2008 at 9:01 AM

Pssst…you wanna see a Firefox exploit in action?

LMAO! I love all those who think Firefox is some magic security blanket.

Poptech on December 18, 2008 at 9:11 AM

hey Poptech,
I use PCtools and zonealarm with IE7…any advice?

jerrytbg on December 18, 2008 at 9:13 AM

That’s one reason why, when my machine was briefly “owned” by a hacker (about 20 minutes), the only account he was able to compromise was the “apache” (web server) account — he wasn’t able to compromise the OS or my mailserver or any other users. In fact, since he tried to escape that restriction, the NSA-provided selinux (SEcure Linux) subsystem raised alerts like crazy, detailing to me which components had been compromised. Because of Windows’ relaxed security model, the DirectX application (in fact, most applications) can obtain access to any of the hardware capabilities on the machine, including the virtualization hardware present on the more recent CPUs, thus allowing easy (and silent) installation of “rootkits”.

Please be sure and let me know of all the unpatched vulnerabilities in DirectX. I’m sure MS would like to know about them too, since they’ve been regularly patching any found exploitable holes in that API for years. Part of the reason DirectX 10 was suddenly updated to 10.1 was because of potential security leaks. OpenGL and Glide died, dude. The game, pun intended, is over for them. DirectX seized market share and it’s what developers are working with, so of course it’s going to be targeted by hackers more than the rest. This is the same argument used against Windows. The fact is consistently overlooked that whatever piece of software is most used by consumers, be it an OS, an Office app, an API, a firewall, a document format, a web language, or whatever, it’s going to be targeted by those who want to wreak havoc. If tomorrow Linux and OpenOffice and OpenGL and Tif and XML took over the day-to-day operations of most networks, they would be being targeted by the end of the day, and by the end of the week you’d be discovering that all of them are not all they are cracked up to be.

Oh, and I wouldn’t know what it’s like to have my machine “owned” by a hacker. Hardware and application layer firewalls take care of that, along with monitoring software for such intrusions. Also, in all my years with computers, I’ve had one…count that, one…virus. It was on a 5&1/4″ floppy disk about 15-20 years ago, which I bought from Shopko, and it made the PC speaker on my 386 play Yankee Doodle randomly. To top it off, I don’t do “online banking”. I manage to get all my functions taken care of without doing anything online, and I just keep hearing colleagues and acquaintances bemoan their horror stories. I don’t risk such things on convenience. Maybe you do.

MadisonConservative on December 18, 2008 at 9:17 AM

I use PCtools and zonealarm with IE7…any advice?

jerrytbg on December 18, 2008 at 9:13 AM

When you say PCTools you need to be more specific since they make various applications, the same with Zonealarm. They make AV, Spyware, Firewall and all in one products.

The average user simply needs to:

1. Install all Windows Updates

2. Confirm that the Windows Firewall is enabled and Windows updates set to automatic.

3. Install Windows Defender

4. Confirm that the IE Phishing Filter is turned on

5. Install an Anti-Virus program, a free one like AVG or Avast. (less important than it used to be, Windows Defender is more important with today’s web based threats)

NEVER install more than one of the same thing AKA two Firewalls, two AV programs or two real-time anti-spyware programs.

Most security advice either overloads your system with redundant security apps or makes you become neurotic trying to micro-manage security. Security should be easy, seamless and automatic. The rest of your time should be using your computer not baby sitting it.

Poptech on December 18, 2008 at 9:22 AM

If you are not sure if your system is infected, you may want to run a few other apps in addition to Windows Defender:

Spybot – Search and Destroy

Trend Micro RootkitBuster

Poptech on December 18, 2008 at 9:31 AM

Spyware doc with daily updates and the basic zone alarm. I don’t have any problems. ZA alerts me when any attempts to access the web are made and SWD blocks everything else. You’re right on only having one of each running at a time…too slow. I also use Ccleaner on startup…

jerrytbg on December 18, 2008 at 9:40 AM

Spyware doc with daily updates and the basic zone alarm. I don’t have any problems. ZA alerts me when any attempts to access the web are made and SWD blocks everything else. You’re right on only having one of each running at a time…too slow. I also use Ccleaner on startup…

jerrytbg on December 18, 2008 at 9:40 AM

Spyware Doctor is a good program but Windows Defender is free and does the same thing.

Zonealarm is a good program too but you do suffer a performance hit unlike the Windows Firewall which will provide the same security (just none of the warnings).

Poptech on December 18, 2008 at 9:47 AM

I also use Ccleaner on startup…

jerrytbg on December 18, 2008 at 9:40 AM

Make sure the clean prefetch option is unchecked – otherwise you will suffer reduced application load times. It is not necessary to run this at startup, unless you are really concerned about diskspace. Doing this all the time will also reduce performance when web browsing since everytime you clean you web cache, pages you previously visted take longer to load the first time after this is run. Running CCleaner does nothing for security (unless you are super paranoid about security) – it just helps clean up disk space. Running it once a week or month is fine.

Poptech on December 18, 2008 at 9:51 AM

I meant to say – (unless you are super paranoid about privacy).

Poptech on December 18, 2008 at 9:52 AM

By the way, I would personally suggest anyone in the market for a good internet security suite look into Kaspersky. Best I’ve ever used, and goes light years beyond mainstream solutions like Symantec, McAfee, etc.

MadisonConservative on December 18, 2008 at 9:52 AM

18 months ago when I first got this Toshiba with just the MS products someone, literaly, took over my computer while I was leaning back and streching….I nearly had a heart attack…I pulled out the wireless card, unpluged and took out the battery…lol… a friend who runs a website and is knowlegeable checked my sys out and found I wasn’t doing anything wrong with the settings… but reconmended what I have now. Since then it’s running fine.

jerrytbg on December 18, 2008 at 9:57 AM

Remember to run your antivirus update, defrag, cache & registry cleanup utilities before bedtime, window-clickers ;)

Clicking your heels together helps too, so I’m told.

lol

LimeyGeek on December 18, 2008 at 10:09 AM

Hey Limey,
You old enough to remember Jay Miner and the Amiga?

jerrytbg on December 18, 2008 at 10:11 AM

jerrytbg on December 18, 2008 at 10:11 AM

Sadly so. And then some. Never owned one though.

LimeyGeek on December 18, 2008 at 10:14 AM

Clicking your heels together helps too, so I’m told.

LimeyGeek on December 18, 2008 at 10:09 AM

You might want to do that in order to get virtualized ‘Doze running games faster than native ‘Doze. How’s that going, by the way?

MadisonConservative on December 18, 2008 at 10:14 AM

MadisonConservative on December 18, 2008 at 10:14 AM

Go back to playing games boy, I’m out of your league.

LimeyGeek on December 18, 2008 at 10:17 AM

<– Been using Opera for a loooonnnnggg time. Been using Opera in Linux/BeOS/Windows for at least 9 years now, and I occasionally use Konquerer or Firefox in Linux.

In Windows, I use Firefox almost exclusively at work and Opera at home.

Geministorm on December 18, 2008 at 10:19 AM

Remember to run your antivirus update, defrag, cache & registry cleanup utilities before bedtime, window-clickers ;)

Clicking your heels together helps too, so I’m told.

lol

LimeyGeek on December 18, 2008 at 10:09 AM

Antivirus updates and scans are automatic, Defrag is automatic (Diskeeper), Registry cleaners are a waste of time and your cache can be cleaned automatically (but is not necessary).

So actually I don’t do anything – it is all automatic.

Poptech on December 18, 2008 at 10:19 AM

I ran my small boating business on a 500 and when I upgraded to also run MS products I bought a 2000 with a PC card running a 386. Great machines! Very sad they went away.

jerrytbg on December 18, 2008 at 10:20 AM

You old enough to remember Jay Miner and the Amiga?

jerrytbg on December 18, 2008 at 10:11 AM

Amiga – Heh, Texas Instruments TI-99/4A

Poptech on December 18, 2008 at 10:21 AM

Go back to playing games boy, I’m out of your league.

LimeyGeek on December 18, 2008 at 10:17 AM

You sure are. You’re in that “I don’t have any evidence for my claims” league.

MadisonConservative on December 18, 2008 at 10:21 AM

So actually I don’t do anything – it is all automatic.

Poptech on December 18, 2008 at 10:19 AM

Glad to hear it. I’d hate to think of ‘dozers getting RSI on top of everything else they have to suffer ;)

LimeyGeek on December 18, 2008 at 10:22 AM

You sure are. You’re in that “I don’t have any evidence for my claims” league.

MadisonConservative on December 18, 2008 at 10:21 AM

I tried my best to educate you. You’re on your own now.

LimeyGeek on December 18, 2008 at 10:23 AM

Amiga – Heh, Texas Instruments TI-99/4A

Poptech on December 18, 2008 at 10:21 AM

Oh no….let’s not get in the way back time machine…

LimeyGeek on December 18, 2008 at 10:24 AM

Great machines! Very sad they went away.

jerrytbg on December 18, 2008 at 10:20 AM

They certainly were.

LimeyGeek on December 18, 2008 at 10:24 AM

I tried my best to educate you. You’re on your own now.

LimeyGeek on December 18, 2008 at 10:23 AM

Actually, you said you had no time to educate me, and that I was ignorant because I didn’t accept your unsubstantiated personal experience as fact, despite the fact that you had no proof of your results while basic articles about virtualization laid out the fact that it still can only hope to come close to native performance.

So, in other words, we tried our best to educate you, and your response was “I don’t care what experts say, because I know different, even though I can’t show you it’s true.”

MadisonConservative on December 18, 2008 at 10:26 AM

Glad to hear it. I’d hate to think of ‘dozers getting RSI on top of everything else they have to suffer ;)

LimeyGeek on December 18, 2008 at 10:22 AM

Ever since Windows 2000 I have not suffered – seriously. Windows 2000 should be known as the Microsoft OS that actually worked right.

Poptech on December 18, 2008 at 10:26 AM

Poptech on December 18, 2008 at 10:26 AM

To be honest, I have to agree with you there. Something happened around that NT/2000 era that caused the decline.

I have my suspicions….

LimeyGeek on December 18, 2008 at 10:28 AM

it is all automatic.

.

Crontab ftw. ;)

No intrusions, virii, worms, etc. since 1998 on my home systems. The one time I got a trojan, my company had me up in a hotel for a month during relocation and I connected to the internet using the hotel’s DSL line, and was infected inside of 10 sec.

At home, I’ve had a nicely secured linux server (various distros over the years) acting as my router, dns, mta, nat, ntp, etc. for a long time. I control all of my traffic in and out (great for controlling my kids’ network activities). It is interesting to look at the logs from time to time and I notice that the various ports get pinged (by North Korea, China, Taiwan, and Russia mostly) about 10x per sec on average.

Geministorm on December 18, 2008 at 10:29 AM

Amiga – Heh, Texas Instruments TI-99/4A

Poptech on December 18, 2008 at 10:21 AM

Gee… I thought they ran Motorola 68000 series….10 20 30

jerrytbg on December 18, 2008 at 10:31 AM

Hey LimeyGeek, how about some 3DMarks that we can use for comparison?

MadisonConservative on December 18, 2008 at 10:33 AM

back to work!

jerrytbg on December 18, 2008 at 10:36 AM

Gee… I thought they ran Motorola 68000 series….10 20 30

jerrytbg on December 18, 2008 at 10:31 AM

No, the TI-99/4A was a personal computer created by Texas Instruments before the Amiga came out.

Poptech on December 18, 2008 at 10:36 AM

TI-99/4ACommercial with Bill Cosby

Poptech on December 18, 2008 at 10:38 AM

Anyone else have the chance to mess with a NeXT machine during their 3 year lifespan?

MadisonConservative on December 18, 2008 at 10:41 AM

http://sunbeltblog.blogspot.com/2006/04/pssstyou-wanna-see-firefox-exploit-in.html

Just one?

Poptech, that’s for Firefox 1.05. The author himself admitted any versions higher than that have been patched. Microsoft has had a proud tradition of sticking all their problems under the rug, thinking people are too stupid to hack their code, and whistling the night away.

NEWSFLASH: Security by obscurity doesn’t work.

Ryan Gandy on December 18, 2008 at 10:42 AM

NEWSFLASH: Security by obscurity doesn’t work.

Ryan Gandy on December 18, 2008 at 10:42 AM

Such a simple concept to grasp, yet so widely ignored.

LimeyGeek on December 18, 2008 at 10:45 AM

Avant feeds off the IE template so it is completely compatible. I swear by it.

Amy Proctor on December 17, 2008 at 10:51 PM

You say that like it’s a good thing. :P

TheUnrepentantGeek on December 18, 2008 at 11:36 AM

Just one?

Ryan Gandy on December 18, 2008 at 10:42 AM

try 400 Vulnerabilities

Poptech on December 18, 2008 at 11:39 AM

Anyone else have the chance to mess with a NeXT machine during their 3 year lifespan?

MadisonConservative on December 18, 2008 at 10:41 AM

I did. They had a roomful in engineering at Michigan State back in the 90′s. They were the coolest.

My first pc was the glorious Timex Sinclair btw. Can’t beat that laminated keyboard.

Chest_Rockwell on December 18, 2008 at 11:40 AM

try 400 Vulnerabilities

Poptech on December 18, 2008 at 11:39 AM

A bunch of those are for older versions. What kind of dishonest crap are you trying to pull?

TheUnrepentantGeek on December 18, 2008 at 11:49 AM

A bunch of those are for older versions. What kind of dishonest crap are you trying to pull?

TheUnrepentantGeek on December 18, 2008 at 11:49 AM

+3.05 (the current version of FF)

Religious_Zealot on December 18, 2008 at 12:35 PM

Now for something really important

Microsoft has released a patch for Internet Explorer – get it via Windows update.

corona on December 18, 2008 at 12:57 PM

Microsoft has released a patch for Internet Explorer – get it via Windows update.

corona on December 18, 2008 at 12:57 PM

Fedora has released a patch for Windows too. Fixes it right up.

LimeyGeek on December 18, 2008 at 1:33 PM

Whoah. Lotsa geeks out there.
I confess. I don’t know WTF any of you are talking about.
I use Firefox at work cause that’s what they gave me-seems OK.
IE-maybe that’s why I hate connecting to the Internet with my laptop.
I know I’m not switching to any other OS bcs XP is my friend.
I’m truly frightened at the prospect of anything else.
As far as computers go-I’m dumb when it comes to getting a good one. But so far I’ve noticed Dell sucks-HP sucks-and I’ve had 3 Gateways that I really like.
So computer nerds-I hand it to you-you have kudos from me just trying to understand all this $hit.

Badger40 on December 18, 2008 at 1:47 PM

Ewww … I just noticed Citrix at #8. Fortunately, not a personal issue, as not on my PC, but I did have to use it at work.

I wasn’t mad about any vulnerabilities, just how slow and crash-prone the darn thing was.

corona on December 18, 2008 at 1:48 PM

Um ever since XP SP2 Windows automatic updates have turned on by default and windows will auto install the patch.

Nope.

I ran Windows Update manually, thinking that I might not need to, but even though the alleged automatic update feature was confirmed to be on, I had to get the IE patch myself.

corona on December 18, 2008 at 1:53 PM

OK, is the stupid Linux/Windows pissing match at an end? Never have so many characters been typed and so little been communicated.

Troj on December 17, 2008 at 5:31 PM

New to the internet?

tom on December 18, 2008 at 3:42 PM

I have to confess that I have been an online bisexual (IE7 and Firefox), now updated Firefox to 3 and it is pretty good! Where do I set up default browser? Cannot let go of IE because of Windows Mobile.

If there is any way I can download stuff that IE takes but on Firefox I’ll really appreciate it!

Also my notebook disappears from time to time the DVD drive. Drives me nuts!!!!! I downloaded a whole Barbie movie from YouTube and I can’t burn it because it is missing! Opens, closes, seems to read and it’s not anywhere in system/device manager/computer/etc., etc. Will go to regedit and see if I can check whassup with the codes. Same issue with BIOS.

HP Pavilion; any techie please help. Thanks!

ProudPalinFan on December 17, 2008 at 10:21 PM

Install the Firefox extension named IETab. Once installed, you can right-click any web page in Firefox and select “View in IE.” You can also right-click any web page in IE and select “View in Firefox.”

You can also load a web page in IE that displays in a Firefox tab. In effect, Firefox is able to render pages with the IE engine in a tab.

And the best trick: you can configure it to always open certain web sites in one or the other. So if you use Firefox as your primary browser as all right-thinking people do, but have a particular web site that only works with IE, you can configure Firefox to use IE’s rendering engine anytime you open that site.

tom on December 18, 2008 at 3:52 PM

A bunch of those are for older versions. What kind of dishonest crap are you trying to pull?

TheUnrepentantGeek on December 18, 2008 at 11:49 AM

Nothing dishonest about it, those are all the vulnerabilities since the browser was released. My point is it is not the security meca people claim it is.

Firefox 3.x has had 39 vulnerabilities with 1 unpatched.

Poptech on December 18, 2008 at 8:10 PM

Install the Firefox extension named IETab.

tom on December 18, 2008 at 3:52 PM

IE Tab is hardly safe.

Poptech on December 18, 2008 at 8:14 PM

As long as Active X lives in IE, IE will be nothing but a virus/troll/intrusion/hacker superhighway. Active X is inherently flawed: it allows a user access to absolutely anything/everything with NO AUTHENTICATION WHATSOEVER!!!

There is no way to “fix” this, because it is flawed at the architectural level. It must be blown to smithereens, the pieces junked, and the entire browser desing started over again: but this time with a sound architecture. Oh, wait: we’ve already got that! It’s called FireFox!!

landlines on December 18, 2008 at 8:15 PM

Why has this post not been updated?

Microsoft out-of-band security update for Internet Explorer

Poptech on December 18, 2008 at 8:15 PM

As long as Active X lives in IE, IE will be nothing but a virus/troll/intrusion/hacker superhighway. Active X is inherently flawed: it allows a user access to absolutely anything/everything with NO AUTHENTICATION WHATSOEVER!!!

There is no way to “fix” this, because it is flawed at the architectural level. It must be blown to smithereens, the pieces junked, and the entire browser desing started over again: but this time with a sound architecture. Oh, wait: we’ve already got that! It’s called FireFox!!

landlines on December 18, 2008 at 8:15 PM

Please stop spreading bullshit myths based on your absolute lack of understanding of computer systems.

The Lame Blame of ActiveX (eWeek)
http://www.FirefoxMyths.com

Poptech on December 18, 2008 at 8:17 PM

Doesn’t this “news story” happen once a year?

SouthernGent on December 18, 2008 at 8:22 PM

Doesn’t this “news story” happen once a year?

SouthernGent on December 18, 2008 at 8:22 PM

Sometimes… two or three times a year. That’s Microsoft, their motto is…. “We don’t care, we don’t have to.”

Maxx on December 18, 2008 at 8:47 PM

Sometimes… two or three times a year. That’s Microsoft, their motto is…. “We don’t care, we don’t have to.”

Maxx on December 18, 2008 at 8:47 PM

Microsoft cares which is why they have been releasing security updates monthly since 2003 and out of band patches for critical issues like this immediately.

Microsoft releases monthly security fixes (ZDNet, 2003)

Poptech on December 18, 2008 at 9:00 PM

I ran Windows Update manually, thinking that I might not need to, but even though the alleged automatic update feature was confirmed to be on, I had to get the IE patch myself.

corona on December 18, 2008 at 1:53 PM

First you have to confirm it was on and enabled (it is on any Windows XP system with SP2 or higher) however the default settings (unless changed) will not install the update until 3:00am in the morning. I have seen plenty of systems with this disabled or changed from the defaults by the user or someone “helping” the user. Certain worthless “tweaking” applications can also disable this as well.

Poptech on December 18, 2008 at 9:06 PM

Why has this post not been updated?

Microsoft out-of-band security update for Internet Explorer

Poptech on December 18, 2008 at 8:15 PM

Are you a Microsoft employee by any chance?

ddrintn on December 18, 2008 at 9:35 PM

Are you a Microsoft employee by any chance?

ddrintn on December 18, 2008 at 9:35 PM

Nope I have just been IT for over 15 years and these sort of hysterical alarmist posts do nothing but give me more work to do “fixing” non existent problems.

Poptech on December 18, 2008 at 10:04 PM

Are you a Microsoft employee by any chance?

ddrintn on December 18, 2008 at 9:35 PM

Nope I have just been IT for over 15 years and these sort of hysterical alarmist posts do nothing but give me more work to do “fixing” non existent problems.

Poptech on December 18, 2008 at 10:04 PM

Relax, then. More money for you.

ddrintn on December 18, 2008 at 10:33 PM

Relax, then. More money for you.

ddrintn on December 18, 2008 at 10:33 PM

This is about having to waste time explaining basic computer security to people who read alarmist nonsense like this and very little to do with making any money.

Poptech on December 18, 2008 at 11:07 PM

Ed should lay off the tech talk because he doesn’t have the faintest idea what he is talking about.

echosyst on December 19, 2008 at 1:01 AM

OpenGL and Glide died, dude.

Tell that to Sony. And NVidia. And Apple. And the entire SIGGRAPH community. And well, everyone except Microsoft.

Regarding I.E., never make a web-browser that doubles as a system shell. It leads to crap like this. When designing a web-browser, you might want to make it a web-browser and nothing more.

spmat on December 19, 2008 at 11:03 AM

Poptech said:

“Why has this post not been updated?”

You want to ask that question a few more times? Some people might not have gotten the “message” yet. The “message”: you really, really care that IE is seen in a positive light. Thank goodness most folks are less focused on positive PR for MS. *shrug*

Troj on December 23, 2008 at 10:12 PM

Comment pages: 1 3 4 5