Internet Explorer, Unsafe at any speed

[Kylere]

Really it is time for you to do it, it is too dangerous to go to web pages with it. I posted a site to NWS a while back that people whined was unsafe, well, so are major corporate sites this week. It is time for you to be proactive instead of expecting the rest of the net community to protect you, you need to protect yourself.

Even the MSN search was infected with a virus last night that IE autodownloads

"ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms."

ZDNET Story
http://zdnet.com.com/2100-1105_2-524718 ... d.newsfeed

Slashdot Story
http://slashdot.org/articles/04/06/25/0 ... 172&tid=95

USAToday
http://www.usatoday.com/tech/news/compu ... tegy_x.htm

Mircosoft itself
http://www.microsoft.com/security/incid ... _ject.mspx

Check out
Avant http://www.avantbrowser.com/
Mozilla (highly recommended by me) http://www.mozilla.org/products/firefox/
Opera http://www.opera.com/

[Evertorn]

I've been using Firefox since I heard about it, version 0.8. Great browser so far, though slow and odd bugs at times. I'm assuming those will get fixed with later patches.

[Kylere]

Upgrade to .9!!!

Really with decent extensions like tabbrowser extension preferences, spiderzilla, etc you can do the coolest things with FireFox.

[Xouqoa]

Using Avant instead of IE won't make a difference. It still uses the explorer kernel. (As does MyIE2)

[Kylere]

Using Avant instead of IE won't make a difference. It still uses the explorer kernel. (As does MyIE2)

True, true, but baby steps here baby steps heh

[archeiron]

Using Avant instead of IE won't make a difference. It still uses the explorer kernel. (As does MyIE2)

But, but... MYIE2 is my friend

p.s. Does Firefox support mouse gestures?

[Evertorn]

Archeiron: I think so, but you have to install an extension first.

Kylere: Did they fix extensions/themes in the .9 release? I used .9c for awhile and it was bugged. Also I was wondering, since you have to uninstall .8 to install .9 do you lose your bookmarks, or can you export from .8 and import to .9 (compatable?)

I agree with the Advant/MIYE2 (?), they appear to be using the IE kernals.
I'd stick with Opera, Firefox or Mozilla.

[Kylere]

Archeiron: Yes there are like 9 different Mouse gesture extensions for Firefox.

Evertorn: When you install .9 with a working .8 installed it will ask if you want to import settings from it or IE, or from a file. Then it smoothly does so. The extensions you use have to be reinstalled and setup, but that is primaryly because they added and extension manager to Firefox. Everyone of the extensions I used (Tabbrowser, Google, Mouse Gestures etc) work in .9 but Spiderzilla does not yet but no biggie, I am sure it will.

For you porn junkies, Mozilla is the best porn browser hands down, there are even webpages dedicated to why lol http://www.squarefree.com/pornzilla/

[Evertorn]

Last of my dumb questions with my still noobiness with Firefox Kylere
They were saying you to uninstall 0.8 to install 0.9 for it to work properly. Is this just a precaution with the way the browser works, or is it now safe to just install over top or in another directory?

[Kylere]

With the prerelease Firefox I could not get it to work properly, so I backed up my config & bookmarks and uninstalled it then reinstalled .8.

But the release version of .9 just installs right over cleanly, biggest hassle was extension cleanup ( for example, I click links to open in new inactive tabs, and had to reconfig it)


I will gladly answer any question anyone has about Firefox and do my best to help with any problems, it really is worth the change. Once I got over the initial "buy in" period I was more than happy.

[Evertorn]

Looks like the .9c I had installed before I installed .8, has bugged this .9 install a little.
I installed overtop of .8, and it was using extensions i had installed with .9c (odd).
so I uninstalled .9, and reinstalled, still using those extensions.
Plus I tried to reinstall the tabbrowser, it installs, but never works.
If I get bored, I guess I will have to start poking around the registry and see if i can get it working that way.

[noel]

IE absolutely has holes and problems, but I'm curious why you believe that a beta version of a browser that gets far less use and exposure to potential threats is more secure than IE, and the company that produces it is more able to respond to said threats than Microsoft.

It is my opinion that IE and Windows vulnerabilities are found more often due to the fact that they're used more often than any other OS/Browser. Microsoft appears to respond to these issues as fast as they can, especially given the enormous amount of public pressure applied to them. I don't think it's unreasonable for any software developer to expect that their users keep their software patched and up to date, given the current climate of computing. Keeping my systems patched and up to date is something I do out of habit, and as such I've never suffered from any type of vulnerability.

[Kelshara]

The reason why IE and Windows (along with Outlook I might add) are more dangerous to use is simple: They are the most widely used ones and are the software targeted for these exploits. An exploit targeted for them will most likely not work for other software.

Edit: And Microsoft hardly does a stellar job on their software. Far from it. As for keeping things updated: Remember after one of the big worms hit servers and Microsoft claimed it was the users' fault for not updating? Well a BUNCH of Microsoft's own servers got hit as well because they were not... *drumroll* updated!

[noel]

The reason why IE and Windows (along with Outlook I might add) are more dangerous to use is simple: They are the most widely used ones and are the software targeted for these exploits. An exploit targeted for them will most likely not work for other software.

And because of that they'll be the first to have the problem identified, and first to have it fixed.

If someone were to write an exploit to compromise a PC through Firefox, would anyone actually even hear about it?

[XunilTlatoani]

No, it is our duty to by hyper-reactionary to every Micro$$$oft bug and switch to the latest open source fad, because open-source is secure, bug free, and everyone on slashdot says you should use it, cause if you use Micro$$$$oft you are selling out to the man.

[Kylere]

Your logic is faulty Aranuil.

Multiple Choice Test
I am a scumbag who wants to cause negative effects on as many computer as I can, do I
A. Use the latest hole in IE that affects 590million users
B. Use some hole in Mozilla that is being patched by 50thousand coders who are all scary into Mozilla and fixing everything.
C. Attack Microsoft who most virus writers and such hate.
D. A & C

If you answered anything but A & C you are wrong. Not to mention Mozilla is based on the pre AOL Netscape and already has a lot of bug code issues worked out.

You inability to adapt to a changing internet is going to make you have to reload your OS on a regular basis, oh and BTW if you try to reinstall XP and patch it, odds are that you will have a new virus PRIOR to getting the first of the patches installed.

[Kylere]

No, it is our duty to by hyper-reactionary to every Micro$$$oft bug and switch to the latest open source fad, because open-source is secure, bug free, and everyone on slashdot says you should use it, cause if you use Micro$$$$oft you are selling out to the man.

You know what, this has been true before about many things. I am a microsoft backer, I make my living as a result of Microsoft products. But IE is not safe, it is like driving an unmodified Corvair and insisting that nutcase Nader had no reason for you not to drive it.

If you think I am nuts and there is no reason not to use IE, then so be it, let others have a chance to improve their computing experience even if you cannot dig your head out of the sand long enough to do so.

[Kilmoll the Sexy]

The one problem here......


if some really smart hacker decides he wants to write code to get in through an exploit in Mozilla, he could hit thousands of machines and no one would ever know. Not only that, but there would be no quick response once they did find out.

I think I would rather deal with damage by the hacker kiddies and know I will have a patch to fix what they have done than deal with someone who is much more capable of damaging my shit.

[Kylere]

The one problem here......


if some really smart hacker decides he wants to write code to get in through an exploit in Mozilla, he could hit thousands of machines and no one would ever know. Not only that, but there would be no quick response once they did find out.

I think I would rather deal with damage by the hacker kiddies and know I will have a patch to fix what they have done than deal with someone who is much more capable of damaging my shit.

Umm the thousands of Mozilla users would know, it is not like using something besides IE means you do not know when something is wrong. Sigh. I give, poke heads in ass, leave them there.

Everytime I have had a problem with Mozilla someone had already fixed it when I google'd it.

[XunilTlatoani]

All I'm saying, sarcastic as it was, is that there is no reason for me to believe that Firefox or any other browser is more secure, stable, etc. than IE, unless you believe in security through obscurity because Firefox won't be a target of a major virus since (as others have pointed out) barely anyone uses it compared to the droves that use IE.

The web browsing application itself is a major security concern. Rendering HTML is perfectly safe, but when you start allowing arbitrary objects to be loaded and executed on the client side, there are bound to be security issues. Show me how Firefox seemlessly and securely handles this aspect of web browsing better than IE instead of just saying Microsoft is bad, and any alternative is better.

[masteen]

Well, first off, these browsers usually use Sun's Java instead of MS's bastardized version. Big gaping hole patched there.

Also, from what I've seen on the warez and pron sites I visit, the user base is both more knowlegable and more helpful than the base for Intarweb Exploder.

[Kylere]

All I'm saying, sarcastic as it was, is that there is no reason for me to believe that Firefox or any other browser is more secure, stable, etc. than IE, unless you believe in security through obscurity because Firefox won't be a target of a major virus since (as others have pointed out) barely anyone uses it compared to the droves that use IE.

The web browsing application itself is a major security concern. Rendering HTML is perfectly safe, but when you start allowing arbitrary objects to be loaded and executed on the client side, there are bound to be security issues. Show me how Firefox seemlessly and securely handles this aspect of web browsing better than IE instead of just saying Microsoft is bad, and any alternative is better.

That is a great phrase, "security through obscurity" but the sad fact is that you DO gain security that way. Look at Apple, or even Linux both are rarely virus targetted because they are onscure by comparison. That is how the best p2p stuff survives also, before they made the first mp3 sharing app that AOL users could use, no one in the recording industry had a clue.

[noel]

Your logic is faulty Aranuil.

Multiple Choice Test
I am a scumbag who wants to cause negative effects on as many computer as I can, do I
A. Use the latest hole in IE that affects 590million users
B. Use some hole in Mozilla that is being patched by 50thousand coders who are all scary into Mozilla and fixing everything.
C. Attack Microsoft who most virus writers and such hate.
D. A & C

If you answered anything but A & C you are wrong. Not to mention Mozilla is based on the pre AOL Netscape and already has a lot of bug code issues worked out.

You inability to adapt to a changing internet is going to make you have to reload your OS on a regular basis, oh and BTW if you try to reinstall XP and patch it, odds are that you will have a new virus PRIOR to getting the first of the patches installed.

My inability to adapt to a changing Internet? How about my ability to troubleshoot and understand my own machine? Don't be naive. No piece of software will protect you from every virus and exploit on the Internet.

Umm the thousands of Mozilla users would know, it is not like using something besides IE means you do not know when something is wrong.

I'm sorry, did you say THOUSANDS?!?! Holy shit! Well if there's thousands, that's got to be the way to go! I'm sure THOUSANDS is better than MILLIONS of IE users, and a company that can put more software development resources on any single project at any one time than any other country in the world.

If you want to be a beta pioneer for an alternative web browser, I applaud you. However, please don't come here and represent a piece of software as the silver bullet that is going to protect uninformed users from the horrors of the Internet.

As far as the latest issue... It only effects unpatched IIS 5.0 web servers, and only if you visit said server. Last I checked, Apache was the #1 web server on the Internet.

I'm perfectly capable of monitoring my own machine. Probably moreso than most others. I'll take my chances with IE, and not run beta software from a comparatively small development firm to compensate for a perceived lack of dilligence on my part.

Any computer connected to a network has the potential to be compromised. Period.

[XunilTlatoani]

That is a great phrase, "security through obscurity" but the sad fact is that you DO gain security that way. Look at Apple, or even Linux both are rarely virus targetted because they are onscure by comparison. That is how the best p2p stuff survives also, before they made the first mp3 sharing app that AOL users could use, no one in the recording industry had a clue.

I completely agree, but I personally try to avoid this in my security model...disabling JavaScript and ActiveX in IE would be a safer bet in my world, but that's just me

[Hesten]

Kylere, you seem to forget a few basic things:

I used to use Netscape, i used it for years, and refused to use IE. Then netscape stopped updating, and i used it for a few years more, even thought it was not able to view all pages, because people write their webpages for IE, and do NOT follow standards (and yes, thats bad, but that does not fix the problem to say that. If you wanna view a page made for IE, you more or less gotta use IE, and you cant boycott all webpages thats not following standards). Eventually i had to use IE to see some webpages, due to Netscapes problems with ASP and Java.
Then switched fully to IE. Then the netscape 6 came out, and i tried it right away. Same Java problems, same ASP problems, more unstable, and had problems viewing pictures (when a online comic page with 6 pictures load between 4 and 5 of them randomly, never showing all 6 in a 2 hour test, there is a problem), and ended up going back to IE.
And im gonna stick with IE till i see a good reason to stop using it (as in a better browser that CAN handle all the non-standard webpages that IE can).

Thats my experiences as a private user. There i will switch to whatever browser can fill my needs, BUT im not using beta stuff, or something that can not show all the pages IE can. I have yet to see one.



As for work, it get a lot more fun, and thats where Kyleres arguments die.

ATM i work in the computer department at a hospital. We got around 2200 PCs, 50 servers, and then the small stuff
We got a user base on around 3000 people, with frequently changing personnel, so some training are needed every time new people show up.
We had a little test last year, saying that around 40% of our use base lack the computer knowledge needed to even manage their jobs (such as claiming they never log on to the network, but use Lotus Notes for email daily).
Even considering using other than the standard programs the users know from home would cause chaos. We would get 50X the hotline calls.
That considered, the cost of using another browser, both in education and user support, and in the tech cost (it IS easier to fix a fairly well-tested IE, since it DO have a shitload of users, its a lot harder getting and finding help to a specific problem with a not-so-well spread browser).

Then theres the question of external demands. We got 117 different medical companies delivering soft and hardware. A lot of them say we cant touch their settings at all. I have had to threated the director of AGFA in denmark to cut the network cable to their xray picture server, before he allowed me to run windows update to shut the hole that Sasser used. Theres no way in hell they would let us run open source software fo any kind.


But apart from all those problems i just listed, i agree, we should run something else that microsoft products. But you should try to look out of our own little world Kylere, and see how the real world work.

[noel]

Any CIO that would advocate changing the corporate standard from IE to an unsupported, BETA version of a browser is an idiot.

[masteen]

We're not advocating that you fuckstains lobby your corporate overlords to fight the evil empire.

We're just pointing out to all the pr0n surfers, warez downloaders, and MP3 pirates that there are better options that that steaming pile of elephant shit IE.

[noel]

LOL Oops sorry... read that on slashdot and though I read it here.

[Kylere]

Hesten I did the Netscape thing also and when it died, it sucked but do not let that make you bitter about anything not MS for the rest of your life. Hell I was an Amiga 500 and 2000 user, it does not mean I will not use anything except IBM platforms now. Get out of the slump and look UP not around you.

You can take your BS about the real world and shove it up your ass, I have worked all parts of IT and IS from helpdesk peon to Network Manager to Director of Information Services, from 30 users, to 200k users. As for corporate environments, the problem is not browser used, it is browser use, smart network managers already make you request a list of sites you need to do your job and allow YOU through to those sites. A decent IT department does not have problems on the scale that poor ones do. A decent IT department builds solid images, keeps them updated, pushed updates, verifies them electronically, locks down floppy drives, turns off unneeded USB ports, FIRES people who bring in X Y and Z from home and screws with systems, blocks access to anything not definitively work related and takes no more than 30 minutes to have any system back up and functioning either with a stand by hot replacement for a desktop, a reimaging, or automatic activation of secondary and backup servers, routers, hub, switches etc. The problem you are facing is a poorly managed enviroment. When I have had the full decision making ability for computer systems I have worked myself mostly out of jobs by making things too easy for the end users. Hell a company I left in 2001 is still using my images, with updates. User has a problem, they wipe and install image. Users "my documents' are all mapped to well maintained and backed up servers, and if they loose some little screensaver they thought was cute ( which is probably causing the problem, they know they can complain and be fired, or be happy their comp works. Now last but not least the "at work" people who are browsing porn should be fired then you would not have to worry about better browser support or software.

Of course if companies did not change, we would all be using DR-DOS, and running Lotus 123.

[Kylere]

Oh on another note, if you want to stick to IE, you can, it is your call, just like it is my call to laugh when you lose data.

[Siji]

Java is the spawn of Satan and I wish it would die a thousand deaths and never show itself to me again.

Bug ridden heaping steaming glowing pile of crap.

[Aslanna]

If you think I am nuts and there is no reason not to use IE, then so be it, let others have a chance to improve their computing experience even if you cannot dig your head out of the sand long enough to do so.

Umm the thousands of Mozilla users would know, it is not like using something besides IE means you do not know when something is wrong. Sigh. I give, poke heads in ass, leave them there.

Oh on another note, if you want to stick to IE, you can, it is your call, just like it is my call to laugh when you lose data.

Ok I think we get the point. Frothing at the mouth like Cartalas clicking the Reply button after the latest kyoukan post isn't going to help your crusade any.

[Animalor]

Oh on another note, if you want to stick to IE, you can, it is your call, just like it is my call to laugh when you lose data.

I've never lost data casue I was using IE.

Then again I don't go searching the web for MP3's, Warez and hacks/cracks.

That's just plain stupid and asking for trouble.

[Kelshara]

Mozille, Linux etc wont be targeted as much simply because those who run them generally are more knowledgeable about computers and software, and hence the viruses/trojans will have way less effect on them. And what fun is that?

Virus creators want to maximize the damage they can do.. the choice is clear: Target MS products.

[Kelshara]

And just as I had posted that I read about a virus you can get simply by visiting a webpage if you use.. *drumroll* Internet Explorer!

[Winnow]

Pest control, search and destroy, and frequent updates = no problemo!

[Arborealus]

Does Microsoft fix problems as quickly as possible...no...they are slow for my taste...

But I simply have found no browser I like as well as IE since. And yes I've tried them all.

Most browsers using the IE Kernel are going to have exploits found and patched...everyone and their cousin posts IE vulnerabilities...so they will all be well researched and eventually patched...I suspect that most browsers have vulnerabilities...But none of the others has as dedicated a group searching for vulnerabilities as MS (everyone in the world looks for and reports their flaws/vulnerabilities)...I would be more concerned about vulnerabilities I wasn't aware of in other browsers...

In 6 years of IE use I have 0 viruses, worms, trojans...Ad-Aware, SB S&D, Norton AV and a reasonable firewall...I've been just fine...Data lost nil...

[Kelshara]

Well that is my final reason for using Firefox.. I like it a lot better than IE

[archeiron]

Ok, I am going to try out Firefox for a few weeks and see if I can live with it

Questions:

How do I get my favorites to open in the same window as new tabs rather than opening a new window (without opening a blank tab first)?

How do I lock the browser to allow only one opened instance of Firefox at a time?

p.s. I have noticed that Firefox appears to be better about caching images off of the message boards (avatars, buttons, etc), but I may be imagining things.

[Neost]

Didn't read every last word but did anyone offer that there are extensions for mozilla (not sure exactly which versions) you can install that says "Hey, use IE for this page since I don't know what to do with it".

Not sure if it works at all, was reading on extensions after I installed firefox today and noticed that one...as well as a million others.

[Xouqoa]

I use Firefox simply for the tabbed browsing and the fact that it is faster and uses less memory.

Does a better job of not auto-downloading stuff too, imo.

[Boogahz]

Mozille, Linux etc wont be targeted as much simply because those who run them generally are more knowledgeable about computers and software, and hence the viruses/trojans will have way less effect on them. And what fun is that?

Virus creators want to maximize the damage they can do.. the choice is clear: Target MS products.

I think the real reason is how much a user could customize their systems OS rather than being more knowledgeable. The whole argument stems from the fact that there ARE more users using the SAME programs, thus making it easier to attack them. The fact that it's Microsoft means shit. If everyone used Firefox, Mozilla, etc. we could see the same thing going those directions. If you want to cause damage en masse, do it in the most used & most populated area.

[archeiron]

Mozille, Linux etc wont be targeted as much simply because those who run them generally are more knowledgeable about computers and software, and hence the viruses/trojans will have way less effect on them. And what fun is that?

Virus creators want to maximize the damage they can do.. the choice is clear: Target MS products.

I think the real reason is how much a user could customize their systems OS rather than being more knowledgeable. The whole argument stems from the fact that there ARE more users using the SAME programs, thus making it easier to attack them. The fact that it's Microsoft means shit. If everyone used Firefox, Mozilla, etc. we could see the same thing going those directions. If you want to cause damage en masse, do it in the most used & most populated area.

Furthermore, I am sure that Firefox would be just as despised as IE is now, if it were the most popular web browser.

[Boogahz]

[Kylere]

Well one thing to remember, there was a report a year or so agao that I am sure someone can google about how conformity of computer systems was encouraging virus spreads, just as homogenity in humans can allow worse viral issues and increased number of deaths.

Archeiron: You want to get the extension called "Tabbrowser Extension Preferences". Start by Mozilla extensions Page ( http://texturizer.net/firefox/extensions/ ) Install it, the go to TAB on the menu, and at the bottom you can see it to pull up your options. then check out the settings for Focus.

[archeiron]

Well one thing to remember, there was a report a year or so agao that I am sure someone can google about how conformity of computer systems was encouraging virus spreads, just as homogenity in humans can allow worse viral issues and increased number of deaths.

Archeiron: You want to get the extension called "Tabbrowser Extension Preferences". Start by Mozilla extensions Page ( http://texturizer.net/firefox/extensions/ ) Install it, the go to TAB on the menu, and at the bottom you can see it to pull up your options. then check out the settings for Focus.

Thank you for the advice. I am using several extensions now that make the browser much more to my liking. The only gripe I have at the moment is that the "Single Window" extension doesn't really work well to stop multiple instances of Firefox from being opened.

As much as I hate to admit that I was there looking around, the other thing I noticed is that you can't fully navigate the http://www.everquest2.com site with Firefox. I suspect that I will find other corporate sites that cannot be fully traversed as time goes by. And yes, I did get the extension to open things with IE for those cases.

[Kelshara]

I think the real reason is how much a user could customize their systems OS rather than being more knowledgeable.

Erh you're not arguing against me there. A more knowledgeable user will want to customize more. You'll have to know how to and that you can customize in the first place

[Kylere]

Arch you may need to download Flash, Soundwave, etc. Just like you have to with IE.

I am intrigued by your window issue, I end up with millinos of tabs at times. in your address line type "about:config" without the quotes of course, and hit enter, this brings up every single option you can set in FireFox, it is very powerful.

[archeiron]

Arch you may need to download Flash, Soundwave, etc. Just like you have to with IE.

I am intrigued by your window issue, I end up with millinos of tabs at times. in your address line type "about:config" without the quotes of course, and hit enter, this brings up every single option you can set in FireFox, it is very powerful.

Go to http://eq2players.station.sony.com/jour ... s_part2.vm

In MYIE2 that page contains links allowing you to download and view the two movies. It does not work in Firefox. I downloaded the movies anyway by traversing the source code etc, but the links are not clickable like in IE. I have Flash and Shockwave, otherwise I wouldn't have got that far into the site.

[Boogahz]

I think the real reason is how much a user could customize their systems OS rather than being more knowledgeable.

Erh you're not arguing against me there. A more knowledgeable user will want to customize more. You'll have to know how to and that you can customize in the first place

I wasn't trying to argue. I was trying to clarify what I thought you meant. If it were as possible to customize a Windows system, I am sure that these virii/worms would be pretty much ineffective.