Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

France Tells Its Citizens To Abandon IE, Others Disagree

ScuttleMonkey posted more than 4 years ago | from the just-fix-it-already dept.

Microsoft 406

Freistoss writes "Microsoft still has not released a patch for a major zero-day flaw in IE6 that was used by Chinese hackers to attack Google. After sample code was posted on a website, calls began for Microsoft to release an out-of-cycle patch. Now, France has joined Germany in recommending its citizens abandon IE altogether, rather than waiting for a patch. Microsoft still insists IE8 is the 'most secure browser on the market' and that they believe IE6 is the only browser susceptible to the flaw. However, security researchers warned that could soon change, and recommended considering alternative browsers as well." PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

cancel ×

406 comments

love the recommendation (5, Informative)

alain94040 (785132) | more than 4 years ago | (#30813066)

The link to the official French recommendation is here: CERTA-2010-ALE-001 [ssi.gouv.fr]

Quoting from it (rough translation): "while waiting for the editor [Microsoft] to correct this vulnerability, we recommend people use an alternate browser.

--
are you a startup founder looking for co-founders [fairsoftware.net] ?

Importance of Competitive Choices (5, Insightful)

reporter (666905) | more than 4 years ago | (#30813226)

This incident underscores the importance of fighting monopolies and ensuring the availability of competitive choices. If Microsoft had succeeded in driving all other browsers out of the market in 2000, then today, we would not have any other choice and would be forced to use a browser with a dangerous security risk.

We should applaud the recent work by the European Commission in demanding that Microsoft design their European version of Windows to allow users to choose the browser that they want -- thus, allowing them to never install Internet Explorer. The European Commission has been better advocate of free-market competition than the American Federal Trade Commission.

Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.

Re:Importance of Competitive Choices (1, Funny)

Anonymous Coward | more than 4 years ago | (#30813314)

This incident underscores the importance of fighting monopolies and ensuring the availability of competitive choices. If Microsoft had succeeded in driving all other browsers out of the market in 2000, then today, we would not have any other choice and would be forced to use a browser with a dangerous security risk.

We should applaud the recent work by the European Commission in demanding that Microsoft design their European version of Windows to allow users to choose the browser that they want -- thus, allowing them to never install Internet Explorer. The European Commission has been better advocate of free-market competition than the American Federal Trade Commission.

Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.

Hell No! Microsoft is an American company - AMERICAN!

WE are the only ones that can pick on them - not those cigarette smoking - wine sipping - half-assed socialist - high tax - cowardly - freedom hating - Europeans!

It's one thing for us to bitch and moan about MS -we're Americans - but the Europeans!? Hell no! MS brings MONEY into the US! They provide jobs to Americans!

Wait [ourfuture.org] a tic [bloomberg.com] , I think I'll change my mind [microsoft-watch.com] .

Ah, fuck'em.

Re:Importance of Competitive Choices (0)

Anonymous Coward | more than 4 years ago | (#30813538)

I doubt you are an American (you forgot the SarcMarc), but neither am I, however, is a free market defined as being regulated and dictated by governments or by a company freely being able to compete (with the goal to beat the competition) through superior products and/or marketing? I'm really confused...

Re:Importance of Competitive Choices (2, Funny)

Anonymous Coward | more than 4 years ago | (#30813974)

You forgot to add a reference to the French being cheese-eating surrender monkeys, for that extra jingoistic cherry on top.

Re:Importance of Competitive Choices (0, Troll)

jgtg32a (1173373) | more than 4 years ago | (#30813520)

I'm sorry but was there a new instance of anticompetitive behavior from MS? I seem to remember MS getting punished from their BS a few years back. Unless I missed something this new round of foolishness was because Opera was complaining because no one uses their browser.

Re:Importance of Competitive Choices (2, Insightful)

Blakey Rat (99501) | more than 4 years ago | (#30813626)

Microsoft didn't driver browsers out of the market, Opera was "in the market" the entire time you're referring to.

Microsoft's (serious) competitors gave up, once that happened, Microsoft had no incentive to work on improving IE whatsoever. If Netscape had continued to put out products instead of doing their bullshit rewrite crap, none of this would have happened in the first place.

That's not to say Microsoft has no blame, but on the other hand if Netscape had stopped releasing products *regardless of the reason*, we would have ended up with the same problem.

Re:Importance of Competitive Choices (2, Insightful)

jadin (65295) | more than 4 years ago | (#30813980)

Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.

You just disproved your own statement. A free market would allow a monopoly to continue it's anti-competitve behavior even to the detriment of the market. You're arguing for better regulation not a freer market.

[note: unless my definition of free market is off, which is quite possible]

Re:Importance of Competitive Choices (1, Interesting)

Anonymous Coward | more than 4 years ago | (#30813990)

Therein lies a bit of irony. Washington often claims that the USA is a freer free market than the European Union. Yet, the Union is the political body which hit -- hard -- Microsoft's anticompetitive behavior.

How about we define "free market" before we continue. Well, according to Wikipedia, "A free market is a market without economic intervention and regulation by government except to regulate against force or fraud." The fact that the US government does not interfere in the market (by attacking Microsoft) makes it less of a free market?

As a disclaimer. I hate M$ and want it to die (I have strong FOSS beliefs). I just fear the government more than M$. Why? Because they have a monopoly on force. And that is scarier than any mega corporation.

Re:love the recommendation (2, Interesting)

Anonymous Coward | more than 4 years ago | (#30813252)

I wonder how much of this really has to do with security, versus the corporate and technological schism that is quickly developing between the EU and the USA.

It's difficult to say for certain, but in terms of population, economy and global political influence, the EU and USA are becoming very similar. There are indeed some power struggles going on now that they are reaching parity.

Take, for instance, the EU's handling of the acquisition of Sun by Oracle, two mainly-American businesses (although they do have operations in the EU). Regardless of your thoughts on the matter, the EU's involvement has indeed delayed the acquisition, and is having an affect on the viability and value of Sun.

Microsoft is, of course, another one of the large, mainly-American companies that is involved in Europe. Likewise, we've seen them put under far greater scrutiny than we've seen them put under in the USA. And now several major EU players are suggesting that Microsoft's flagship (albeit shitty) software be avoided.

It makes me wonder whether this is really about doing the right thing, which of course is avoiding IE, or whether it's about sticking a thumb up the arse of a prominent American business.

Re:love the recommendation (1)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#30813600)

In order to properly answer your question, you'd really have to do a few comparisons:

Examine European treatment of US corporations vs. European treatment of European corporations.

Examine US treatment of European corporations vs. US treatment of US corporations.

There are a few possible outcomes: It could, in fact, be that the EU is playing a game of "trade wars" with the US, and is shafting US corporations preferentially. It could be that, in general, a corporation's ability to achieve high levels of regulatory capture is greater at home than abroad(barring 3rd world banana republic scenarios) and so foreign regulatory scrutiny is always less pleasant than domestic regulatory scrutiny. It could also be that the US simply has substantially higher levels of corporate regulatory capture than the EU does, and all corporations have a freer hand here than they do there.

Re:love the recommendation (1)

tacarat (696339) | more than 4 years ago | (#30813294)

"Hey, I heard you're running IE6. You know that's there's an alternative that's safer and free? It's called INTERNET EXPLORER NUMBER #(!&#* 8!!!!!"

Forget Firefox, Opera, Chrome or Safari for this discussion. The people who are running IE6 are either too computer illiterate/phobic to have a clue about alternate browsers or have a specific reason for not upgrading or changing. We can only hope that the folks who won't upgrade get some future cloud OS where the maintaining of security profiles takes place without them. Those that can't upgrade... sorry folks. No PHB killer viruses yet.

Re:love the recommendation (3, Interesting)

jedidiah (1196) | more than 4 years ago | (#30813568)

IOW, they are so unable and unwilling to upgrade from IE6 that ANY CHANGE WHAT SO EVER would be as equally drastic as another.

You could entirely replace their machine with a Mac and they would be no less traumatized than if you simply installed IE8 for them behind their back.

Re:love the recommendation (1)

tacarat (696339) | more than 4 years ago | (#30813898)

An IE8 installation would be less of a change if you could minimize any cosmetic differences. Changing them to a Mac would probably be more traumatic to your wallet than anything, and then they'd be absolutely useless since there's no start button on the bottom left hand of the screen (ala Gnome vs KDE).

Now then, give them "speak and spells" and /. might rest a bit better :D (A barely 4 digit replied to me? *honored*).

Stop the fucking fairsoftware spam (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30814012)

Cunt

Tear down (5, Insightful)

drDugan (219551) | more than 4 years ago | (#30813088)

"Don't Kill the Messenger: Blaming IE for Attacks is Dangerous"

Actually, IE is not the messenger, its the source of at least one know security hole that participated in this problem.

The article fails to explain how blaming the software with a known exploit is dangerous.

They assert it will create a "false sense of security" because there exist other methods of attack (other software with security flaws). Even if they did have support for other security holes, this reasoning is an absurd logical fallacy. Amazingly, the author doesn't even have support for the premise of the illogic it's based on an *implication* from a quote by McAfee CTO George Kurtz.

  FTA:

The main thing to keep in mind is that these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.

This is completely absurd FUD. IE *was used*, it is insecure, and there is no fix (yet). These conclusions come right from this article and others.

Obvious conclusion: use different software. This conclusion is also supported by the long and consistent history of security issues with IE. I think, after reading this and other articles, it is more dangerous to continue to assert that IE is secure.

Re:Tear down (-1, Redundant)

LOLYouAreWrong (1724080) | more than 4 years ago | (#30813236)

WRONG!

Re:Tear down (1)

93 Escort Wagon (326346) | more than 4 years ago | (#30813282)

WRONG!

That's just the sort of cogent, thoughtfully crafted counter-argument I've come to expect on Slashdot.

Re:Tear down (1)

Zerth (26112) | more than 4 years ago | (#30813464)

WRONG!

That's just the sort of cogent, thoughtfully crafted counter-argument I've come to expect on Slashdot.

I'm sorry, but this is abuse.
You want room 12A, just along the corridor.

Stupid git...

Re:Tear down (1)

maxume (22995) | more than 4 years ago | (#30813762)

Go read Reddit for 5 minutes, account name gags are waaaay more popular over there.

Re:Tear down (0, Redundant)

Rary (566291) | more than 4 years ago | (#30813420)

BRILLIANT!

I'm convinced.

Re:Tear down (-1)

Anonymous Coward | more than 4 years ago | (#30813322)

The article fails to explain how blaming the software with a known exploit is dangerous.

How about blaming people using ridiculously out of date software? It's IE6 for fuck's sake, it's 2 versions behind, and there's no evidence to suggest that the flaw exists in IE 7 or 8, but yet, because this is /. we'll go on blaming Microsoft for not patching an obsolete product? Hint: The fix has been out for quite some time now, it's called IE8.

I think, after reading this and other articles, it is more dangerous to continue to assert that IE is secure.

I think you should be aware that even according to the summary, It's clear that the exploit in question is in IE6, and Microsoft did not state that IE6 is secure, but rather that IE 8 is secure. I don't expect you to RTFA, this is Slashdot, after at, but for fuck's sake, at the very least, read the bloody summary.

Re:Tear down (1)

sakdoctor (1087155) | more than 4 years ago | (#30813336)

The jokes on them.
I only test my websites in IE6 (IETester [my-debugbar.com] ) to see how fucked up they look.
Then I LOL.

Re:Tear down (2, Informative)

drDugan (219551) | more than 4 years ago | (#30813370)

From the article referenced.

While research indicates that the Internet Explorer zero-day used in the attacks could be used on any version of Internet Explorer, even on Windows 7...

Re:Tear down (0)

Anonymous Coward | more than 4 years ago | (#30813432)

and there's no evidence to suggest that the flaw exists in IE 7 or 8

You need to visit /. more frequently. On today's frontpage you may find this submission [slashdot.org] , which references this article [pcpro.co.uk] , which contains this sentence:

But although Internet Explorer 6 has been the source of attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.

Re:Tear down (4, Informative)

KarmaMB84 (743001) | more than 4 years ago | (#30813922)

The flaw exists but the default configurations on Windows Vista and Windows 7 will prevent any damage. My understanding is that Microsoft's policy is to classify them as vulnerable because it's possible to run IE7 and IE8 in configurations where they actually are vulnerable (DEP disabled, Protect Mode OFF) even if the default configuration makes them immune to the current exploit.

Re:Tear down (1)

pete6677 (681676) | more than 4 years ago | (#30813612)

One reason I don't like to upgrade to newer versions of IE is because they seem to have HUGE memory leaks. Although I almost always use Firefox, I do need to keep IE around for certainly pain-in-the-ass poorly designed sites that require it. IE 7 takes FOREVER to open and close, especially if it has been left open a long time. There must be memory leaks large enough to drive a truck through. What is Microsoft's excuse for this?

Re:Tear down (0)

Anonymous Coward | more than 4 years ago | (#30813760)

Ummm...taking forever to open and close is not directly symptomatic of a memory leak. That's more a thrashing problem, and while it's true that a memory leak could amplify that sort of thing, that's a fairly hasty conclusion to come to.

I'm betting you either have a mountain of sites in your Restricted Zone list or you have a crazy toolbar. But it could just be a weird interaction of your system components.

Regardless, you should use IE8 over IE7. It's really an odd choice to complain about. One possible answer for Microsoft's excuse would be "we fixed it ages ago, it's called IE8". I'm not sure that's the answer, it probably isn't really, but there you go.

Re:Tear down (1)

fermion (181285) | more than 4 years ago | (#30813428)

Not blaming MS for IE is like not blaming Ford for the Pinto. In both cases the dangers of the product was/is well known. The consumer knows that, in the case of IE, that one should be careful with dangerous sites,and the user should know those dangerous sites. With the Pinto, it no real rear protection, so the driver should avoid other drivers that will collide with the rear of the car.

Re:Tear down (0)

Rewind (138843) | more than 4 years ago | (#30813460)

This is completely absurd FUD. IE *was used*, it is insecure, and there is no fix (yet). These conclusions come right from this article and others.

Everywhere I read this I see IE 6. That would seem to contradict everything you just said. Wouldn't the fix be a newer version of IE and the problem be using outdated software?

Re:Tear down (1)

blitzkrieg3 (995849) | more than 4 years ago | (#30813462)

I think you're missing the whole crux of their argument. Yes, IE was the source of at least one of the security holes, but France and Germany are mandating switching as though it's some sort of panacea. IE was just one link in the chain of exploits used in the attack. Maybe destroying one link in the chain destroys the chain, but it is more likely that they will find a different link to continue the attack. Like maybe a zero day in Firefox or one of these known exploits. [mozilla.org]

I truly believe that Firefox and probably Chrome is a more secure browser than IE, and I completely agree with the recommendation from France and Germany. But even if Google had no IE they would not have been completely protected from the attacks, and both countries aren't completely protected by some memo mandating the end of IE. To think so is foolishness. Don't let one poorly written PCWorld article convince you otherwise.

Re:Tear down (2, Informative)

drDugan (219551) | more than 4 years ago | (#30813656)

but France and Germany are mandating switching as though it's some sort of panacea.

I'm not missing this argument. I disagree. Removing IE is not a panacea, nor is this what the announcement means.

Equating a logical, correct step for a more secure computer (removing IE) as a false panacea is the position in the PCWorld article only, and one that misses the more basic point. IE6,7 and 8, including on Win 7 all have this flaw, and there is no fix yet.

Re:Tear down (1)

easyTree (1042254) | more than 4 years ago | (#30813688)

Maybe destroying one link in the chain destroys the chain, but it is more likely that they will find a different link to continue the attack.

If only they had the power to make it illegal to use IE6 and the rest of Europe followed-suit and if only it was a permanent decision [and I want a pony...] then every web developer would owe the Chinese haX0rs a debt of gratitude for having triggered a series of events leading to their being freed from the eternal-hell that is trying to make websites work in IE6 :D

Strawman (1)

MBCook (132727) | more than 4 years ago | (#30813540)

I agree. This sounds like the old "criminals can pick weak locks so security is worthless" fallacy. Sure any door can be opened, but that doesn't mean you should just remove the door.

That said, even if it was true, I'd still want people to abandon IE. Anything that gets people on browsers that render stuff half-decently without gobs of extra code is good.

Even getting people to IE8 would be a big improvement.

Re:Tear down (0, Troll)

Deathlizard (115856) | more than 4 years ago | (#30813570)

Guess what I did today at work?

I had to test security products. (since we're deciding to change antivirus vendors) So I got three machines (each with F-secure, Sophos and Vipre), went to my favorite site in the world (malwaredomainlist.com) and downloaded the first link in the list, infecting all 3 PC's with a virus in udner 5 minutes.

Guess which Browser I was using?

(Hint. It wasn't IE)

Re:Tear down (1, Insightful)

Blakey Rat (99501) | more than 4 years ago | (#30813588)

I think the big issue is "people are not upgrading."

There should be zero copies of IE6 in the wild right now. I don't care how big your corporation is, how shitty the "enterprise" software you purchased back in '99 is, but figure it the fuck out and get your people off IE6 right now. And then? There's no excuse for this bullshit, and I don't want to hear any sob stories.

IE7 has been out now for over 3 years, if you can't figure out how to move to it by now, you should be fired.

Re:Tear down (4, Funny)

Simon (S2) (600188) | more than 4 years ago | (#30813616)

The main thing to keep in mind is that these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.

This is completely absurd FUD.

It's not. What they say is exactly correct: hat these attacks go beyond Internet Explorer and that simply switching browsers is not an adequate defense.
FF has flaws too. An adequate defense would be to install McAfee© VirusScan Plus, McAfee© Total Protection, McAfee© Online Backup, McAfee© SiteAdvisor Plus and McAfee© Anti-Theft File Protection.
There! *NOW* you are protected!

Re:Tear down (4, Funny)

shog9 (154858) | more than 4 years ago | (#30813868)

Nice! Though I suppose you could save a little bit of time and just put a bullet through your harddrive...

Re:Tear down (1)

s122604 (1018036) | more than 4 years ago | (#30813658)

It's like saying you might as well keep your money in a wet paper sack as opposed to a guarded bank vault in an FDIC insured institution, because they both can be comprimised. After all, you wouldn't want to have a false sense of security! Now yes, the difference between Chrome/Firefox isn't quite so stark, but it's an analogy dammit!

Re:Tear down (1)

tuxgeek (872962) | more than 4 years ago | (#30813818)

Yep
More to the point, IE doesn't run on MacOSX; BSD.any.flavor; *nix.any.flavor
IE runs exclusively on M$ Windoz.all.flavors operating systems

IE6 just provides the easiest port of entry for bad guys into anyone's box, than any other version of IE.

For M$ to claim that IE8 is the most secure browser out there is like saying cigarettes cure lung cancer.

Simply put, M$ produces the most insecure products for any box that ventures out from your home and into the tubes of cyberspace. I'm not knocking their products, they are great for computer gaming and locked down isolated corporate networks. But for safe & secure internet banking and general internet exposure, M$ just plain sucks!

M$ has mastered the OS that any bonehead can use. It's the trade off here, simplicity for security.

Another example of the problem is my college student daughter has her notebook badly infected with trojans & malware. I tried to convince her to let me set her system up to dual boot Ubuntu & XP. The XP for her college work & Ubuntu for internet use. Unfortunately her boyfriend is a devoted M$ fanboi and promotes the M$ FUD that you have to compile all your drivers for Linux and it's not worth the time. I couldn't even get them to run a live CD to check it out for themselves.

Re:Tear down (0)

Anonymous Coward | more than 4 years ago | (#30814004)

Is it possible for you to come off as any more of a complete dumbass?

Better Yet: Abandon (0)

Anonymous Coward | more than 4 years ago | (#30813104)

MIcroslop [microsoft.com] completely.

Yours In Novosibirsk,
Kilgore Trout

Everybody knows OTHERS are stupid... (3, Insightful)

viraltus (1102365) | more than 4 years ago | (#30813114)

duh!

False sense of security (4, Insightful)

sunderland56 (621843) | more than 4 years ago | (#30813166)

PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

Well, of course they'd say that - they are running a PC/Windows/Microsoft magazine, after all.

AppleWorld, on the other hand, has been blaming hacker attacks on Microsoft Windows for many years now - and the general population seems to agree with them, even though it does lead to a false sense of security in OSX.

Re:False sense of security (0)

Stratoukos (1446161) | more than 4 years ago | (#30813244)

PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

Well, of course they'd say that - they are running a PC/Windows/Microsoft magazine, after all.

Well, yes, but what they're saying has some merit. I've known many a novice user that thought that because they used firefox they didn't need an antivirus program or common sense.

Re:False sense of security (3, Funny)

MichaelSmith (789609) | more than 4 years ago | (#30813316)

PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security.

Well, of course they'd say that - they are running a PC/Windows/Microsoft magazine, after all.

Well, yes, but what they're saying has some merit. I've known many a novice user that thought that because they used firefox they didn't need an antivirus program or common sense.

They told you they don't need common sense?

Healty variety of browsers (1)

Kyusaku Natsume (1098) | more than 4 years ago | (#30813406)

It helps to force web developers to design their sites based on standards, not for the browser with the largest market share. I have many friends with Apple computers that use exclusively Firefox even when Safari on OS X is a very good browser. This helps a little to keep the overall security of the plataform up, since you can't be sure that all users of OS X also are users of Safari.

Re:False sense of security (1)

shabtai87 (1715592) | more than 4 years ago | (#30813442)

Yes, Apple, more to the point Apple users, live in this wondrous world where they are safer from hackers and viruses. The truth is that most of the world is/was on a PC and that skews the statistics because most hackers and viruses know this and target PCs. I'm sure that if the people responsible spent the same number of man-hours on apple software, the numbers would be a lot more even. Note: I'm not saying that Microsoft doesn't have a responsibility to fix their software, only that the skewed numbers have to be kept in mind when comparing these types of statistics. If anything Microsoft should know that they're the biggest target and code appropriately... Otherwise, yes, of course magazines with an agenda will be spinning the story appropriately (meaning I do agree with you).

Re:False sense of security (1)

aarenz (1009365) | more than 4 years ago | (#30813764)

Once IE has less than 15% of the market share, it will become the safest browser available. Anyone who assumes that other browswers are really that much safer are diluded. If the majority of people use a product on their computer it becomes a target. Once the market has flipped, whoever is on top will be targeted and will show all of its holes to the world.

The only way to protect a computer from attacks is to never attatch it to the internet, or train the user not to go to websites that are not trusted. OS issues are the same problem, no one would ever think of writing a hack/virus for a commodore today.

False sense of security? (0)

Anonymous Coward | more than 4 years ago | (#30813206)

So where is the fix?

Actually not that bad of a suggestion. (1)

LWATCDR (28044) | more than 4 years ago | (#30813212)

Not because Microsoft sucks per say but because computer security is becoming a classic monoculture problem.
IE is such a valuable target because of the number of users.
The greater the variation in software the less valuable each exploit becomes.
Let's face it most people will not change so saying that everybody should change will probably get you 30%
A very real problem is there is only three browser engines at this time Geko, Webkit, and IE.

Re:Actually not that bad of a suggestion. (1)

janek78 (861508) | more than 4 years ago | (#30813454)

Minor correction: it is spelled "per se" (by itself).

Ekhem, Germany and France are in Europe... (3, Interesting)

sznupi (719324) | more than 4 years ago | (#30813512)

...you know, the place that already doesn't have browser monoculture. Therefore, your premise doesn't hold true - they don't want to shatter IE monoculture, create variation in the market. They just don't want people to use IE.

And especially in Europe, that's very much four engines, not three, with one or two places having Opera as number one browser, few other as number one alternative browser, and in many it has quite respectable usage share.

Re:Actually not that bad of a suggestion. (2, Insightful)

sakdoctor (1087155) | more than 4 years ago | (#30813554)

The two faces to this argument are that IE on windows gets hacked left right and centre because it's popular, and that (picking a browser at random) KHTML is ONLY secure because it's very obscure.

OpenSSH has a massive user base, and is practically a monoculture in remote access on the *nix platform. An exploit would be extremely valuable ... Oh right, it turns out security is a physical property of a system, and not just some statistic.
Bottom line is that IE really has sucked all its life; and not just statistically.

PCWorld, kindly STFU (0, Flamebait)

girlintraining (1395911) | more than 4 years ago | (#30813230)

Hey PCWorld -- a vendor refusing to patch a product that has a major security hole in it that's very publicly known is criminally negligent, and yes, the correct answer is to stop using that product and punish the ever-living crap out of the executives and the company that isn't taking something like that seriously.

Don't switch? (4, Insightful)

mounthood (993037) | more than 4 years ago | (#30813242)

"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer. That's not going to be good for productivity. And finally, what if your replacement browser itself turns out to contain a vulnerability? Are you going to switch again?"

That's the sort of shallow, thoughtless attitude that got you stuck with IE6 in the first place.

Re:Don't switch? (0)

Anonymous Coward | more than 4 years ago | (#30813396)

"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer. That's not going to be good for productivity. And finally, what if your replacement browser itself turns out to contain a vulnerability? Are you going to switch again?"

That's the sort of shallow, thoughtless attitude that got you stuck with IE6 in the first place.

Hey now, careful with the way you talk. That quote you mentioned sounds awfully similar to someone being shaken down for protection money. Are you saying your local mob bosses have shallow, thoughtless attitudes? Would you say that to their faces?

As AC (0)

Anonymous Coward | more than 4 years ago | (#30813438)

Yes.

Re:Don't switch? (2, Insightful)

Jeff DeMaagd (2015) | more than 4 years ago | (#30813646)

I guess having more than one browser installed is apparently something that would cause the universe collapse. It's not something that really takes much work either, if there's a known bug, use something else until it's fixed.

Re:Don't switch? (1, Funny)

Anonymous Coward | more than 4 years ago | (#30813672)

It's a little known fact, but the big bang was actually caused by a side-by-side installation of Internet Explorer 10 and Firefox 5 in the last universe.

Re:Don't switch? (1)

nschubach (922175) | more than 4 years ago | (#30813694)

It sounds a little like this site I ran across that at first appeared to be a very extreme "right-wing conservative" website, but the more I read, the more I thought that it must be a very [b|s]ad sarcastic humor site or a poor attempt at astro-turf from the "other side." They go as far to say that anyone using Firefox or any open source software is a communist and/or a fascist and "God" hates them for it. Microsoft is the only appropriate software distributor, unless you want "God" to hate you too. They have a list of people "God" dislikes and they strike out the name of the person when they are dead and put "(God won)" after it.

I know it's bad to spread the URL around to give them more attention, but it's one of those things that are "so bad you have to watch"

shelleytherepublican.com

Re:Don't switch? (1)

kent_eh (543303) | more than 4 years ago | (#30813798)

"You may also have web-based applications that don't work well, or even at all, unless they are accessed with Internet Explorer.

And I ask yet again, why does business use any mission-critical web-apps that can only deal with a specific browser (or worse, a specific version)

*sigh*
My employer's payroll department still won't answer this question. Idiots

Re:Don't switch? (1)

nschubach (922175) | more than 4 years ago | (#30813886)

It's cheaper to develop for only one and it should be the one with the most share. (Just my observation of the mentality.)

They're both right... or wrong (1)

kent_eh (543303) | more than 4 years ago | (#30813256)

Calling for the abandonment of IE isn't the whole answer. But it will help make more people aware that it's not the only browser out there, and that it is possible for the average user to make the change to another browser easily.

On the other hand, if they only suggest one alternative, then that only creates another monoculture.

Ultimately I'd like to so no one browser with more than 25% market share. Make the scum work harder for their exploits.

IE or IE6? whatever... (1)

Darfeld (1147131) | more than 4 years ago | (#30813258)

On one side, I don't like the fact that peoples can't make the difference between two versions of a software.

On the other side, browser diversity can't be bad, so I guess anything that can make people try something that is not IE is good.

Wait a second.... (4, Funny)

Qubit (100461) | more than 4 years ago | (#30813280)

France and Germany agree on something?

The IE threat must be greater than previously imagined. Or...something.

Re:Wait a second.... (2, Interesting)

mewsenews (251487) | more than 4 years ago | (#30813606)

France and Germany agree on something?

France and Germany were both bitterly opposed to the invasion of Iraq and said so numerous times as members of the UN. Rumsfeld dismissed them [bbc.co.uk] as "old Europe".

While China seems to be the boogeyman du jour for America, people should keep in mind that the Euro is competing very successfully [yahoo.com] against the greenback.

Re:Wait a second.... (1)

Hurricane78 (562437) | more than 4 years ago | (#30813684)

Nah, it goes like this:

France: Germany! Do as I say!
Germany: Yes, yes, dear god yes, just please don’t call us Nazis!
Same thing with the USA, UK and doubly so with Israel.

And then some German comes, and calls the government Nazi anyway! ;)

It drove them so far off the left that we can basically say that with the recent totalitarian tendencies, it “wrapped around”. ^^
(Talking about the p.c. media and politics reality here. Not about what the man on the street thinks. We’re pretty normal. :)

Re:Wait a second.... (3, Funny)

Anonymous Coward | more than 4 years ago | (#30813748)

nah, that's not that far fetched. Now if *England* and France agreed on something... Well, thats one of the signs of the apocalypse

Frisky French (0, Flamebait)

syousef (465911) | more than 4 years ago | (#30813970)

France and Germany agree on something?

The IE threat must be greater than previously imagined. Or...something.

France just hadn't surrendered to anyone in a little while and were getting frisky.

Simple answers for simple people... (1)

jofny (540291) | more than 4 years ago | (#30813292)

Really, it's both: IE should be avoided until there's a patch and yes, blaming one software package does give people who dont know any better or dont think about it a false sense of security when they switch. They're not mutually exclusive positions...

PCWorld is ignoring security (0)

Anonymous Coward | more than 4 years ago | (#30813296)

Why would a website like PCWorld recommend it's users NOT to ban Internet Explorer? It's both foolish and stupid, still recommending Internet Explorer that is short sighted.

It seems like me this is just Microsoft propaganda, seriously their is not a single reason why you should use Internet Explorer above any other modern browser like Google Chrome or Mozilla Firefox.

Re:PCWorld is ignoring security (1)

couchslug (175151) | more than 4 years ago | (#30813558)

"Why would a website like PCWorld recommend it's users NOT to ban Internet Explorer? "

"It seems like me this is just Microsoft propaganda,"

You just answered your own question.
Paper computer mags are targeted at noobs who still get their info from dead tree media, and they are not in the business of attacking their advertising base!

Re:PCWorld is ignoring security (2, Insightful)

Thundarr Trollgrim (847077) | more than 4 years ago | (#30813796)

PC World make a lot of money providing malware / virus removal for non-tchies, selling anti-virus software and more importantly, selling new computers to people whose old computers have slowed down due to misuse, rather than cleaning them up.

It's not really in their interest for people to use more secure browsers.

please stop using ie6 (0, Redundant)

chentiangemalc (1710624) | more than 4 years ago | (#30813352)

yes people should stop using IE 6, besides the horrible interface, many new websites don't display correctly in it, it is a browser dating back to 2001 and outdated by now, 2 versions behind current Microsoft product. People with windows updates should already be using a more secure browser IE 7 or IE 8, or one of their choice. And although IE6 has been significantly attacked - switching to other browsers does not make you immune, Chrome, Safari, Firefox have all had security flaws. IE8 holds up well to other browsers re http://nsslabs.com/test-reports/Q309_Browser_Security_Summary_Final.pdf [nsslabs.com] Also there are some social engineering style attacks that no browser currently protects against completely - sites that people are fooled into believing they are legitimate and passing personal details/etc.

Re:please stop using ie6 (1)

Andy Jensen (1723474) | more than 4 years ago | (#30813552)

Well, most people are using IE7 or 8. It's just that it is still Internet Explorer, which isn't the optimal browser, regardless of version.

Re:please stop using ie6 & ie7 & ie8 (1)

tuppe666 (904118) | more than 4 years ago | (#30813576)

The issue is for all browsers after IE5, so in this instance perhaps you could suggest going back to an earlier version of IE. See earlier Microsoft lies regarding this. They have there own PR to spin this. You do not need to help. Personally I think promoting anything but a monoculture of browsers is acceptable, as everyone is more than aware of what happens then.

If only the US could... (1)

Andy Jensen (1723474) | more than 4 years ago | (#30813380)

That makes Germany and France. If only the US would do the same, as there are too many naïve people who don't even know there are other superior web browsers.

This just in... (2, Funny)

FF8Jake (929704) | more than 4 years ago | (#30813392)

France, Germany, Russia, and the fucking Queen of England recommend not to use Blender due to it's overly complex interface. Thank you government, for stepping in.

Re:This just in... (0)

Anonymous Coward | more than 4 years ago | (#30813586)

This just in: the Queen of England is head of state, not head of government. ;)

Re:This just in... (1, Funny)

Anonymous Coward | more than 4 years ago | (#30813776)

What about the regular Queen of England? What does she recommend?

Air-wall is the answer (1)

MrEricSir (398214) | more than 4 years ago | (#30813400)

Instead of doing all your web browsing on a computer that's connected to a network -- which is inherently insecure -- consider only using the internet on systems which are isolated from the network with an "air-wall."

This security solution is effective at preventing viruses, trojans, worms, clickjacking, DNS spoofing, and most other malware as well.

Next up: avoid cancer by not breathing.

But which browser to use? (0)

Anonymous Coward | more than 4 years ago | (#30813436)

As many I escaped IE long time ago, however I am getting regular infections via Firefox and Seamonkey and am really tired of running ComboFix for some nasty rootkits installed after Firefox gets into its knees. Anyone can tell me which browser to use? I use Chrome solely for Google stuff, I don't want to be monitored everywhere else. Playing also with Safari due to its HTML5, but have no clue about its security...

Re:But which browser to use? (1)

couchslug (175151) | more than 4 years ago | (#30813634)

If you are getting pounded that hard, don't use your main Windows install on the internet.

You can download free VMWare browsing appliances and effortlessly browse using another OS, or load an expendable Windows installation in Portable VirtualBox that can be replaced with a complete backup copy (install Portable Vbox, install Windows, .rar a copy for safekeeping), or load Linux in a VM.

All easy to do, all free, so no excuse for a geek not doing them as needed.

Dont Kill the Messenger? (1)

smd75 (1551583) | more than 4 years ago | (#30813466)

In this case, the messenger was the one who compromised and betrayed the system. Saying IE isn't to blame is just simply wrong and uneducated. IE is a terrible browser on so many levels beyond security. Yes, this is Google, and no they shouldn't only be using Chrome, because you cant uninstall IE from XP. Some people just click on internet shortcuts or links without even caring which browser it is. This isn't the fault of Google. This is the fault of Microsoft for neglecting their shoddy products, even if it is 2 generations old now. This isn't a (real) reason to jump ship on XP, Microsoft just wants to get rid of XP, which is another mistake. I am losing more and more respect for Tech Columnists every day.

I blame the IE 'mentality' (4, Insightful)

brxndxn (461473) | more than 4 years ago | (#30813498)

I remember Steve Ballmer screaming 'Developers! Developers! Developers! Developers!' and that has been the IE 'menality' ever since. The mentality is "Give the developers (especially big huge companies like Microsoft, Adobe, Symantec, Google) complete control over the users' computers just by clicking 'ok' in Internet Explorer one time." That has got to be seen as a security hole. Every goddamn piece of software now wants to run as a service, check for updates, annoy the user, and prioritize itself. For example, once you install Adobe Flash, it is there.. on every web page.. despite whether the user might want to choose not to load the annoying flash for that particular web page. I am not complaining just about flash - just about the lack of options to make installed software optional. Why can't I have an option to 'right click, show flash' on all my flash animations? and for that matter.. all other software that wants to open by default without giving me an option to save?

Here's how I would make IE more secure in a general sense:

1. Program the 'stop' button as the highest priority. IE is useless if it decides it has to load an entire complicated web page (or malware site) before I can click 'stop' and cancel all of it.

2. Put options in IE to disallow resizing of IE windows by script, removing of toolbar buttons, preventing the user from resizing windows, and using 100% of system resources to process a web page.

3. Remove the ability for a 'Windows popup button' to prevent the user from stopping a script. How asinine is it that a web page can merely repeatedly pop up system messages forcing the user to click ok before allowing the user to click stop? IE screws this up royally with Java helping.

4. Put a 'cookie tracker' right inside Internet Explorer.. Allow the user to control whether a site can modify a cookie. Notify the user (at the bottom status bar - not in his fucking face) that 'a cookie was created or modified' when visiting a web page. User might get suspicious when his favorite porn site tries to modify the 'gmail' cookie.

5. Never allow web pages to stop me from right-clicking. Fuck you. It's my computer.

I'm sure there's a whole lot of other things I could say that Microsoft will continue to ignore..

And you all laughed (3, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#30813536)

When I said this was all an elaborate ruse to Market Chrome.

Clearly I'm the only one here parano^H^H^H^H^H^HSensible enough to see whats plainly in front of us.

Take Microsoft vs Google. Google's brand name is made up of 50% vowels, 50% consonants, whereas Microsoft is 33-67. This is a clever method designed to make you think that Google is fairer and wishes to have an equal representation of all letters. However, this is just plain deceiptful, because "Chrome" is only 33% vowels wheras "IE" (we'll abbreviate it) is 100% vowels, thus making up for the lack of vowels in "Microsoft". There are also even spreads across such MS products as "Office" and "Live". Apple has felt the need to keep up with the proper representation of vowels by throwing in a single lowercase i in front of every one of their new products. Good on them.

So I know what you're thinking: What do vowels and consonants have to do with ACTA and Net Neutrality? Absolutely nothing! But they DO have a lot to do with the recent attacks made against Google. As you can recall, its been recently discovered that the attacks originated in China. Surprising to some people, English has not been fully adopted yet, and many Chinese citizens still speak Mandarin and that other language no one can remember. All traditional chinese languages use characters, not letters. (To those who program or are DBA's, a letter is what normal people call a char). Now, what is Mandarin missing that English has? You guessed it; VOWELS. It's clear and obvious that Google is behind all of it. What the end goal is, I'm not entirely sure, I'm still trying to connect the dots.

What's important about this article is that its happening in FRANCE. This is a bit of a PR stunt for France. You see, everyone hates Microsoft, and everyone hates France. This hurts the French industries of exporting Cheese, Wine, and arrogant behavior. So France is hoping that by declaring they hate Microsoft as well, everyone will look on them in a better light. WE MUST NOT ALLOW THIS. If people start liking the French more, Baguettes will be everywhere. And I mean everywhere. Breakfast lunch and dinner. Baguettes at home, baguettes at work, baguette soup, baguette sandwhiches. Don't get me wrong I like a baguette every now and then but if we let them get a single foothold on the breadmarket they will take it over completely. There is nothing stronger then the relentless pursuits of a French Bunmaster.

So please, everyone, I beg of you. Keep using IE8, if you already do. Not because its secure, because it isn't. Not because of Google, no matter how evil they secretly are...

But because the standard loaf shape of bread is under attack, and if we don't come to defend it, no one will.

Re:And you all laughed (2, Funny)

sznupi (719324) | more than 4 years ago | (#30813966)

I was surprised when I looked at poster name in this one and didn't see BadAnalogyGuy...

Shouldn't the title be rephrased? (1, Funny)

Anonymous Coward | more than 4 years ago | (#30813598)

"France Surrenders the Browser War"

Mixed Message (4, Interesting)

Bob9113 (14996) | more than 4 years ago | (#30813716)

Don't Kill the Messenger: Blaming IE for Attacks is Dangerous

Don't obfuscate the message. Blaming IE for being susceptible to attacks is entirely valid.

So is blaming Mozilla, Chrome, Opera, Konquerer, and Safari when they are vulnerable.

It's all nice and tidy to say "The attackers are to blame." But we don't have control over them. We do have control over which software we use. And if we continually abandon less secure software for more secure alternatives, we will have a continually improving software ecosystem. That will not always mean abandoning IE (well, it may not always mean abandoning IE -- seriously, someday IE might be the most secure option -- stop laughing, it could happen, hypothetically), but it does mean always abandoning whoever fucked up most egregiously most recently. Feedback works.

Switch!!! (1)

frank_adrian314159 (469671) | more than 4 years ago | (#30813744)

... blaming IE for attacks is a dangerous approach that could cause a false sense of security.

Because a false sense of security is better than no sense of security at all.

This is exactly why I let my kids play with (5, Insightful)

nedlohs (1335013) | more than 4 years ago | (#30813800)

the toys we know have been painted with paint with high amounts of lead in it.

After all, if I took those away from them I'd just be giving myself a false sense of security since it's likely there are some other toys with lead in them that I don't know about.

Same reason I smoke, sure I know smoking causes cancer but not doing it would just give me a false sense of security given there are numerous other things that also cause cancer.

Presumably (0)

Anonymous Coward | more than 4 years ago | (#30813830)

Presumably this means the French government want people to use IE6, since they automatically do the opposite to what they're told?

It'll never work... (0, Flamebait)

pookemon (909195) | more than 4 years ago | (#30813860)

"Stop using IE"

Ok. I'll stop using IE8. But the problem wasn't in IE8 - it was in IE6 - so it was brought about by people who are using a version of IE that was replaced 1 to 2 years ago.

"Microsoft didn't patch the zero day bug"

Wouldn't matter if they had - these people are using IE6. Technically they did patch it - in IE7 and IE8 - and the people using IE6 haven't upgraded to the new free version - so what good would a patch do? Sure, MS could have withdrawn the installer and people could have upgraded using a new installer - but that would only reduce the number of people using it - it wouldn't eliminate it (there'd be all those disks floating around with IE6 as part of the operating installation).

And all this guff about "IE6 ruined the world" seems like crap anyway because if it wasn't IE6 then it'd be Acrobat, or Safari or Firefox or Opera or Chrome. If we all move to then they'd target . It's just that IE6 is still in use by a significant number of morons who probably don't have a virus scanner let alone any idea of why they shouldn't click the message that states "Your computer appears to have a virus...".

Abandon it anyway? (1)

cprocjr (1237004) | more than 4 years ago | (#30813878)

It could create a false sense of security by telling people to switch, and Microsoft is patching the problem. But aren't there TONS of other reason why to abandon IE.

Should we... (0)

Anonymous Coward | more than 4 years ago | (#30813882)

boycott french kisses?

PCWorld (1)

dwiget001 (1073738) | more than 4 years ago | (#30813936)

"PCWorld seems to be taking the opposite stance arguing that blaming IE for attacks is a dangerous approach that could cause a false sense of security."

Yeah, of course they would argue this. They get major advertising dollars from someone affected by such recommendations.

Are the changes that different from Win2k and XP? (1)

tlhIngan (30335) | more than 4 years ago | (#30813988)

Are the internals of Windows 2000 and Windows XP so different that Microsoft can't put IE8 on Win2k?

I mean, it seems like that's the obvious solution, and Win2k's on extended support still, so... and XP only identifies itself as NT 5.1 (Win2k is NT 5.0).

Always amuses me to see "You should upgrade to IE8!" then click the "Upgrade" button and say "Just click Download to get IE8!", scroll down, and then it says "IE8 is not available for your operating system". You'd think Microsoft's update site could've done the check earlier...

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...