Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

BBC says "Avoid Explorer" 569

twitter writes "Citing security flaws that lead to ads and spys on Microsoft infested computers the BBC in this article recomends avoiding Internet Explorer." Ain't it the truth? Mostly its about adware & spyware and other wretched bits of software that make the internet suck a little more each day.
This discussion has been archived. No new comments can be posted.

BBC says "Avoid Explorer"

Comments Filter:
  • I use (Score:3, Informative)

    by yatest5 ( 455123 ) on Tuesday November 26, 2002 @07:42AM (#4757837) Homepage
    Phoenix [mozilla.org] and it fookin rocks.
    • Re:I use (Score:3, Interesting)

      by Zapper ( 68283 )
      I've been using Opera6/Linux.
      It's pretty good, fast, some nice features and who knows I might even pony up some dollars to remove the ads. I've got a slow PC, so it really shows up renering speed. Mozilla really sucked. Might have to give Pheonix a go when I can be bothered with the d/load.
    • by doodleboy ( 263186 ) on Tuesday November 26, 2002 @09:03AM (#4758278)
      I'm using mozilla [mozilla.org] with the internet explorer [mozdev.org] skin. It works great, though there's a little hack [hypermart.net] you have to do to get the home button back into the main toolbar.

      Mozilla is a better browser than i.e. in a lot of ways (tabs, standards compliance, etc.), but the big one for me is that i.e. is essentially an ad delivery systerm. So there's not much we can do to selectively block cookies, or graphics from specific servers, or pop-ups, etc. And I don't like the prospect of being at the mercy of unscrupulous companies who wish to make changes without my knowledge or consent. (Actually, what I'd really like is a way to get rid of i.e. entirely [litepc.com] on w2k/xp.)

      That explains mozilla, but why the i.e. skin? Well, the default mozilla skins are not exactly beautiful. And my wife is highly resistant to change of any kind when it comes to her computer, and with the i.e. skin I was able to switch her w2k machine to mozilla without even a word of protest. Of course, at this point she's so used to tabbed browsing and the pop-up blocker that she wouldn't switch back anyway. And me, I don't have to worry about some exploit using i.e. to take her computer down.

      Actually, I even use the i.e. skin on my linux box. Just for the perverse fun of it, I guess. I also have a nice wallpaper from w2k of a diver against a blue sky. It's very spiffy, though naturally I GIMPed out the little windows logo first :-).
  • Explorer? (Score:4, Funny)

    by muyuubyou ( 621373 ) on Tuesday November 26, 2002 @07:44AM (#4757840)
    They should recommend avoiding Windows if their problem is security.

    BTW, being Explorer unseparable from Windows, avoiding Explorer is avoiding Windows. Am I right, Bill?
    • Why? (Score:3, Funny)

      by 91degrees ( 207121 )
      Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?

      And as far as IIS goes, Apache hasn't had a spotless security record.
      • Re:Why? (Score:5, Insightful)

        by lhdentra ( 111259 ) <leo@lwh.jp> on Tuesday November 26, 2002 @08:10AM (#4757944) Homepage
        Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?

        The unknown issues.

        • Re:Why? (Score:5, Informative)

          by RAMMS+EIN ( 578166 ) on Tuesday November 26, 2002 @08:37AM (#4758094) Homepage Journal
          ``Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?

          The unknown issues.''
          While obviously true, it doesn't really help to talk about unknown issues when assessing the security of a system. It's a safe bet that there are unknown issues with any piece of software, especially a complex one. The argument that closed-source software isn't open to as much peer review as is open-source software doesn't really hold ground. It's perfectly possible for closed-source software to be more extensively audited than an open-source alternative.

          What does make Windows insecure is it's single-user nature. Even the NT-based systems running on many desktops these days, while technically capable of using a good security model, are often run in single-user mode, meaning that if that user's account is broken into, there are virtually no restrictions on what harm (or good?) can be done.

          Many software from the Big Satan of Redmond suffers from inherently insecure design. Windows (not NT)'s single-user nature, weak protection of address spaces (know those little programs that can be used to read other program's text fields, indeed even password fields?), a web browser that doubles as a full-access file manager with the ability to run programs, a mail client that can and will automagically open (or even run) attachments, a scripting language so powerful that a component as central the registry can be modified with it that can be used in officially non-executable things as office documents and webpages, the list goes on. This is something MicroSoft can be blamed for, should be blamed for, and should be ashamed of. This is what makes a system with pretty much any MicroSoft software on it insecure. And the best thing is that others are trying hard to copy some of these `features'.
          • Re:Why? (Score:5, Insightful)

            by ishark ( 245915 ) on Tuesday November 26, 2002 @09:22AM (#4758363)
            While obviously true, it doesn't really help to talk about unknown issues when assessing the security of a system. It's a safe bet that there are unknown issues with any piece of software, especially a complex one. The argument that closed-source software isn't open to as much peer review as is open-source software doesn't really hold ground. It's perfectly possible for closed-source software to be more extensively audited than an open-source alternative.

            The minor difference that you fail to mention is that for open source the possible ways to assess the security are two: 1) rely on the quality of the auditing and testing from the creator or other third party 2) test and audit the code yourself or by a contracted (by you) party. For closed source you only have 1 and so you have to trust the creator & his friends. Now, a lot of people is very good at producing secure software and as you say it's perfectly possible for closed-source to be more extensively tested and audited, but what Microsoft has shown up to now is a complete disregard of the problem. So, the "unknown issues" cannot be dismissed that easily. If we talk about Swiss cheese, you'll agree with me that there are lots of holes, even without looking at the piece I have in my mouth :)

            (for the single-user thing: Apple has done a better job in much less time with OSX)
            • Re:Why? (Score:4, Informative)

              by kalidasa ( 577403 ) on Tuesday November 26, 2002 @11:15AM (#4759308) Journal
              One issue: Universal PNP
              Another one: Windows Messenging Service (not MSN Messenger, but the alerter) lets anyone put a popup on your computer if they have the IP address or DN. Just lovely. This is a security issue because the popup can be used as part of a social engineering attack.
              The list goes on and on.
            • not true (Score:4, Insightful)

              by lseltzer ( 311306 ) on Tuesday November 26, 2002 @11:39AM (#4759496)
              Lots of people have access to the Windows source code, albeit under non-disclosure. See the various licenses at http://www.microsoft.com/licensing/sharedsource/
          • Re:Why? (Score:3, Insightful)

            by Shalda ( 560388 )
            What really amazes me is all the intelligent people who overlook the fact that if people started moving in large numbers to other platforms (Mozilla, Linux, Mac, BeOS) that a new hoarde of crappy insecure programs wouldn't spring up overnight. Are the makers of adware, spyware, and viruses going to say, "Well, looks like the market has shifted away from IE and Windows, I guess I'll have to take up golf instead"? I think not.

            You're really only relatively safe and secure as long as you're in the minority. Security through obscurity.
          • Re:Why? (Score:3, Insightful)

            by doodleboy ( 263186 )
            It's perfectly possible for closed-source software to be more extensively audited than an open-source alternative.
            Possible, yes. Likely, no. And anyway, the issue of peer review is a canard. I'm sure you will agree that the real issue is how secure programs are in actual use.

            In actual use, Microsoft has a long history of sitting on serious security bugs, or using their PR department to deal with them, or attacking the people who report bugs. When you have a long tradition of being the least secure operating system in wide use, then imho yes you can reliably extrapolate as to the likely security of their future products. Which is to say, very poor.

            But yes, I do agree with you that the pervasive use of single user mode in Windows is very bad, especially considering the deep integration of i.e. Deep integration is an effective strategy from an anti-trust fighting perspective, but auto-executing all these activex controls and mime attachments is a disaster for ordinary computer users. I do not think windows will ever be secure until they completely redesign it with a more unix-like philosophy of least privelege.

            But single user mode can be avoided if you are aware of the dangers. More serious are design decisions that we can't change. Sticking the graphics layer in ring 0 is another fatal flaw, since now buggy video drivers can now crash the os. Not what you want in a supposedly stable and secure server.
          • Re:Why? (Score:4, Insightful)

            by cscx ( 541332 ) on Tuesday November 26, 2002 @10:26AM (#4758883) Homepage
            a web browser that doubles as a full-access file manager with the ability to run programs

            Like Konqueror and Eazel's Nautilus?

            a mail client that can and will automagically open (or even run) attachments

            This was true in, like, 1999. Outlook doesn't do this anymore.

            a scripting language so powerful that a component as central the registry can be modified with it that can be used in officially non-executable things as office documents and webpages

            So you're saying you can't modify something in /etc using something such as Perl? There is an analog to everything you state.

            This is what makes a system with pretty much any MicroSoft software on it insecure.

            What falls prey to all these worms, et al that are going around are the people that are still running Windows 98 first edition with Outlook Express 4 that never bother to upgrade anything. All it takes is something as simple as going to Windows Update to fix all this. Then Microsoft comes along and tries to remedy this problem with the Automatic Updates feature to try and remove the middleman (read: uninformed/apathetic user) and what response does that receive from the Slashdot community? "No! Kill the bastards! They're spies! Seize them!"

            There's no winning.
          • The problem with Windows isn't single-user mode, it's the fact that it's vastly over-spec'd and everything is on by default.

            If e-mail readers just read text messages and let you write them back, and web browsers just displayed HTML instead of automagically downloading and installing stuff, and you didn't default to running with any TCP/IP port you like available, and so on, then any single-user OS could still be secure.

            The problem is the way power has spread without adequate control. They invented ActiveX, based it around a non-secure model, and then let web browsers use it, instead of just rendering HTML. Then they made the e-mail client accept HTML mails, using the same rendering engine, so now someone just has to send you a mail, rather than you actively visiting a site. They gave the e-mail client a preview pane, and switched it on by default, so now the software has a chance to do its damage not only if I actively do something like visit a particular web site, but even if I fail to actively switch it off.

            The same story happens all over the place in Windows, and is behind nearly major security cock-up out of Redmond in the last several years. You'd think they'd have learned, but then they'd have had to unbundle IE.

        • unix and windows (Score:3, Insightful)

          by ciryon ( 218518 )
          Unix have firewalls to prevent programs getting into the system.

          Windows have firewalls to prevent programs getting out of the system.

          Ciryon
      • Re:Why? (Score:5, Insightful)

        by frozenray ( 308282 ) on Tuesday November 26, 2002 @08:36AM (#4758088)
        ok, I'll bite.

        > Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?

        The "known issues" are numerous and quite serious, and just thinking about what might be lurking in the depths of Windows & Co. makes me feel queasy. The Microsoft empire was built on stacking new features on existing code, with little or no regard to security issues, and it shows. Judging from their mid- to long-term solution (Palladium), they have all but given up on ever delivering an acceptably secure implementation based on their current designs (not that I think for a second that Palladium will be significantly more secure, mind you).

        > And as far as IIS goes, Apache hasn't had a spotless security record.

        This is true, but unfortunately doesn't make your argument valid. It's a well known logical fallacy ("Ad Hominem / Tu Quoque" [nizkor.org]). Basically it's like saying "OK, I stole the cookies from the kitchen jar, but so did my brother last week!" - true, but irrelevant, and it won't deter your mother from giving you a good whack.
      • Re:Why? (Score:4, Funny)

        by pubjames ( 468013 ) on Tuesday November 26, 2002 @08:51AM (#4758188)
        Apart from the known issues with IE, outlook, and IIS, what is insecure in Windows?

        When I first read this, I assumed it was a joke, along the lines of "What did the Romans ever do for us?" in Monty Python's "The Life of Brian". But looks like everyone is taking it seriously so I must be wrong.
        • Re:Why? (Score:5, Funny)

          by pubjames ( 468013 ) on Tuesday November 26, 2002 @11:49AM (#4759608)
          Well, seeing as this has been modded up to +5 funny, I guess I should take the plunge:

          Reg; People are always complaining about the security in windows, but come on, Windows is great. All my friends use it!
          Loretta; Yes, and my friends friends.
          Reg: Yeah.
          Loretta: And my friends friends friends.
          Reg: Yeah, all right. Don't labor the point. And tell me, what is insecure in Windows?
          Rebel2: Outlook?
          Reg: What?
          Rebel2: Microsoft Outlook.
          Reg: Oh yeah, yeah. That's insecure. That's true, yeah.
          Rebel3: And Internet Explorer.
          Loretta: Oh yeah, Internet Explorer, Reg. Remember all the security holes that's had?
          Reg: Yeah, all right, I'll grant you Outlook and Internet Explorer are two things are insecure...
          Mathias: And IIS.
          Reg: Well, yeah. Obviously IIS, I mean IIS goes without saying, doesn't it? But apart from the Outlook, Internet Explorer, and IIS...
          Rebel4: Word Macros.
          Rebel2: Passport.
          Rebel5: Hotmail.
          Reg: Yeah, yeah, all right. Fair enough...
          Rebel1: And Active-X.
          Rebels: Oh, yeah
          Francis: Yeah. Yeah, That's a really bad one isn't it? Active-X.
          Rebel6: The Windows kernel itself.
          Loretta: Yes, remember when they found that NSA key Reg?
          Francis: Yeah, well, that's certainly a bit worrying, isn't it?
          Everyone: Huhuhuh. Huhuhuhuhuh.
          Reg: All right. But apart from the Outlook, Internet Explorer, IIS, Word Macros, Passport, Hotmail, Active-X and the Windows kernel itself, what is insecure in Windows?
          Rebel2: SQL server?
          Reg: Oh, fuck off.
    • BTW, being Explorer unseparable from Windows, avoiding Explorer is avoiding Windows. Am I right, Bill?

      Absolutely! Stay tuned to see. Video at 11! [snicker]

      Love,
      Bill
    • >They should recommend avoiding Windows if their problem is security.

      I know we're really talking about desktops here, but in the past the BBC have certainly run their news site on Linux. Check Netcraft [netcraft.com]

      The only fly in the ointment is that they persist in using Real Audio for any audio content they serve (and I've mailed them more than once when they ask for comments about this). They trialled OGG last year, I don't know what became of that.

      Matt
      • Re:Explorer? (Score:5, Informative)

        by henley ( 29988 ) on Tuesday November 26, 2002 @08:33AM (#4758067) Homepage
        They trialled OGG last year, I don't know what became of that.

        The internal copyright to do so expired, ending the trial.

        Then in September, they sorted this out. Ogg streaming is due to re-start, Real Soon Now(tm). As it has been since September... See Here [bbc.co.uk] for more details....

      • Re:Explorer? (Score:3, Informative)

        by AndrewRUK ( 543993 )
        See this page [bbc.co.uk] for info about the Beeb's ogg streaming. I looks like they stream a few programmes regularly, here's hoping they can get more available (so that you non-Brits can experiance Radio 4 [bbc.co.uk] :-)
  • But the adware supporters are hitting back. Some programs, such as Radlight's DivX movie player, actually un-install anti-adware devices.

    Isnt unauthorised uninstalling just as bad as unauthorised installation of spyware?!
    • Dur, yes. If you read the sentence again, you'll understand. These programs uninstall _anti_-adware devices. These are the same types of program installing adware devices. No Mr Pot. Just lots of kettles.
  • It would be one step in the right direction...
    Still too many webdesigners want to make sites that look flashy and work only in Explorer...

    They never figured out they can make the same stuff work in many browsers if they would only try and learn something about web design itself instead of designer tools...

    So till that's solved a lot of people will use Explorer because their favorite site is badly designed.
    • by Anonymous Coward
      Considering the BBCs site doesn't or didn't display right in Netscape how can they recommend avoiding IE?

      I forget how many times I've complained about that.
      • by FyRE666 ( 263011 ) on Tuesday November 26, 2002 @09:01AM (#4758253) Homepage
        Considering the BBCs site doesn't or didn't display right in Netscape how can they recommend avoiding IE?

        If you're using NS4 then personally I believe you should expect problems. I'm all for cross-browser compliance, but there really is no reason to be using a 5-6 year old browser with substandard (to put it mildly) CSS support.

        I design for standards compliant browsers, NS4 is not, therefore visitors who insist upon using this take their chances. Even Redhat have removed it now, which is a good thing - if only Netscape would remove the download link...
    • by pubjames ( 468013 ) on Tuesday November 26, 2002 @08:54AM (#4758209)
      Still too many webdesigners want to make sites that look flashy and work only in Explorer...

      I know a lot of people say this, but is it actually true. I use both Mozilla and IE and very rarely notice any differences.
  • by Max Romantschuk ( 132276 ) <max@romantschuk.fi> on Tuesday November 26, 2002 @07:47AM (#4757850) Homepage
    Working as a web developer I know that getting users to update their browsers is hard, let alone switch browser alltogether...

    Unfortunately I doubt the problem as a whole can be solved by switching browsers. Rather I'd see stricter legislation tackle privacy issues.
    • by Sacarino ( 619753 ) on Tuesday November 26, 2002 @08:01AM (#4757912) Homepage
      Requesting that a user update their browser merely to view your site is bad coding.

      A pet peeve of mine is when a site says you need to be in a certain resolution to use their site.

      What happened to designing your site for the widest possible group of users?
  • its a known fact (Score:3, Insightful)

    by katalyst ( 618126 ) on Tuesday November 26, 2002 @07:47AM (#4757851) Homepage
    its a known fact. They're also trying to do with the customer's knowledge with messenger version 5. hell.. users are calling it a "downgrade". when is microsoft gonna learn that its all about empowering the user... not crippling him i don't say their products aren't good.. after all u can;t survive with 100% marketing, 0% product. what are they gonna lose if they declare Internet Explorer as an open source project? They aren't selling it as a seperate product anyways
    • what are they gonna lose if they declare Internet Explorer as an open source project?

      Joe Sixpack's belief that Microsoft are the only company on Earth that makes good software, and informing them that open source even exists.

      ------
      hey joe give it a go [wallpaperscoverings.com]

  • Ain't it the truth? (Score:5, Informative)

    by Zelatrix ( 18990 ) on Tuesday November 26, 2002 @07:47AM (#4757854)
    Well, no it isn't actually. The BBC is reporting what Mr Clover said. Not at all the same thing as "the BBC recommends".

    Sigh.
    • by IRNI ( 5906 ) <irni@@@irni...net> on Tuesday November 26, 2002 @08:09AM (#4757941) Homepage
      i was about to say the same thing... slashdot is getting a bit rediculous in the last few days. What with posting stories about strange quarks 3 times a day, putting BeOS stuff in the BSD section and now they are not even reading the things they link to. They must be using the blind monkey method of approving stories lately.
    • by twitter ( 104583 ) on Tuesday November 26, 2002 @09:10AM (#4758308) Homepage Journal
      The BBC is reporting what Mr Clover said. Not at all the same thing as "the BBC recommends".

      Hmmm, that's an expert opinion and it was strong. The author, Mark Ward, quoted Mr. Clover as a computer expert, someone who knows what they are talking about. The overall opinion was that Windoze was an easy to take over piece of junk and IE should be avoided. Note the lack of comforting words from M$ shills and other whores who would simply blame the user. The article concludes:

      Fears about adware and spyware are not just for privacy fetishists and cyber-libertarians. Much of this surreptitious software is badly written and can crash your computer, others simply slow down your machine and make web use a chore. But the real danger is the fact that many of the loopholes in Windows that these programs exploit are being increasingly used by virus writers. If you do nothing to close these holes then one day you may lose much more than information about your online habits.

      Can there be a stronger general denunciation than that? It ammounts to, "keep using this slow painful junk with and you will lose your work." That's an amazing article to see in the mainstream press.

  • How about (Score:3, Insightful)

    by gTsiros ( 205624 ) on Tuesday November 26, 2002 @07:48AM (#4757861)
    instead of abandoning IE, which is a decent web browser, be careful (not paranoid, but like anyone who's been on /. for more than ...5 minutes won't click on a goatse.cx link) about where you actually browse.

    • Re:How about (Score:5, Insightful)

      by Space Coyote ( 413320 ) on Tuesday November 26, 2002 @07:55AM (#4757888) Homepage
      instead of abandoning IE, which is a decent web browser, be careful (not paranoid, but like anyone who's been on /. for more than ...5 minutes won't click on a goatse.cx link) about where you actually browse.

      Because downloading Phoenix takes all of five minute, and you've then got happy pop-up free browsing for as long as you want? Rather than, as you say, being 'careful about where you browse'. Shouldn't a browser be your friend, not your adversary?
    • keep up to date with patches (easy with Windows) and run up to date antivirus software and you're almost certainly safe. Any decent personal firewall will also stop spyware too.
    • Re:How about (Score:4, Insightful)

      by archeopterix ( 594938 ) on Tuesday November 26, 2002 @08:10AM (#4757945) Journal
      instead of abandoning IE, which is a decent web browser, be careful (not paranoid, but like anyone who's been on /. for more than ...5 minutes won't click on a goatse.cx link) about where you actually browse.
      Yeah right, my browser is buggy, therefore I should limit the way I use it, preferably to pages created by me (notepad.exe is the best) and stored safely on local disk of my computer that is disconnected from the network. Any other bright ideas?
    • Re:How about (Score:4, Interesting)

      by DrXym ( 126579 ) on Tuesday November 26, 2002 @08:10AM (#4757947)
      How can you be careful of where you browse if you've never visited a site before? And even if you have, who's to say that it doesn't run IIS and thanks to the latest MDAC problem or some other vulnerability that it hasn't been hacked and is infecting all its visitors?


      Since hackers tend to go after the biggest fish, perhaps a better strategy (applied with other common sense measures), is to protect yourself by going heterogeneous. Pick a perfectly fine alternative browser such as Mozilla, run on a Mac or Linux and throw in a couple of other variables that automated exploits won't work for. It doesn't make you immune from attack but it certainly saves you from the latest exploit du jour. If you think you're safe sticking with IE, you should try taking the Anonymizer.com Snoop Test [anonymizer.com].


      The same strategy applies for email. I reckon I get a macro / mime exploit virus in my inbox once a week, but thanks to the simple fact that I don't even run Outlook, I get a level of built-in protection reaching which so far has been 100%. Moz Mail still has vulnerabilities (every software does), but since it takes security seriously to begin with and is a much smaller target, it is considerably safer (and dare I say better and more usable) than Outlook. Using Outlook or IE is like waving a red flag to a bull.


      I wonder how many people Santa will turn into unwitting victims this Christmas when they get a brand new PC with Outlook and IE installed on it.

      • IE tested (Score:4, Interesting)

        by Mr_Silver ( 213637 ) on Tuesday November 26, 2002 @10:14AM (#4758788)
        If you think you're safe sticking with IE, you should try taking the Anonymizer.com Snoop Test [anonymizer.com].

        I did. With IE. Here is what happened:

        1. Your IP address

        It picked up my IP address. Fair enough. I'm not running through an anonymous proxy.

        2. Hidden tracking files (cookies)

        It couldn't list any of my cookies.

        3. Exposed Clipboard

        This was a little scary. It picked up what was in my clipboard and displayed it.

        4. Hack and Exploit Vulnerability

        Sophos immediately popped up a message telling me it had detected 'Troj/Codebase-A' in my temporary internet files. A window appeared with some HTML telling me that file:///c:/winnt/win.ini had moved. But nothing else.

        I couldn't open the click here links, the links below that didn't work and MSN wasn't giving out my contacts.

        5. Browser and Operating System

        Big deal. It got them from the HTTP_USERAGENT. I'm not totally paranoid - I don't mind people knowing what browser I use.

        6. Geographical location

        Middlesex, England, GBR. Well, 2 out of 3 isn't bad but not exactly something to get worried about. Wonder why it thought Middlesex though?

        7. Your network

        This took the piss. It's just a traceroute from them to the IP address that they determined in the first test. It's not much of a big deal.

        I run Internet Explorer 5.50.4919.2200. Sure, I don't doubt that IE has it's problems [greymagic.com] - but the stuff that Anonymiser is shreaking about is generally not that big a deal and flagged only so they can sell their products.

        (mind you the clipboard one was a little spooky)

    • It is? (Score:3, Informative)

      by Lethyos ( 408045 )
      Oh boy, the MS FUD team is working hard this morning. It is not a decent web browser. The only reason most people use it is because of Microsoft's absuse of monopoly power. IE is a rather poor browser, for many reasons including the fact that it doesn't really browse the web. It is primary geared towards mark-up that Microsoft created without public review on the process. Therefore, not Web. As for people who want to browse the Web, they should get a browser that adheres to Web standards. You'll find Opera and Mozilla to be excellent choices on virtually any platform.

      Aside from that, IE is chock full of rendering errors on even simple elements, has very poor JavaScript, comes bundled with 8-year-old Java technology, is loaded with security holes, has nothing by the way of tabbed browsing, no built-in pop-up blocking, a horrid caching mechanism, slow as hell and hogs memory, ... ...
  • by Anonymous Coward on Tuesday November 26, 2002 @07:50AM (#4757865)
    Subject says it all. Get it here [lavasoftusa.com].
  • Wasnt there a story about the bbc website using spyware to see what you were looking at on slashdot recently.

    epicstruggle
  • by cordsie ( 565171 ) on Tuesday November 26, 2002 @07:50AM (#4757871)
    Microsoft has just released a patch for all of the issues outlined in the article. From the readme:

    "Avoid the BBC"

  • by Mattygfunk1 ( 596840 ) on Tuesday November 26, 2002 @07:52AM (#4757876)
    Mostly its about adware & spyware and other wretched bits of software that make the internet suck a little more each day.

    Rubbish. The Internet is getting better everyday. Pop-ups are becoming less common (especially using Moz), businesses are using better business models and delivering things on time, email filters are working more effectively, and the world is speeding towards most home users having broadband (and therefore more sites providing more content).

    Life is good as a netizen.

    --------
    where is the beef? its mouldy at the bottom of the fridge. mmmmmmmmm beef mould [wallpaperscoverings.com]

    • I agree.

      I come across top quality stuff on the Net every day. Innovation is not dead. I mean have a look at this [blinkenlights.nl]. That is just scary/funny/amazing.

      The main reason people come out with this 'Internet sucks' stuff is simply because the novelty is wears off. Looks like it's taken Taco longer than most, though ; )
  • I've switched to Opera many months ago, and I haven't looked back. It's fast, works well with most web sites (I keep Mozilla installed for the very few that give me troubles), and has all the features I need (tabbed browsing, skins, pop-up killing, very good cookie management).

    And although you can't really remove Explorer from windows, as long as you don't use it and have another browser as default, it can't be opened without user intervention or having certain software installed (like spyware).

    And yes, with all the security flaws that are known (or unknown) in Explorer, I can't recommend it to anyone who values privacy and stability.

  • IE (Score:5, Insightful)

    by glh ( 14273 ) on Tuesday November 26, 2002 @07:54AM (#4757885) Homepage Journal
    The easiest way to avoid parasite programs, he says, is to stop using Internet Explorer because it is targeted by many of the adware and spyware companies.

    I've never ran accross a site that "forced" its software on me. I've ran accross "gator" a few times which tries to install without my permission, but I still have to hit OK. This article has a hint of FUD.

    As with anything, if people used common sense probably 95% of problems could be avoided. By common sense I mean NOT going to suspicious sites (you can usually tell by the URL.. something that has "geocities" or ends with ".cz" is probably going to be more dangerous than amazon.com for instance). Let's face it, there is always going to be some security holes in the most popular and widely used browser. Even if that browser ever becomes Mozilla (which I doubt will happen any time soon- I run Mozilla but speed wise it just doesn't compare with IE).

    Unfortunately, we can't rely on common sense because it really isn't all that common. It would be nice to have a "sandbox browser setting" for people who don't trust themselves to practice safe browsing. Here's an idea- they could click on a little icon of ralph wiggam playing in his sandbox (remember, he doesn't go into the deep end). This automatically forces the most stringent security settings (disabling activeX, scripting, etc.) and double prompts each time you go to download something "Are you sure? Are you really sure?". This probably wouldn't be too hard to add to IE.
    • Re:IE (Score:2, Interesting)

      by DerPflanz ( 525793 )
      As with anything, if people used common sense probably 95% of problems could be avoided.

      Which is the problem. People are surfing the net, and will click away all boxes they didn't ask for. Most of the messages you get are total nonsense if you are a user and just want to look for that apple-pie recipe. For one reason or another people must have a clue when using computers/the internet but not when using other (evenly complex) devices such as CD players, DVD players, etc. To me that means that the product (IE in this case) is not designed correctly.
    • Re:IE (Score:5, Interesting)

      by BurritoWarrior ( 90481 ) on Tuesday November 26, 2002 @08:08AM (#4757937)
      My mon doesn't know what .cz is, nor should she have to. Don't blame the users because IE is an insecure piece of junk. That is like saying "it doesn't matter that your car is a deathtrap, just avoid getting into a collision". And IE's insecurity has NOTHING to do with it being popular. It was insecure long before it had any market share.

      As an aside, my mom also doesn't know what IE is. To get on "the internet" she click on that "little lizard thing" I set up for her.
    • Re:IE (Score:5, Insightful)

      by kawika ( 87069 ) on Tuesday November 26, 2002 @08:14AM (#4757965)
      It would be nice to have a "sandbox browser setting" for people who don't trust themselves to practice safe browsing.

      It's been there since IE4, but it takes about four more clicks than the average user can muster:
      Tools | Internet Options | Security | Internet zone | High

      If the market share for non-IE browsers and non-Windows platforms was higher, the scumware makers would take the trouble to build software for them. Programs like Gator and SaveNow are about social engineering, and human gullibility is platform-independent.
  • Slight addition... (Score:3, Interesting)

    by 26199 ( 577806 ) on Tuesday November 26, 2002 @07:54AM (#4757886) Homepage

    "Never, ever click 'Yes' to a 'Do you want to download and install?' prompt unless you 100% sure the people who made it are trustworthy," he warns.

    More importantly: unless you are 100% sure who made it. This is at least as much of a problem as whether the person you think made it is trustworthy...

  • by TheRIAAMustDie ( 628852 ) on Tuesday November 26, 2002 @07:54AM (#4757887)


    About the worst choice you can make is to choose Windows as your platform if security is even a small concern.

    Chimera [mozilla.org] rules, and IE for Mac is pretty safe anyways..

    Oh well, hopefully this trend of Microsoft's underhanded tactics being brought to light continues..

  • by melonman ( 608440 ) on Tuesday November 26, 2002 @07:56AM (#4757893) Journal

    Before we all get too excited about non-IE browsers taking over the world, what the guy interviewed actually says is

    The easiest way to avoid parasite programs, he says, is to stop using Internet Explorer because it is targeted by many of the adware and spyware companies.

    Which you could read as saying that other browsers are so obscure and/or have such a minute user base that they are not worth anyone's while hacking. Possibly true, but not the kind of endorsement I expect to see /.ers rushing to print onto their t-shirts.

  • by Mark (ph'x) ( 619499 ) on Tuesday November 26, 2002 @07:59AM (#4757901)
    Clueless users that click a message such as "Warning your computer has an IP Address! A hacker could use this to hack your computer!!!!"

    And then view the security certificate... and read the EULA which generally clearly states what nasty stuff it is going to do, eg: xupiter.com

    Still there are a lot of stupid users out there... and more so on windows... I mean how many of you are running your mail client as root and running every "really_funny_picture.jpg.sh" that people send you. Believe me, if using an 'alternative OS' didnt imply that you had a clue, then there would be a lot more malicious shell scripts... "browsing enhancements" etc floating around :D

    But yes, then there is the security flaws in IE to make it even worse... no denying this... its like a minefield ;) Bottom line for me is: I cbf getting anything else installed, and in a lot of cases I dont like the interface or the quirks or just the differences :P

    heh, actually I like that "funny.jpg.sh" idea... might be feasible if something like lindows takes off and brings slightly skill-deprived persons to *nix.
  • IE the STD. (Score:5, Funny)

    by DarkHelmet ( 120004 ) <mark@@@seventhcycle...net> on Tuesday November 26, 2002 @07:59AM (#4757903) Homepage
    Internet Explorer is like that old, dirty slut that really isn't worth spending your time with.

    Some people decide they'll be on the safe side by "Condoming Up" and turning security all the way up.

    But when they get rashes of popup ads, and sore security holes, they realize that IE is a tired lay that not only lacks the finesse and technique of younger variants, but leaves you wanting your money back.

    Even though you didn't pay anything... Bastards. You just wanted to surf the net with IE, and BANG!!! Next thing you know you have a Windows infection.

  • by YeeHaW_Jelte ( 451855 ) on Tuesday November 26, 2002 @08:00AM (#4757906) Homepage
    The BBC isn't actually saying to avoid explorer, it's the Mr. Clover they interviewed. There is a differance, you know ...
  • by Tsar ( 536185 ) on Tuesday November 26, 2002 @08:01AM (#4757910) Homepage Journal
    I understand that this security/usability patch [mozilla.org] will correct virtually all the problems with IE to which the BBS objects. Of course, it's a pretty complete patch...
  • Are we calling for a return to Lynx? Or should we grow up and learn to live peacefully?
  • Ok, so.. (Score:5, Insightful)

    by skinfitz ( 564041 ) on Tuesday November 26, 2002 @08:05AM (#4757925) Journal
    So people stop using IE, then another browser (say, opera) takes over as the dominant browser, so spy/adware starts to be targetted at opera users.

    Do we then avoid opera?

    The problem is that there are morons out there developing spy / ad / malware, not which browser someone happens to use.
  • by Flamesplash ( 469287 ) on Tuesday November 26, 2002 @08:05AM (#4757926) Homepage Journal
    Sometimes they come attached to software you download from the web - the details are often included in the license agreement small print that most users click through without reading.

    Which means you caused the problem not IE or windows.

    And sometimes they don't even need your permission to download, but just hop on your hard drive, totally unannounced, because you are browsing the wrong webpage.

    Too bad they don't go into more detail here about whether this is a general issue with malicious websites for most browsers, or actually expoloiting some hole in IE.

    A few companies are now exploiting holes in Windows messenger to sneak adverts on to the screens of unsuspecting users.

    Windows messenger _IS NOT_ part of IE. It is a seperate component that is unfortunatly automatically turned on. I do wish MS was better about what services were on by default, though I usually go in and turn off most services when I install windows, which I recommend. This is not a "hole" in the sense of a bug though, you _CAN_ turn it off.

    While this article may have some basis, it really seems to be pointing at user stupidity. Don't browse some site, Read the EULA's and don't just click OK on a popup.
  • I remember back when I was in school. No one but academics and a few others had ever really heard of the internet.

    Then I remember reading an article about some BBSes that were offering internet access via some sort of gateway technology. At first I thought this was a grand idea, and wanted in on it, mainly because I was no longer at school, and wanted to be able to email friends still in school and use usenet and gopher.

    Mosaic had just hit the emerged as a fledgling proof of concept, and as I read more about the internet in even the trade press, I started to get that quezzy feeling that you get everytime something good comes to an end.

    I knew it was all over for the internet when my roommate came home and told me all about this great new technology called the internet, and how it was the latest craze.

    I wasn't around for the dawn of the internet, but I wonder when it started to suck, the first real indication it was going to become some commercialized, overused, underutilized resource for the masses.

    I also, coincidently, remember the first person to show me mosaic, that barely stayed running (early, early version). He was sitting in my dorm room, so excited, telling me how he was going to make money designing these sites. "How is this any better than Gopher?" was my foolish question.
  • by mccalli ( 323026 ) on Tuesday November 26, 2002 @08:09AM (#4757943) Homepage
    The BBC certainly does not say "avoid Explorer". It quotes a certain Mr. Clover, and he says it should be avoided. It's the quoted opinion of the interviewee, not that of the corporation.

    Cheers,
    Ian

  • In other news the BBC encourages you not to anger a mobster with a loaded gun.

    Whole article: -1 (Common Sense)

  • However... (Score:3, Interesting)

    by MtViewGuy ( 197597 ) on Tuesday November 26, 2002 @08:17AM (#4757981)
    ...The folks who write spyware and other programs tracking your Internet access haven't yet discovered Mozilla 1.x and Netscape 7.0 yet. Given that many web browsers need cookies to operate in certain sites, it won't be long before you see spyware running in Mozilla and Netscape 7.0 without you knowing it.

    Besides, if you apply all appropriate patches from Windows Update, configure Outlook Express' Security functions NOT to allow downloading of attachments and install McAfee VirusScan 7.x, you can surf the Internet pretty securely with Internet Explorer 6.0 SP1.
  • by skt ( 248449 ) on Tuesday November 26, 2002 @08:28AM (#4758038)
    I fail to see what Internet Explorer has to do with the latest rash of Messenger Service spam coming in from the Internet. Instead, it is just a general Windows problem that will affect you no matter which browser you use. The only solutions are to disable the messenger service and/or block incoming connections to udp/tcp 135, 137, 139, and 445. I think that even XP has this service turned on by default if you have a network adapter. But, maybe I am way off base and they are talking about some other kind of spam??
  • I blame Active X (Score:3, Insightful)

    by hrieke ( 126185 ) on Tuesday November 26, 2002 @08:30AM (#4758055) Homepage
    and rightfully so.

    Active X was pegged from the start as the dangerious hole that it is, and now IE is so tied in with the base OS that people like my mother are screwed over time and time again by these people and programs[1].

    MS in make our lives so much easier has forgotten that not everyone is altruistic as they are. Or maybe everyone is....

    [1]Don't say give her Linux. Trust me, if I could I would have already, just not practial for her or me.
    • Re:I blame Active X (Score:3, Informative)

      by Bob Ince ( 79199 )
      The 'Avoid IE' bit in the BBC article is actually a quotation you know, it's not an endorsement from the Beeb.

      It's a quotation from me, in fact.

      I also went on to add that the 'Avoid IE' quote was a glib answer, and was accurate only in part due to IE's propensity for security holes. The other parts are, of course, the fact that IE's popularity causes malware writers to target it specifically, and finally - as you mention - the design decisions behind ActiveX.

      Of course, technically difficult issues such as why ActiveX is flawed by design are unlikely to make it into a mass-media article, but I am glad they got the bit about not clicking 'Yes' in.

      I've been increasingly worried about the DHTML feature creep of Mozilla, and the fact that it has its own automatic-install system (XPInstall). I can't say I expect using Mozilla to stay safe either. But still, it can't be much worse than IE.

      Anyway. My site's already been hit by a denial-of-service attack by an adware author this month, let's see if Slashdot can help bring it down... :-S

      --
      Andrew Clover
      mailto:and@doxdesk.com
      http://www.doxdesk .com/
  • by tps12 ( 105590 ) on Tuesday November 26, 2002 @08:33AM (#4758068) Homepage Journal
    The thing is, Explorer's no "worse" than anything else out there. It's just incredibly more popular, and not just because it comes with Windows, as IE is the leader on the Mac as well. It's the same phenomenon we see with Windows virii: people who write spyware and virii target the most popular platforms. If >90% of Internet users ran Mozilla then we'd see the same things written for that browser. It's not due to any special vulnerability in the browser. Getting people to switch to something else is only a temporary solution, a band-aid that doesn't treat the underlying illness. The BBC should instead be educating people as to what is safe web behavior, as that transcends issues of operating system and browser.
    • by Tom ( 822 )
      t's just incredibly more popular, and not just because it comes with Windows, as IE is the leader on the Mac as well.

      What did you try to prove? IE comes preinstalled on all new Macs. of course it's because it comes with the machine, 99% of people are more lazy than ignorant.
  • unfortunately.. (Score:5, Interesting)

    by zozzi ( 576178 ) on Tuesday November 26, 2002 @08:37AM (#4758099)
    I reported a compliance bug with a web page whereby the authors used some proprietory tags which are not W3C compliant. I filed the bug under Mozilla too but the official reply was: "It's not a bug, we're following the standard and not accepting propr. tags". Unfortunately, rather than acknowledging their mistake and fixing it (heck I pointed out the line numbers, offered patches and gave them a URL showing these problem tags and a solution on how to fix them) here's their reply:

    ---

    Thank you for your e-mail. In reply to your queries both Mygo and go mobile's website are designed for IE5 and upwards and this is Company policy.

    We are aware that not everyone uses IE. However, IE offers certain features which other browsers do not. Using these, we are able to use a greater array of features which allow us to design better interfaces. 84.3 per cent of the internet population uses Internet Explorer. More than 98 percent of the hits on go mobile's website originate from IE.

    ---

    I mailed them again telling them it's nonsense (browsers reporting themselves as being IE etc) and that there are alternatives to make it work for both but surprise surprise! no reply. Bugzilla contains a number of other websites suffering from this condition (inc. Microsoft, no surprises here).

    Therefore Mozilla follow standards so page X won't work and page X authors follow market so they won't fix it. What does BBC recommend I do in this case?

  • by job0 ( 134689 ) on Tuesday November 26, 2002 @08:38AM (#4758105)
    Unfortunately a lot of people don't actually read the EULA. They just click through until the software is installed. Even if you do read it it's full of dense obscure legal language that mostly doesn't apply to you. Advertising software if implemented correctly can allow developers to make money from their software without requiring the end user to pay.

    The problem is it's often not done properly. There are spyware apps like aureate [cexx.org] that operate in stealth mode by passing themselves off as Windows system processes and making sure that they don't even show up the task list or binding themselves to winsock so that you delete or uninstall them your Internet connection stops working. Microsoft should be made to fix these holes in IE but I think some pressure should also be applied to the people that write these programs.
  • by Mr_Silver ( 213637 ) on Tuesday November 26, 2002 @08:57AM (#4758228)
    Until we get exploits that are roaming rampant in the while are that are actually harming users personal files (as opposed to having the possibility of harming users personal files) then Joe Sixpack isn't going to change.

    It's a case of "if it aint broke, don't fix it". From Joe's point of view, it isn't broke - so he won't do anything about it. He's not experienced all this stuff that people talk about, so why change?

    Until something nasty comes along, wipes his "My Documents" folder and then totals his operating system - he'll happily use Internet Explorer.

    People don't protect their home until they've been burgled, the don't protect their car until it's been stolen. It's all reactive - not proactive.

    Until these 1001 security issues stop becoming potential exploits and become actual exploits hitting hundreds and thousands of users a day - then no-one is going to change.

    (disclaimer: I know Code Red could be put into this category, but then again, it didn't wipe anyones personal files did it?)

    (another disclaimer: This is a combination of mine and other comments from my original thread here [slashdot.org] ... ignoring the AC who obviously didn't get my point)

  • by iceT ( 68610 ) on Tuesday November 26, 2002 @09:00AM (#4758251)

    As long as Internet Exploder is the ONLY browser to come with that shiney new PC everyones getting, then recommending that people DON'T use it is a total waste of time. People look at the prospect of tying up their modem for a 8-10MB file, and they basically think 'It won't effect me'.

    I have enough trouble convincing my Mom and sister to update their AV software weekly, and that's only a few hundred kbytes.
  • here's a thought (Score:4, Insightful)

    by wojie ( 629440 ) on Tuesday November 26, 2002 @09:57AM (#4758632)
    I've been building pcs for many people on the side, and here's the biggest complaint i get when i try to push mozilla on them:

    "Why doesn't the back button on my intellimouse work with it? It works with explorer."

    And just like that, 20 or 30 people have turned off mozilla for just THAT reason. To them, it's just some browser that takes longer to load, puts an icon in the taskbar, and in which the back and forward buttons don't work. And it's no use trying to convince them of all the benefits.
  • by Call Me Black Cloud ( 616282 ) on Tuesday November 26, 2002 @10:28AM (#4758912)
    Let's say everyone stops using IE and starts using another browser. What do you think the bad guys are going to do, find another hobby? No, they'll target that browser. Just as nobody burglarizes an empty house, no one targets a browser with miniscule market share. Increasing the market share of another browser will just turn attention to that browser.

    The other question is this: is IE inherently insecure? More than Lynx, yes. But users want features (yes, it's true...not all the bells and whistles in a "modern" browser are forced upon us) and features add complexity which increases the potential for holes.

    For true security, just telnet to port 80 [dgate.org].

    • Wrong pal... For true security pull the plug. Lynx had also a few bugs of its own... Telnet can be sniffed.

      Besides, IE would got a less scandalous life if it didn't have the "Feature". And the "Feature" is embedding. a more modular and independent architecture would avoid many of the problems users face with this crap. IE could be, on the whole, as buggy as it is today. However the deadly effects of many exploits and cracks would be less noted as it would be easier to manage the thing. However, apart of bloatness and bugness, M$ opted to put everything in one bed. Well, what happens when one gets everyone and everything into one bed and close the door tight? Right - Vacchannalia. It's this permanent sex with the user's brain that gives IE and many other M$ products its bad name.
  • by hayne ( 545353 ) on Tuesday November 26, 2002 @10:52AM (#4759141)
    I was, like, starting to read the article using Internet Explorer. And then my computer went like beep, beep, beep. And then I got redirected to msn.com. Seemed like a really good article. Bummer.
  • by Rew190 ( 138940 ) on Tuesday November 26, 2002 @11:47AM (#4759583)
    This article basically says to avoid spyware and adware in general. No shit. This isn't news.

    They recommended that you don't use IE because that's what most of this nasty software is targeting, not because it's a buggy piece of MS shit. It stands to reason that the most popular browser is going to attract the most amount of attacks. Again. No shit. This isn't news.

    Enough of the anti-MS propaganda, it's truly getting ridiculous.
  • by Spencerian ( 465343 ) on Tuesday November 26, 2002 @12:30PM (#4759928) Homepage Journal
    Internet Explorer for Mac OS X (and Mac OS 9) doesn't suffer from the same problems as its Windows counterpart since it's not an "integrated" component of the OS; it's just an app. Doesn't mean it's not crap, sometimes.

    Many Windows technologies that cause the vulnerabilities in IE/Windows are very limited or don't exist with IE/Mac. In particular, ActiveX control support is there, but appears mostly broken. Java support is strongest in this browser (it seems), but many Java pages don't render things properly since MS doesn't appear to tie their browser properly in OS X's strong Java implementation (1.3.1).

    IE/Mac is just as annoying with pop-ups, but that's why I use OmniWeb, where I can disable JavaScript that generates pop-ups with one preference settings.

    IE is still the most compatible browser, but only because many webmasters are drones to Microsoft's web tools--and shouldn't be. The pages they create work best--and in some cases, ONLY--with IE.

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN

Working...