Slashdot Log In
Dept. of Homeland Security Says to Stop Using IE
Posted by
CowboyNeal
on Fri Jul 02, 2004 10:51 AM
from the warning-is-years-late-in-coming dept.
from the warning-is-years-late-in-coming dept.
LWATCDR writes "I have been saying this for a long time but now it is offical. From Yahoo News:
'The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.'" In related news, rocketjam writes "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
This discussion has been archived.
No new comments can be posted.
Dept. of Homeland Security Says to Stop Using IE
|
Log In/Create an Account
| Top
| 1069 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
If it's broke...well....we'll fix it later (Score:5, Insightful)
"In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."
This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer. You gotta love this. You just cannot make stuff up like this!
Cheers!
Erick
Re:If it's broke...well....we'll fix it later (Score:5, Informative)
(http://127.0.0.42/)
Repeat after me: Global Class Action Lawsuit against Microsoft. Bunch of bumbling fubars. And that ain't the only whole they haven't plugged in months...
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://homestarrunner.com/)
Furthermore, there are generally also configuration changes you can make in the mean time to these products to nullify the vulnerabiltiy. There is nothing you can do with IE except disable ActiveX and set the security level to high which (1) makes IE somewhat unusable and (2) STILL doesn't completly protect you.
Finkployd
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://homestarrunner.com/)
Finkployd
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://google.com/)
How about the majority of folks who are not using Windowx XP? Can they install "IE SP2"?
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://www.alsa.org/ | Last Journal: Tuesday September 27 2005, @09:02PM)
I believe the poster was referring to a company knowing about a severe defect in a product and simply failing to address the issue for a ridiculously extended period of time. It's especially dreadful when the same general problem keeps recurring. For major OS products, when a problem is revealed it is quickly fixed, and the problem *stays* fixed. You simply can NOT say this about Microsoft's products.
So yeah, we have a pattern of extreme negligence on the part of Microsoft. But I guess it can't be helped because they have no incentive to fix it (thank you USDOJ).
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
Going a little deeper, it's all about risk/benefit. People know the risks of having a window, and feel it's worth it to have the benefits of a window.
You simply cannot say that about the Windoze/IE flaws. Most people have little understanding (even now) of the risks of using insecure software and little or no understanding of how to mitigate the risks. The benefits are obvious, but the risks are still an unknown to most users.
IANAL, but I'm willing to believe that a class action suit against MS could be mounted and might even prevail, based on the negligence of the company.
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://ck-gunslinger.deviantart.com/ | Last Journal: Thursday July 08 2004, @01:17PM)
My windows aren't easy. I can't just stand in my house and determine whether my windows are locked or not. Ihave to walk ove to them. I have to look at the lock. Then I have to actually try to lift the damn window, since the locks are internal and I can't ever remember if "lever to the left" means locked or unlocked. Do I have grounds for a lawsuit if I can't tell if my house is secure?
You seriously better hope a class action lawsuit *never* comes up for this. That would seriously turn the entire software industry on it's head. Where would it stop?
If I'm playing a competitive game of UT2k4 and the mouse driver cuts out, can I sue Logitech for loss of potential profits?
If I'm writing my thesis and the power cuts out, can I sue the Utilities Company for my lost tuition?
If I'm using a statistical package and, due to some bug, I determine that shooting myself in the face with a loaded shotgun has a -0.314159 probability of death, can my mourning relatives sue the company?
At what point does the software manufacturer get to say "Hey, we did our part. The rest is up to you."
It's a very slippery slope.
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
The problem with that analogy is that the very nature of a window is inherently insecure in various ways. If you can make it 100% (or 99%) secure, it's probably not a window anymore. But there's no such attribute of an operating system and its applications - it is not a given that software is reasonably expected to be insecure, especially a many $$$ operating system. And when there are security flaws that can be fixed and they are left unfixed, that is a heckuva lot more worthy of a lawsuit than windows not made out of "1/4-inch steel".
Re:If it's broke...well....we'll fix it later (Score:4, Insightful)
(http://www.ganjablogger.com/ | Last Journal: Thursday January 05 2006, @05:36PM)
Sendmail and Apache however are pull, they are available freely but you must go out and get them yourself.
For most software it's a question of cost. In terms of free software Microsoft is the only company in a position to "push", they push using their monopoly onto oem installs. Since nobody else has that monopoly, there is nobody else who produces and distributes free (as in beer) software who should be held liable for glitches in said software.
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://homestarrunner.com/)
I'm wondering at what point it becomes criminal negligance.
Finkployd
Re:If it's broke...well....we'll fix it later (Score:4, Interesting)
Despite the click-wrap license which claims no liability, I think it would be easy to show the contrary and the class action is a good idea. MS is a for-profit company and as such their goal is to make money. They aren't going to write any code unless it affects the balance sheet. Time to make the exploits show up on the 10-Q.
There's more truth in Dilbert than in Farenheit 9/11
Re:If it's broke...well....we'll fix it later (Score:4, Insightful)
(http://arcterex.net/)
With IE you have no option but to depend on Microsoft for patches and updates.
Re:If it's broke...well....we'll fix it later (Score:4, Informative)
(http://www.bartlettpublishing.com/)
IE is not free (Score:4, Insightful)
(http://math-www.uni-paderborn.de/~axel/)
They don't. By their own testimony, IE is an integral part of their operating system. And indeed, several important operations in Windows are impossible to perform without IE installed. The operating system is not free, and neither are its integral parts.
Here's one (Score:4, Insightful)
(http://technocrat.net/ | Last Journal: Thursday November 15, @03:58PM)
When you have the vast bulk of PCs the last decade and a half being shipped with MSOS, they had a responsibility to make sure they weren't violating anti trust laws, which they failed to do, and got convicted of it.
The consumer was long ago denied any reasonable* expectation of free market choice, when the vendors themselves conspired with MS to ONLY include MSOS to such an extent. It's intent, and to my way of seeing it, is an example of RICO action and should have resulted in MS and several large vendors getting charged with criminal violations, not just civil violations, and several billionaires going to jail over it.
Even though IE is a free download, it is easily observed that most people did not have some other OS OR of their free will go "download IE", it came as a bundled app with their monopoly enforced distribution of MSOS, and the product is seriously flawed. Seriously. The EULA should be challeged, and we need to get a determination of when and how any product may be profited from, but still avoid an implied warranty for suitability for purpose. If they get granted a patent and a copyright, they have certain responsbilites when they trade it in some fashion for money. When you receive something for free, it's a different story. That's the major difference there. And if that again causes a shift in free/open source, how it's distributed, it would be worth it to force closed source/propietary and for-profit sodftware to get classed as a product that is sold, and have normal consumer protections. The tradeoffs are worth it, IMO.
* please note, I said reasonable as opposed to technical. Technically yes, they had a choice, reasonably, no, there was little choice, and still not much. Walk into any big computer store, what is the default install on the boxes there? Are any of them safe to go on the net "as is", how they are sold? No, they are not. The EULA basically is an example of a vast huge case of consumer fraud, IMO. People assume their brand new computers will work, and part of their entire computer package they purchase with real money is the software that comes with it. They would sell little if any new computers bundlked with MSOS if they were merely labled truthfully, as in "you will probably get infected with virus, malware, trojans, backdoors, etc within one hour of being on the internet with the default install and configuration if you click accept on the EULA provided for the bundled microsoft software". If that sticker was on the outside of the boxes, the stores wouldn't seel hardly any of them. How many computers and copies of MSOS would they sell then, if they were merely required to tell the truth, even keeping the current EULAs in place, exactly how they are written now?
I personally *do not care* if the entire software industry top to bottom, left to right, inside to outside has to change licensing,thinking, what they do or how they do it, enough's ENOUGH on claiming a 60 year old industry that has raked in untold hundreds of billions of dollars or more isn't mature and sophisticated enough to offer products that can be covered by minimum consumer implied warranties. Time to take the training wheels off, and get rid of the EULA get out of any responsibility "license". If it slows down releases and causes huge shifts in PHB and investors thinkings and stock holders profits, I could care less, and I bet millions more consumers feel the same exact way. Software will still be written and sold or given away, just of much better quality. Releases will be slower, but they will be much better quality. Pressure will shift from get i
Re:If it's broke...well....we'll fix it later (Score:5, Funny)
(http://platinumdragon.ca/ | Last Journal: Monday May 23 2005, @01:59AM)
That last sentence gives me a better idea... forget the lawsuit. Encourage their spouses to deny them until those bugs get fixed.
Call it Project Lysistrata.
Uhh... that assumes they have spouses to deny them. If not, distribute their pictures to every singles bar and sweaty-palm dating site, with a "DO NOT TOUCH THIS PERSON." warning.
If they're not plugging holes now, they certainly won't be plugging holes until the bugs get fixed!*
* "or get plugged", depending upon gender and orientation. Deny, deny, deny until the bugs are fixed!
Re:If it's broke...well....we'll fix it later (Score:5, Funny)
These are Microsoft developers. You'd better be distributing those pictures to all the hookers and massage parlors in and around Seattle.
Re:If it's broke...well....we'll fix it later (Score:5, Funny)
(http://www.edgiardina.com/)
Perhaps Microsoft didn't adhere to Global Law and will face a Global Court. In front of this World Court where juristiction is not in any way ambiguous, microsoft shall be cleansed of all the evil wealth it created and be forced to continue to work for free on open source projects.
Re:Why's Parent "Funny?" (Score:4, Insightful)
(http://slashdot.org/)
Quicken, Photoshop, and 3D CAD (SolidWorks). I rely on those programs. Make Linux run them and I'll switch immediately. Until then, I suffer with MS crap, along with the rest of the world.
Your reaction makes perfect sense - use what OS you need to to run the apps you want - but your post also contains the incorrect implication that there's something that Linux could do to make those apps run on it. There isn't. It's entirely in the hands of the application writers, and market forces. That's not something linux itself can change. It's a social problem, not a technical one. The apps don't exist on linux because the companies that make them don't think the effort to port would bring them enough new customers. This has nothing do to with any deficiencies in the OS itself. None.
Re:If it's broke...well....we'll fix it later (Score:4, Funny)
Only partially. (sorry about that;)
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
a) knew of the problems at hand
b) had already proven this was a monopolistic practice because of lack of choice
c) Balked at the chance to remedy the situation after b) was proven true in court, thus forcing numerous citizens to be exposed to risk without their choice or consent
"Willful neglect"?
(FTR: I do not generally approve of a sue-happy society)
Re:If it's broke...well....we'll fix it later (Score:4, Interesting)
Leaving aside whether or not click-wrap licenses are actually enforceable, I suggest that all the folks who aren't using any MS products at all (myself included) -- and as such haven't agreed to any such nonsense -- band together to join a class action suit against them. Whether it's for all the time we're stuck burning, having to fix the Windows PCs our friends, family, &c constantly need fixed, network outages caused by virii that use Windows exploits as a vector (my ISP [cable] was more or less buried under the overload in traffic from MyDoom and Welchia or whatever they were called, to the point that their only recourse was turning off infected users' connections).
Does "people who don't use a product but are still inconvenienced, put out and may even have suffered financial loss (as did a friend of mine when our ISP choked on virus traffic) because of its foreseeable and preventable problems" consitute a class?
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(Last Journal: Sunday September 28 2003, @12:07AM)
THIS SOFTWARE IS PROVIDED "AS-IS" WITHOUT ANY WARRANTIES....
Class action lawsuits are bullshit anyway. Only the attorneys and the class-leader(s) get any significant money. Everybody else gets twenty bucks after they fill out a mountain of paperwork. I'm glad I live in a state with no class action status.
Re:If it's broke...well....we'll fix it later (Score:4, Informative)
(http://www.outpimp.com/?x=57020 | Last Journal: Wednesday September 12, @09:15PM)
Yeah, but, wasn't it just a few weeks ago, that a company got out of legal problems involved with privacy (an airline?), because they argued that most of the plantiffs probably did not read the privacy statement they clicked to agree with....and therefore it wasn't binding.
Well, if that works in reverse...just claim you never read those click through EULA's.....and therefore aren't bound by them...and so you can sue.
Seems fair....?
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://www.ajs.com/~ajs/)
We knew better, but we got burned. Now is the time to take responsibility for our actions and switch to non-MS products.
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
For a while, I have had to have my browser lie to web sites about what it is on too many sites. For the most part, this is no longer needed.
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
It amazes me that no one has pointed out the obvious:
With their TREMENDOUS market share, Microsoft has a moral (and probably legal) obligation to secure their software and they have failed to do this for years. Entire industries depend on MS software. There is no excuse. Failure to do this is simply immoral and unethical, but we have come to expect this behavior from MS.
Frankly a class-action lawsuit is long-overdue.
Re:If it's broke...well....we'll fix it later (Score:4, Insightful)
(http://www.spotswood-computer.net/)
Remember, M$ is a corporation. Corporations have but one gole: profit. Morals come into play only when they affect profit. As M$ has a virtual desktop monopoly (for the moment), they have no need of morals.
Now if high level executives start doing hard time for the crimes the corporation(s) they run commit, morals will have a much greater influence.
Can we can this rubish once and for all please? (Score:5, Insightful)
(http://slashdot.org/ | Last Journal: Tuesday January 22 2002, @05:54AM)
You have been brainwashed and repeat your little mantra like the good Chinese workers used to parrot Mao's Red Book.
Companies can be the expresion of an ideal, the realization of a dream or the intent to attack social problems. You have companies that have been set up to ensure fair trade of tea and coffee, other companies that operate in a cooperative basis in which the workers are owners and benefit.
In Brazil a well known style of management (like some forward thinking USian companies like Google) support their employees to start their own businesses on their free time using company's resources that otherwise would not be utilized.
Many companies have programs to vinculate them with their local communities (mine is one of them) helping with reading skills, IT skills on deprived schools, and promoting on their employees a culture of solidarity and social responsibility. Many of you don't know, but many corporations have strict guidelines about what is legal or moreal and what is not, and employess are lectured constantly (to the point of boredom) about legal and moral obligations.
There are companies out there that compete trying to put innovative products on the market and not by the shameful "embracing and extending" touted by the greatest megalomaniac of the IT industry.
The companies are what you want them to be, if they only pursue profit without regards for the consequences it is because greedy unscrupulous individuals have been made heroes by their peers, the media and unsuspected Red Book reciters.
Re:If it's broke...well....we'll fix it later (Score:4, Insightful)
(Last Journal: Thursday February 24 2005, @11:27AM)
I mean, really. In 1994, I was not thinking, "Oh geez, these worms and trojans and virii sure are a pain unique to Windows--maybe I could switch to some UNIX-like OS on my Intel computer." I was thinking, "How can I get the web working with my 14.4 modem?" and "Wow, CD-ROM drives sure are cool."
Re:If it's broke...well....we'll fix it later (Score:4, Interesting)
Of all programming errors, buffer overflows, off-by-one, and signed mistakes are some of the easiest spot and to fix. Other errors, like SQL injection, privledge separation, races and the dozens of other errors that can cause crashes, security vulnerabilities, or denial of service attacks, can not be protected against by a managed language because they're outside the scope of the language itself.
Re:If it's broke...well....we'll fix it later (Score:5, Insightful)
(http://mysite.verizon.net/spitzak)
My impression is that the stuff being forced onto the Linux desktop is as huge of a bloated and hacked mess as anything coming out of Redmond, and that only the variety and minor market share of any of them is preventing exploits as bad or worse than anything in IE. Though I doubt anything on Linux is as bad as Outlook, but neither is anything else from Redmond that bad.
Capitolism (Score:5, Insightful)
(http://web.mac.com/mosb1000)
This is what people don't understand about capitalism. If you don't like the product, you don't have to sue, just stop using the damn product.
I really hate this attitude, "the man keeps us down, so lets sue." It makes absolutely no sense at all. Corporation uses child labour to make affordable products, sue them. Heaven forbid you should accept responsibility for it and stop buying their low-quality products. MSFT sells software for too much money, sue them, don't simply use something else. It's no wonder we have so much unnecessary litigation in this country.
Re:Capitolism (Score:5, Insightful)
(Last Journal: Friday February 04 2005, @10:11AM)
Seriously, avoiding certain purchases only goes so far. If action isn't taken to proactively stop clothing manufacturers from using sweatshop child labor, then they'll keep doind so, forcing everyone else to do the same thing or get priced out of the market. When it's all made that way, what do you do then, build a loom and start farming sheep and cotton?
Re:Capitolism (Score:4, Insightful)
(Last Journal: Monday March 08 2004, @02:55AM)
People will without fail attempt to make the choice they feel is most advantageous to themselves. Valuation is in the eye of the purchaser, and it is this that the purchaser's ethics and ideals of social good must affect in order to affect the outcome of any purchase.
People who complain about Wal-Mart's behavior yet continue to purchase Wal-Mart's goods, for example, do not weigh the cost of the social ill they believe Wal-Mart creates heavily enough against the value of the goods to stop them from making the decision to buy Wal-Mart's product.
This is exactly the same reason why consumers won't pay a price premium for the privilege of not fucking over struggling third-world coffee farmers. Bad shit that happens to other people isn't seen to be as important as bad shit that happens to one's self, even when the bad shit that happens to you is relatively trivial, such as having to spend that extra $3 for the guilt-free version.
This is precisely why courts of civil and criminal law at the state and federal levels have authority over business activities - there are many sorts of behavior that will give a company a large competitive advantage that are collectively perceived as undesirable, but which will clearly be rewarded financially by a pure system of capitalism. Undesirable and socially harmful behavior can be proscribed and reprimanded by the courts, which is a socialist aspect of our American marketplace, like it or not. I think that overall it's more beneficial than harmful, but that's just my opinion.
As regards the question of whether or not Microsoft's activities have been sufficiently harmful to consumers to merit the prosecution of a class-action lawsuit, I would suggest that it is certainly the right of American citizens to raise that question in a court of law if they feel that there is sufficient reason to do so, and that the social order we have wherein, where we would accept the decision of the court in this question, is working reasonably well in such an instance.
Re:Capitolism (Score:4, Insightful)
(http://slashdot.org/)
No, lawsuits are a reasonable way to redress injury caused by faulty product design.
The economic pressure by fewer sales is one too, but especially in monopoly markets, legal instruments may be the only effective way to curtail abuses in a reasonable amount of time.
If you produce crap defective product, expect lower sales AND lawsuits. Both reduce the profit of the company and can be used a lever to induce better behavior. Both are legitimate tools.
Cheers,
Greg
Re:Capitolism (Score:4, Interesting)
(http://penguin.lvcm.com/)
Individuals are subjected to the "Crime and Punishment" mentality, corporate persons should be given no special treatment in this regard.
Microsoft will not be sued... (Score:4, Insightful)
(http://rhadmin.org/)
...because they are a monopoly (in regard to the IE bugs and the DHS advisory).
They will be sued because they were willfully negligent in the maintenance a monopoly product, the sabotage of which inflicts material damage upon third parties in the range of hundreds of millions of dollars.
Don't let your dislike of antitrust law cloud the real harm that this software has done. If Standard Oil had sold petroleum products that destroyed the engines of their customers during their monopoly breakup, would they still be liable for damages? Of course.
p.s. IANAL.
Translation for the Layman (Score:5, Funny)
(http://www.dragonswest.com/ | Last Journal: Monday November 05, @07:35PM)
This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer.
Translation: After all those horses get out of the way, we'll have your barn door fixed in a jiffy.
Re:If it's broke...well....we'll fix it later (Score:4, Insightful)
* Valenti gets the boot.
* AU sets up a free CA.
* European software patents are being rejected.
And now this... I guess we Americans will have a lot more to celibrate on the 4th, at this rate?
Hate to bust your bubble... (Score:4, Informative)
Sure, but he's been replaced by another DRM-lover. Trust me, there's no clue coming to the MPAA.
* AU sets up a free CA.
Ok, I'll agree with you about this bit of good news... once I see it in IE's default CA list.
* European software patents are being rejected.
Wrong. The Dutch reversed their vote. This does not *yet* invalidate them, although it is a good start... keep the pressure up on your EU representatives!
Re:If it's broke...well....we'll fix it later (Score:5, Informative)
(http://www.martin-english.com/ | Last Journal: Tuesday August 06 2002, @10:32PM)
Ummm... I don't think so.... here is a link to the US-CERT Vulnerability Note VU#713878 [cert.org] which (I think) is where this all starts. Go right to the bottom (OK, this is slashdot, so I'll cut-and-paste)
Use a different web browser
There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).
The way I read that last sentence, CERT say you are not safe unless you get rid of the IE6 functionality.
Re:If it's broke...well....we'll fix it later (Score:5, Funny)
(http://ck-gunslinger.deviantart.com/ | Last Journal: Thursday July 08 2004, @01:17PM)
Well, at least the DoHS didn't recommend cover your Windows with plastic and using duct-tape to seal the cracks this time...
Bad Bureaucrat! Naughty! (Score:4, Funny)
(http://www.dragonswest.com/ | Last Journal: Monday November 05, @07:35PM)
What's next, a recommendation that everyone stop using Microsoft Windows?
New: Microsox Windlls FU SP7 w/Ubernet Exploiter (a free pile of bugs in each release!)
I have been saying this for a long time but now it is offical.
<Shakespeare mode=Hamlet>: There needs no ghost, my lord, come from the grave to tell us this.</Shakespeare>
Really. How long before the Whitehouse figuratively grabs Tom Ridge by the lapels and tries to throttle him. Such harsh treatment for a huge dono^H^H^H^Hemployer. Oddsbodkins, what next, the GWB DoJ was soft in pursuing the danger of monopoly exploitation of the browser market?
Re:Bad Bureaucrat! Naughty! (Score:5, Funny)
(http://scottgant.blogspot.com/)
Now he's trying to find John Kerry's phone number to tell him "hey, wanna be President? No problem, you're in...the stuff that happens in November is just a formality, but trust me, my next call is to Diebold to finally tell them who I want to win...just remember to have your guy tell everyone that IE and Windows is the OS of choice now...buh bye"
Re:Bad Bureaucrat! Naughty! (Score:5, Informative)
(http://www.scul.org/SCUL/Pilot/Pil_Gropo.html | Last Journal: Monday May 12 2003, @07:33PM)
Re:Bad Bureaucrat! Naughty! (Score:4, Funny)
(Last Journal: Saturday May 29 2004, @03:16PM)
he just need to update some dll and that's it
Re:Bad Bureaucrat! Naughty! (Score:5, Informative)
(Last Journal: Tuesday January 04 2005, @06:09PM)
http://georgewbush.com was running Microsoft-IIS on Windows 2000 when last queried at 25-Jun-2004 13:05:27 GMT
Re:Bad Bureaucrat! Naughty! (Score:4, Funny)
(http://bestpractic.es/)
Its About time (Score:5, Interesting)
(http://www.arieswind.net/)
Now the pressure is on Microsoft to get their shit together and make IE more secure, or risk losing their commanding lead in the web browser department. Even my dad, who would rather not use a computer than have to start using different programs, has asked me to put FireFox on his system. And my dad's boss, who is quite possibly one of the most computer illiterate people in the world, has expressed interest to him in moving the whole office off of IE onto another browser.
It really says something for how widespread this news is. If I was MicroSoft, I would be scared at this point.
Re:Its About time (Score:5, Funny)
I feel so....conflicted.
They say IE is bad, which is good, but they're big brother which is bad. My brain 'splode now, thank you.
Re:Its About time (Score:4, Funny)
Don't worry! (Score:5, Funny)
Now, how many fingers?
Re:Its About time (Score:5, Funny)
(http://slashdot.org/)
-
Horray for the Department of Homeland Security!
I feel so....conflicted.I know, it's like watching a fight between an IRS auditor and a PETA employee. You just hope it goes the distance.
Re:Its About time (Score:4, Interesting)
Well, they are. According to wired (emphasis mine):
Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
"Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
In other words, Ballmer has probably already contacted Bush to remind him about the terms of his re-election campaign funding by MS...
Re:Its About time (Score:4, Funny)
Re:Its About time (Score:4, Informative)
(http://f1-facts.com/)
DUPE!... well, mostly. (Score:3, Informative)
We did this story on Sunday... [slashdot.org]
However, in CowboyNeal's defense, both articles cited here were published after that story on Sunday, and we now have the news of Microsoft's rather weak reaction claiming that CERT didn't mean what we all saw them say and Mozilla's reaction that downloads are up since the first reports. Still, that's a Slashback, not a new story.
Re:DUPE!... well, mostly. (Score:5, Informative)
(http://www.arieswind.net/)
Re:DUPE!... well, mostly. (Score:5, Interesting)
Notice that it's the Department of Homeland Security seal at the top of the document. For our purposes, CERT is a subset of DoHS... it's just that the media is now picking up on the more known name of the larger organization to bring the story to the masses.
Of course (Score:5, Funny)
Duh. All our friends at Microsoft need it too.
*grin*
*grin*
Re:Of course (Score:4, Interesting)
Yup, they sure did! (Score:5, Insightful)
Re:Yup, they sure did! (Score:5, Insightful)
(http://www.writetothem.com/)
I use Firefox and I *don't* want to see "Optimized for Firefox" or similar appearing on the web.
I want web designers to follow the W3C standards. I want to be able to browse in Lynx as well. I want the blind to be able to access web content. It is for that reason that I don't want Firefox to take 90% of the browser market. If 4 or 5 browsers have roughly equal share, there will be much more incentive for web designers to do their job properly. </rant>
Oh, the irony (Score:5, Funny)
Re:Yup, they sure did! (Score:5, Insightful)
How many users actually know what Internet Explorer is?
How many of those users will hear about this message?
How many of those users will know where to get an alternative browser?
How many of those users will be motivated enough to actually want to switch browsers?
How many of those users will be competent enough to download and install a new browser?
How many of those users will be competent enough to handle any problems that come up instead of just saying "this sucks" and switch back to IE?
I recently switched to FireFox because of this horrible security hole, and even though I'd consider myself a very advanced user, I had a couple problems getting things running smoothly. It would randomly lock up and crash on me - turns out that importing old IE settings is what caused it. Oh, and you want to reinstall it to get rid of your problems? Have fun hunting down that user profile directory that you don't know exists and doesn't automatically remove itself on uninstall. Configuring the UI is a huge pain in the ass.
Ironically, it doesn't display Slashdot right sometimes, either.
Great News (Score:5, Interesting)
I hope that this also translates into a large spike of donations to the mozilla organization. Firefox and T-bird are teh moh scheezi, and i started using mozilla years ago.
I've donated about $150 over the years, how bout y'all?
And yet from the justice dept (Score:5, Insightful)
(http://slashdot.org/)
Man, this'll be just liek when video games normed (Score:5, Funny)
Re:Man, this'll be just liek when video games norm (Score:5, Funny)
(http://www.arieswind.net/)
Re:Man, this'll be just liek when video games norm (Score:4, Funny)
(http://www.timcoleman.com/ | Last Journal: Friday January 04 2002, @10:21AM)
Amazing...BTW, if you haven't used.. (Score:5, Informative)
(http://www.opaquelucidity.com/)
Re:Amazing...BTW, if you haven't used.. (Score:5, Insightful)
(http://homestarrunner.com/)
I think this whole "IE is required for banks, online stores, etc". is a big FUDdy myth. Start pointing out sites that do not work with standards if there are so many and let's all encourage those sites to fix their broken stuff.
Finkployd
Profit (Score:5, Funny)
Rise of the... (Score:5, Funny)
It's so great to see Mozilla rising from the smoldering ashes that MS left Netscape in, only to come back and bite MS in the ass. It's so symbolic, they should change Mozilla's name to "Phoenix" or something.
Huh? Oh. (Gilda Radner on SNL voice....) Nevermind.
switch (Score:5, Insightful)
(http://www.hulver.com/scoop/user/damballah/diary | Last Journal: Wednesday August 13 2003, @09:14PM)
Firefox's Gestures (Score:4, Informative)
Homeland Security actualy works!!! (Score:5, Funny)
(http://slashdot.org/)
Heh, oops... (Score:5, Funny)
(Last Journal: Monday June 05 2006, @05:03PM)
Lynx (Score:5, Funny)
(http://nizo.deviantart.com/gallery/ | Last Journal: Sunday November 25, @11:52AM)
Re:Lynx (Score:4, Funny)
(http://slashdot.org/)
I only read them for the articles.
Homeland Security Be Damned (Score:5, Funny)
(http://www.andrewstuckey.com/)
*pause*
She then asks if our mother uses it. I said yes (thanks to me).
"Ok, install it."
Homeland security be damned, it's the MOTHERS we need to convert.
Re:Homeland Security Be Damned (Score:5, Insightful)
We need to stand up and tell all the family members and friends we're supporting for free - we are, after all, unpaid Microsoft technical support, without whom the users might as well be using command-line Unix - that they can either stop using IE, stop calling us for support, or expect a $200.00 per hour charge, with a one hour minimum per call.
Enough is enough. No more unpaid work cleaning up after Bill. It's like walking behind an elephant with a dustpan and a broom.
Re:Homeland Security Be Damned (Score:5, Funny)
Riiiight... see, if you do that, your family might kick you out of the basement. Not that I would know or anything. Nosiree.
(What, did you think you were good for anything else?)
Firefox will install with 'power user' access (Score:5, Informative)
(http://amateurpundits.blogspot.com/)
You should probably find out if IE uses any work-related proxy-server and change that setting manually in Firefox once the install is complete.
Happy browsing!
Re:Firefox will install with 'power user' access (Score:4, Informative)
(Last Journal: Wednesday June 29 2005, @09:39PM)
http://johnhaller.com/jh/mozilla/portable_firefox/
Re:Firefox will install with 'power user' access (Score:4, Informative)
(http://www.glassuser.net/ | Last Journal: Monday May 09 2005, @08:47AM)
Yeah Right (Score:5, Interesting)
Re:Yeah Right (Score:5, Informative)
(http://www.army.mil/)
First a committee/team has to be put together to verify the recommendation not to use IE. Then an alternative will have to be selected. This means another committee/team will have to determine what the alternatives are. Once the alternative web browsers are identified, they will have to be tested to make sure that they are secure and compatible they are. This testing can very depending on how indepth they go and how soon they realize that a large number of military web sites are IE only!! Once a replacement browser is selected, a Plan of Action has to be determined to figure out how the new web browser will be installed and how the completed installation is reported back up the chain of command. Once all of this has been completed, it will then be briefed to the head shed at the Pentagon who will then make some modifications before giving an order that all computers have a new web browser installed.
This doesn't take into account any turf battles that may come up during this process, fixing all of the IE only military web sites, complaints and stubborn refusal from users (IE will have to be completely removed otherwise people will still use it), all of the modifications to the Plan of Action as it goes down the chain of command, the several weeks it will take for each DOIM and unit to figure out how they are going to implement the Plan of Action, DoD civilians.....
It should take the military a few months to install a new web browser.....
Re:Yeah Right (Score:4, Informative)
Kinda funny... (Score:5, Interesting)
MS to "win the browser war" just in time to have their browser shot down every time they turn.
They had better wake up to this, too... These days, "internet" is about 85% of what computing is about. MS with all their attempts to blur the lines between your computer and the internet, and their flagship web application is poo.
I believe it's time for a cliche... (Score:3, Funny)
(Last Journal: Wednesday October 27 2004, @10:08PM)
Well, no shit sherlock.
True.. but you're forgetting one thing. (Score:5, Informative)
NO ACTIVE X. That means no sneaky little programs in your system.
The open source movement is well on top of issues like this... always have been.
Also, politically speaking, the open sourcers and black hats are cousins on different sides of a moral question. Virus writers and spyware jockeys don't go out and try to attack open source. They know what they are up against. They prey on the weak.
Remember, Open Source is dragging Microsoft down on a mayonnaise sandwich budget. They know who not to mess with.
Now if we could only get Homeland Security to start talking about OUTLOOK EXPRESS, then I would dance a jig.
No... because it is a design issue (Score:5, Insightful)
It's not just that IE is widespread, but its a design issue. If the usage numbers were inverted, IE would still have more exploits because it has some extremely poor design concepts behind it. First, it is directly hooked into the OS. If an exploit executes on the browser, then it is a very short leap for it to execute on the OS. Second, IE has a promiscuous plug-in model that allows nasty malware to execute without enough checks or controls.
What drug was the IE design team engineers taking when they decided to to let (or at least failed to prevent) untrusted program execution? The drug is named "Market-share". They were trying to turn on as many features as possible to capture every possible market. Microsoft made an early design decision to tout features over correctness. It is a fatal defect that now is probably nearly impossible to correct.
Now that MS is re-starting IE development, they should probably do what the Mozilla team was forced to do years ago. When Mozilla first inherited NS-Navigator 4.X, they looked at it and decided to ditch most of it. They started clean with new design concepts. I think MS is going have to do the same thing. The current design of IE is fattaly flawed. It will have to be rebuilt from the ground up with a new security model.
Firefox, Mozilla and performance (Score:4, Informative)
(http://slashdot.org/ | Last Journal: Saturday February 05 2005, @03:50AM)
tough to get employers to listen (Score:5, Insightful)
(Last Journal: Tuesday April 15 2003, @11:00PM)
I've been posting news articles like this one around the workplace, but man, is it hard to get anyone to listen. If HQ won't even listen to this headquarters's own IT department, why should they listen to someone in R&D?
Bah. Anyone have any advice on this?
Re:tough to get employers to listen (Score:5, Insightful)
A fix for IE?? (Score:5, Informative)
(http://www.saintsreport.com/)
Re:A fix for IE?? (Score:4, Insightful)
Give advice to alternative browser newbies! (Score:3, Interesting)
(http://twoflower.livejournal.com/)
But a few confusion points are holding me back. Likely holding back a lot of folks who might switch, so if you know, dive in and lay down some evidence...
1. Which of the two browsers is simpler / less bulky, Mozilla, or Firebox? I don't want something slow loading, bloated with features, and overcomplicated. You know, IE.
2. Can either of them merge with Windows the way IE does? Running URLs from the Run box, for instance. I don't want to accidentally launch IE by the old methods.
3. Does Mozilla still have that stupid "download manager"? How do I turn it off? Every time I wanted to save a file that thing would pop up when I just wanted the simple windows of an IE download that go away when done.
Obviously, I am t3h n00b. But that means I'm the audience you need to sell on the idea of ditching Microsoft the most -- and I plan to pass it on to friends, coworkers, etc.
Re:Give advice to alternative browser newbies! (Score:4, Informative)
1. Which of the two browsers is simpler / less bulky, Mozilla, or Firebox?
Firefox is less bulky (about 5MB download) as it is just the browser. Mozilla also has an email/news client, chat client & HTML editor built in.
2. Can either of them merge with Windows the way IE does?
Not quite. A URL is really just a filetype determinied by the file extension (.htm, .html, etc.) In Windows, you can point those (and other) filetypes to whatever applications you want - even when you install Mozilla/Firefox, it asks to be the default browser, in which case it will open most URLs, even from the run box.
Unfortunately, Microsoft specific sites, like "Windows Update" never seem to open anything other than IE and seem to deliberately bork any other browser. Also, because IE essentiall underpins Windows Explorer, you can never really weld in a 3rd party browser as tightly as IE.
3. Does Mozilla still have that stupid "download manager"? How do I turn it off?
There is a download manager that opens a smaller window for the files you are downloading. It has been improved in Firefox, it is not obtrusive particularly and I find it more useful to have it there than to not have it there. You can set it to download each file to a directory of choice or just have it download everything to one place you specify.
Firefox is also themeable, has the Google search bar built in and a lot of pop-up blocking. It REALLY is a better browser, full stop.
Re:Give advice to alternative browser newbies! (Score:4, Informative)
1) Firefox is lighter
2) Whatever browser is set as the default is what the Run box will open. Firefox will never be as integrated as IE, but that integration is part of the problem. It is a good thing. Open Firefox from an icon and use it as just a web browser, not as a file browser, desktop viewer, whatever else IE wants to be.
3a) In Mozilla you can disable the download manager by going to Edit->Preferences. Under the Navigator section select Downloads. On the right side of the screen you can choose Download Manager, Progress Dialog, or nothing for downloads.
3b) Under Firefox (0.9.1) you can trun off the Download Manager, but the alternative is no Progress Dialog of any kind. To do this go to Edit->Preferences. Select Downloads on the left. On the right side set the download folder to whatever you want and then look at the settings for the download manager.
This is all from a Linux box, but the settings for the Windows version of Mozilla and Firefox should have identical settings.
I have never been able to use WindowsUpdate from Mozilla. Of course even if you uninstall IE from XP or 2000 all the parts of it are still there, just the icon is gone.
HTH
the_crowbar
Another recommendation ... (Score:4, Funny)
(http://www.orangeblog.info/)
In other news, DHS says Stop Using Airplanes. (Score:3, Funny)
(http://www.pan-am.ca/ | Last Journal: Sunday December 07 2003, @08:12PM)
Maybe people will choose to take charge of their own computer security like I've ranted about for years now.
But monopolies are good! (Score:3, Interesting)
(Last Journal: Tuesday September 27 2005, @05:01PM)
Oh wait...now it's all tumbling down. Who would have guessed being a monopoly and then not even following any standards but marching to the beat of your own drum would end up hurting you?
Yet...I still wonder how this will affect Microsoft. Do they even care?
don't click on links in IE (Score:5, Funny)
"The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself."
Congratulations Mozilla Team. (Score:3)
(http://slashdot.org/~GillBates0 | Last Journal: Tuesday July 10, @04:36PM)
This comment proudly posted through Firefox.
Serious for MS (Score:5, Interesting)
Re:Serious for MS (Score:5, Funny)
Rich
Keep using Internet Explorer! (Score:4, Funny)
Closed captioned for the PR impared (Score:5, Insightful)
Let's see what we have here.
- First sentance tells us that Microsoft isn't going to try to attack the credibility of CERT because that'd be unlikely to get anywhere.
- Second sentance is trying to blame "the media" for misreporting the story, but the media's working from a primary source that has a section heading called "Use a different web browser". I don't know how you're "misrepresenting" that when you take that as a suggesting to download any browser that isn't Internet Explorer which means Mozzila, Opera, Netscape or any other compeitor out there. They want CERT to take back the recomendation to just stop using IE... that's the only kind of "clarification" that's possible here.
Microsoft clearly wants a CERT retraction. But do they stand any chance at getting one?
Re:Closed captioned for the PR impared (Score:5, Informative)
(http://www.berylliumsphere.com/security_mentor | Last Journal: Wednesday January 31 2007, @09:13PM)
I don't think the media misreported that.
So here's a question... (Score:5, Funny)
2) Apple is no longer just for coddled sheep
3) Sun is dying
4) Sun is embracing linux
5) Sun is no longer embracing linux
6) SGI is dying
7) ???
8) We might be watching the beginning of the end for Microsoft. Not just in this, but the whole pile of events over the last couple of years. If Microsoft loses relevance, and market share, and withers away...
Who Is Going To Be The New Evil Empire????
I want to know who to unconditionally hate next!!
Lawsuits and whining? (Score:5, Insightful)
(http://platinumdragon.ca/ | Last Journal: Monday May 23 2005, @01:59AM)
As an alternative... imagine if DHS came out and said that a flaw in GM vehicles aided terrorists, and people should purchase Ford and Chrysler vehicles until the flaw is repaired. Do you think GM would immediately start demanding financial compensation for lost sales and market share from the federal government?
Now, extend that to MS, despite the fact that IE is, effectively, free. If the whole thing still seems unbelievable, insert Robert Heinlein's quote about corporations thinking they have an unassailable right to make a profit above all else here. I'll bet good money MS is already preparing the legal briefs for some kind of retaliation.
Now for all the badly designed web sites (Score:5, Insightful)
(http://slashdot.org/ | Last Journal: Saturday February 05 2005, @03:50AM)
Maybe pigs will fly first?
Just one note Mozilla has one big advantage over Opera and Safari for MS base corportate networks: it supports NTLM.
Ahem, Ahem (Score:5, Insightful)
(http://nutsncents.blogspot.com/ | Last Journal: Friday August 08 2003, @07:47PM)
When monopolists crush the competition, and you have one company with 95% marketshare, that company gets lazy.
It produces shitty products, slows development (compare development now with when they were trying to crush netscape), all the while making monopoly profits.
Thankfully, the GPL seriously reduces the barriers to entry, because it would be DAMN hard to get either Gecko/Mozilla or KHTML/Konqueror/Safari relicensed and 'shut-down', or integrated into the MS lineup.
Mark my words, if there was no one else but Opera, MS would think long and hard about crushing it.
Monpoly bad, folks, m-kay?
This is great (Score:3, Interesting)
My daughters actually prefer it now - citing the way that they don't get pop-up ads any more.
It's good - I think by the time Microsoft come out with a patch they'll be so used to Firefox they won't want to go back to IE.
A side effect of Pop-Up blocking (Score:5, Interesting)
(c'mon, someone else can do this better than me)
In other news.... when parasites and popups are no longer possible, what sorts of nefarious crap will the nefarious-mongers do next?
What goes around comes around... (Score:5, Insightful)
(http://www.freebsd.org/~newton/cv.html)
- mark
To help convince non-techie users... (Score:5, Informative)
(http://dmiessler.com/)
http://www.dmiessler.com/reading/ie.html
Criticism of MS unfair... (Score:5, Funny)
(http://slashdot.org/)
What's wrong with IE? Huh? News to me... (Score:3, Interesting)
(http://nojailforpot.com/)
Sorry to say, until the big 2 (Fox News / CNN) and the evening news picks this up, it's just more of the same: a bunch of techies preaching to the choir.
windows update at risk? (Score:5, Interesting)
(http://www.wordchamp.com/)
Nobody goes there anymore... It's too popular. (Score:3, Interesting)
But the thing is, now that more people are flocking to it, Firefox could become a target. The script kiddies will start looking for flaws in Firefox and attempting to exploit them. I mean, why go to the trouble of writing any type of malicious code unless you're going to impact the greatest number of users?
I'm not saying that Firefox has many, if any, known security issues (too lazy to research that right now), but if they're out there, they're sure to get exploited once it becomes attractive to do so.
I know that there are many
Thanks in advance.
Stock Homeland Security Bulletin: Duct Tape! (Score:4, Funny)
The Dept. of Homeland Security recommends that if a Web Application requires MS I.E. and you cannot use Mozilla or competitor please follow the following instructions in case of accidentally browsing the Internet with this software:
1) Cover the Computer (Tower or Desktop) with Plastic.
2) Place Duct Tape over the window on the Monitor Screen when a Pop-Up or insecure page loads. Once you have closed I.E. and ran virus checks you may contact Homeland security for permission to remove the Duct Tape and resume normal computing operations.
Advanced Security Technologies (AST) to Save Us (Score:3, Interesting)
(http://www.edholden.com/ | Last Journal: Tuesday January 20 2004, @11:15PM)
You can almost see the little TM symbol next to the Advanced Security Technologies, reassuring us that Microsoft is busily developing corporate-speak acronyms to protect our systems.
Of course my experience using and supporting products with the "improved security" underlying those acronyms is that I get nagged all the time about apparent bugs that are actually "features." Outlook Express and Outlook, for example, protect users from attachments that could be harmful by ... (drumroll) ... hiding the attachments. What moron decided that was a good idea? I guess the calls to the help desk saying "Everyone else got that attachment except me" help keep me at work, but I'm still not impressed. And my boss can't sync his Palm with Outlook without being warned that an external program is trying to access his address book. Microsoft omitted the "allow this particular program to do this and never pester me about it again" button, so I get complaints about this "feature" every couple months.
While Microsoft now tries to clean up this mess by asking CERT to "rephrase" their warning (wait a couple days - they will), I'll keep suggesting my users switch away from their products. It's been a good solution so far.
The PR Spin Cycle (Score:5, Insightful)
So the press misquoted CERT? I've read the text and almost everything I've seen is a quote, albeit summarized occasionally.
I think it's absolute comedy that when MS plays hardball, it's just business as usual, but when things swing the other way they can't stop complaining how they aren't getting a fair shake.
Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
Translation: We are currently researching ways to extort CERT into issuing a new statement saying our browser is the most secure as long as you don't use the default settings we chose for you. Fact: IE is the most secure browser when completely blocked by a firewall.
Cool, just after a PHB here (Score:5, Interesting)
(http://cafepress.com/phototravel?pid=5934485)
I objected and got called "Ayatollah of web-compliance" :-)
Mozilla is vulnerable too (Score:5, Informative)
(Last Journal: Monday March 21 2005, @03:37PM)
Did anyone RTFM from the Yahoo link. It says at the very bottom that Mozilla is vulnerable too. I use Mozilla myself but it appears that the real culpret is ActiveX which you can install on Mozilla [mozdev.org]. I don't think this plug in will work on platforms other than windows so it's really a platform issue.
Re:Mozilla is vulnerable too (Score:5, Informative)
Uh, it is reported that the trojan only automatically installs itself with IE. For other browsers, you have to download and run a GIF image that is disgused as an EXE with the infamouse double-extension social engineering trick.
Did you read the page you linked to?
link to the US-CERT announcement (Score:5, Informative)
(Last Journal: Friday April 30 2004, @11:03AM)
As if people listen to DHS... (Score:3, Interesting)
I'm sure the spike in downloads has absolutely nothing to do with the recent release of new versions of Firefox & Thunderbird [slashdot.org]...
Re:Stupid Question: Why Scripting, ActiveX, Java? (Score:4, Informative)
(http://www.garbett.org/)
Yes there is good reasons to have Java/ActiveX on a web page. E.g. on an internal private network, where you have trusted users and want things like signature pads uploading signatures to a database. Or how about on a public network, there is a wonderful tool to trace a route with a cool picture of the globe (but this is done without violating network security).
With Java you have to actively accept the dismantling of security, if someone clicks yes to trusting an unknown source then they will get an ugly lesson in trusted computing. With ActiveX it comes out of the box with no security and one has to actively enable security. Given the majority of home users are never going to do this, and the majority are using Windows, a massive ripe resource for worms/viruses/spammers exist. Active X suffers from fundamental security flaws, and is going to cost Microsoft a lot to fix the damage to reputation and loss of customers.
Folks, don't get too exited (Score:3, Insightful)
Sooner or later MS will provide some kind of fix for the security holes. Then there will be a version of IE coming which has tabbed browsing and all the other niceties in Firefox and Opera. That new IE will enter the desktop conveniently through Windows Update. That day people will be happy that IE is safe and they will go back to using it. Just because they are used to it and they do not need to bother finding and installing some other strange program.
Today Firefox and Opera are attractive because they offer better features and improved security over IE. What makes us believe it will always be like that? And are features and security good enough to battle the desktop monopoly?
Time to uninstall IE! (Score:3, Funny)
And since this is the almighty Homeland Security, this means that all government agencies should now panic and try to uninstall IE from all of their computers. (Oops, where is that elusive uninstall option? No, not that one, all it does is delete the icon.)
I guess that also means that anybody who has a site that only works in IE is a terrorist!
In related news ... (Score:5, Funny)
(http://operagost.com/ | Last Journal: Monday May 01 2006, @12:08PM)
Achance for improving the security of Mozilla, too (Score:3, Insightful)
Govt. sites (Score:4, Insightful)
(http://www.austinvisualization.com/)
Incorrect Wired conclusion? (Score:4, Interesting)
I hate to ask, but didn't the CERT recommendation happen right around the same time as release of 0.9.1?
Without sources I can't refute or support the Wired's article, but it provides no support of it's conclusion itself...
CERT gave the warning nearly a month ago (Score:5, Informative)
The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.
CERT gave the warning on June 10 [cert.org]. BBC reported this on June 14 [bbc.co.uk].
apt-get remove internet_explorer (Score:3, Funny)
Migration. (Score:3, Interesting)
(http://www.synthetic.org/)
The Firefox move was painless, and I'm not missing IE.
Whoever decided to skip any sort of wizard to migrate Mozilla mail to Thunderbird has made a mistake. That was *not* painless, and the average user is going to balk at editing text files.
Reality Check (Score:4, Interesting)
Re:Reality Check (Score:5, Interesting)
(http://slashdot.org/)
Huh? I find it's really easy to make people switch.. the conversation goes something like this:
Them: "Why is my computer running so slow? And Why do I have all these popups when I'm not doing anything?"
Me: "Your system is infected with malware.. I will clean it"
[an hour or so passes as Spybot and Adaware do their thing, and I do my thing with Toolbarcop]
Them: "How do I keep this from happening again?"
Me: "Internet Explorer is not secure. If you use it, this WILL happen again, and there is nothing you can do about it. Oh, and Russian Hackers will steal your passwords and credit cards. The only thing you can do is switch browsers to this new one called Firefox."
Them: "What does it look like? Does it have a googlebar? Will my popup blocker still work?"
Me: "Looks pretty much the same as IE, except Favorites are called Bookmarks."
Them: "Bookmarks! I remember those from Netscape"
Me: "You'll feel right at home then. Google search and pop-up blocker are built into the browser"
Them: "Sign me up!"
[I set IE to high security, add windowsupdate to trusted sites, and install Firefox making it default browser. Remove all IE icons, put Firefox icons in their place.]
I've converted 5 people in the last week.
I have 1 suggestions for the firefox people: Bundle (or at least provide an installation page that opens when you first run the browser with links to install) Flash, Shockwave, and Java.. With those 3 things installed, there is no reason to open IE again.
In Other News... (Score:3, Insightful)
Browser Plug-in Standard [slashdot.org]
I'm sorry, but "rich" web content basically equates to "insecure" from what I can tell. The more dynamic and powerful you make downloaded code, the harder it is to keep it in check.
Save the "rich" content for some separate application-oriented protocol and leave it out of HTML. That way I can download and run some sort of OS-independent application (the goal) from a trusted site when I need to, and don't have to worry about Joe-random web site abusing it. Surfing the web and running some site-specific application are two distinct tasks with quite different security requirements. I wish folks would stop mixing them, as the problems caused are only going to get worse IMHO.
The beginning of the end? (Score:3, Insightful)
(http://www.mysterystudio.com/)
The next step could be a Windows desktop, but with Firefox, Thunderbird, OpenOffice, and all free/open software with Linux counterparts... once they get used to all that software, the final switch to Linux is seamless.
Possibly a repeat, but very funny (Score:3, Interesting)
Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
"Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
My jaw just dropped open. How are the reports misrepresenting CERT's statements? Get a new web browser can mean only one thing - GET A NEW FRICKIN' WEB BROWSER! How could that possibly be "misrepresented"?
It's basic english - we use it every day! Are you honestly working with computers while not knowing ordinary conversational language? Perhaps we need to tell Microsoft what the definition of IS is.
But in my mind I can see a Microsoft lackey going - "No, no, no, what the really meant was get a new blouse. Um, CERT doesn't like turquoise tops.... uh, yeah that's what they meant."
I don't know what's more pathetic - the fact that Microsoft is trying to accuse others of misrespresenting them, or the fact that many people will believe them and just stick with IE.
Ugh it just disgusts me how blatant and open they are about their lies and coverups. It makes me feel dirty just to see the little IE icon up on slashdot now.
But I'll tell you one thing - people who work for Microsoft certainly must be gearing up for very successful careers in politics.
Here's a fun rule for your server... (Score:4, Funny)
(http://www.garbett.org/)
<IfModule mod_rewrite.c>
RedirectMatch permanent (.*)cmd.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)root.exe(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_vti_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/scripts\/\.\.(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/_mem_bin\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/msadc\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/MSADC\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/c\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/d\/winnt\/(.*)$ http://www.microsoft.com
RedirectMatch permanent (.*)\/x90\/(.*)$ http://www.microsoft.com
</IfModule>
Kerry using flaw to gain "donations" (Score:3, Insightful)
This must by how John Kerry raised over $3 million on Wed. They're obviously using stolen credit card numbers harvested with the help of I.E.
<\tinfoilhat>
http://www.nytimes.com/2004/07/02/politics/campai
Big question (Score:3, Insightful)
(http://www.gemstate.net/friends | Last Journal: Tuesday September 11, @10:32AM)
If Microsoft continues to claim that they can not remove IE from Windows will the US goverment start removing Windows from there computers and replace it with Mac OS/X and or Linux?
Since they Include IIs in this what does it mean server 2003 and Longhorn?
Remember people that write websites that only work in IE are terrorists.
Isn't this the same people.... (Score:3, Insightful)
(Last Journal: Sunday June 19 2005, @01:43PM)
Dear Homeland Security,
Compare and contrast:
(1) Your ass
(2) A hole in the ground.
How to disable IE (Score:3, Informative)
(http://www.hatters.org.uk/ | Last Journal: Tuesday July 29 2003, @03:19PM)
@echo off
C:
cd "\Program Files\Internet Explorer"
if not exist IEXPLORE.EXE goto End
if exist IEXPLORE.EX_ del IEXPLORE.EX_
if not exist IEXPLORE.DIR md IEXPLORE.DIR
if not exist IEXPLORE.DIR goto End
attrib -r -h -s IEXPLORE.EXE
ren IEXPLORE.EXE IEXPLORE.EX_
if exist IEXPLORE.EXE goto End
ren IEXPLORE.DIR IEXPLORE.EXE
echo IE disabled.
echo If prompted, click "Cancel" then "Yes" on File Protection restore.
echo Run enable-ie.bat to allow IE to run again.
It still runs if you put a URL into a window bar though, but if your alternative browser is the default browser then it'll launch for everything else.
To re-enable Bill's little helper:
@echo off
C:
cd "\Program Files\Internet Explorer"
if not exist IEXPLORE.EX_ goto End
if not exist IEXPLORE.EXE goto Activate
attrib -r -h -s IEXPLORE.EXE
rd IEXPLORE.EXE
if exist IEXPLORE.EXE del IEXPLORE.EXE
ren IEXPLORE.EX_ IEXPLORE.EXE
echo IE enabled.
Informative IE Links - IE Bashing Extraordinaire (Score:5, Interesting)
This browser warning [zesiger.com] page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:
Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website [com.com], and could have a large number of problems [microsoft.com] that allow hackers to hijack it [pcworld.com] with viruses [microsoft.com]. These viruses could be used by criminals to secretly take over your computer [cnn.com], download child-pornography [theage.com.au], or to commit acts of terrorism [channelnewsasia.com] and fraud [guardian.co.uk]. You may automatically update it now [microsoft.com] with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available [techweb.com] due to Microsoft's somewhat sluggish development schedule [ecommercetimes.com].
The US Department of Homeland Security [yahoo.com] strongly suggests [wired.com] that you stop using Internet Explorer immediately.
There are several standards-compliant [webstandards.org] web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.
If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners [wilders.org] that are available.
From the Yahoo! News article... (Score:3, Funny)
(http://alanevans.org/)
I'm pretty sure *most* browsers invoke some kind of HTML rendering engine. Yes, even Mozilla.
I.E. Active X object, not just any HTML renderer (Score:4, Informative)
(http://127.0.0.1/ | Last Journal: Saturday August 14 2004, @11:21AM)
More often this is used in applications like AOL (IE is the default browser in AOL), where they use this ActiveX component to display web content. I think AOL uses their own e-mail system, however. You can also see this in the Real Player application, again if they are going to display web content instead of playing music or an audio/video clip. (Try this if you have Real Player.) Other application also use this, in things like About boxes or even a cool splash screen when you start an application. Sometimes they even do full TCP/IP http requests for content, including machine-specific data. A good security hole if I ever heard of one, and a cheap and easy spy app as well.
Mozilla does not use the I.E. rendering engine... they have their very own, so they don't need it. A while back it was a common task for CS instructors to assign students to make their own HTML rendering engine. I wrote one myself just to see if it could be done. Not a beginner task, but still something well within the capabilities of any recent CS college graduate (if they actually taught you anything).
Re:Who cares about security, (Score:3, Informative)
(Last Journal: Monday July 12 2004, @04:07PM)
Re:Let's turn this around, shall we (Score:5, Insightful)
(http://www.visi.com/~bsimon/)
How to get plugins to work (Score:3, Informative)
(http://notmyopinion.blogspot.com/)
This has information on plugins like: Adobe Reader, Java Plugin, Macromedia Flash Player, Macromedia Shockwave Player, QuickTime, RealPlayer 10, Windows Media Player, etc.
Re:Let's turn this around, shall we (Score:4, Informative)
(http://f1-facts.com/)
Open Source software can be (and often is) of better quality, especially when it comes to security.
The only "security issues", I've heard about Mozilla were about reading files or crashing - and those were instantly fixed. IE is so flushed with real grave security holes (like "take over computer") that crashing or reading files isn't even worth reporting, never mind fixing.
Microsoft usually does nothing unless there is an exploit - then maybe they do something - or (like with IE lately) they still don't do anything unless the exploit is used by a lot of people.