Is it safe to Explore?
If the average computer user read the Microsoft security advisory about the Internet Explorer vulnerability - and you'd struggle to find it if you weren't looking - you might be none the wiser about how serious this was, or what action you should take.
A long way down comes this line: "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user." As far as I understand it, that means there is a real danger that Internet Explorer 7 users (and possibly users of other versions of IE) could be opening the door to cyber criminals to allow them to ransack the contents of your hard drive. In other words, it is a pretty serious situation.
So when I spoke to John Curran, head of Windows at Microsoft UK, I had three questions.
1. How serious is this?
Mr Curran told me that only a tiny proportion of websites were infected, but given the sheer scale of today's web, that could affect a large number of people.
So, he said, "it is certainly something people should take seriously."
2. So what should IE users do?
Microsoft is working on a patch but in the meantime Mr Curran said there were four steps to take.
- make sure anti-virus software is up to date.
- run Internet Explorer 7 or 8 in "protected mode".
- set Internet Explorer zone security setting to "High"
- Windows users should enable Automatic Updates so that they get any patch that is issued.
But of course doing all of that is not only time-consuming, it will make your web browsing experience slower and less rewarding. Which brings us to the final question.
3. Shouldn't you switch to another browser until the patch come out?
This has been the advice of a number of security firms - who of course are also touting their latest anti-virus products - but you won't be surprised to hear that Mr Curran disagrees. He told me he had recently seen a report which listed another browser as having the highest number of vulnerabilities. "it would not be advisable," he said,"to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities."
But given the choice between messing around with Internet Explorer and so enduring a second-rate browsing experience until the hole is fixed, or running Firefox, Safari or Opera, aren't quite a few people likely to switch? This could be the moment when the minnows in the browser wars finally score a significant victory.
© MMIX~RS~q~RS~~RS~z~RS~34~RS~)
Comments
Sign in or register to comment.
I can't believe anybody would use IE anymore!
I'm of the opinion that Safari or Google Chrome give the best website browsing experience these days, followed by Firefox.
Once people try those alternative browsers I can't believe anybody would actually prefer using IE. I guess it's just that IE 'works' for most of the people that use it, and therefore they have no reason (or knowledge of how) to change browsers.
Complain about this comment
1 - don't go on dubious websites
2 - keep your virus software up to date
3 - make sure you have your other vulnerabilities patched.
Where was all the coverage when actual viruses were targetting actual vulnerabilities (MS08-067 in October)?
this is a non story - thank you to this part of the site for alerting the world to the real issues.
Complain about this comment
"Life without Walls" - indeed......
Living with Gaping Holes is more like it!
When will the long suffering Microsoft user base wake up and embrace the alternatives?
Oh?, they are already?
Splendid news......
Complain about this comment
Is this in MSIE 6? Or is it just an IE 7 flaw? My employer actively prevents me installing IE 7, but it's on my kids and wife's machines.
I always encourage them to use Firefox 3, but stuff like MSN messenger (aka Live Messenger) has a nasty habit of waking up MS IE when you least expect it.
Complain about this comment
I agree with #1 - I can't believe that any reasonably computer-savvy person would ever choose IE over another browser. I use Firefox - it's much more flexible and less prone to security flaws.
The only reason that IE keeps a large share of the market is that many people just use whatever their computer was bundled with (i.e. Microsoft software)- they don't know and/or care about trying another browser.
Complain about this comment
Since IE's the default browser on Windows machines, I suspect that many of its users won't be familiar with its security flaws, or indeed, how to perform the steps in part 2 of your post.
The simplest thing is to simply download another browser such as Firefox or Opera, and try that instead.
Complain about this comment
I very occasionally use IE because some websites, including that of a major UKsupermarket, don't work properly with Firefox.
Complain about this comment
Your article neglected to mention that 'Protected Mode' is not available on anything but Vista based IE7. XP IE7 does not have this feature for example.
Complain about this comment
Have not used IE or Outlook for years.
Only ever use IE if a site will just not operate on other browsers, and there are a surprising number that will not.
Too often someone finds a disasterous backdoor in either IE or Outlook. With perhaps90% of the world, not to mention ISPs using them it pays hands down for hackers and the likes to concentrate on both to exploit the weaknesses to advantage.
Why spend time finding problems in other browsers when the harvest is not likely to be so great.
So dear reader, if you have not changed, do so, Firefox, Opera and counless others now available to try.
And more bells on them to ring, as well as the ability to customise and select themes and colours.
Complain about this comment
Clearly if anyone is using IE, they don't care much about security in the first place. I love it when I visit a dodgy site in Firefox on my Mac and the site prompts me to "upgrade Flash" (or whatever). Sometimes I click Yes just for fun, knowing it can't do anything.
In response to Mr. Curran, I would much rather use a browser with lots of minor vulnerabilities than one with one MAJOR vulnerability (which is what this is). The number of vulnerabilities isn't important, it's their severity.
If this flaw serves to drive people from the bane of the web that is IE, I see that as a good thing.
Complain about this comment
Companies like Microsoft, Adobe, Symantec and many others, 'phone home' for operations such as product activation or software updates. These 'tunnels' are the backbone of those criminals seeking to exploit vulnerabilities.
It may not be too long before the banks bring a class action against these software giants. If these vulnerabilities did not exist, then customers would not get raided and the banks would not lose the cash. Yet it is only ever the bank or the customer that takes the hit.
A new EU law in 2009 may change all that. Watch out, Microsoft!
See you in the pub.
Complain about this comment
There is a reason experts have dubbed it 'Internet Exploder'.
Get Firefox, Safari, Chrome, Camino, just use anything except IE (any version).
Complain about this comment
Another reason why "I'm a Mac" 8-)
Complain about this comment
As a de facto monopolist, Microsoft has been guilty for years of delivering poor quality, badly written software at a premium price, issuing corrections as so-called upgrades or new releases and having the arrogance to charge for them!
Complain about this comment
You make it sound as though this is the first such flaw in IE... in truth, it's full of such problems, with the steady stream of patches to fix them pretty much matched by a steady stream of newly-discovered issues.
Other browsers have issues, yes, but not in the same numbers or severity. Microsoft got lazy with IE in the years between Netscape becoming irrelevant and Firefox finally making some inroads in IE's dominance, and the product's paying for that inattention now...
Complain about this comment
Is any Microsoft software safe?
As Bruce Schneier said, Microsoft just see security as a marketing problem rather than a technical problem.
Microsoft have for years now just focused on flashy features over robustness and security. This has lead to some monumentally stupid situations such as the version of Outlook that would automatically run a VB script in an e-mail.
People should realise that there are so many free alternatives to Microsoft products that are actually better.
Complain about this comment
IE explorer comes with Windows and internal snopping databases and like anything with a window it is easily broken and provides a entry for criminals.
Haven't used it for years i use Firefox a far better and more secure browser.
Complain about this comment
Don't be too hasty to jump to Firefox, Safari or Chrome, they ALL have their own set of serious security issues.
Only last week were loads of bank details harvested by Firefox owners who got duped into loading a nasty plugin masquerading as GreaseMonkey.
The ONLY safe browsing experience is Opera, it's the ONLY browser that is 100% patched, has no outstanding security vunrabilities, it's also one of the fastest and most functional out the box. It does not do extensions like Firefox, but that's a good thing. Extensions bring bloat and security headaches, and that is something Opera does not need.
Complain about this comment
A bias article interviewing a bias person...
Pray tell, what was this 'other' browser that has more flaws then? I can't believe any other browser is more flawed than IE...
FireFox all the way.
Complain about this comment
Up dated my computer to Vista.
Started to use IE7 and quite liked it.
McAfee started popping up saying that it had blocked this and blocked that; trojan here trojan there trojan everywhere.
I then used IE7 to get to Google home page and downloaded Firefox.
Back to normal.
What a difference.
Complain about this comment
the problem is that most people don;t know there are other browsers. For them, IE IS the internet. and I'm talking about relatively internet friendly people who use Facebook and hotmail etc, the bread-and-butter internet users. they're also the people least likely to read about this security problem, or indeed understand it applies to them.
Like a lot of people in IT I have taken every opportunity to convert people to Firefox as it's the most friendly alternative in my opinion. When I first suggest it few have heard of it, but no-one has yet complained. I stress its security, add-ons potential, and, most importantly, the fact that it has a much cooler name.
Complain about this comment
Moving to another browser would work simply because 95% of the world uses IE, so it isn't worth virus writers writing viruses for other browsers.
To be really safe, run Linux rather than Windows, as Linux by default is a safer OS.
Viruses will always happen because so many users are lazy and use the software which came on their machine...also they don't bother to learn how to use it to any depth.
Complain about this comment
IE isn't known as Internet Exploiter for nothing, you know.
Complain about this comment
Curious comment, firstly let me state more vulnerabilities does not equal less safe, let me explain... it is better to walk down the road in a sleepy village with £500 sticking out of your pocket than through London, same vulnerability but less of a chance of someone exploiting it... the minority browsers, Firefox included, dont attract the same number of interested hackers. It is a fact that IE represents a risk to users especially if it is unpatched or whilst it is un-patchable. I always suggest Firefox, and Chrome as alternatives as they can and more often than not do, give a better user experience if configured properly. I urge viewers to explore safe browsing options - look at setting your DNS to OpenDNS and try Firefox or Chrome even Safari or Opera. its an open world, or could be if we just try!
Complain about this comment
I'm a firefox person but this is a non-story.
Whats the point of worrying about your browser security if you don't shred your phone bills? I'm far more worried about using my bank card at the average petrol station than someone hijacking my PC. Given how many cash cards have been cloned in petrol stations its a riskier activity. Browser security is much less of a risk than human error- far more people will respond to phishing e-mails than will have their PC's hacked via IE.
The only way to be TOTALLY secure is just not to bank on-line and only use a credit card (not a debit card) if you shop online.
Complain about this comment
#18 correctly pointed out that bank details can be harvested from users.
When on-line banking was introduced, a number of years ago, I remember someone from a large Bank explaining that he would not be using on-line banking as it was not secure.
At the time I was researching RSA/PGP encryption methods and as such I readily agreed with him.
IE was offering 128bit encryption which even for those days was laughable. (American/Canadian IE versions were offering 256 bit encryption.)
I do not have any bank details on my computer, no way no how.
Complain about this comment
To get Firefox go to
http://www.mozilla.com/
and click on the download Firefox.
It is even safe to do this in Internet Explorer.
Complain about this comment
Anti virus software will not stop hackers taking over your pc. You need a good firewall. And don't use IE at all. Firefox might not be perfect but it leaves a different footprint to IE. I use it at home and in the office and have never had a problem. At the end of the day be aware of sites you are visiting and only install so called add ons if you are totally happy that they are genuine. Remember the Facebook problem.
Complain about this comment
For the simple reason that Internet Explorer is unapologetically entwined into the operating system I avoid using it whenever possible. That has its advantages for technicians doing operating system configuration but almost nothing of value to web surfers.
Getting a Firefox flaw to get Windows to trust it into giving access to the hand disk is an additional hurdle that significantly impairs development of malicious code. Safari, Opera, and Chrome have the same key advantage.
Complain about this comment
In truth no browser or OS is safe and Microsoft is probably doing a better job than most at securing their products.
Microsoft is the biggest company in the sector with the largest market share so they are always going to attract the majority of the attacks and the majority of the criticism.
Everyone loves the little guy but 2009 will be the year when Apple and Google will be open to similar attacks and criticism simply because the usage of Chrome and Safari will go up.
As for all of you out there smugly using Ubuntu did you hear about the OpenSSL vulnerability?!
Complain about this comment
This comment was removed because the moderators found it broke the House Rules.
For your average computer user, there are two main issues: price and ease of use. For the former, as Windows PCs come with Internet Explorer already installed, it doesn't really make much of a difference to them whether there is a free version out there. And a PC is still generally much cheaper than an equivalent Mac.
Secondly, it is generally easier to stick with the pre-installed software than to install something else to do the same job. On a previous computer I tried but failed to install Firefox.
Such users are frequently unaware of security issues until such time as they have already been patched, or until such time as it hits them directly, and most of the time IE works fine.
As for 16's comments that "people should know that there are so many free alternatives to Microsoft products", that is true, but unless they get marketed more in the day-to-day media and not just in computing media, that is unlikely to happen.
Complain about this comment
The problem with Internet Explorer is that as soon as Microsoft have patched this problem there'll be another hole to plug shortly after... and so on. Microsoft Vice President Brian Valentine was famously quoted in 2002 saying "I'm not proud ... We really haven't done everything we could to protect our customers ... Our products just aren't engineered for security". So not much has changed, even though Microsoft poached a senior security guru from IBM.
It was about the same time that I had a meeting with a senior security analyst at a major bank who said something to the effect of "never use Internet Explorer for web banking".
Okay, Firefox (my preference) isn't perfect, and I know they patch holes in that every now and again. But I still feel safer than with Internet Explorer.
Complain about this comment
I don't know why anyone would use IE. There are scads of free browsers for PCs and Macs. If I'm on a site that works only with IE (because it's badly written/coded) I leave it.
Complain about this comment
A good way for protection is to use the no-script add-on for firefox. It is very useful and ever since I have been using it, there has been no problem at all with viruses.
Complain about this comment
There is only one totally secure browser in existence. It won't render pretty pages, but it will let you see a websites content (providing the website is marked-up accessibly), and that's Lynx.
Complain about this comment
I just read the following comment and then suddenly found myself agreeing with America that I should be allowed to buy a gun!
shookster21 wrote:
Clearly if anyone is using IE, they don't care much about security in the first place. I love it when I visit a dodgy site in Firefox on my Mac and the site prompts me to "upgrade Flash" (or whatever). Sometimes I click Yes just for fun, knowing it can't do anything.
"I SOMETIMES CLICK YES FOR FUN"
Complain about this comment
I just read the following comment and then suddenly found myself agreeing with America that we all should be allowed to buy guns!
shookster21 wrote:
Clearly if anyone is using IE, they don't care much about security in the first place. I love it when I visit a dodgy site in Firefox on my Mac and the site prompts me to "upgrade Flash" (or whatever). Sometimes I click Yes just for fun, knowing it can't do anything.
"I SOMETIMES CLICK YES FOR FUN" hahaha man shoookster you need serious help with ideas of how to have fun. If this is how people who use Firefox think then I am definitely sticking with good old IE!
Complain about this comment
It's nice to see that you can't teach an old dog new tricks, even if that does mean Microsoft representatives still using the Fear, Uncertainty and Doubt technique.
If Mr Curran had any, even small, evidence of another browser having similar (let alone worse) vulnerabilities than IE he would certainly name the product and cite his sources for the claims of such vulnerabilities.
He doesn't, so you simply cannot trust that statement any more that an email from a Nigerian prince.
Complain about this comment
scotbot,
Internet Exploder too!
Complain about this comment
After all the nonesense about macs and viruses on the beeb. Which was poo stiring. (how much did microsoft pay you) This happens. Classic. Anyone else for the debate about microsoft and apple security??? Didn't think so...
Complain about this comment
Hearing this makes me glad I ditched Windows many years ago and started using Linux.
I suppose this is one of the 'cons' of making the PC so widely accessible (unlike the good old days where you needed skill and knowledge to use them).
You've got to agree with me that "Microsoft counselled against taking such action" (in reference to using an alternative browser) isn't really surprising!
Could you imagine their shareprice should they have said "hmm, well, the flaw's been around for years, we've just never fixed it as nobody noticed. in the mean time (until we can get around to fixing the MAJOR SECURITY hole in our product) we recommend switching browsers"?
Neeeeeeeeeeeeeeeeeeeew-CRASH!
I also wonder how many people WILL change browsers and how many of those will go back to IE once they have tried an alternative?
Complain about this comment
Firefox is used by 20% of internet users and is climbing.
I've been using Firefox since 2000 because of its security, it's spreading also because of its customizability, now I'm on the Mac.
IE is flawed by design, this means that, no matter how many patches MS will issue, there always will be a vulnerability until MS won't overhaul Windows' internet access, wich is tied to IE.
Complain about this comment
Scotbott. It is not 100% secure. Nothing is. If i was clever enough and rich enough I'd prove it to you. However you are correct in that you are almost 99.9% safe in the current climate. Besides firefox and safari are based on linux and unix systems that are very stable anyway. I remember when their was a court case in the states about microsoft putting a line of code in explorer to stop it reading linux or unix code, this was to stifle competition and effectively innovation. The court case never resolved in the public eye. But thank god microsoft keep getting what they brought upon themselves. Dinosaurs will die.
Complain about this comment
The ONLY safe browsing experience is Opera, it's the ONLY browser that is 100% patched, has no outstanding security vunrabilities, it's also one of the fastest and most functional out the box. It does not do extensions like Firefox, but that's a good thing. Extensions bring bloat and security headaches, and that is something Opera does not need.
------------------------
I couldn't have said it better myself. Although it doesn't have the marketing power of Firefox it truly is the greatest browser out there.
It's the innovator, the safest and the fastest.
Complain about this comment
@41,
Couldn't agree more. I bet it really really hurt the BBC 'Technology' Department to have to put this story on their front page, just like they did when they thought Apple were advising people to start using anti-virus, which was completely incorrect.
Honestly, the more I read this site, the more I think it is sponsored by Microsoft.
Complain about this comment
If you are connected to the internet you are not 100% safe. I'm sick of all these 100% safe people. I am no geek but surely you know this.
Complain about this comment
As a web developer I would advise people to use Opera or Firefox (safari is horrible in my opinion). Opera is by far the best in terms of pure browsing but firefox has some nice add ons. Opera is the safest.
Also please please please make my job easier and move from IE! It does not use web standards so pages have to be modified to work in IE.......
Hopefully MS will do a better job with IE8.
Complain about this comment
I still maintain that all browsers are just as bad as each other really, in terms of security. It's like naïve Mac owners thinking they're immune from any Internet threat, just because a Windows v!rus won't run on their machine...
As a web designer I use all browsers, because I have to for testing purposes.
Day-to-day I use IE as my main browser on my office PC, and Firefox when I'm not working, but purely because I have Ubuntu on my laptop, which I use mostly for leisure.
I've noticed Firefox getting a lot better over the years, and becoming more of a competitor to IE... however, because I don't believe all the sensationalist rubbish and because I don't hate Microsoft for the sake of hating the "big company", I still use IE as my No. 1 browser and probably always will.
I have no reason not to!
Complain about this comment
The thing is, people think they're protected when they are not. One musn't rely on just one piece of anti-virus and anti-spyware software. I have many different pieces of protection software so that if one misses the detection of something naughty that is embedded in one's PC almost certainly one of the others will pick it up.
My PC isn't running any slower because of these extra pieces of software - well nothing that seriously hampers my use or enjoyment of the computer.
The fact is, people need to have some technical savvy to operate a computer these days and if they are not, then they should think twice about possessing or operating one!
Complain about this comment
One point that a lot of people missed...
It's all very well telling people they're idiots for using IE and not installing Firefox. But there are a lot of users out there who haven't the choice.
A lot of IT departments in large companies deliberately stop their users from installing software themselves, so they're stuck with whatever their IT department has given them.
And don't worry... Once Firefox gets above about 30-40% of the global internet traffic then it'll be worth the virus writers' effort to work on its security flaws.
At the moment, the only real safety in Firefox (or any other 'alternative' browser) is not the fact that they are more secure, it's just that they're a smaller target than IE.
Complain about this comment
"hahaha man shoookster you need serious help with ideas of how to have fun. If this is how people who use Firefox think then I am definitely sticking with good old IE!"
In that case I look forward to you opening your bank statement and finding your money transferred to a bank in Nigeria. I, meanwhile, will enjoy my non-ActiveX browser running on my Unix-based OS that can't open .exe files.
Good old IE? This whole article was about how it is NOT good at all! And 36 comments above yours agree with that.
Complain about this comment
It's all well and good all of us saying on here 'use another browser' but only people who are interested in technology will look on this blog. The majority of us won't use IE anyway. The only reason I'm using IE to write this is because it's from work and with 400,000 computers to switch I'm sure my IT department won't bother.
What we need is for sites such as the BBC to fully embrace browsers such as Chrome and Firefox in areas that they don't already. The iPlayer now works but little things like the quizzes and suchlike are still problematic.
I switched to Chrome ages ago and never think of going back. I also noticed that Live Messenger automatically opens links in IE (as did Dougie #4) so had to uninstall it. Windows really didn't like that, it asked me about 10 times if I was sure I wanted to remove it!
Maybe it's time I saved up for a mac, not sure if I'll ever be able to afford one in the current climate, hey ho!
Complain about this comment
"But given the choice between messing around with Internet Explorer and so enduring a second-rate browsing experience..."
IMO using IE *is* a second-rate experience! If a site won't work with a decent browser, then I'll look for the information I want elsewhere, but there is absolutely no way I'll go back to using that essentially broken browser again.
Complain about this comment
I only use IE to check my web pages work with it and once in a blue moon (I usually just leave such sites) visit a site that won't work with anything else.
I not only prefer as a user but also feel more confident regarding security with my Linux/Firefox system.
Complain about this comment
This comment was removed because the moderators found it broke the House Rules.
@ evergrowingbrain (the number 2 comment above) - please remember that steering clear of "dubious websites" will NOT protect you from vulnerabilities like this.
There are a growing number of perfectly legitimate websites unknowingly hosting some of these exploits (having themselves been exploited through other means) - you could be attacked tomorrrow through a site you've trusted for years.
I myself run a small website which is in no way "dubious" - a couple of years ago my perfectly reputable host got their servers hacked in a "zero-day" exploit, and not only my site but hundreds of other perfectly legit sites were spewing out another IE exploit. Like hundreds of other webmasters using that host, I was literally helpless and unable to stop my own trusting visitors from going to the site and potentially getting infected. The point is, this could happen tomorrow to *any* site, including the most innocent and trustworthy in your own bookmarks.
Complain about this comment
You can discuss which browser is better than the other until the cows come home ...
The clear benefit of Firefox and other open source software is that the security fix can be peer reviewed by a much larger community than that of a commercial company. Therefore as yet there is no fix from Microsoft for this vulnerability - with serious Firefox issues a fix ususally appears very quickly.
Allowing the code for a web browser to be open and accessible freely provides a much more sensible model for developing software facing the internet.
Complain about this comment
Been using the FIREFOX browser for last 5 years & it is by far the fastest most secure open sourced browser on the market
Complain about this comment
The thing is that people who use IE because they don't know better won't be reading IT-blogs like this.
After numerous attacks on my mum's computer I forced her to learn how to use Firefox. She didn't like it and said "You know I'm very conservative when it comes to technology". She's flippin' 68 and spends her entire pension on eBay, so I didn't give up. I even removed everything to do with IE on her machine. Took a couple of months and now she would never switch back to IE and her PC has been clean from viruses.
Next step is to make her use Linux.
Think it's everybody's duty to remove IE from their clueless acquaintances computers and replace it with Firefox. Bet you, if you make sure you associate all shortcuts with Firefox they wont notice a thing apart from the pages load quicker.
Complain about this comment
This comment was removed because the moderators found it broke the House Rules.
IE is a bloated monolith. FF3 is way better, add some key add-ons - "adblock plus" and "no-script" and you have a much greater level of security.
When I first installed and used noscript in FF3 the level of scripts,cross scripting and other sites that were accessing my PC was rather frightening.
Now paranoid and wearing foil hats!!!!!
Do yourself a favour and ditch IE
Complain about this comment
I have been a Firefox user for years. I only employ IE for certain work-related sites and forms that are designed only to work in it. It is both spurious and an abdication of responsibility for Microsoft to advocate continuing to use their flawed product in favor of one that - whatever vulnerabilities it may have - at least doesn't leak your personal information like a sieve.
Complain about this comment
august82 "Next step is to make her use Linux.".
My parents are in their 70s and are (OpenSuse 10.3/KDE) Linux users. Their PC is dual boot with XP Home but they never use the Win part.
Complain about this comment
Having read through all the comments, I just tried to log on to opera.com via IE
Guess what ... it won't load the site.
Complain about this comment
he [Mr. Curran, MSUK] had recently seen a report which listed another browser as having the highest number of vulnerabilities. "it would not be advisable," he said,"to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities."
Oh how typical.
Never mind the gasping stupidity of IE/Windows exploits - let's just wave meaningless numbers around for "another browser" to frighten people into staying with IE.
But do people REALLY still use IE?
How quaint. I guess they'll catch what they deserve.
Complain about this comment
Since ALL browsers are full of security holes (and that includes people's beloved Firefox), I would suggest this bit of added security:
NEVER use a computer with administrator privileges!
Always set your computer up with users who have restricted privileges, and leave the "administrator" for installing software or making major changes.
If you are using older MS software like windows 2000, make sure you set it so that you HAVE to press ctrl+alt+del to log in.
This way, if someone does hack in as you, then they are limited to what they can do.
Complain about this comment
Whisky - you seem to be rather confused.
Firefox usage currently sits around 20% - certainly not insignificant and easily a big enough target for any miscreants. Yet still it doesn't suffer from flaws as serious or widespread as Internet Explorer.
Historically IE has been the 'open door' into many user PCs, and this is just another example.
If a flaw is found in firefox you can rest assured that it will be discovered by the open source community and patched much quicker than IE ever is.
No-one who reads this blog should run Internet Explorer - it isn't safe and you are just asking for trouble.
Complain about this comment
@Shookster (51) ... 'security by obscurity' is a line normally peddled by people who know they're using a substandard product (in this case, IE) but haven't the motivation to do anything about it. It's also pretty lazy reasoning because it simply assumes, without evidence, that the alternatives are as bad as IE because, well, they must be, mustn't they ... ?
In fact, Firefox has a major advantage over IE. Its codebase is open source and therefore open to inspection by anyone who can understand it. That means vulnerabilities are more easily found in the first place, while the browser is in beta-testing, and any that go undiscovered until after full release can more easily be fixed thanks to the huge number of people who freely contribute their time and resources to the project.
Right now, you're at the mercy of a company that has been coy about the very existence of the vulnerability and even now is only letting a selection of its own employees work on a fix. Meantime, I have a browser - Firefox - that was lovingly crafted and tested by tens of thousands of people all over the world, and continues to enjoy that support.
I know which side of the internet I'd rather be on, and it aint yours!
Complain about this comment
I forget that there's ANYONE out there still willing to use IE (any version) for anything. I think it was P.T. Barnum that said, "There's a sucker born every minute."
Firefox is my poison, but I hear that Opera and Google Chrome are just ducky too. (And if you don't mind a more visually spartan browser I hear that Chrome is really speedy. Even more so than Firefox.)
Also, for anyone who is like me and dreads even starting IE even once...for anything: Google "IE tabs Firefox". You'll never have to start IE again for any reason :)
Complain about this comment
I would think twice about using firefox. see this link
http://blogs.zdnet.com/security/?p=2304
Complain about this comment
Today 96% of computers are sold with microsoft's software and you cannot get a rebate for buying a computer with nothing inside.
There is no wonder why most people simply use the software inside and pay more money for protecting an unsafe system.
After two major crashes with the windows thing, I have switched to something nearly free (just buy a computer magazine with a Cd or Dvd inside), anti-virus free, allowing to download free software, I mean Linux.
It is such a pleasure that now I have 10 hard disks with 10 different systems.
All of them are fitted with Firefox, plus other browsers like Epiphany or Konqueror.
Linux systems can read non linux systems! Ask windows to do the same!
So, stop worrying with the software inside your computer,first, save your docs and photographs on a cd or dvd, buy a magazine or download a Linux system, burn Linux on a cd, restart your computer and install something not completely different visually but technically yes. Oh! I forgot relinquish you anti-virus.
When signing in on the BBC site, I have noticed that in the confirmation mail, the Beeb is using .... Linux, yes!
Complain about this comment
I like internet explorer, especially 8.
I am also dissapointed by this security flaw. I trust microsoft but if this kind of thing carries on, I might have to move to firefox (I am writing this in firefox at the moment to save my details!)
Complain about this comment
IE is the least secure and slowest of the mainstream browsers. Some sites are incompatible with Safari, Lynx and Google Chrome (it's the fault of the coders on those sites, not the fault of the browsers). Firefox seems to have the best balance of functionality, speed and compatibility.
What really annoys me though is that occasionally I need to use IE because Microsoft sites tend to be coded to DELIBERATELY ensure that only IE can access them.
Complain about this comment
I work as a sysadmin and i really can see if anyone starts using ie, then most probably that soon he gets a bundle of all possible trojans, viruses and rootkits. So I think it's Internet Explorer that helps to dispatch malware all over the world. Firefox or Opera browsers are what you need to prevent your PC from being used by hackers via web sites.
Complain about this comment
I work as an IT Security Consultant. I'm CLAS listed (http://www.cesg.gov.uk/products_services/iacs/clas/index.shtml).
I always love the suggestion that you can solve security problems by changing software or operating system - makes me laugh out loud. Also, very encouraging, because there I know that with this level of ignorance, there will always be work for people like myself!
Let me put this in simple, easy to understand terms:
your browser send an HTML request to the server. It receives an HTML response, which it formats on the screen. That's it. That's all that a browser does.
All this nonsense about browser wars is out of date and just plain daft now.
To keep your system secure, make sure you install updates, use the correct configuration, and keep your anti-virus up to date. Oh, and don't log on as an administrator.
So, the high security setting will stop you installing ActiveX controls from an unknown source. So you really want to install this stuff on your PC? If you do, then you really don't care about security, do you?
Complain about this comment
I am a computer novice, i do use internet explorer it seems i should nt.
But when I read the patronising comments on this type of thread about this making me an idiot and living in the dark ages I remember why i have never changed.
Sad really there is clearly a strong arguement to use an alternative and good options available, it seems the idea of breaking microsofts virtual monopoly appeals to a lot of people but instead of helping people like me the so called experts on here have decided to instead just slag off anyone with slightly less knowledge than themselves.
Post 70 is a prime example.
Complain about this comment
I have not used IE since Windows 98 simply because it was riddled with security holes constantly being patched up by hundreds of KB's ever since. If IE was available only as a bolt-on and not integrated with Windows OS's, I would put money on no takers as there are far superior products out there such as Opera or Firefox and far more user friendly also. But the main issue is that the security holes of all IE versions has created the hacker culture which, in turn, has forced many to purchase AV software and strong firewalls. Money that need not have been otherwise spent.
Complain about this comment
@dom
What's the point of simply counting "vulnerabilities" without considering each one first?
This is the sort of silly game that MS play to try and score points and it's no surprise to see ZDNet playing the MS sock puppet.
Much more revealing is (for example) to consider the mean time between discovery and patching of flaws.
Difficult with MS because they don't announce most of them - unlike "another browser", the creators of which fully understand the importance of honesty, openness and acting quickly & comprehensively.
Complain about this comment
I've tried all the alternatives to IE and given up on all of them, mostly because of the number of web sites which only behave properly in IE.
I gave up on Opera because on my main "entertainment" computer the BBC I-player will not work in Opera, and no-one can tell me why.
Complain about this comment
The problem is, there is now a multi bi££ion pound industry setup and dedicated entirely to saving Micro$oft users from themselves.
Security software writers, installers and maintainers, anti virus software companies, PC "doctors", network engineers, PC "gurus", support lines... the list is endless. If MS products actually worked properly there would be no need for this industry to be so big.
So, do MS do their job and keep a few long-suffering end users happy, or maintain the status quo, continue to turn out half baked bloatware and keep a major industry alive and happy?
Since MS now sell directly into the PC security industry (many of the products available to keep your MS servers safe and secure can be bought from, yes you guessed it, MS), I suspect the have taken an unwritten and unpublicised decision to do, well, nothing.
Which is exactly what they've done all along when it comes to making their broken products work properly.
Complain about this comment
NoScript is a free plugin for Firefox that filters scripts, and to my kn owledge is the only such solution. I would never surf the web and allow unrestricted website scripts to run through my browser.
Most web sites rely on Java, Flash, and Javascript to present their content. unfortunately, even "trusted" websites usually present cross-scripts (in the form of "ads") from other sites which they neither monitor nor control.
It is these cross-scripts which is the major vulnerability for all browsers, and through which malicious code is introduced to computers.
NoScript filters all scripts by default and then presents a list of scripts to the user. The user chooses which ones to permit. Even keyboard redirecting scripts are caught (no browser in the world has this level of security).
I would never surf without NoScript (in Firefox).
Complain about this comment
The flaw under discussion here is one of hundreds which have been revealed up to now, and hundreds more surely to come. I'm no fan of Microsoft, and there are plenty of reasons to switch to another browser and operating system, but this "incident" should be barely a blip on the radar.
All these stories about "a dangerous security flaw out there" remind me of those broadcasts you used to see (or was it only in movies?) where "a dangerous criminal has escaped from the local prison". If he was the only dangerous criminal in the country then OK, but given that there are dozens of bank robberies and murders every year in large cities, one extra criminal - whose fingerprints and photo are on file and who is being actively sought by the police and embarrassed prison authorities - really isn't going to make all that much difference.
The only malware(s) really worth getting worried about are the occasional worms which spread very quickly, and in those cases, your anti-virus software is going to be even less help than usual. (The response of every anti-virus company to the "MS-Blast" and "Sasser" worms was "get a patch from Microsoft, there's nothing we can do to keep this off your PC".)
Certainly there's no point in updating your anti-virus software right now; either it provides good generic protection from the kind of exploit which will appear for this problem (unlikely), or your anti-virus vendor will be playing catch-up as usual, as soon as the exploit hits the wild. We catch a lot of viruses on our network before more than 3 or 4 of the 30+ commercial products out there know about them; it typically takes a couple of weeks for even 2/3 of them to be up to date (as shown by virustotal.com.)
Complain about this comment
@oldbearchris wrote:
"your browser send an HTML request to the server. It receives an HTML response, which it formats on the screen. That's it. That's all that a browser does."
No, that's all it's SUPPOSED to do - but then MS added ActiveX and God knows what else which rather makes a mockery of it all, don't you think - as well providing many WINDOWS-SPECIFIC vectors for malicious code injection.
So in this case, changing to a browser and/or OS which isn't quite as brain-damaged WILL solve a very large majority of the Windows-specific security problems.
"keep your anti-virus up to date.", you say.
Huh. Why doesn't the manufacturer of a certain OS harden their code so it isn't such an open door to viruses? I mean it's a REALLY open door and way beyond a joke. Has been for years; any version despite the usual pre-release claims.
Can't MS fix it?
Well history teaches us that no, it can't.
Complain about this comment
@ sharon1402 whjo wrote:
"But when I read the patronising comments on this type of thread about this making me an idiot and living in the dark ages I remember why i have never changed."
So You are given the advice, over and over again right here (don't use MS IE), and you ignore it out of, what, stubbornness?
It's this attitude that keeps MS so prosperous and happy. In my experience. most people who suffer serious security issues know exactly what they should have done to prevent them. They just couldn't be bothered.
Like most people can't be bothered to simply change browser.
Complain about this comment
Those of you moaning about Windows being unsecured obviously missed the patch Apple had to release yesterday that, you guessed it, allowed remote code to be executed!
Firefox, Linux et al have their fair share of vulnerabilities - they just don't make the headlines because they're not so widely used.
I recommend people turn on DEP. (see http://en.wikipedia.org/wiki/Data_Execution_Prevention#Configuration )
This will stop most attacks that work like this one.
If you have XP or 32 bit Vista then DEP is off by default. The downside is some applications won't work, (such as Half Life) but even then it's just a case of adding an exception for that particular application.
Complain about this comment
Like some other people mentioned above, there are other great features that Mozilla Firefox has to offer. For example, add ons can make it easier to do the things you want online.
You can also easily control security features, and customize where the buttons are located (in case you are not comfortable).
Don't forget, your router can also be a way for people to break into your computer. Although I found that there are new security products (i.e. BreakingPoint ) that look like they will almost eliminate those security threats.
In reply to Dom (Post 71) I think that the title is misleading. see the first comment after the article.
Part of the reason that Firefox has an advantage is that thousands of experts are part of a community of developers that works on this software, so it can be fixed very soon after a problem is found (as with any browser, just make sure to install the latest updates and have automatic updates turned on!)
Complain about this comment
Microsoft have been very lazy with IE - once Netscape died, they basically had almost full market share and stopped bothering to develop the browser.
Unfortunately, they are also extremely sloppy when it comes to implementing web standards - as a web designer, my work is roughly doubled by the need to work around IE issues.
Firefox, Safari, Chrome and Opera are much better alternatives - and all are free and easy to install.
And for proper security - try Linux instead of Windows.
Complain about this comment
Not to offend, but this concern is about 5 or more years too late. Microsoft is notorious for not only having a whole load of exploits constantly showing up in their internet software, but many are intentional features, YES features that are intentional, there to facilitate business uses and advertising in what they see as an all in one browser. This makes it obviously not secure enough for the average user if they care at all about security. And no matter how up to date your software is, and especially anti-viruses,someone hacking into your system though what is essentially a backdoor is NOT a virus, and goes unnoticed to any user that does not have the very advanced security software designed to watch for such intrusion, which companies don't even have, because they don't exist. Show me one person who says they have a perfectly secure system due to their expertise, and I'll show you a liar.
Even using another browser is only a bit safer, as you cut out any potential IE exploits, but with the fact IE is currently part of the operating system itself, which is also full of the same types of holes, both intentional and unintentional, you are never perfectly secure.
The best advice one could give is to keep any important data on a removable medium and keep it backed up (cd-r, dvd-r, flash, whatever) and use your computer under the assumption it probably will be, or could already be, hacked.
Being an IT professional myself, it annoys me how novice so many of the current IT professionals are, but unwilling to acknowledge it, getting a lot of average users who couldn't possibly know better into a lot of trouble, then putting the responsibility on the users because the IT profs "obviously" couldn't be at fault for being irresponsible in their interface design, programming, and security implementations.
Windows, and most other operating systems, for the normal human, are confusing as a system can get with all that is promised and presented to them, and how easy they make it for the user to break it. Or how often we find the systems came already broken, or constantly break themselves.
People Use IE the same reason they use windows, because ti is already there, and MS has already convinced everyone that if they don't write their software for windows, they won't make a lot of money. That's the way it has been, that is the way that it is, and I don't see things changing in the near future because most new IT professionals are almost as ignorant as the users now.
But what do I know? It's not like I've actually taken a true interest in the field and have actually kept up on what companies do or anything, I mean, who does?
I personally love using my computer, and very much enjoy helping people with their computer problems, but I can't stand how much their (PC's) potential has increased, and yet trying to do the same things I used to do in DOS actually takes the same amount of time, or longer. Doesn't anyone else care about why this is the case other than me? And useless bells and whistles are just that, USELESS. But they dazzle executives and idiots who don't know any better, so that is why it is the mainstream. Usefulness has become a taboo subject these days and it isn't any more evident than the state of what the IT industry offers the public; CRAP for CASH.
P.S. I have an IT degree, have worked PC support on every version of Windows and many Mac OS versions over the last decade or more (used Linux, most Linux users don't need support), have set up several networks, learned to program in 4 languages, do graphics and web design, worked at several helpdesks (utter hell, and not because of the users), and am a regular reader of The Register, and on the odd occasion they don't have the articles on their site, will read tech news on the "major" news sites. So suffice it to say, I've built up a healthy disgust of the ultra-nerd-elitist mentality of most of the people who are in the IT industry, and am never surprised, or offended, when a user may not trust me right away when I'm just trying to help. Being smart doesn't mean you know something someone else couldn't care less about, or just hasn't had the chance to learn yet. But that mentality dominates in every IT based management level, and employee level, I have ever encountered. Don't even get me started on that mentality in science and medicine...
Complain about this comment
"your browser send an HTML request to the server. It receives an HTML response, which it formats on the screen."
Well it sends an HTTP request. The content returned need not be HTML (even if a .html page is requested) , may or may not be handled by the browser and HTML can contain JavaScript, embed ActiveX, etc.
Complain about this comment
I've already been using Firefox and Chrome in place of IE for some time, it really irritates me that such an inferior product is given such a hold on the market.
Complain about this comment
This is a response to Microsoft's veiled stab at Firefox, who they were almost certainly referring to when they listed "a browser" with even more security flaws that IE, but conveniently made sure their source wasn't available to the BBC .
-and also-
To "Dom" who posted: "I would think twice about using firefox. see this link
http://blogs.zdnet.com/security/?p=2304"
Response to 'dom': Bit9's estimate that IE7 is safer than Firefox is arbitrary. (I'm being in kind using that word and also assuming this is their position since IE never appears on their little 'list'.)
Why?: First, a person needs to see [Unsuitable/Broken URL removed by Moderator]to see the criteria they use to come up with their results. In particular look at item 5. Do IE's "automatic" updates exclude IE7 from the list? Also, the 'CVE* Numbers' column. Google those CVE's (In Example, Google "CVE-2008-5052")
3 of the items on Bit9's 10 item list do not even apply to Firefox3 (consider comparing IE6 to Firefox 3....) and there's another that is listed as, and I quote, "CVE 2008-4016
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."... So we don't even know what that one will be yet.
You're killing me here people. You have the most powerful tool ever created my manknd at your disposal.. the internet. If you have time, start using it to educate yourselves a bit on things that affect your daily lives. (I am not above this... I need to start using the internet to better effect to enrich my own life as well... hey, at least I'm trying;)
Complain about this comment
The main problem with all Windoze flavours up to and including XP is that you are logged in as a "root" user by default, which gives you access to the whole system, but also gives anything you download acces to the whole system. I'm not sure if this is true still with Vista, I don't use it.
As a Linux user though (unless you're daft enough to log in as root and browse - which should never EVER be done) you only have "write" access to to a limited area of the file system (your home directory + anywhere else you've been given explicit permission), which limits the movement of malignant code under most circumstances. Most if not all programs are in an area to which only root has write permission.It's this simple safeguard which makes Linux that bit safer, although admittedly I believe it is possible to get past this with rootkits and the like.
Complain about this comment
Just a quick note on the 'I can't believe anyone would use IE anymore' - coming from someone who has been using the internet for 16 years now and has tried every browser that was serious enough to compete, I would definetly say: you should use IE - and this is coming from a guy who is a system architect.
Today IE is the browser that provides the richest browser experience ever and makes the best use of resources for the features offered.
Anyone who complains about IE just does it to look cool to their friends since they had enough knowhow to setup another browser - but have no knowhow about how the thing works.
Complain about this comment
Than god Mr Curran is bot my security advisor. If he thinks running anti-virus and anti-spyware makes it ok to run internet explorer then he should consider another job. Even microsoft are advising against the use of internet explorer.
The truth is if you want to be SAFER on the internet then don't use windows.
Complain about this comment
Oh! Is that all?A happy Ubuntu/Firefox user
;-)
Complain about this comment
I agree with others who mentioned NoScript and Firefox. It is a very secure combination, and running it on Linux makes for a very secure machine. I've never had any issues with this setup.
Complain about this comment
<RICHPOST><P><A HREF="http://www.bbc.co.uk/blogs/technology/2008/12/is_it_safe_to_explore.html#comment67">The_Old_Boar's comment</A> is well worth a read. This particular volnerability is extremely severe. Any hacker with the knowledge of how to exploit it may potentially gain the same level of access to your programs and files as you. Even so, restricted users still have precious files and folders which I'm sure most people would rather keep private. Therefore, Microsoft are being irresponsible not to urge use of alternative browsers at present.</P><BR /><P>We can debate the merits of each browser for infinity. No matter what developments occur in the future though, no browser will ever be 100 percent secure. Firefox, Safari, Chrome, Opera, Internet Explorer and indeed any other browser, all contain some security holes. However, many of these remain undiscovered and not all of them will allow a hacker to steal everything you have on your computer. This is why this particular Internet Explorer flaw is serious enough to warrant discussion on this Blog. Until Microsoft fix it and you download and apply their fix to Internet Explorer, you are leaving your data open to interference including access, modification or deletion, any time you run Internet Explorer.</P><BR /><P>I hope this helps clear up any confusion you may have.</P><BR />[Unsuitable/Broken URL removed by Moderator]Darren Paskell , Undergraduate in <A HREF="http://www.cs.rhul.ac.uk/">Computer Science</A>, <A HREF="http://www.rhul.ac.uk/">Royal Holloway, University of London</A></P> </RICHPOST>
Complain about this comment
I love all the patronising comments from the smug Mac owners. Need I point out that Microsoft products are targetted so much because they are in such widespread use?
Apple has are such a tiny proportion of the market that it's hardly worth writing viruses for their products. It's like the Vatican declaring itself one of the few countries free of the Credit Crunch.
Complain about this comment
In addition, sharon1402 is perfectly justified in her comments, most of the informed in IT are ignorant to the average user's experience and background, making anything useful they might contribute too easy to ignore. Not everyone was born with a zx81 in their hands, and having that experience cannot prepare you for the insanity of what is out there now posing as personal computers.
But hey, what do I know? My hat still fits my head.
Complain about this comment
Oh, and keep your eyes on chrome, Google is about as trustworthy as MS nowadays (they're best friends you know, and competition between them is a joke), and are more than happy to watch everything you do in order to "provide the best user experience."
Complain about this comment
to pcociuba
thank god I never had to work with you :P
Complain about this comment
I don't think anyone really considers Firefox to be a minnow anymore. GetClicky shows Firefox above 30% marketshare, and w3Schools shows it above 40%. In some places in Europe, it is much higher.
Complain about this comment
dextersmith wrote:
"The main problem with all Windoze(sic) flavours up to and including XP is that you are logged in as a 'root' user by default"
Only if you choose to login as an Administrator. Microsoft recommend, and have done for many years, that for day to day PC usage people login as a "standard user".
Complain about this comment
What exactly is all the panic about?
Vulnerabilities have been exploited before, and will be again. In IE or any of the other browsers out there. Because despite some of the quasi-religious statements on here, the others do suffer vulnerabilities as well.
Anyway, in this case, the major AV vendors, as is normal, issued protection updates for this issue within a day or so of it being reported in the wild.
So why is this a big problem, any more than any of the other threats that are constantly circulating on the web?
Complain about this comment
I've used IE for years and had no problems. Probably because I stay away from dodgy (ie adult entertainment) sites and never click on options to download software unless I am absolutely sure it is safe.
Anyone who recommends using Google software is contributing to their market research. Ask an non-technical person to try uninstalling the Google search bar!
IE provides more flexibility and compatibility than other browsers. Sure it has flaws but all software has flaws.
Anyone who has any sense will have a backup of all critical data anyway. Reinstalling a PC from scratch takes about two hours nowadays.
The younger ones should see what installing a PC twenty years ago was like. Formatting a hard drive was a nightmare!
Complain about this comment
I find it incredible that people still buy Windows and MS Software. Even after over 25 years of intense development MS can still only claim "Improved security." trouble is that they started from such a low base.
If MS built aeroplanes the world would go on foot.
Complain about this comment
It has been suggested that Microsoft is a target because of its size, this is an example of the 'Fear, Uncertainty & Doubt' that MS use to excuse their inadequacies.
Windows was designed to be used by those with little knowledge of computers without any thought to security.
Later, rather than focusing on security they introduced more dangerous frills (especially ActiveX).
MS must decide which way it now wishes to go - to produce a 'user-friendly' system OR a secure system.
Complain about this comment
The_Old_Boar's comment [67] is well worth a read. This particular volnerability is extremely severe. Any hacker with the knowledge of how to exploit it may potentially gain the same level of access to your programs and files as you. Even so, restricted users still have precious files and folders which I'm sure most people would rather keep private. Therefore, Microsoft are being irresponsible not to urge use of alternative browsers at present.
We can debate the merits of each browser for infinity. No matter what developments occur in the future though, no browser will ever be 100 percent secure. Firefox, Safari, Chrome, Opera, Internet Explorer and indeed any other browser, all contain some security holes. However, many of these remain undiscovered and not all of them will allow a hacker to steal everything you have on your computer. This is why this particular Internet Explorer flaw is serious enough to warrant discussion on this Blog. Until Microsoft fix it and you download and apply their fix to your computer, you are leaving your data open to interference including access, modification or deletion, any time you run Internet Explorer.
I hope this helps clear up any confusion.
Darren Paskell, Undergraduate in Computer Science, Royal Holloway, University of London
Complain about this comment
Help your less savvy friends out by installing Firefox or Chrome, make it the default browser, change its icon to the Internet Explorer icon and rename iexplore.exe to iexplode.exe
Job done :-)
Complain about this comment
"..it seems the idea of breaking microsofts virtual monopoly appeals to a lot of people but instead of helping people like me..."
Well, sharon1402, here's a suggestion:
Download and burn a couple of "Live" Linux CDs, eg Ubuntu (their install CD is also "Live") or OpenSuse (You need to chose the "Live" one here) and boot from your PC. You don't need to install anything.
Have a play around and see if you like any of them. You might find you prefer Ubuntu and the Gnome Desktop, possibly like me, OpenSuse and the KDE desktop or you might even find that Windows is the best for you (I hate admitting it but Linux is not going to be everyone's first choice).
To find out is free and safe. It just needs a bit of time.
Complain about this comment
It is not at all surprising that the head of MS Windows in the UK advises against switching to another browser, but it's a little disingenuous to refer to the "Greasemonkey Plugin" vulnerabilities in Firefox as a reason to avoid other browsers.
Furthermore the reason that an OS like Linux is less prone to security lapses is that it was designed to be network secure from the beginning, rather than the oft touted reason that it has a smaller market share.
Indeed, I believe that MS Windows' 'phone home' technology, which has been part of their anti-piracy business model, has made compromising Windows comparatively easy.
Complain about this comment
Just wanted firstly to correct a few points about Internet Explorer, being used by the 'vast' majority of user, this is not the case a quick google for 'browser share' returns the w3c web standards authority stats, on there site Firefox has the largest share with 44.2%, much more that IE 7 26.6%.
The biggest problem with IE is for developers looking to push the boundaries and deliver better websites. Microsoft didn't update IE for 6 years between IE 6 and 7, meaning that both browsers are holding the internet back by not adopting new standards, or properly supporting old ones.
This is seriously bad for the web, people should switch browsers, and businesses and governments should be taking more legal action. I can only assume ignorance has stopped the EU from hammering them.
Complain about this comment
"Another reason why "I'm a Mac" 8-)"
Another comment that makes me glad I'm not...
Complain about this comment
@ 30
The SSL bug was patched almost immediately. It also required that you had SSH or VPNs active on your PC (it isn't by default, whereas IE is always the default browser on IE). And as soon as you connect Ubuntu/Debian etc to the network, you are presented with the Patch to install.
Haven't used Vista much (it really is horrible), but getting the "critical" updates installed on a newly installed XP machine is painfully slow.
Complain about this comment
When is someone going to do something about Microsoft?
All these faults, these flaws, and with serious implications for our security and they go on saying things are not so bad and you don't need to switch to alternative products?
How do they get away with it? I'd like to know.
Complain about this comment
I agree with everybody who thinks this article is Microsoft bias. Just try to google for the words Microsoft and BBC. They have an agreement and I don't think it would be appropriate for Mr Cellan-Jones to tell us his professional view on IE, so let's respect that.
I was earlier slagging people off who don't know better than using IE. To be fair, I was using IE on my Windows Mobile bundled phone for about 6 months before I realised there is an Opera Mobile which is rather amazing.
Complain about this comment
In response to post 112 by Rinkhals...
Get to know your history, please...
Linux was *NOT* designed at the outset to be secure, networked or otherwise. At least, not "secure" in the same way as we understand it today, since the rules of the game have changed so much.
Linux dates back 17 years, as a port of Unix to the Intel 386 platform; it had networking built in, but none of the kinds of security provisions that we all require in modern OSs.
As for Microsoft's current crop; say what you like about Win9x, whose primary goal was to move to 32 bit and have nicer UI than previously, but without breaking compatibility of previous releases (as much as could be achieved) - talk to Apple about their penchant for releasing new OSs which require new applications...
Anyway, Windows XP and Vista are based on the NT kernel, which itself is a variant of the MACH microkernel. In the mid 90s this was pure computer science, not some half-baked commercial scam that the kinds of people who write "Microsoft" with a dollar sign in the middle would have you believe. MS has shown a great deal of commitment in the last few years to making all their code more secure - something that everyone in the industry should be following.
The job is far from done: but people in glass houses shouldn't throw stones. How many reps from Firefox have been crowing about the latest IE vulnerability? Not too many, by my reckoning - probably because they realise stuff like this is now an occupational hazard.
Thanks to the BBC for whipping up a frenzy of worry by repeating this story on every news bulletin today. We might as well have Robert Peston in Dads Army style, telling us we're all doomed!!
Simple fact: switching to another browser might make this problem go away, but it's not a long term solution to the problem of malware and vulnerabilities. If you're anti-MS, then you're already on Firefox/Opera/Chrome/Safari/whatever, but don't expect that anyone who isn't, is some kind of idiot. I'd be interested to see a retrospective report on the penetration rates of vulns like this - of the 100s of millions of IE6/7/8 users out there, how many get affected? When the big Safari/Firefox (and in turn, Chrome et al) vulnerabilities really hit, what will be the %age of affected users then?
In some respects, it could be safer being one in a billion users of IE, than being one in a few million of something else. Ever thought about that?
Complain about this comment
>This could be the moment when the minnows in the browser wars finally score a significant victory.
-------------------------------------
What? More sensationalist claptrap from the BBC. This is one of many similar vulnerabilities in Microsoft software over the last 10 years and more. Why should this issue mean a mass migration more than any others?
The commercial software companies are onto a loser these days, as all they have going for them is their marketing. When will people smell the coffee? Their motivation is not to produce good software, their motivation is to make profit.
Complain about this comment
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." - Bill Gates 2007
Complain about this comment
Oh, no. Love it, Microsoft vs non-Microsoft bash again. Haven't seen this for long. Maybe I just kept avoiding it in the past, hummm. Boring....
Seriously, I don't bother what browser people are using. I have used text-based browser like lynx, I use latest MSIE, latest Firefox, anything that support my browsing need. Just keep in mind that security counts on our own attitude. Use safe browser, but publish your full name, birthdate, even (Heaven forbids!) your full address on social networking site?
Are Linux, Firefox totally secure? No, programmer makes bug. No matter whether it is on open-source free software or commercial software. Been system administrators in the past I have seen vulnerabilities in Linux many times. Even seen one last year in such a big media blow.
I completely agree on #118. And to add, Microsoft has Security Development Lifecycle (SDL) practice applied to their products.
Complain about this comment
For those who like Chrome but not Google's privacy policy, there's yet another browser: Iron
http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php
FWIW...
Complain about this comment
This article has the trademark of BBC propaganda. Just look at the end of it. Why is it that microsofts browser is attacked yet no other browser is named as potentialy dangerous?
It is just as hazardous to go with any other browser as it is microsoft.
The best advice is to not go on websites that could cause you a problem in the first place
Complain about this comment
>>>Anyway, in this case, the major AV vendors, as is normal, issued protection updates for this issue within a day or so of it being reported in the wild.>>>
How could they issue updates for a flaw in the operating systems browser. It is not a virus or spyware.
Complain about this comment
The vulnerability is in the fact that IE crashes or leaves behind an available piece of memory addressing space available to be exploited by a web-based application. This potentially could come under the radar of any web monitoring program. So it needs to be fixed urgently. It also means stay away from using IE for anything more complex than looking at the BBC website! Don't use IE for your online banking or e-commerce purchasing until this has been fixed. You could run IE 6 in a sand box ( a protected memory environment) but I don't think it works for IE 7 or the IE beta. This also probably poses a problem for the IE8 team, so they will be looking at this too I'm sure.
Complain about this comment
Microsoft's "response" is to be expected. Their suggestions for IE are both complicated and, according to those who have actually tested the suggestions, ineffective. I have not used IE or OutLook (another favorite target of hackers) for years, nor will I consider allowing my users access to those programs. This problem is in every version of IE from 5 onward. Here they are pushing Version 8 and this problem has been around for years. No thanks. They can keep IE and I'll keep my 3rd party browser.
Complain about this comment
Re the comment about Google Chrome's privacy statement - it got changed after half the Internet community went nuts about it. It was a crazy day!
So you can use it without them claiming copyright on your content.
In my opinion not really worth it though. It's not a patch on Opera or Firefox. IE 8 is shaping up. Safari has some nice features - especially the font rendering.
The take up on Chrome has dropped off and I don't know many people continuing to use it as is is quite possibly just another data troll for Google.
Complain about this comment
I am given to wonder about the so called computer savvy types out there who happily use the machine to do their banking on!
The less data about yourself that you have stored on your computer and on that of other sites the safer you are.
Remember the famous hacking of credit card accounts of a famous high street store?
Who says it will not happen to a bank?
If you are really savvy you do not even use your name or part of your name in your email address, and use at least 8 character passwords of random construction.
But no, cannot remember them so Uncle Fred operates on all!
Password generating and log in programmes do the job at a click, no typing no key loggers!
Most computer users who get caught out with scams and spam have only themselves to blame.
Complain about this comment
Funny, I use Chrome the whole time now, except for one site.
I *HAVE* to use IE to download programmes on the BBC iPlayer!!!!!!!!!
Complain about this comment
Better than just switching browser is to switch operating system too - I moved over to Ubuntu (Linux) earlier this year, and haven't looked back. FAR less susceptible to viral attack, quicker, FREE (with free upgrades too) - and not lining Micro$oft's pockets!!
Complain about this comment
"I am given to wonder about the so called computer savvy types out there who happily use the machine to do their banking on!
The less data about yourself that you have stored on your computer and on that of other sites the safer you are"
Oh get real, for heavens' sake. How many people in the real world have a different password for every web site, change their bank card's PIN every month etc? We have to accept an element of risk and just get on with it, just like every hooded teenager might stab you in the kidneys but in reality it's very unlikely to happen.
Advising people to do anything drastic like stopping visiting mainstream (useful) websites like online banking, or online shopping from trusted retailers, is crazy.
It'd be like telling people the best way to avoid the 'flu would be to stay at home for the whole winter, or if you must, only venture out in a chemical protection suit.
Real people don't live like that.
Complain about this comment
To epockismet,
Why would that be, are you affraid that someone might actually have factual arguments to change your mind about Microsoft technologies?
I am amongst the first people to criticise a technology if it is not working or buggy (be it an MS tech or not), but realisticly speaking, if you look at all the so called software out there that crashes N times a day and compare it to some of the sollutions that MS provides, I think they just do not scale.
IE is a superb and complex machine. When you look at it you have to take into account the richness of features exposed and the flexibility it offers. As I have said, in all my years of internet browsing, I have never EVER had problems with IE, even when using BETA versions.
So please elaborate, why are you so happy you don't have to work with people who actually bother to evaluate software before commenting upon it?
Complain about this comment
>I can't believe anybody would use IE >anymore!
>
>I'm of the opinion that Safari or Google >Chrome give the best website browsing >experience these days, followed by Firefox.
>
>Once people try those alternative >browsers I can't believe anybody would >actually prefer using IE. I guess it's just >that IE 'works' for most of the people that >use it, and therefore they have no reason >(or knowledge of how) to change browsers.
Amen to that! I don't think anything is less secure than IE! I use metasploit for penitration testing on networks and I swear most of the available exploits are for Internet Explorer, well compared to other browsers.
Complain about this comment
I've used most of the browsers out there, but to be honest I've never had any problem with IE. If you're responsible about what sites you use then you will rarely have any problem, no matter your choice of browser.
With only a few very rare exceptions, I find that every site I've ever visited is compatible with IE.
Just face it. If you want to trawl dodgy internet sites, be gullible (clicking banners on such sites) and are not absolutely careful then at some point you will be burned no matter what browser you use. Probably the safest, relatively speaking, platform for browsing is a Linux/Firefox(etc) setup with appropriate security settings. Thing is then you have to learn a whole new OS. Linux might be stable, but it's not always simple at all.
This flaw requires a user to visit specifically created sites to open up the exploit, and even then there's no certainty that IE will close like described ... chance of the average user checking their email/news ending up at such a site? Low. Extremely low.
Complain about this comment
To epockismet #89:
> is to keep any important data on a removable medium and keep it backed up (cd-r, dvd-r, flash, whatever)
Sorry, mate, you call yourself an IT professional?
But every IT professional should know that having data backed-up offline is a major security hazard. Hope you don't write your bank login/ password on text file in a CD laying on your desk in open cubicle....
Complain about this comment
"The commercial software companies are onto a loser these days, as all they have going for them is their marketing."
Is that true? I'm a Linux, open source, etc. fan but for people who need the high end stuff, is there really a Cubase or Cakewalk? A Photoshop? Is there an equivalent of Delphi or C Builder? Although not a "heavyweight" as a db, is there a relational desktop app as good as (heaven forbid and I fell out with 2.0...) MS Access?
OK, with some of these, I wouldn't know the finer points to make any difference to me, I could mention say Ardour and Rosegarden, The Gimp, I think Borland did have Kylix though I don't know what happened, there is Open Office Base but between my own experience and comments from others I wonder if they are really there (YET that is).
So from where I sit, I feel people can need things the free/open source can't offer.
The other side of that coin for me is I can meet nearly all my needs very satisfactorily with one Linux distribution. These include from the std browsing/email, office wp/spreadsheet, bits of multimedia, etc. networking our tv (mythtv), using apache/php/mysql for a web site.
Often I wouldn't need "better", and in some cases, eg. with Apache and a stable web platform might already feel I do have "better" and for free!.
Complain about this comment
"I've tried all the alternatives to IE and given up on all of them, mostly because of the number of web sites which only behave properly in IE."
"I gave up on Opera because on my main "entertainment" computer the BBC I-player will not work in Opera, and no-one can tell me why."
"IE provides more flexibility and compatibility than other browsers. Sure it has flaws but all software has flaws."
Opera http://www.opera.com/download/ is the browser which follows Web standards most closely. It is the top scorer in the Acid3 standards test.
However, Microsoft break web standards to try and force people to follow their proprietry way of doing things, as defined in IE. If you find a site which Opera cannot view correctly, there is a button you can press on the screen which reports the site to Opera staff, who will check it, and try to get the site owner to re-write the site in accordance with agreed standards.
Go back to Opera, the fastest and most standards-compliant browser (which invented tabbed browsing), and USE THAT BUTTON!
Complain about this comment
Of course he is going to say not to switch to another browser, he works for Micro$oft.
Being a User Interface Developer, I am highly focused on web standards and usability - as well as many other things - and work with all browsers on a daily, in-depth basis. I am not here to talk about my only my opinion about Internet Explorer or Microsoft, but also to state why it is an inferior browser from a factual standpoint that most internet users should understand.
Usability and convenience is the number one reason someone will choose an application over another. IE comes pre-installed on the most used operating system today: Windows. Here, IE has convenience covered. If Firefox, Chrome, Safari or Opera came pre-installed on Windows, you bet that whichever one it was, they'd be the most-used browser on the internet.
From a technical point of view, there are many web standards in place. HTML, XHTML and CSS are standardized by the World Wide Web Consortium (W3C, http://www.w3.org/). There are also standards that browsers abide by with a commonly-used, client-side (on the browser, not server) programming language called JavaScript also known as ECMAScript standardized by the TC39 committee of the ECMA standards organization (http://www.ecma-international.org/). More info can be found here: https://developer.mozilla.org/en/JavaScript_Language_Resources.
Most browsers follow these standards very closely, some even almost to the ‘T’ - if not exactly. Amongst these browsers are Firefox, Safari, Opera and Chrome. I didn’t mention Internet Explorer because they don’t fit into that category of web browsers. I normally like to mentally separate these into standards compliant browsers and IE. Yes, it does adhere to some standards, but not enough. Instead, Microsoft creates their own “standards” and makes them available only in IE. Many times I will be doing something in JavaScript in standards compliant browsers and it will be done a different way in IE. More often than not, it will also behave differently. These frustrations are not just with JavaScript. When creating a page layout, in many situations it will look differently from standards compliant browsers to IE.
To sum it up, these issues (as well as many others which I could write a book on) directly affect developers and trickle down to end users due to the fact that Internet Explorer does not follow the strict standards that every other browser on the market does. When this does affect the end user using IE, it does not mean the developer is lazy, because the developer could just be following standards and not ‘hacking’ things so that it behaves correctly in Internet Extinction… …er… …Explorer. The opposite is actually true. Those who make their work accessible through Internet Explorer only, are actually cutting out about 50% and onward of the market since Firefox is in the 40% while Safari, Opera and Chrome make up a smaller percentage. By doing this, they are basically advertising that they were too lazy to follow the standards in place.
Developers and users together can enforce these standards with little more than installing a different browser, but first, we must educate both. Please, do users, developers and the internet a favor and do not use Internet Explorer.
Complain about this comment
This comment was removed because the moderators found it broke the House Rules.
This and related articles on this topic show a clear "bias of balance" problem.
It's obvious for anyone with even a yota of technical skill that the easiest solution is to use Firefox, or other alternative browsers. Many commenters above have pointed this out.
However, in the interest of "balance", and presumably so as to not hurt a company, the BBC news chooses to let Microsoft have a word on the topic. As a result, misinformation is printed next to the clear and simple facts, and, worse, treated equally.
If you treat equally a lie and the truth, then in the end you are supporting the liars rather than reporting in the best interest of your readers.
That is the bias of balance.
Complain about this comment
Wow, Firefox is just so much better, so much faster, so much smoother that IE.
Thank you to the hackers that busted IE and thank you to the Microsoft programmers for being so slow with the fix. Without your help I would not have downloaded Firefox and consigned IE to the bin marked second rate.
Complain about this comment
Rory
Thanks goodness i am with Mozilla Firefox...
Complain about this comment
124. At 10:08pm on 16 Dec 2008, cosmicronson wrote:
>>How could they issue updates for a flaw in the operating systems browser. It is not a virus or spyware.
By detecting the code that causes the browser to misbehave. They do it every time this type of problem is detected, whether in IE or anything else. This is nothing new.
It's up to Microsoft to patch IE, but AV software can detect and block attempts at exploitation.
Complain about this comment
To all users of and people switching to Firefox etc. when they gain a significant share of the market your browsers will be targetted! At least MS act swiftly and automatically update my PC.
Complain about this comment
I notice the MS upgrade site is not browser-independant, which breaches their commitment to the EU Commission. This time the fine should be into nine figures...
Complain about this comment
@Sir Algernon
"To all users of and people switching to Firefox etc. when they gain a significant share of the market your browsers will be targetted! At least MS act swiftly and automatically update my PC."
I can't agree less. Microsoft typically and historically announce the flaws and vulnerabilities days if not weeks before those flaws are patched. So while you're still at risk, many more hacker types will be aware of the holes that they can exploit.
Whereas Firefox (and Opera and Safari) tend to release updates that are implemented automatically when you start your browser. The difference is that they release the updates BEFORE there has been a big song and dance made about the holes. Therefore, you're safer.
Browsers can only be targeted if there are flaws and security issues already present. And all browsers have had security issues at one time or another. However, quitely updating before the issues come into the public arena is the best way to go, in my humble opinion
Complain about this comment
-mattkeeble- I heard about the security issue yesterday and today there is a patch! That seems pretty efficient to me. Not that I had been affected by it anyway apart from my employer blocking ebay and other shopping sites today, very inconvenient.
Complain about this comment
My God, could you people be any more patronising and smug?
Basic summary of previous 100+ comments:
"I can't BELIEVE anyone would use IE anymore. Only idiots would use IE! Anyone still using IE is a feeble-minded fool in the pay of Bill Gates and not fit to breathe the same exalted air as me! What a bunch of pathetic, sad idiotic scum they all are!"
This is is exactly the reason no-one ever goes to their I.T department at work to ask for help or advice when they have a computer problem.
The vast majority of people in the world use IE because the vast majority of people in the world have PCs and that's the standard web browser. Unless you work with computers, why would you have any idea there are even such things as alternative web browsers available? Why would you even want one, when most things you might want to use your computer for work perfectly well with IE?
The only way any ordinary computer user would be aware that there are different browsers is if they come on message boards like this one, which on my first foray, I've discovered are full of offputting techspeak and a general attitude that I'm an unworthy peasant for merely not knowing something.
You might as well put up a big sign at the door of this board saying, "Computers are not for the likes of you! Get out!" And you wonder why people are put off finding out more?
Complain about this comment
"At least MS act swiftly and automatically update my PC."
That may or may not be acting swiftly. It gives no indication of the time between discovering the vulnerability and having a patch released to the update system.
I think the updates I get with OpenSuse are superior to anything MS could offer.
Just about everything I use is in the distribution (plus the additional repositories). Whether it's a patch for the Linux Kernel, FireFox, the OpenOffice suite, etc. I get updates from the same system.
As for automatic updates, personally, I don't like them. I do like to be notified that updates are available but I do like review what is available, be able to chose not to update something or to be able to update at a more convenient time.
Complain about this comment
I have been using Firefox for some time now(because I am unable to print using IE7), and have found it to be a better browser. But since learning about the others (Chrome, Opera, and Safari) I have tried them all, and found that IE7 definitely comes the bottom of the pack.
I would rate them in the following order:
1st Safari;2nd Chrome;3rd Firefox;
4th Opera; 5th IE7.
I have had other problems with ie7 the main one being that the system crashes when a page tries to open in a new window (especially pdf files).
Complain about this comment
Ohh for goodness sakes, all those IE detractors, give it a rest!
Rest assured if your precious Safari, Firefox or whatever had the share of the browser market that IE currently has then they would become the focal target of the hackers, malware peddlars and other nerdowells and I'm pretty sure that none of these other browsers are as secure as they let on!
If you want to be constructive go bash the hackers, malware peddlars and other nerdowells! They are the ones that deserve it!
Complain about this comment
Wow - lots of comments on this one!
I use Firefox 3 - mainly because it's more customisable, quicker, and has a lot of plugins you can play with.
You'll never be 100% secure with any internet app unless that app is so obscure even the virus/scamware/spyware authors won't bother it.
In one respect, Internet Explorer is probably one of the most patched browsers around because the MS engineers are in a constant battle with the criminals. A good firewall and virus program (save money - go avg or avast) will help you a lot.
It is mostly the "extras" on websites that cause problems. Fake "click here to..." boxes, Java and Javascript apps, and Flash - but without those the web would be a much more boring place.
Macs are not immune, a recent report on this very site (albeit from a virus company) mentioned a "download codec" scam, and they will surely grow. As will Firefox threats. The only real solution is to stay off the web altogether, but then you wouldn't be reading this :)
One last point: MS Messenger doesn't lauch IE on my computer, it will load the links into Firefox, unless Firefox won't run directly because it has to add an update, continue browsing from the last page, or whatever.
If people are happy with IE because it's out of the box let them be. Just ensure automatic updates are carried out - be careful what you click when requested to update or download something - and check the link location is the same as that displayed in the page.
Complain about this comment
@ pinkybrown, who wrote: "My God, could you people be any more patronising and smug?"
You may think tech people are being smug, but they're just exasperated and a bit fed up.
Tech people give tons of advice to tons of people tons of the time, yet STILL have to fix the mess caused by smug end users who feel they can ignore the advice because "it won't happen to me" or "I'm in a hurry" or I can't be bothered" etc.
It's not the tech person's fault that the PC user can't be bothered to learn the VERY VERY VERY VERY basics of the tool they're using. For example, I'm sure you know there is a choice of tyre manufacturers for your car, yes? Well why don't you know there is a choice of browsers, OSs and other software for your PC?
It's that basic, and that stupid. If you choose to use a PC, then get off your proverbial and at least learn the VERY VERY VERY VERY basics. And stop complaining that words like "indicator", "steering wheel" and "spark plug" are techspeak...
Complain about this comment
I use Firefox 3 however I'm not naive enough to believe it's any more secure than IE7.
Browsers have new exploits built for them every day. This is nothing new although MS do need to get the finger out and fix it.
Complain about this comment
Which, it seems, they are. The patch is due for release today.
So much for the 'open source fixes things quicker' theory.
Complain about this comment
Oh I do love this discussion, I'm sure it comes around at least twice a month.
Just a few points to make. The majority of people who never change browser are people who are new to computing, the "PC World crowd". I think it is important for people to be made aware of the competition available to them from the off. You get a choice of monitor size, dvd or bluray? but not OS/browser set up or office/open office? Due to the restrictive IT work practices at most public places and in offices it means that people probably won't come into contact with firefox/opera whilst at work or browsing in the library for example. I mean everyone is aware of all the different makes of second hand cars and the choice they have but are unwilling or just not shown the goods in the around in the "PC Showroom". Choice must be promoted and the consumer must make it their first priority to RESEARCH before buying a computer. If the sales person just sends them on thier way with a heap of underperforming junk and a sluggish OS than I think that 'expert' is letting the customer down.
Complain about this comment
I don't know when it the flaw was discovered but looking at their site, MS first published the Security Advisory on December 10th. The patch is promised for December 17th.
While I can't be sure whether say a patch for Firefox to fix a similar problem would reach me more quickly, I'm far from convinced I'd use a 7 day turnover to say:
"So much for the 'open source fixes things quicker' theory."
Complain about this comment
Editorial Bias?
Today, Apple released 15 Security patches many of which patch 'holes' that could allow others to take control of your Mac. See Computer Weekly web site.
So how come this isn't today's lead story (as was one hole in IE yesterday & today) on the Technology section of the BBC News website?
Presumably, because there are so few Mac users, it's not considered to be significant news.
Mmm.
Complain about this comment
Doh, Seems the Firefox vulnerability is MUCH worse than even the IE one. Current Firefox versions have 8 extremely critical vulnerabilities, one of which allows untrusted extensions to automatically install on your browser.
This means the GreaseMonkey fake extension that hides a bank detail grabbing keylogger could already be on your system...
I love Opera, it's secure, proven track record, is fully featured out the box, and does not support 3rd party extensions, so therefore does not have the security headaches that IE and Firefox suffer.
http://www.theinquirer.net/inquirer/news/082/1050082/firefox-fixes-eight-security-flaws
Complain about this comment
Jon,
Given the Greasemonkey exploit was known about on 5 December I think we probably can.
The point is that it's a bit hypocritical for people to point the finger at one browser when they all have their faults.
Complain about this comment
We switched to Linux at work because of concerns about Windows security. It's not a solution I'd recommend to everybody, though, because Windows supports so many more products and can run much more software.
I found an open source product called andLinux that lets you run Linux applications under Windows, on the Windows desktop. You can use it to run a Linux Firefox securely in a virtual machine. That would be even more secure than running the Windows version which, as others have pointed out, has weaknesses too, just different ones that aren't targeted so often.
The downside of my proposal is that andLinux includes a complete Ubuntu installation occupying a couple of gigs. Someone should package up a cut down version containing just Firefox and the things it depends on. It would be just the job for secure web surfing. Perhaps someone has, and I haven't found it.
Complain about this comment
I've tried the alternatives - Firefox, Google Chrome etc., and can't for the life of me see why anyone thinks they are better than IE! As far as I'm concerned they're not. More importantly, to people like myself who run on-line businesses, the Firefox's and Safari's are a pain in the you know what!
Websites that display properly in IE end up scrambled and unreadable, and to make a website display properly in all these browsers is both enormously expensive and incredibly time-consuming. They may be fine for gamers and bloggers, but not for the small on-line business.
Yes -we could employ a web professional - but cost apart, we would end up with a website that not only looks like everyone else's, but we wouldn't have the technical expertise to handle it ourselves, thereby losing control of our business.
So to all the Microsoft-haters out there - it's Microsoft and IE that allows us to bring merchandise to the public at affordable prices.
Complain about this comment
"The point is that it's a bit hypocritical for people to point the finger at one browser when they all have their faults."
I would stand by my previous comment that I do feel more confident with my Firefox/ Linux combination (than I would with IE/Windows) but, yes, I take your point.
Complain about this comment
@Jude1889
Sorry, that is just a poor excuse. If you code your site to web standards, it will work with ALL browser. Simple as that.
By coding your site to suit IE, not only are you missing out in buisness from Windows users that don't use IE (about 25% of Windows users), you also miss out on Mac and Linux users too.
I simply don't shop with sites that can't be bothered to make their websites comply yo basic web standards. Simple as that. There will always be other suppliers that do take the effort.
Complain about this comment
"it's Microsoft and IE that allows us to bring merchandise to the public at affordable prices."
Sorry but the chances are I wouldn't bother with your web site.
As others have mentioned, there are web standards and as far as I understand it, these other browsers tend to be more standards compliant than IE.
I don't know what others advise but I run my pages through the w3c tools and try to ensure I put out valid (4.01 transitional in my case) HTML.
http://www.w3.org/QA/Tools/
Complain about this comment
It seems like the first swings at a new technology eventually get bloated and inefficient - dangerous even. Think of the car as an analogy. Windows Explorer feels like an old Chevy, when fenders dazzled. Then a new generation of bright guys restate the simple questions: what does this thing need to do to satisfy the user, and how can we make it work to achieve that in the most safe and efficient way. I've switched to Chrome and won't look back.
Complain about this comment
This comment was removed because the moderators found it broke the House Rules.
@ julianmoss
Why dont you install a basic version of windows xp and get an emulator that will allow you to run a simple ~1gig XP on a linux OS, i've done this and never looked back, you get the security of linux but the programs that windows can use.
as for the blog i would say Firefox beats IE anytime, more secure and can customize the coding so it increases it speed of download and security.
Also i would like to point out 50% of IE is copied from other browers but with less functions e.g the tabbed windows where with Firefox at least a year before microsoft added it to IE!!
Complain about this comment
@ Researcher 230349
Microsoft sells 15% made copies of windows and you actually pay for the updates, its how they make there money.
Linux on the other hand is totally free including updates and has very little holes in it.
now who do you think will try to make more updates be ones that don't always work cause that would be Microsoft as it looks like to the average user that they are doing a good job but there are actually just slowing you PC down!!
also there are a group of hackers that test each OS and other programs for ways in, while Linux doest have some its not nearly the same amount they found in Microsoft.
Complain about this comment
Eh?
Since when did MS start charging for updates?
If you're referring to an upgrade to a whole new OS then fine, but that's doesn't seem to be what you're saying.
As for Linux, it's interesting that more copies of Windows are pirated than legitimate copies of Linux installed. Guess that tells its own story.
Complain about this comment
I thought that the BBC was supposed to be impartial. Why is it that the day Firefox releases 10 security fixes including 3 critical fixes and stops supporting Firefox 2, that this news is hidden at the bottom of an article about Microsoft IE?
Complain about this comment
In fairness, I don't think MS are bad with their updates and I think their product support life is longer than many Linux distributions where some of the free desktop ones might have only a couple of years.
The other side of the coin is that these shorter life distributions can be released frequently, eg. I believe Ububntu (who do a longer life version as well) release every 6 months.
Different things for different people and different needs, I suppose but personally, apart from my web server box and mythtv box, I like having new versions to play with and I am looking forward to installing OpenSuse 11.1 (which I believe is coming out today) on my desktop, laptop and my parent's PC.
One thing with the new distributions that may not be apparent is that you can get the new versions of "everything" in it, eg. a previous version might have shipped with Firefox 2.0 and the new one with Firefox 3.0 (although of course there are also other ways to get newer versions of specific programs if needed).
---
Mark "As for Linux, it's interesting that more copies of Windows are pirated than legitimate copies of Linux installed. Guess that tells its own story."
But I'm not sure which story...
Complain about this comment
I would like to comment that not many people use IE through choice as there isn't one, it comes as a core component of windows just like Outlook and Media Player. You can't remove these, all you can do is disable them in the add/remove windows components but they will spring into action when called upon.
People who use firefox do so by choice so if you look at the stats here http://www.w3schools.com/browsers/browsers_stats.asp you will see that 44.2% of people 'choose' Firefox and 46.6% of people use IE, most of which do not choose it. So guess which is the most chosen browser? Which do people actually want? Which is used by the informed and which is used by the ignorant? If you were a hacker who would you target? So you see IE's security flaws are nothing to do with it's 'popularity'. It's bad and people don't like MS it's a target, so my advice is get out of the firing line!
On the note of the dangers of the internet, heres one of my own. The more these sorts of warnings are issued the more people will just stick to the big site like ebay, facebook, myspace e.t.c this over time will limit choice which is the real danger because the net is quickly becoming owned by a select few which is dangerous for those who enjoy choice.
Be aware of what your doing on the net sure but don't get overly paranoid it's only a bunch of '1's' and '0's' going back and forth. Better waste your energies on checking up on your Banks Internet fraud policies, most are pretty good and your well covered they aren't idiots and they deal with it all the time your pretty safe.
Complain about this comment
In response to Rory in the original blog:
"3. Shouldn't you switch to another browser until the patch come out?"
... Mr Curran disagrees. He told me he had recently seen a report which listed another browser as having the highest number of vulnerabilities."
1. What browser is Mr Curran referring to?
I recently saw a report that said IE has the biggest number. Like him, I'm not providing any sources or references here as I just made it up on the spot to scare people.
""it would not be advisable," he said,"to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities.""
2. Is he also saying that once this exploit is fixed, IE has no more vulnerabilities?
Unless Mr Currant would care to share the knowledge on which "other" browser he is referring to then he is simply using the standard Microsoft "FUD" - Fear Uncertaintly and Doubt - card, played by MS at every given opportunity. Sad.
Have a lot of fun ...
Complain about this comment
@173
You must have a setup issue, I have removed IE from the add/remove list and have not once had it open up! Are you sure that firefox/opera etc is set to your default?
A ballanced argument from the BBC would have been nice but it has kicked off this lenghtly disscussion so never mind.
I prefer firefox as that is my posion, however to anyone that uses their own fair play, I am yet to try opera and does it count that I have tried safari as I am using an iPhone to type this? Anyway the ups and downs come on both sides, some sites only work in IE and owning a few sites I find it rather lazy of whoever sat and hacked it that way, when I develop a site I send it to some friends/collegues that I know use different browsers and await the comments back. I usally get a thumbs up from all apart from IE that says a box border overhangs or an image does not line up right. It's then a pain in the to get it fixed to work well in all.
The next bit is to anyone complaining of smugness. That is just not true, when you have worked with computers you know a few things, if you are new then you learn a few things, there are many sites with FREE tutorials to show you how to do all the best things and it only takes a few minuets.
Let's take a new driver, you must pass a test learn about all the different aspects of driving, and then there are the different types of petrol, roads that as a driver you can choose. A computer is the same, I am not sayin you should pass a test first! But you do need to take some time to learn about the parts and options.
I will leave it there! Other wise I could be here all day!
Complain about this comment
I hope some people realise that in 3 years Microsoft will not exist as a company as it has lost nearly all of it's saved capital. Like everyone else, microsoft had loans to pay off.
But unlike everyone else, Microsoft found that their loans were bigger than those of even Ford or General Motors. Now Microsoft is virtually bankrupt, has no collateral. They had better hope that failing companies around the world can employ enough people to scour the roads and streets for £10 notes that may have been dropped by someone. Because with the super-sized savings having been ripped away from them by hard-up banks, Microsoft need record sales just to break even in 2009... and with ordinary people and companies now closing their wallets the America for-profit only company is in big trouble indeed.
2012 is a Microsoft free world. At last, we will see some progress in computing technology. I like 90% of the world... look forward to it!
Complain about this comment
@mmpr
Much as I hate to rain on your parade, I would point out that MS are debt free, have a substantial amount of free cash - as in billions of dollars - and increased their revenue this year.
I think your theory is a bit off with that in mind.
Complain about this comment
One rather important point that seems to have been missed so far.
Firefox is FREE folks and easy to load and use.
Open Office is also FREE.
These and others are written by unpaid enthusiasts who enjoy going head to head with Microsoft - and winning.
Microsoft has always been arrogant that is why it is hacked so much.
Come on you Linux etc. writers - give em hell.
Complain about this comment
@177
Microsoft had billions, it was the Microsoft "Warchest". It's gone mate, they had to pay it all back because of creditors demanding it to pay for the bank debt which collapsed.
Microsoft owed over $30B in loans which could be called back by those who would take over the money lenders. Their revenue increased but so did their running costs as well, Microsoft did not make a bigger profit than when XP was first released so really their business performance has shrunk.
Sorry to tell you, but Microsoft are unlikely to survive the depression and do not have enough employee's for the US Government to bail them out like Ford and GM who between them employ 5 million people in America.
Complain about this comment
I would like to add to the comment:
"He told me he had recently seen a report which listed another browser as having the highest number of vulnerabilities. "it would not be advisable," he said,"to send people from one vulnerability (in Internet Explorer) to multiple vulnerabilities.""
the article i am assuming Mr Curran is referring to is the one published on neowin regarding firefox as most vulnerable third-party application. What Mr Curran and the blogger both failed to detail were the specifics of this test which stated that the software COULD NOT be updateable by a centralised updating solution such as WSUS thus excluding IE7 from the test criteria and making it an unfair comparison between IE and FF.
:)
http://www.mozilla.com/firefox
Complain about this comment
@180. Interesting. To quote a small portion from the report.
"Note that in most cases, the vendors of these
applications have issued patches or other
instructions for eliminating the vulnerability.
But the nature of these applications is such that
the user is responsible for implementing the
patch. Enterprise IT organizations can not reli-
ably ensure these patches have been properly
applied".
It does not seem relevant to the home users to whom I'd imagine the advice to (at least temporarily) use a different browser was given.
Perhaps someone can advise whether this lack of "central updateability" is a weakness in an app or a shortcoming of the update system?
In a single/stand alone PC situation, I know that with my Linux distribution, I do receive my Firefox security patches along with any other, eg. Kernel, Open Office, etc. patches in the distribution as part of a centralised "Online Update" but I've no idea or experience with the enterprise solutions.
Complain about this comment
@179: Microsoft to survive the depression is really the question to be quoted to all of us? What would be the scenario: a world without Microsoft? This would be near to an industry revolution back in the early 1900's no?
Finally, best technology will survive, best does not mean for free.....
Complain about this comment
" best technology will survive, best does not mean for free....."
Nor does it mean for cost.. Nor, I suspect, does it mean much other than "the best marketed technology".
Complain about this comment
@183: does not everybody expect that IE oder Firefox or similar are for freee? I meant rather that it does not mean that these tools will have to cost in future neither...the market will have a regulation without a monopolistic (or at least near to it) market leadership from MS...and: best marketed technology will then step back behind best technology.
Complain about this comment
I think what Microsoft going bust would mean is that companies like Sun (who distribute OpenOffice.Org) would be able to snap up the rights to Microsoft's Office.
It is plausible that they in turn would charge for future Sun Office releases. However, in that situation I would seriously expect Sun to release ONE VERSION (not basic, pro etc) and it would probably cost less than 100 pounds (compared to 400+ pounds for microsoft Office 2007 professional).
Looks like Bill Gates chose a great time to stand down, just before the financial crisis hit! His record for profits will remain legendary... I do hate the man though.
Complain about this comment
@mmpr
I think you really need to look at Microsoft's financial statement before spouting such utter nonsense.
http://finance.yahoo.com/q/bs?s=MSFT&annual
Whilst it's true that the value of investments has decreased they still comfortably cover Microsoft's liabilities.
Complain about this comment
View these comments in RSS