Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Issues Workaround For IE 0-Day

timothy posted about 2 years ago | from the we-call-these-o'houlihan-patches dept.

Internet Explorer 101

Orome1 writes "Microsoft has issued a security advisory with advice on how to patch a Internet Explorer zero-day vulnerability recently spotted being exploited in the wild by attackers that might be the same ones that are behind the Nitro attacks. News that there is a previously unknown Internet Explorer vulnerability that is actively being misused in the wild by attackers that are believed to be the same ones that are behind the Nitro attacks has reverberated all over the Internet yesterday."

cancel ×

101 comments

MS advice on how to patch a IE zero-day vulnerabil (5, Informative)

Anonymous Coward | about 2 years ago | (#41373513)

Click [firefox.com]

Re:MS advice on how to patch a IE zero-day vulnera (1)

Stan92057 (737634) | about 2 years ago | (#41375441)

Ya think too small

http://www.ubuntu.com/download

Re:MS advice on how to patch a IE zero-day vulnera (-1)

Anonymous Coward | about 2 years ago | (#41376529)

right, linux for retards = thinking big.

fucking moron.

Re:MS advice on how to patch a IE zero-day vulnera (0)

Anonymous Coward | about 2 years ago | (#41383527)

Considering the fact that they were using Internet Explorer, i think Ubuntu would be a good idea.

Unless of course you want people spamming the internet with stupid questions relating to Linux.

Re:MS advice on how to patch a IE zero-day vulnera (1)

helix2301 (1105613) | about 2 years ago | (#41377041)

All but one supported edition of IE is affected: 2001s IE6, 2006s IE7, 2009s IE8 and last year’s IE9. Together, those browsers accounted for 53% of all browsers used worldwide. The only exception is IE10, the browser bundled with the new Windows 8, which does not contain the bug.

Re:MS advice on how to patch a IE zero-day vulnera (0)

Anonymous Coward | about 2 years ago | (#41379727)

That is trading one problem for another. Chromium or Opera are the way to go.

incoherent summary (0)

Anonymous Coward | about 2 years ago | (#41373517)

What does this even mean? Is it the same 0-day? Is it a different 0-day? Can we get some editing up in this bitch or what?

Re:incoherent summary (4, Insightful)

vlm (69642) | about 2 years ago | (#41373589)

What does this even mean? Is it the same 0-day? Is it a different 0-day? Can we get some editing up in this bitch or what?

There's so many it doesn't really matter. They'll be another next month, and the month after that, and the month after that.... You can safely assume that at any given instant there exists at least one active zero-day infecting IE users.

Re:incoherent summary (3, Insightful)

LordLimecat (1103839) | about 2 years ago | (#41374217)

Last time I had looked into it, IE9 was more secure in several ways than Firefox. It also had comparable number of security holes.

Have things changed substantially in the last year?

Re:incoherent summary (1)

Anonymous Coward | about 2 years ago | (#41374469)

No, they have not changed and your analysis is correct. However, be prepared to be modded down and called a shill. Your sane post is like trying to tell religious zealots that they might have some facts wrong. The folks here are pretty well biased against IE even when it does do something right.

Re:incoherent summary (0)

Rytr23 (704409) | about 2 years ago | (#41374521)

This is Slashdot, err, I mean DiceNewsAggregator, only Anti-Microsoft comments are permitted. Also to truly fit in, one must refer to Microsoft as M$- see the dollar sign is super clever and shows your OSS cred.

Re:incoherent summary (1)

Anonymous Coward | about 2 years ago | (#41377217)

No... Sadly that /. back when it was a cool place to live.

Nowadays everytime there's some pathetic headline making people happy to be using Linux / OS X / any other browser than IE you can expect a lot of six and seven digit /. ID numbers to pre-emptively whine about how pro-MS comments are going to be called out as shills.

Now, according to you, what exactly would a MS shill post here?

Something saying how remote admin holes by simply opening a website happen all the time for Un*x users out there?

Last I checked btw the one browser giving IE a run for its money was Chrome... So the comparison with Firefox, to try to downplay the seriousness of yet-another-remote-admin-IE exploit is kinda rubbish.

Yes Java applets were the number one source of security exploits in 2011. Yes Flash was second.

Yes a new 0-day affecting IE6,7,8 and 9 and giving remote admin rights by simply visiting a webpage is very, very bad.

And, yes, people are safer browsing under Chrome / Linux, Chrome OS X or Chrome Windows than IE.

Now how's that for you?

Re:incoherent summary (1)

beep54 (1844432) | about 2 years ago | (#41383303)

Rather than Chrome, which has a nasty tendency to phone home, mention Chromium which one can now easily install (used to be kind of a bitch) for Windows. I find I need this because for some time now Firefox and flash have not played well together. It's sort of hit or miss. Sometimes flash works; sometimes it stutters or worse, freezes. Newish update; we'll see what that does, but it looks very incremental. And yes, I realize that Firefox has that problem with the address bar. But, basically I've never really gotten to like Chromium/Chrome. Nice to have a backup however since I really do dislike IE. I gather it works fairly well now, but I just hate how it looks. It just uses up FAR too much real estate which is idiotically dumb and should have been fixed ages ago.

Re:incoherent summary (1)

LifesABeach (234436) | about 2 years ago | (#41374943)

I think I'll take my chances using browsers native to Linux. Of all the things that alienates me from m-$ is their pompous grinning while showing off; it creates no life.

Re:incoherent summary (1)

LordLimecat (1103839) | about 2 years ago | (#41380753)

Obviously my post was not referring to "on linux". But even there, my understanding is that, security-wise, Firefox is in second or third place (not really sure where Opera stands...).

Re:incoherent summary (3, Insightful)

smooth wombat (796938) | about 2 years ago | (#41376297)

IE9 was more secure in several ways than Firefox. It also had comparable number of security holes.

Oh really? You might want to check what Secunia has to say on the matter.

For IE 9 [secunia.com]

For Firefox 15 [secunia.com]

The two aren't even close in terms of vulnerabilities. Too soon for Fx 15? Let's go with the 14 version:

Less than half the problems [secunia.com] .

And one more for good measure; Firefox 13 [secunia.com] . Again, less than half the vulnerabilities of IE 9. Even the unpatched vulnerabilities for Firefox are less critical than the ones for IE 9.

So yes, things have changed substantially in one year. Either IE 9 has gotten worse or Firefox has gotten better. Take your pick.

Re:incoherent summary (2)

LordLimecat (1103839) | about 2 years ago | (#41380901)

The problem is that IE9 doesnt do a rapid-release cycle like Firefox does, so all of its 9 point releases since 9.0 in May 2011 are considered the same product. That total of 60 vulns you see spans a year and a half. Firefox 14s spans about 8 weeks (July 17)-- which makes that "32" a LOT scarier. To boil it down, Firefox 14 had ~4 vulns per week since release, while IE9 has had less than 1 per week.

To do a more fair comparison you would need to total up the number of unique vulnerabilities for Firefox 5.0-15, and compare it to IE9.0 - 9.09 (which we already know is 60). For the record, Firefox 10 alone (released less than a year ago) had 60 vulnerabilities, all of which were patched-- and then Firefox 14 had another 32.

So no, things havent gotten better for firefox, and its still a ton easier to hack than IE or chrome (no sandboxing, no process-per-tab, no privilege dropping, no plugin filtering, etc etc etc). Firefox is a fine browser, but recommending it for security reasons is boneheaded as technically IE and chrome are superior. And up until version 14 of firefox (with silent auto update), you were FAR more likely to be stuck with an old firefox than you were with an old IE.

Re:incoherent summary (0)

Anonymous Coward | about 2 years ago | (#41376327)

The big difference is always going to be unsafe locally installed ActiveX controls that can be initiated from a website once installed.

Re:incoherent summary (1)

LordLimecat (1103839) | about 2 years ago | (#41380919)

You get numerous prompts before you can run an ActiveX control. By default, "activeX filtering" is turned on which basically prevents any controls from running till you allow it-- kind of like flashblock or Chrome's java controls.

And really, theres not much difference between an NPAPI plugin and an ActiveX control that Im aware of; when antivirus products use NPAPI for filtering and antivirus (WebRep), it tells me that theres not much a firefox plugin DOESNT have access to.

All of this really misses the forest for the trees tho, ActiveX is not the gigantic, glaring security hole to be worried about. Java and any of the Adobe products are-- something like 80% of exploits target those.

Re:incoherent summary (3, Funny)

Chrisq (894406) | about 2 years ago | (#41373737)

What does this even mean? Is it the same 0-day? Is it a different 0-day? Can we get some editing up in this bitch or what?

With Microsoft you can make every day a 0 day!

Re:incoherent summary (1)

Joce640k (829181) | about 2 years ago | (#41374115)

Simply put, it means you have to deploy the Microsoft Enhanced Mitigation Experience Toolkit.

Re:incoherent summary (1)

LifesABeach (234436) | about 2 years ago | (#41375015)

I think enhancing what I've already experienced with Microsoft IE would be like using steal wool to cure hemorrhoids.

doublepost? (0)

Anonymous Coward | about 2 years ago | (#41373527)

you just mentioned the same thing twice in your short review of the story

Re:doublepost? (5, Funny)

mwvdlee (775178) | about 2 years ago | (#41373579)

It may be that the same thing is mentioned twice in a very short summary of the story, but that the same thing is mentioned twice in a very short summary of the story does obfuscate the lack of content. That is why the same thing is mentioned twice in a very short summary of the story. Why else would it be that the same thing is mentioned twice in a very short summary of the story?

Re:doublepost? (1)

ciderbrew (1860166) | about 2 years ago | (#41373953)

It may be that the same thing is mentioned twice in a very short summary of the story, but that the same thing is mentioned twice in a very short summary of the story does obfuscate the lack of content. That is why the same thing is mentioned twice in a very short summary of the story. Why else would it be that the same thing is mentioned twice in a very short summary of the story?

Can I quote you on that?

Re:doublepost? (0)

Anonymous Coward | about 2 years ago | (#41373603)

It is just part of the improved efficiency program at slashdot.

Now the dupes are in the summary. No more need for a dupe post.

Load Firefox? (5, Insightful)

jfdavis668 (1414919) | about 2 years ago | (#41373581)

The work around is load firefox or chrome.

Re:Load Firefox? Can't replace everywhere. (1)

cant_get_a_good_nick (172131) | about 2 years ago | (#41374135)

I remember that when Microsoft bound IE to the OS back in Win95, IE is now everywhere. That Windows Explorer window? Now subject to IE attacks. That HTML pane in Outlook? Now subject to IE attacks. That help window in SomeGame 2.0? Now subject to IE attacks.

I'm not sure how true this is now, but a guess is that it's still much this way.

Re:Load Firefox? Can't replace everywhere. (3, Insightful)

pointyhat (2649443) | about 2 years ago | (#41374353)

You speak with authority but do not understand the principles and abstractions.

It's called COM. Windows is based on COM. It allows components to be reused, which is good design and good practice.

This is the same concept as WebKit being a shared library on Linux and gnome help, gnome file manager and Epiphany importing it.

I they discovered a WebKit hole: waah waah whinge whinge there is a hole in Gnome Help - save us all from the 0-day

That complaining never happens but if Microsoft fall to the same thing, they get slated. Hardly fair is it?

Re:Load Firefox? Can't replace everywhere. (1)

RenderSeven (938535) | about 2 years ago | (#41376143)

It allows components to be reused, which is good design and good practice

It's only good design practice if the shared components dont royally suck.

Re:Load Firefox? Can't replace everywhere. (0)

Anonymous Coward | about 2 years ago | (#41378477)

It allows components to be reused, which is good design and good practice.

It's good practice except when those components are written by the company responsible for more rooted boxes than any other in history.
WebKit isn't closed code that's dripping with exploits, publicly known and otherwise. I can't tell if you're on the MS payroll or if you're really just that stupid.
In either case, please stop posting.

Re:Load Firefox? Can't replace everywhere. (2)

pointyhat (2649443) | about 2 years ago | (#41379051)

To be honest they have shipped more boxes than anyone in history.

WebKit has had its fair share of exploits over the years. I first worked with it when it was known as KHTML and have followed it over the years.

I work for a corporation that has source access for IE (MS shared source) and it's a remarkably well put together product which equals WebKit.

Re:Load Firefox? Can't replace everywhere. (0)

Anonymous Coward | about 2 years ago | (#41395171)

First of all, COM is not "principles and abstractions", it's just an binary interop technology.So please RTFM first. Second, WebKit is not a shared library. Bottom line: Microsoft IE sucks, and stupid idea of pushing IE everywhere (and screwed up layering in Windows) makes this clusterfuck even worse.

Re:Load Firefox? Can't replace everywhere. (1)

chrish (4714) | about 2 years ago | (#41374369)

Unless things have changed in the last ~2 years, Outlook rolls its own HTML/CSS/JavaScript engine to avoid IE issues like this.

Unfortunately, it opens Outlook up to their own HTML/CSS/JavaScript related bugs, and their implementation is half-assed like old versions of IE (that is, you can't expect HTML and CSS to work normally, even for features that Outlook implements).

Sorry, PTSD moment from having to "fix" HTML newsletters for Outlook once upon a time...

Re:Load Firefox? (1)

gman003 (1693318) | about 2 years ago | (#41374635)

Hey! I use Opera, you ignorant twat!

Re:Load Firefox? (1)

fast turtle (1118037) | about 2 years ago | (#41375961)

Whahh Whahh! You've got Bugs!!

I use ESP to surf the web. Works so much better and there's lots of 0.025 cents out there to accumulate.

I just used my own (0)

overmoderated (2703703) | about 2 years ago | (#41373615)

Have been for 13 years. Linux.

Re:I just used my own (0)

wonkey_monkey (2592601) | about 2 years ago | (#41373685)

+1 Smug.

Re:I just used my own (0)

Anonymous Coward | about 2 years ago | (#41373767)

-1 Go Fuck Yourself

Workaround is stupid (5, Informative)

Anonymous Coward | about 2 years ago | (#41373673)

Disable ActiveX and then demand it runs to "Prompt" in both Internet AND Intranet????? This is NOT a "work-around." A work-around would be how to allow our users to continue running without being prompted to run or not run things they don't understand and don't want to.

Or install an alternate browser.

Sheesh, is the Internet really worth this crap? Really?

Re:Workaround is stupid (5, Informative)

Robert Zenz (1680268) | about 2 years ago | (#41373757)

Fun fact: Forbidding ActiveX and similar things in Internet Explorer yields interesting site effects, f.e. that Visual Studio can't display error messages or the Help anymore.

Re:Workaround is stupid (1)

GNious (953874) | about 2 years ago | (#41374285)

try disabling ActiveX on you WAN/ADSL/whatever router - has fun effects on all sorts of things in Windows 7

Re:Workaround is stupid (0)

Anonymous Coward | about 2 years ago | (#41374407)

site effects

Thats a good one!

Re:Workaround is stupid (2)

shutdown -p now (807394) | about 2 years ago | (#41381405)

This shouldn't be the case from VS 2010 onward. The help system there has been reworked completely to be browser-based (rather than requiring its own client as MS Help 2.0 - the thing used in VS 2002-2008 - did), and should work in any browser, not just IE.

Re:Workaround is stupid (2, Insightful)

Anonymous Coward | about 2 years ago | (#41373781)

Or install an alternate browser with No-Script.

FTFY.

Re:Workaround is stupid (1)

Anonymous Coward | about 2 years ago | (#41373857)

The equivalent in Chrome/FF is to disable Java, which makes ActiveX looks secure.

Re:Workaround is stupid (1)

Anonymous Coward | about 2 years ago | (#41374087)

Running actual native executables from remote sources is more secure then Java?

Re:Workaround is stupid (1)

Bryansix (761547) | about 2 years ago | (#41378155)

Sadly, yes.

Actually the workaround is very simple (0)

Anonymous Coward | about 2 years ago | (#41373921)

Just turn off your browser, period, and then it'll not get infected.

Re:Workaround is stupid (0)

Anonymous Coward | about 2 years ago | (#41376293)

Disable ActiveX and then demand it runs to "Prompt" in both Internet AND Intranet????? This is NOT a "work-around." A work-around would be how to allow our users to continue running without being prompted to run or not run things they don't understand and don't want to.

Computer: Windows has detected that you have moved your mouse pointer. If you would like to have that change take effect click yes.
User: ... moves mouse pointer over to the "Yes" button and clicks yes.
Computer: Windows has detected that you have moved your mouse pointer and clicked "Yes" to answer a dialog. If you would like to activate the mouse movement, answer "Yes" then click the Yes button again.
User: ...clicks yes again.
Computer: Windows has detected that you have moved your mouse pointer over to the Yes button yet again to answer Yes to a previous question. If you would like to activate your mouse movement and respond "Yes" to the previous question, please click the "Yes" button.

User: ...pulls out 12-gauge and blows away computer monitor.
 

Tired of the IE hate... (4, Interesting)

Anonymous Coward | about 2 years ago | (#41373709)

Seriously, I don't use IE at home but until Chrome, Firefox, or Opera have tight integration and customization that can be centralled managed (GPO) IE will be the defacto standard browser for a lot of businesses. As an IT Manager I have tried repeatedly to move to a different browser and the tools to manage them just aren't there.

"Hahaha those losers use IE, they suck they should just switch to chrome" are not helpful comments and show just how little you know about the many current business environments. Your beloved Chrome and Firefox, by their actions, don't want to be the default browsers in business. They just don't. That leaves us with IE which, despite these 0 days and standards issues, is superios in every way in a Windows comprate environment. Until that changes IE will be what many businesses use because browser management is just so easy it's automagic.

And those Linux folks, switching to Linux isn't helpful either until some sort of same tier GPO management alternative that has simple interpoability is available. We could actually drop Windows and go full linux if I could gain the control I get from a Windows environment.

Disclaimer: I use Firefox, Opera, Ubuntu, and Mint at home.

Re:Tired of the IE hate... (5, Insightful)

NatasRevol (731260) | about 2 years ago | (#41373741)

The question is why you need to manage a browser so much.

Re:Tired of the IE hate... (3, Informative)

Anonymous Coward | about 2 years ago | (#41373935)

The question is why you need to manage a browser so much.

Define browser behavior for specific vendor (state, federal governments) websites and zones
Homepage
What is allowed to be installed
Favorites
Preferences for appearance
Internet and Proxy settings

the list goes on and on.

Re:Tired of the IE hate... (0, Troll)

Anonymous Coward | about 2 years ago | (#41374011)

It's easier to manage Microsoft's browser on Microsoft's operating system?
You don't say!

Re:Tired of the IE hate... (0)

Anonymous Coward | about 2 years ago | (#41374085)

I am actually saying IE is easier to manage then any other browser and if you want this sort of management you go with Windows.

What alternative do you propose? I am seriously all ears!

Re:Tired of the IE hate... (1)

LordLimecat (1103839) | about 2 years ago | (#41374269)

Chrome, with its adm templates. See above. Its actually really manageable-- unlike firefox, they put some time into the business side of things.

Re:Tired of the IE hate... (0)

Anonymous Coward | about 2 years ago | (#41377035)

Chrome, with its adm templates. See above. Its actually really manageable-- unlike firefox, they put some time into the business side of things.

Seconded. Chromium's adm templates are surprisingly functional. A potshot search on google saved me a bunch of reg work, and allows a consistent experience across our environment.

Re:Tired of the IE hate... (1)

Billly Gates (198444) | about 2 years ago | (#41377769)

I like having intranet and internet zones.

Java sucks goatballs. Old java especially but it used heavily in intranet apps and with IE I can use that POS java with 30 exploits only on the intranet so they wont get 0wned on the internet. That is one thing IE has that the others do not.

Re:Tired of the IE hate... (1)

LordLimecat (1103839) | about 2 years ago | (#41382041)

False. Google requires you to whitelist sites that want to use Java, and also has click-to-play for java on top of that. Both (IIRC) can be managed by the above mentioned ADM templates, as can which plugins are allowed, what extensions are mandatory, etc.

What alternative do you propose? (1)

dgharmon (2564621) | about 2 years ago | (#41374277)

It's not the browser but the underlying Operating System that is at fault.

distrowatch [distrowatch.com]

you are doing it wrong (1)

Anonymous Coward | about 2 years ago | (#41374177)

You are doing it wrong. You are creating a tightly integrated application with IE/browser. Bad idea from the start. Then you are locked in forever till someone funds another tight integration. Your benefiting from IE infrastructure, but the world is messed up b/c you are stuck in 1990s.
So pls stop doing it or stop calling whatever you created a browser and make sure you exclude them from external network usage so we do not have to fell the pain caused by you decisions.
BY THE WAY. If you have to control your employees so much find ones that you can trust.

Re:Tired of the IE hate... (1)

sys_mast (452486) | about 2 years ago | (#41374185)

I'll feed the AC....

What is everyone addiction to setting the homepage? I can see defaulting to a company intraweb or some portal. But WTF if someone feels they are more productive with some random web app or other data source or even google as their home page why lock them out of it?

I guess some sort of Kiosk, but there are better special built kiosk apps that work better than IE. (though they may use IE to render)

Maybe I'm missing the point.

Re:Tired of the IE hate... (2, Funny)

gl4ss (559668) | about 2 years ago | (#41374239)

I'll feed the AC....

What is everyone addiction to setting the homepage? I can see defaulting to a company intraweb or some portal. But WTF if someone feels they are more productive with some random web app or other data source or even google as their home page why lock them out of it?

I guess some sort of Kiosk, but there are better special built kiosk apps that work better than IE. (though they may use IE to render)

Maybe I'm missing the point.

well, the reason to use ms's enterprise deployment of ie settings is that then you can make the browsing experience secure.

oh wait..

Re:Tired of the IE hate... (0)

Anonymous Coward | about 2 years ago | (#41377081)

well, the reason to use ms's enterprise deployment of ie settings is that then you can make the browsing experience secure.

oh wait..

Or consistent. At least it's consistently vulnerable. =D

Re:Tired of the IE hate... (0)

Anonymous Coward | about 2 years ago | (#41374643)

I have a very laissez-faire approach to my network, but there are times I wish I did lock down things like browser homepages, like the nth time someone asks me how to get to something on the the network, and I tell them there's a link on the intranet homepage, but they don't know where that is because they replaced their homepage with MSN.com

Re:Tired of the IE hate... (1)

beep54 (1844432) | about 2 years ago | (#41383379)

"What is everyone addiction to setting the homepage?" Guessing you meant 'why' there. Pretty much the first thing I want to go to when the browser comes up is email, so it is handy for it to be there. But if I am feeling more paranoid, I just set it to blank page.

Re:Tired of the IE hate... (1)

pouar (2629833) | about 2 years ago | (#41381073)

Define browser behavior for specific vendor (state, federal governments) websites and zones
Homepage
What is allowed to be installed
Favorites
Preferences for appearance
Internet and Proxy settings

I can do that with firefox already

Re:Tired of the IE hate... (1)

Billly Gates (198444) | about 2 years ago | (#41377729)

The question is why you need to manage a browser so much.

Quick real-world answer. Java! Not modern java, but the insecure 30+ security hole java 1.4.1, not java 1.4.0, or 1.4.2, but 1.4.1. Kronos requires it and therefore leaves these HR payroll specialists wide open with a bulls eye target. Solution? Create a special GPO just for the HR payroll group with java 1.4.1 only accessible for the intranet kronos site.

Scenario 2, in the same orgamization java is required for Bank of Montreal for some line of credit apps. Java 7 which is more secure wont work. However, if Java 6 is running on all machines from the image then HR payroll can't get their crappy Kronos app work. Same scenario etc.

IE can allow to specify things like this while keeping java off everyone elses version of IE. Other use cases include security, site blocking, and giving more lenient options to executives.

Actually IE 9 is not a bad browser. Yes it has an exploit, but it is sandboxed like Chrome in which Firefox is not! I wont use FF that much for this security reason. HTML 5 in IE 9 is there at a basic level and IE 10 which is done in Windows 8 and almost in Windows 7 scores over 300 on html5test.com and has 92% of the support of Firefox 14!

You can still hate it from its past, but at least MS is trying to improve it. Until Mozilla goes back to an anual release cycle with GPO tools we are sticking with INternet explorer. Especially since it is at least tolerable now unlike IE 6 and 7

Re:Tired of the IE hate... (1)

NatasRevol (731260) | about 2 years ago | (#41377877)

So, the simple answer is security. Fine point, but then if you didn't run on Windows...

Re:Tired of the IE hate... (3, Informative)

Anonymous Coward | about 2 years ago | (#41373981)

Google has an enterprise deployable msi installer of chrome, along with a gpo addin to manage chrome. Your statement is false.

Re:Tired of the IE hate... (5, Informative)

LordLimecat (1103839) | about 2 years ago | (#41374247)

Chrome can be deployed by MSI [google.com] and managed by GPO. They have the ADM [google.com] templates right on their site.

Re:Tired of the IE hate... (1)

pointyhat (2649443) | about 2 years ago | (#41374423)

It still can't be patched via WSUS though which means uncontrolled updates.

Re:Tired of the IE hate... (1)

Anonymous Coward | about 2 years ago | (#41374859)

*Uncontrolled updates that also saturate your business's expensive WAN link instead of coming from a local server.

Re:Tired of the IE hate... (1)

pointyhat (2649443) | about 2 years ago | (#41375339)

Spot on :)

Re:Tired of the IE hate... (1)

NetCow (117556) | about 2 years ago | (#41375917)

Sure it can:

The enterprise MSIs are patched in sync with the other updates. Managing Chrome via LUP + the Chrome ADMs is a breeze, since if an "uncontrolled" (LocalAppData) Chrome instance starts and there's a MSI on the machine, the uncontrolled instance will respect the GPO settings.

Link to actual security advisory (4, Informative)

Anonymous Coward | about 2 years ago | (#41373797)

http://technet.microsoft.com/en-us/security/advisory/2757760 [microsoft.com]

Linking from "Microsoft issued an advisory" to submitter's site is kinda lowbrow.

Windows 8 is Great (0, Funny)

Anonymous Coward | about 2 years ago | (#41374003)

Thankfully, I run Windows 8 and IE 10. The future is secure. The future is Microsoft.

Good. (0)

Anonymous Coward | about 2 years ago | (#41374055)

Less IE users.

Microsoft needs to give up on IE (0)

Anonymous Coward | about 2 years ago | (#41374149)

Keep the legacy IE6 engine for old apps and use webkit or gecko as the "new IE". Maybe even give it a new name to shake the reputation. Bing Bismuth? Windows Live Web?

captcha: exploits.

Stupid Summary Is Stupid (1)

acoustix (123925) | about 2 years ago | (#41374287)

Workaround != patch.

The soluton is don't use Windows ... (1)

dgharmon (2564621) | about 2 years ago | (#41374315)

It never ceases to amuse me, the glazed look on peoples faces when they ask me how I deal with Windows viruses and I explain I don't use Windows ..

Distrowatch [distrowatch.com]

Re:The soluton is don't use Windows ... (3, Interesting)

pointyhat (2649443) | about 2 years ago | (#41374513)

I haven't had a Windows virus since I started using it 24 years ago and I've used IE all that time.

Then again, I don't go surfing pr0n, cracks, warez, torrents, rapidshare, mp3 sites etc.

Intimacy with the wrong people is only going to end in an STD regardless of which prophylactic device you or they wear.

Re:The soluton is don't use Windows ... (1)

Anonymous Coward | about 2 years ago | (#41374769)

There's still the threat of compromised 3rd party ad servers spewing malware from otherwise credible sites. Safe browsing habits won't save you from that. Even if you know what you are doing there's always a chance that you can get hit.

This'll save you from THAT & more... apk (0)

Anonymous Coward | about 2 years ago | (#41377903)

"There's still the threat of compromised 3rd party ad servers spewing malware from otherwise credible sites. Safe browsing habits won't save you from that. Even if you know what you are doing there's always a chance that you can get hit." - by Anonymous Coward on Tuesday September 18, @11:36AM (#41374769)

IF you don't want to be tracked, & to get your speed/bandwidth back you paid for (as well as electricity, CPU cycles, RAM, & other forms of I/O as well), better "layered-security"/"defense-in-depth", reliability (vs. DNS poisoning redirection OR being "downed"), & even anonymity (to an extent vs. DNS request logs) + being able to "blow by" what you may feel are unjust blocks (in DNSBL's) & more...

---

APK Hosts File Engine 5.0++ 32-bit & 64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]

---

Custom hosts files gain me the following benefits (A short summary of where custom hosts files can be extremely useful - NOTE: The "TOP 5" Address YOUR concern, with ease, & with a tool/file your system ALREADY has, as does ANY BSD derived IP stack using OS, usually):

---

1.) Blocking out malware/malscripted sites

2.) Blocking out Known sites-servers/hosts-domains that are known to serve up malware

3.) Blocking out Bogus DNS servers malware makers use

4.) Blocking out Botnet C&C servers

5.) Blocking out Bogus adbanners that are full of malicious script content

6.) Getting you back speed/bandwidth you paid for by blocking out adbanners + hardcoding in your favorite sites (faster than remote DNS server resolution)

7.) Added reliability (vs. downed or misdirect/poisoned DNS servers).

8.) Added "anonymity" (to an extent, vs. DNS request logs)

9.) The ability to bypass DNSBL's (DNS block lists you may not agree with).

10.) Blocking out TRACKERS

11.) More screen "real estate" (since no more adbanners appear onscreen eating up CPU, Memory, & other forms of I/O too - bonus!)

12.) Truly UNIVERSAL PROTECTION (since any OS, even on smartphones, usually has a BSD drived IP stack).

13.) Faster & MORE EFFICIENT operation vs. browser plugins (which "layer on" ontop of Ring 3/RPL 3/usermode browsers - whereas the hosts file operates @ the Ring 0/RPL 0/Kernelmode of operation (far faster) as a filter for the IP stack itself...)

14.) Custom hosts files work on ANY & ALL webbound apps (browser plugins do not).

15.) Custom hosts files offer a better, faster, more efficient way, & safer way to surf the web & are COMPLETELY controlled by the end-user of them.

---

* There you go... & above all else IF you choose to try it for the enumerated list of benefits I extolled above?

Enjoy the program!

APK

P.S.=> Of course, THIS is NOT going to "go well" with 3 types of people out there online, profiting by advertising & nefarious exploits + more @ YOUR expense as the consumer:

---

A.) Malware makers & the like (botnet masters, etc./et al)

B.) ADVERTISERS - the TRULY offended ones, as it is their "lifeblood" in psychological attack galore, tracking, & more, etc.!

C.) Possibly webmasters (who profit by ad banners, but fail to realize that those SAME adbanners suck away the users' bandwidth/speed, electricity, CPU cycles, RAM, & other forms of I/O they PAY FOR, plus, adbanners DO get infested with malicious code, & if anyone wants many "examples thereof" from the past near-decade now? Ask!)

---

... apk

Re:The soluton is don't use Windows ... (0)

Anonymous Coward | about 2 years ago | (#41375671)

My mother's 75 year old bridge partner/friend begged me to fix he laptop because it was full of malware (though she didn't know that). So I guess it would help some users if their OS was more secure. Your argument is essentially an endorsement of Windows alternatives.

Same here since 1996 because of this (0)

Anonymous Coward | about 2 years ago | (#41377961)

I got "suckered" by DCC transfer on IRC (got a "lemon" from a pal there no less I knew for years 1994-2000), & because of it?

Well - I decided to learn how to DO something about it & other threats online and, to share it with others!

The result? This below ( & yes, it works, IF followed "to the letter"):

To "immunize" a Windows system, I effectively use the principles in "layered security" possibles!

http://www.bing.com/search?q=%22HOW+TO+SECURE+Windows+2000%2FXP%22&go=&form=QBRE [bing.com]

I.E./E.G.-> I have done so since 1997-1998 with the most viewed, highly rated guide online for Windows security there really is which came from the fact I also created the 1st guide for securing Windows, highly rated @ NEOWIN (as far back as 1998-2001) here:

http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text [neowin.net]

& from as far back as 1997 -> http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml [archive.org] which Neowin above picked up on & rated very highly.

That has evolved more currently, into the MOST viewed & highly rated one there is for years now since 2008 online in the 1st URL link above...

Which has well over 500,000++ views online (actually MORE, but 1 site with 75,000 views of it went offline/out-of-business) & it's been made either:

---

1.) An Essential Guide
2.) 5-5 star rated
3.) A "sticky-pinned" thread
4.) Most viewed in the category it's in (usually security)
5.) Got me PAID by winning a contest @ PCPitStop (quite unexpectedly - I was only posting it for the good of all, & yes, "the Lord works in mysterious ways", it even got me PAID -> http://techtalk.pcpitstop.com/2007/09/04/pc-pitstop-winners/ [pcpitstop.com] (see January 2008))

---

Across 15-20 or so sites I posted it on back in 2008...

The IMPORTANT part, in some sample testimonials to the "layered security" methodology efficacy, is in my 'p.s.' below!

---

* The ONLY time I got infested was on IRC using DCC transfers (got a "lemon" from a pal no less - I too had to learn what the dangers are online & was my OWN "weakest link" but after that? Nothing since, due to my learning what's in the guide above I authored!)...

What's above? Helps... & even SUGGESTS what this EMET tool is doing for IE (and more - pure "layered-security"/"defense-in-depth" and yes, it works).

APK

P.S.=> Here's a testimonial from a fellow that did extremely well using what that security guide for Windows NT-based OS users I authored & what HE experienced for YEARS no less, for himself, family, friends, & yes - even CUSTOMERS and, of course, I've been enjoying the same...

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2 [xtremepccentral.com]

"I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

AND

"APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

AND

http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3 [xtremepccentral.com]

"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" - THRONKA, user of my guide @ XTremePcCentral

... apk, into the MOST viewed

Re:The soluton is don't use Windows ... (0)

Anonymous Coward | about 2 years ago | (#41384085)

I haven't had a Windows virus since I started using it 24 years ago and I've used IE all that time.

That's what you think.

Then again, I don't go surfing pr0n, cracks, warez, torrents, rapidshare, mp3 sites etc.

Oooh! Ahhh! You are so much a better fucking person than anyone else... can I touch the hem of your robe?

Intimacy with the wrong people is only going to end in an STD regardless of which prophylactic device you or they wear.

Intimacy leads to contraction of sexually transmitted disease despite choice and use of prophylactic, and conversely (I trust, your Royal Ignorance,) abstinence from sexual intimacy is a sure defense against sexually transmitted diseases? Tell that to all the hemophiliacs who died of AIDS, you retarded goddamned fucking fuckhead!

Sorry, were we talking about Windows here? It's true a machine running MS Windows, unpatched and without any kind of antivirus software, is completely immune from compromise by any kind of malware, provided you never use any software other than a legitimate copy of Windows, don't hook the computer up to the internet, or any other network, and in fact, remove all read/write devices from the system, including user interface devices like the keyboard and mouse, so that there is no physical way to input data, code, executable or otherwise, into the system. Similar to having such a computer hooked up to the internet, but never ever turning it ON. Such a computer would also be protected.

Or were you trying for "Funny" with your ignorant post? Also, what moron thought it was "interesting"? Seriously, do you also believe that a computer can't contract a virus unless a porn, "warez", torrent, etc., site is visited LEGITIMATELY, because your computer has "ways of shutting the whole thing down?"

Christ what a retarded dick...

Re:The soluton is don't use Windows ... (1)

StuartHankins (1020819) | about 2 years ago | (#41386899)

Anecdotal evidence is anecdotal. You can get infected using Windows simply by visiting Google, seeing ads on mainstream sites etc. It's happened to us during setting up new installs. It's not too hard to do. We no longer search for drivers until the AV is installed; previously drivers came first.

Re:The soluton is don't use Windows ... (0)

Anonymous Coward | about 2 years ago | (#41375393)

Ill toss this out there. You paid x dollars for app ABC. ABC was written in mid 2000s. Only works in IE. X is a sunk cost. Should you pay z dollars to upgrade for something that already works and end up right where you started for z dollars? Making z dollars a loss. Then in 5-10 years end up back where you started with the custom app not working in the latest and greatest browser out there? That is called throwing good money after bad.

Now a percentage of people out there have a clue about computers. There is another percentage who just will never get it or do not want to get it. You need to hire someone at some particular pay level (you have your budget). Are you going to get people who 'know computers' or someone 'who can answer the phone and fill out the time sheet'? One will cost more than the other.

Business is not 'black and white'. It is about cost and availability usually.

Then you have people waving their hands saying 'use linux it doesnt have this mess'. Which is a lie thru omission and you know it. It is the same one Apple used for a few years (norton antivirus started on a Mac btw, in highschool we would play a game of how many viri could you get on a floppy...). Would anyone say take a linux distro from 3-4 years ago and put it out on the wide wooly internet? 'But you can use the latest'. And then hopefully the distro I am using hasnt switched out the whole desktop again (remember I am probably not hiring 'knows computers' guys just what fits my needs so retraining is order again). Oh and I have to do this to 200 computers (same issue I get with windows btw). My cost is time here rarely money with it. I can also hire tons of competent 'windows' guys and very few competent 'linux guys'. Meaning my cost is either training time or more money to hire 'better' people. Oh and remember that ABC app? Only works in IE...

So what many advocate here is a total infrastructure switchout that gains me 0. Other than less of a headache sometimes. In fact it ends up costing me serious money and time up front. Limits who I can hire (thru temp agencies and full time). I end up with EXACTLY the same thing I have now and a new knowledge gap headache.

The active directory system MS has is very nice. Very little in the opensource world comes close to control and release it has. Some orgs have dozens of different computer types and can afford 0 downtime for anyone. Linux does not let you do a slow roll. Does not let you find people who have installed applications that may get your business into trouble. etc etc etc... You can set these things up but many are custom jobs and take a lot of work to get setup just right. Or you can use the 'out of the box' one MS has.

Now that I have played up MS stuff... It comes with a support cost. People are attacking it all the time. Vulins like this are found every day. They get fixed and the problem goes away. Then you can use MS's infrastructure that they put in so you can roll it out and make sure it doesnt take out that application ABC which you need...

I personally use linux a lot. But would I wholesale switch out a business that is tied to it already? Not if I want to get future work from them. You are being myopic in your worldview. Open it up a bit and see it from the end users point of view instead of 'what I use is better because I use it' view...

Who is this warning aimed at? (0)

Anonymous Coward | about 2 years ago | (#41374381)

Internet Explorer users don't check for updates let alone understand what zero-day means.

Oh, right. Fail IT departments who have kludged apps that require IE because the developers were lazy and stupid. In other words, slashdotters.

Re:Who is this warning aimed at? (1)

RaceProUK (1137575) | about 2 years ago | (#41374901)

Internet Explorer users don't check for updates let alone understand what zero-day means.

Oh, right. Fail IT departments who have kludged apps that require IE because the management was incompetent.

FTFY

Winter, winter fashion down trend (-1)

Anonymous Coward | about 2 years ago | (#41374755)

Moncler down coat Speak trend, down is not the patent of winter clothing, tide child on a hot day wearing a feather vest example also quite a few. In order to produce high quality high and famous AIGLE, also come to catch up with this upsurge, today season launch different material design Down Jacket, both light and thin more than the more has super heat preservation function, and and price reasonable, wins in selling point is bright, is also the most simple "into the house" equation, today's recent heat explosion "chop young" AoJia years (Pierre) type clothing patrol.

Once upon a time, Moncler down coat teaches people dare not flatter, and deep fear will become "m cheese lotus" ethnic group, now there is no critical article shape, even down itself has strong heat preservation function, also have the option of abandon. When it comes to true will light down carry forward brand, the author first time association up "your pass street" French famous brand Moncler besides, still have to thank the Japanese version of the North Face

Moncler down coat Change improved, let "bloated" is no longer the pronoun of down. There is no denying the fact that AIGLE in production down technology level still have progress space, but the brand to strict quality monitoring can be helped by insistence that the hand from the manufacturing wader's action in the concept peep to know just a little.

Worth the tide people take care of that, Moncler Scarf & Cap first brand of the key development this season the GTX Down Down series, and have the ability to become a the Down brand of "a lion in the way", and subdivided into of Windstopper Down and Cosmo Down two styles, the former special to Casual Wear as the design theme, Moncler Sweater for the tide people daily life easy rbis, attached beam waist line and belt can match line to different modelling, plus the beam waist line can be optional adjusting, and belt, the use of the metal to insert button, Moncler down coat highlights the winter noble style; Cosmo Down design is more feminine, long to long and knee Down coats have slim waist effect, to break the traditional Down the feeling bloated. Collar shape design slightly tall, convenient to make different changes, unlined upper garment body and sleeve shape is A glyph design, Moncler Shoes permeate A more strong Feminine taste, type and have money!

The Actual MS Advisory (0)

Anonymous Coward | about 2 years ago | (#41374887)

Find the actual advisory here: http://technet.microsoft.com/en-us/security/advisory/2757760 [microsoft.com]

[Grumble]Should have been included in the post...[/Grumble]

Re:The Actual MS Advisory (1)

Bryansix (761547) | about 2 years ago | (#41378287)

Which is interesting because they DO want Intranet and Internet zones to be set to high. This is absurd.

Beh (1)

Hognoxious (631665) | about 2 years ago | (#41376827)

Submitter is a idiot.

Re:Beh (1)

fatphil (181876) | about 2 years ago | (#41379903)

There's nothing stupid about trying to increase the number of page impressions on a site which carries ads.

A dick, perhaps, but not necessarily stupid.

EMET not effective (1)

manu0601 (2221348) | about 2 years ago | (#41382885)

MS suggests to use EMET (a tool that enfonrces ASLR and DEP), but Brian Krebs reports that this does not really plug the hole [krebsonsecurity.com]

But... I don't undestand... (0)

Anonymous Coward | about 2 years ago | (#41384013)

I thought IE exploits only had an effect on people using MS Internet Explorer, and who the hell in his right mind does THAT anymore? Right, guys?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...