What is Digg?Sponsored by Travelzoo
Take Advantage of Ridiculously Low Holiday Airfares view!
travelzoo.com - Flights $52 and up for Thanksgiving, Christmas & New Year. But move on it now.
98 Comments
- welshie, on 10/12/2007, -6/+35That's because IE doesn't support the BLINK tag
- Billdozer, on 10/12/2007, -6/+29*Windows/occasional IE user*
I didn't even blink when I read the headline. I think there's something wrong with that. - leonbev, on 10/12/2007, -4/+26Yeah... This won't convince anyone to switch to Firefox if they haven't already. Even if someone gets exploited by the hole and gets their computer filled with spyware, they'll probably just pay someone like Geek Squad to fix it. It's not in Geek Squad's best interest to switch them to Firefox, either, because they want the repeat business! They'll just charge them $100 to clean the computer, sell them some $50 "anti spyware" package that will expire in a year, and wait for them to return.
Personally... I will only clean spyware off someone's computer ONCE. If they switch back to IE and infect themselves again, it's their own damn fault. They've been warned. - boscorelle, on 10/12/2007, -1/+20Secunia Advisory
http://secunia.com/advisories/18680/ - Xiol, on 10/12/2007, -1/+17"That's moronic. There's almost nothing that needs IE functionality now. Replace ActiveX with Flash, Java, AJAX, whatever."
And who is going to code all that? Where's the money going to come from to pay for it?
Don't get me wrong. I've been using Firefox (or whatever it was called back then) since 0.6. I love it, and I've moved all my friends to it - every PC I build for a friend or whatever has Firefox as the default browser, etc and so forth, but there's one important thing that's missing for corporate environments (at least, in my case).
Active Directory integration. You can't manage Firefox through Group Policies. The way we have things setup here we REQUIRE the ability to configure a browser based on where you're logging and and with what account. This can be done thru AD with GPOs, but you can't do that with Firefox. I'm sure theres a way to script all this thru logon scripts or something, copying the correct profile to the Firefox directory, but that's just messy, and I can imagine it turning into a royal PITA if we need to change anything.
Until Firefox can be managed centrally, our end users will just have to stick with IE.
If I'm wrong and you CAN manage it centrally somehow, let me know, then watch as I move 550 desktops to Firefox. Until that time... - inactive, on 10/12/2007, -5/+20Glad digg users love FF. Me too. Just don't go installing the ActiveX FF extension.
- en3r0, on 10/12/2007, -41/+56People still use IE? There's a mistake in itself.
___________
-en3r0
http://virtenu.com - GISuck, on 10/12/2007, -2/+15I wish you guys would stop thinking about IE as home uses. As an IT person, this is a HUGE problems for our corporation as most internal intranet apps require IE to run and will not work on FireFox for one reason or another.
If it wasn't for the fact that companies are building their software all around IE, I would be happy to switch everyone off of it and have FireFox installed to the desktop, but unfortunately that is not the reality today! - purdo, on 10/12/2007, -2/+13I'm sorry but i don't agree.
Mac OS and Linux have a different security model to Windows, the windows and doors are not left wide open for everyone to come in and play.
If you leave your front door open don't be suprised if someone walks in and steals your TV, human error does happen, but how many times can it happen before you start to think that something is fundamentally flawed. - XSforMe, on 10/12/2007, -3/+12Umm... actually, the hole also affect IE7 beta2, according to the article.
- alexandreracine, on 10/12/2007, -5/+13They wont do a thing except move to IE7 later this year.
- timalmond, on 10/12/2007, -1/+8Xiol,
Have you checked out the FirefoxADM tool for AD deployment? Might be worth a look.
With regard to cost, I appreciate this for existing code, but I'm still seeing this being done on new applications, and it's stupid. - alexandreracine, on 10/12/2007, -4/+10Yeah, imagine if IE would go open source... just imagine...
- dharm, on 10/12/2007, -3/+8"If any Linux fans come in here and start gloating about how much Windows security sucks, just remind them that someone just found a huge security hole in Sendmail yesterday. Almost every version of Linux or Unix that uses sendmail is affected by it."
windows security does suck... is there a patch available for this ie flaw? nope...
sendmail was already patched yesterday... the same day the vulnerability was found... so dont talk ***** when you dont know ***** - Xiol, on 10/12/2007, -1/+6@timalmond
Bingo. Looking into migration now.
I'm being serious. - int19h, on 10/12/2007, -3/+7The portability of Firefox and that fact that it benefits from the open source development model, combined with the fantastic repository of extensions and themes, makes it hard to beat, even by the best of browsers. After using Opera, Konqueror, Dillo, Lynx, Links, Galeon, Internet Explorer, Epiphany, K-melon and Mozilla, I've setteled with Firefox. I've only used Firefox for about a year now (I had a Phoenix-period a while ago), and am very happy with it.
For those of you still using Internet Explorer, I'm having big problems understanding why. I'll probably be flamed for saying this, but is I think most Internet Explorer users are just afraid of trying new and better programs, in case they have to actually learn something new. - Xiol, on 10/12/2007, -2/+6Yep, it's obvious they've just reused the IE6 codebase and bolted a few extra features on the top of it. So all those security holes that are undiscovered in IE6 will still come out in IE7.
What they should've done is re-wrote the whole thing from scratch, in managed code. That would've eliminated buffer overflow exploits at the very least. I know they can't write there whole OS in .NET, but writing IE in it would've been the best thing they could've done, while giving good PR for .NET (but that's a another story from a while back). - IppatsuMan, on 10/12/2007, -1/+5Here's a PoC for who wants to try (it's harmless, it starts calc.exe):
http://www.milw0rm.com/exploits/1606 - Xiol, on 10/12/2007, -1/+5Microsoft won't patch security holes until they're being exploited.
It doesn't make economic sense otherwise. - silenceHR, on 10/12/2007, -2/+5is it possible to limit use of IE inside such big corporations for intrawebs and install more secure browsers on desktops, so when people browse internet they dont collect all the spyware and are not vulnerable to so many exploits that exist for IE?
i am not IT manager, so this might be stupid to ask, but i am wondering if it is possible? specially if there are many apps on corporate intranet that require IE. - leonbev, on 10/12/2007, -3/+6Patches don't work if they aren't installed. What I find scary is that neither Digg or Slashdot bothered to post a story about the sendmail security hole, so most people aren't even aware of the problem. There are probably tens of thousands of unpatched sendmail servers out there, and the admins of those servers are blissfully unaware that the problem even exists.
- Abatrour, on 10/12/2007, -2/+5Am I the only one that's worried that the new IE7 isn't going to change a damn thing? I mean look at all these exploits, they affect IE6 etc, AND IE7? I thought IE7 was going to be something completely new from M$ built from the ground up, not just a reuse of buggy code.
I really hope they aren't doing that with Vista. They say they are changing the way they are building it, one module at a time, but I wouldn't be surprised if they were just gonna reuse all the XP code because they are lazy and know that most people out there that use their products are dumb enough to believe that M$ gives a damn. - tempusrob, on 10/12/2007, -6/+9"if microsoft didn't have the huge share of the market and lets say apple had a huge slice of the market then we would be hearing about all these flaws with apple"
Right, because all software is equally insecure. I see this argument come up every time an IE vulnerability shows up (read: every week). The logic is just so ... wrong. - el_jefe, on 10/12/2007, -1/+4"Mac OS and Linux have a different security model to Windows"
Exactly. We continually hear people say that apple or linux isn't exploited and doesn't have virsues because its doesn't have the market share of Windows. People then jump on that band wagon because it makes some sense. Afterall, who would want to exploit an OS with 1% of the market share. No publicity for such an act. Well, people write exploits and viruses for Linux and OS X. The difference is, almost all of the people running Linux, and I hope OS X, are not doing their daily tasks like surfing the web and opening email under an account with "admin rights", like root. Doing such taks with an account that has carte blache to make changes to your OS and the programs on your system is not smart, and the easiest way to be infected witth spyware and viruses. How many windows users use the default account in Windows, which be default has "admin rights"? The easiest way to avoid spyware in Windows is simply surf the web with a "user" level account. Then when a web site tries to install that cool search bar, oops, no rights to install software.
In the end it doesn't matter what browser you use, or what OS you use. If you do not practice safe computing, nothing else matters.
Sure software companies should make secure software. But really, how often has anyone been infected because of an exploit in software that didnt require local admin rights?
OS X, Linux, Windows...if you do not take the time to secure your "house", then you have no one to blame but yourself. If you leave the windows unlocked or open on your house, then it doesn't matter how many locks you have on the doors. The builder is going to laugh at you when you try to hold him responsible when your stuff is stolen because "the builder didnt make your house secure enough". - happbando, on 10/12/2007, -16/+18unfortunately, IE's inferiority as a browser doesn't stop people from using it. perhaps this will clue people in.
- yoshu, on 10/12/2007, -0/+2It's too bad that some people still use IE. Unfortunately a lot of people are forced to use it because some sites are designed for use only with IE. I use linux so I don't ever use it - not even with wine. I just email, complain, and never go back - which is something not everyone can do.
- el_jefe, on 10/12/2007, -1/+3"My argument: If you're a thief and you see: a) a Huge Mansion, and b) A small house, which are you more likely to try to steal from?"
Well, a thief would attempt to steal from the one with the greatest chance of getting away. Therefore the one with less security. In your analogy, it would be the small house in most cases. Because what idiot would buy a Huge Mansion and then not secure it, at least with more security than the small house. You make it sound like your common crook is looking for the "big payoff" when in reality they are looking for the easiest score of stuff they can sell the quickest. Your common crook would not target the Huge Mansion. He would go for the small house and clean out the DVDs, PS2 and other small items.
In software, the concept is the same. The cracker whats to exploit the software that has the highest likely hood of getting his name or action in the news with the lowest likely hood he will get caught. The less time he works on expoiting something the better. The more visible his target is the better. So something easy to exploit, with little security preventing the exploit, and extremely visible. Sure IE, or Windows sounds good. But what about web servers? A large chunk of web servers run Apache, or are based on Unix, or Linux. Why not take down a large chunk of web servers? Wouldn't that be something the news would report, espeically if a large section of the internet went down? So how does Apache, or a *nix box look as an easy, high success rate target? Well, as soon as a vulnerablity is reported, its fixed in the same day or asap, so the time frame for lauching an attack is slim. And security is tight, so you will need more time to exploit it. Those target are looking less favorable.
There is more to it than simple numbers. - hayden.evans, on 10/12/2007, -0/+2IE IS a hole.
- eclectro, on 10/12/2007, -1/+3"And who is going to code all that? Where's the money going to come from to pay for it?"
As opposed to the security breach that you are going to have and lose your data to criminals???
"Until Firefox can be managed centrally, our end users will just have to stick with IE."
http://www.novell.com/products/zenworks/linuxmanagement/
A testimonial from one of their whitepapers;
"ZENworks Linux Management is the only enterprise-class
management tool for Linux," said Inman. "We could not have
implemented a wide-scale Linux desktop environment without some
way to centrally manage it. In fact, we have much greater success
managing Linux with ZENworks and Novell eDirectory™ than we do
managing the Windows machines in our labs with SMS and Active
Directory*.
An example of what you can do with it, including controlling "Firefox policies"
http://www.novell.com/connectionmagazine/2005/07/tech_talk_3.html
The excuses for hanging on to IE become lamer as the days wane on... - foxter, on 10/12/2007, -2/+4Oh crap, my whole box is doomed! No, wait, it's not. :)
- Sardos, on 10/12/2007, -3/+5Every one badmouths Microsoft soooo much. Go look @ http://secunia.com/advisories/. Microsoft is not the only one with vulnerabilities. They are just the company that gets the most press on their vulnerabilities because of their market share. I am not a MS Advocate but come on.
- Tsuroerusu, on 10/12/2007, -4/+6Hmmmm, now what was it Microsoft said about IE 7, hmmmmm, I don't seem to remember, it was something about security, oh yeah I got it, they said IE 7 would be more secure!!
Microsoft is just as trustworthy with regards to security as Clinton is with regards to which women he *****! - Xiol, on 10/12/2007, -2/+4@lynn
http://secunia.com/advisories/18680/
Yep, it is. - Overdose, on 10/12/2007, -4/+6Opera. Firefox. Two things better than IE.
- b_timmins, on 10/12/2007, -3/+4Mostly one reason, "We can force the users to use IE so we don't have to bother about writing the code for other browsers"
- IBSwithmyPPTP, on 10/12/2007, -2/+3I think Steve Gibson put it right. "These are not bugs". They are intentional holes that Microsoft is putting in so that they can back door your system if need be. People are just now realizing that Microsoft has been doing this on purpose. This flaw is even in IE7 beta 2, I'm sorry but there not idiots at Microsoft they know what they are doing. Google gets all this press about denying FBI to there data results and i guess no one noticed that Microsoft gave there's without any hesitation. Now I wonder who all those supposed "bugs" are for? I'm all for the "bugs" as long as they patch when the public discovers them. As Alex would put it, keep US on top "Mother Bitches".
- inactive, on 10/12/2007, -3/+4I actually think it's a good thing there are plenty of IE users still out there. Someone needs to take one for the team lol... it makes browsing with alternatives that much safer.
- purdo, on 10/12/2007, -11/+12This is exactly why I moved to Ubuntu. You just cannot trust the security in IE or any of MS's products for that matter.
You have to think, MS has ploughed an enormous amount of time and effort into securing IE and holes still keep appearing. What about there other software that doesn't recieve the same kind of attention, this is guarnteed to be as problamatic. The virus writers just arn't looking at them yet. - leonbev, on 10/12/2007, -6/+7If any Linux fans come in here and start gloating about how much Windows security sucks, just remind them that someone just found a huge security hole in Sendmail yesterday. Almost every version of Linux or Unix that uses sendmail is affected by it.
- inactive, on 10/12/2007, -1/+2This guy must have a lot of friends to have so many people burry the first comment showing that this is a duplicate story.
- portis, on 10/12/2007, -3/+4Well, this could help push more users to FF and Opera if the hole is exploited.
- Xiol, on 10/12/2007, -0/+1@electro
That's *Linux* management.
I'm on Windows and Active Directory. I cannot switch to Linux because the apps aren't supported. - tzahi, on 10/12/2007, -0/+1Which one? :)
- OBKenobi, on 10/12/2007, -0/+1The one that poop comes out of.
- timdawg, on 10/12/2007, -0/+1http://isc.sans.org/diary.php?storyid=1212
- spling, on 10/12/2007, -1/+2There's one thing they did right.
- Lynn, on 10/12/2007, -1/+2Internet Explorer 7 Beta 2 Preview is NOT affected.
http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx - lunarship, on 10/12/2007, -0/+1Just because something has Microsoft written on it doesn't mean it's the worst thing ever, and just because it's open source doesn't make it automatically superior. Personally, I'll choose Oracle over SQL Server or MySQL every time; I'll also choose OpenOffice.org Writer over Word, and MS Access over OpenOffice.org base.
You should choose the best tool for the job for the best reasons. Just because something is / isn't open source doesn't make it automatically superior. Statistically speaking, there might be a strong correlation that open source is better than not, but that isn't always automatically going to be the case every time. - mark_b, on 10/12/2007, -1/+2Hmmmm, stupidly high number of negative diggs...I wonder if it is some conspiricy?
- ironcamel, on 10/12/2007, -5/+5That's weird how so many user comments got modded down. I wonder if Microsoft pays people to undigg negative comments. It wouldn't be very difficult/expensive for them to do that.
-
Show 51 - 98 of 98 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is