×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe

timothy posted about a year ago | from the firefox-users-on-linux-even-safer dept.

Internet Explorer 169

An anonymous reader writes "Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser. 'We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,' Dustin Childs of Microsoft Trustworthy Computing told TNW. 'We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

169 comments

Bad news (-1, Redundant)

binarylarry (1338699) | about a year ago | (#42421831)

For all 10 IE 10 users.

It has to be said. (4, Insightful)

AliasMarlowe (1042386) | about a year ago | (#42422285)

TFA implies that IE9 and IE 10 users are not vulnerable to this attack. Well, neither are Firefox users, nor Opera users, nor Chromium users, nor Safari users, nor ... and the list goes on and on [wikipedia.org]. Oh and obviously people using BSD or Linux or Mac are not vulnerable either.

Re:It has to be said. (1)

dreamchaser (49529) | about a year ago | (#42422789)

Unfortunately a lot enterprises use web applications internally that are dependent on specific IE versions. No, not a good idea, but still true.

Re:It has to be said. (1)

TheRealMindChild (743925) | about a year ago | (#42422915)

In my experience, the dependency came from the promise of Microsoft supporting their "web platform" moving forward. Then everyone was "YOU EXPOSED THE WHOLE SYSTEM OF COM LIBRARIES TO THE SCRIPTING ENVIRONMENT!!!!", so they started trying to please that crowd with nonsense like ActiveX killbits. You can't please everyone.

haha (-1)

Anonymous Coward | about a year ago | (#42421833)

haha

Re:haha (0)

Anonymous Coward | about a year ago | (#42422705)

I guess IE8 on my windows 7 virtual machine will stay vulnerable, because i'm not going to install "Windows Malicious Software Removal Tool"

Re:haha (1)

Anonymous Coward | about a year ago | (#42422913)

Good idea. Risk getting malware by not installing an anti-malware tool and a current version of a browser. Providing any reason for your actions would make your tin foil hat harder to see.

Re:haha (0)

Anonymous Coward | about a year ago | (#42422941)

Are you sure the Malicious Software Removal Tool is a mandatory install with IE? I thought they were separate.

I do feel sorry for XP users (5, Funny)

Anonymous Coward | about a year ago | (#42421839)

I tried out IE 10 and it was great. It downloaded firefox and chrome even better than ever. People who haven't updated should. Too bad XP users can't use it though.

Re:I do feel sorry for XP users (1, Funny)

slackware 3.6 (2524328) | about a year ago | (#42421859)

How do I install IE in Ubuntu? I can't find it in the repositories.

Re:I do feel sorry for XP users (2)

ClaraBow (212734) | about a year ago | (#42421881)

I know you were joking, but IE remains the only major browser that runs on one platform only. I'm sure Microsoft will port it to other platforms someday!

Re:I do feel sorry for XP users (1)

Anonymous Coward | about a year ago | (#42421915)

There used to be versions for Mac, Solaris, and HP-UX

Re:I do feel sorry for XP users (0)

Anonymous Coward | about a year ago | (#42422177)

but IE remains the only major browser that runs on one platform only

See that "runs" word there? It is present tense.

There used to be versions for Mac, Solaris, and HP-UX

See those "used to be" words there? They are past tense.

Is this getting through to you?

Portablility a feature (2)

tuppe666 (904118) | about a year ago | (#42422365)

They are past tense.

It shows that their code was [and maybe he potential to be ]portable, admittedly last version for the Mac was 9 years ago 5.2.3 http://en.wikipedia.org/wiki/Internet_Explorer_for_Mac [wikipedia.org]. Microsoft admit their own inadequacy by not just producing code incompatible with other platforms, but even versions of its their own platform. The sad fact is they have lost half their market to competing platform even though though they bundle it with their monopolistic product. Nobody would ever install it on alternative platforms. Although Microsoft not doing so is a sign that they are not planning on competing though improving their products.

Re:Portablility a feature (0)

Anonymous Coward | about a year ago | (#42422805)

I would install IE on my linux box just to get rid of the XP virtual machine I have to run in order to access newer Cisco routers and switches as well as the older Dell switches.

Re:I do feel sorry for XP users (2)

chronokitsune3233 (2170390) | about a year ago | (#42422415)

That's true, but IIRC Macs weren't affected by such vulnerabilities usually. After all, Macs were different that they needed their own separate engine (Tasman) apart from Trident, which was used on MS Windows, Solaris and HP-UX. To be honest, I remember being a kid and playing in IE on a Mac at school. IE used to be cool. Now I know better. Still, IE/Mac rocked in its day!

Re:I do feel sorry for XP users (0)

Anonymous Coward | about a year ago | (#42422355)

No they won't. IE is part of Windows. Microsoft wants IE to be the best browser and they want the best browser to be available only on Windows.

Yes, I know they still have a lot of work ahead of them.

Re:I do feel sorry for XP users (0)

Anonymous Coward | about a year ago | (#42422575)

> Microsoft wants IE to be the best browser

No, they want it to be the only/major browser. Being best has nothing to do with it. Microsoft is developing it after IE 6 only because Firefox got such big market share that they had to react. Why they want this used to be obvious. A lot of websites used to work only with IE (remember activeX?), so if IE was major browser, this would not change and people would have to use Windows so they could use IE, so they could the web. Firefox broke the IE-only web also. I was one of those thousands who sent dozens of emails to web master about their website not working with Firefox with recent market share statistics showing how popular Firefox was. Nowadays all of those websites run nicely with both browsers (and as a side effect, with other browsers also).

Microsoft is still trying to get the web back to their pocket using silver light (which they have now also abandoned as a failed strategy), luckily it never got as big market share as activeX did, or we would have been back where we started.

Re:I do feel sorry for XP users (0)

Anonymous Coward | about a year ago | (#42422131)

How do I install IE in Ubuntu? I can't find it in the repositories.

That right there is one of the biggest problems with Ubuntu. No one knows how to install anything unless it's in the archive mostly imported from Debian, or if "someone on the Internet" has set up a PPA with what we can only assume is the correct software.

Re:I do feel sorry for XP users (1, Troll)

Runaway1956 (1322357) | about a year ago | (#42422201)

You call it a problem. I see that as a tremendous advantage. Instead of installing my OS, then searching my drawers and closets for CD's and floppies, or downloading stuff from random sites, I just go to my trusted repository to install everything I need. All my downloads come from a single place, all of it having been vetted for malware and/or security holes. It's really great, IMHO. All updates come from the same source, there's no need for me to have my system tray loaded with icons that continuously check for updates.

Of course, if I find something interesting in the tubes, it may or may not be in the repositories. Then, I have to strain my mind real hard to find the half dozen commands needed to install alien software. If my feeble mind should fail to recall any of those commands, I can always google for them.

I really like things the way they are. My wife isn't even tempted to install some Dancing Ponies screensaver. It's not in the trusted repository, so she doesn't mess with it.

Re:I do feel sorry for XP users (2, Insightful)

Trilkin (2042026) | about a year ago | (#42422595)

Funny how this comes from a community that complains about walled gardens and vendor lock-in.

Re:I do feel sorry for XP users (2)

kthreadd (1558445) | about a year ago | (#42422791)

Where is the walled garden and vendor lock-in? Ubuntu distributes a lot of software to its users, that doesn't take away any rights to run any other software. Just build it from source or install a prebuilt binary.

Re:I do feel sorry for XP users (0)

Anonymous Coward | about a year ago | (#42422629)

It was a fucking joke, it wasn't a indication he didn't know how to install a program outside of the repositories.

It is easier to install a random program in Ubuntu than it is in Windows assuming there is a deb package for it*. All you have to do is download the deb and double-click it and Ubuntu's software manager will load and install it for you, I say it is easier than Windows because you don't have to deal with the shitty installers that Windows programs always seem to use.

*And if there isn't one, or at least a dedicated installer then it isn't a fair comparison.

Re:I do feel sorry for XP users (0)

Anonymous Coward | about a year ago | (#42422587)

I think you have to run it in a VM, and then you can search for Firefox or Chrome using Bing.

Re:I do feel sorry for XP users (1)

EETech1 (1179269) | about a year ago | (#42422731)

www.codeweavers.com/compatibility/search?name=internet+explorer&search=app

I actually had to for my friend. He loves using Ubuntu since I converted his work laptop, then all his home computers, but there was some stupid IE only website that he had to use to make reservations for his business.

It is not perfect, but it gets the job done, and works much better than Virtual Box on his old laptop. Much less pwnage running under Wine too.

Cheers!

Microsoft Trustworthy Computing(sic) (-1)

tuppe666 (904118) | about a year ago | (#42421879)

See this is the shit that happens when abusive monopolist ties a Browser to an Operating System. I have heard the excuses as to why Microsoft fails to provide upgrades to it. but poorly designed software should not be an excuse. (In fact where is the Android version!?) I think the best thing is Microsoft is to pay the Mozilla foundation money for providing real support to its customers (it indirecty does), and remove IE from XP altogether. The sad fact is sitting in court and rocking like a nutter while your lie your ass off, may keep all your software projects under one roof...but it looks stupid years later when your OS is about to be taken over by Linux done by a company that has its own billions in the bank.

Re:Microsoft Trustworthy Computing(sic) (1)

Anonymous Coward | about a year ago | (#42421963)

Your lithium is wearing off.

Fuck off back to Usenet .. (0)

Anonymous Coward | about a year ago | (#42422081)

Fuck off back to Usenet, there's someone there criticizing MICROS~1 ..

Other browsers don't get exploits too? (0)

Anonymous Coward | about a year ago | (#42421993)

See subject-line above, & answer it please... thank-you!

* Users DO have the option of using other webbrowsers, but again, see my question above!

(It never EVER seems to stop here, all the "anti-microsoft" sentiments... oh well! It's "/."...)

APK

P.S.=> Besides - the mitigating measures they noted in disabling javascript &/or Active X? That's a great measure... (as well as using the EMET tool, which helps spot potential openings in the OS itself, helps to "security-harden" the whole show as well)... & yes, it'd work here too.

However - I truly *wish* that IE (yes, I use IE10 on Windows 7 64-bit here) had an ability like Opera has - which is a "by site preferences" option! I am not even SURE if FireFox does that (Chrome MAY now though iirc). I haven't used either in awhile, probably 1++ yr. for Chrome (just to try it to "see how the other 1/2 lives") & perhaps 6++ months for PaleMoon or WaterFox 64-bit builds of FF.

Since that way? I only use scripting, cookies, extensions of any type, plugins, & frames/iframes (often used sources for attack) ONLY WHERE I NEED THEM!

Which is usually on banking or online shopping/e-commerce type sites MOST of the time...

The rest of the websites I visit default to my "global policy" (which NO sites use any of those)...

That way? No way to 'blast me', essentially, + I surf way, Way, WAY faster without them present (since most sites I have found do NOT really TRULY require them operating for me to get what I need there - information!)...

... apk

Re:Other browsers don't get exploits too? (1)

Runaway1956 (1322357) | about a year ago | (#42422223)

Firefox addons give you site-by-site preferences. Take a look at NoScript. I'm pretty sure some others do as well, but I use NoScript all the time. It's probably not the best thing since sliced bread, but it comes close.

When I use(d) FireFox? NoScript is RIGHT there (0)

Anonymous Coward | about a year ago | (#42422305)

Always! Good choice on your part too - I think it's the GREATEST addon FF has for security in fact!

APK

P.S.=> I also wouldn't doubt that @ least BY NOW, FF has such an addon as you describe for "by site preferences" like Opera has natively built-in. FF has the biggest community building addons for & around it, hands-down... @ least, afaik!

... apk

Not everyone has a choice (0)

Anonymous Coward | about a year ago | (#42422247)

Some big corporations are still using IE6, including banks and government, some upgraded to IE7 or IE8 (quite recently!).

You go to a Hotel? There is a PC desk there, and it is a lockdown XP / IE6 machine.
No other choice, can't install or run a newer browser either.

Doctors in a hospital looking for your record? XP / IE7.

Banks looking for your employer website and mortgage intranet application usage? XP / IE6.

Some corporation do not allow you to install anything by policy, you are not Administrator on your own machine.

The list goes on and on... you would be surprised.

If it *works*, then don't *fix* it. Even if there is a security bug fix, especially if it breaks intranet apps ?!?

Not surprised @ all, & why... (0)

Anonymous Coward | about a year ago | (#42422343)

ASP.NET coder here over time, via Visual Studio 2002-2005, but... NOT by choice though - as I think "web-programming" is for 'noobz' (don't be offended if you do it yourself though, I just feel that way vs. coding native apps in C/C++/Delphi is all), but you have a point!

* Good "exception point" in fact... kudos!

APK

P.S.=> Your post also reminds me of Korea - they're "HUGE" on ActiveX too...

... apk

Re:Microsoft Trustworthy Computing(sic) (1)

marcello_dl (667940) | about a year ago | (#42422651)

Nothing wrong happened.

Redmond, CEO office. Ballmer is practicing chair throwing against a human wall of Microsoft interns.
Fling......
"OUCH! THANK YOU SIR MAY I HAVE ANOTHER ONE SIR!"
Fling.....

A well dressed executive gets in, and says: "Your Sanctity, I have some bad news and some good news. We have a new vulnerability on IE"
Ballmer mutters among himself: "Damn, with the undisclosed ones it's the fifth one today... and it's only 10 am..."
The chairs get thrown with more energy. The human wall crumbles.
Finally Ballmer adds: "And the good news are?"
- "Well, it affects only IE on XP and below"
- "No fucking problem, then! God, I have to give those russian hackers a medal. You know what? let's go have a drink. CHAMPAGNE!"

The remaining (ironic) reason I still use IE (0)

Anonymous Coward | about a year ago | (#42421891)

There is only one site on which I still use IE--YouTube! For some strange reason, Flash doesn't work very well in Chrome with my old XP machine. In a short time, XP itself will be not be maintained, so it's a curious state of affairs. IE doesn't perform as well as it did before either. I assume this is Flash demanding more of the CPU; but it's not a priority for me to figure this out. Unfortunately I haven't find a way to "nice" a plug-in like Flash, so regardless of which browser I'm using Flash gets interrupted due to mouse movements. This never used to be a problem. It happens in both IE and Chrome; but it's worse in Chrome. I don't know of Adobe is waging war on Google here, or if they just carelessly forgot to request priority in the plugin. It's annoying anyway...

Re:The remaining (ironic) reason I still use IE (0)

Anonymous Coward | about a year ago | (#42421995)

The only site where I'm forced to use that piece of shit IE 8 is for the windows upgrade website.
Talk about an idiot decision tying the operating system upgrade mechanism to a specific browser.
Damn Microsoft.

Oh well, for everything else Opera and Firefox suffice.

Re:The remaining (ironic) reason I still use IE (0)

Anonymous Coward | about a year ago | (#42422983)

The only site where I'm forced to use that piece of shit IE 8 is for the windows upgrade website.
Talk about an idiot decision tying the operating system upgrade mechanism to a specific browser.
Damn Microsoft.

Oh well, for everything else Opera and Firefox suffice.

That would be idiotic if it were true. But it's not [ehow.com]. I remember when this was a mostly technical site.

Re:The remaining (ironic) reason I still use IE (3, Informative)

Kergan (780543) | about a year ago | (#42422087)

Have you tried actually uninstalling Flash? When you do, YouTube serves an html5 video.

Re:The remaining (ironic) reason I still use IE (0)

Anonymous Coward | about a year ago | (#42422163)

Have you tried actually uninstalling Flash? When you do, YouTube serves an html5 video.

But how will that work on popular YouTube-like sites that aren't really YouTube?

Like, for instance, RedTube, Xvideo and XHamster?

Do these switch to HTML-5 too?

 

 

Re:The remaining (ironic) reason I still use IE (1)

bmo (77928) | about a year ago | (#42422253)

I believe those fall back to Silverlight mode.

Try Gnash.

--
BMO

Re:The remaining (ironic) reason I still use IE (0)

Anonymous Coward | about a year ago | (#42422351)

Yeah, I know xhamster looked like it required Flash for awhile, but after my Android tablet stopped supporting Flash, I was, after a short time, still able to look at boobies. Took them a little while, but there's no problem now.

Re:The remaining (ironic) reason I still use IE (1)

Kergan (780543) | about a year ago | (#42422635)

But how will that work on popular YouTube-like sites that aren't really YouTube?

Most larger sites tend to serve html5 video due to the 250 million or so iOS users.

Not all of them do so properly yet, however. Specifically, a number of sites still check the user agent, rather than for Flash presence. On Safari, you can work around this by enabling the developer toolbar in the settings -- you use it to make the browser advertise itself as an iPad, which reloads, and more often than not things will then work without a hiccup. Being based on Webkit, I'd be surprised if Chrome doesn't have a similar developer toolbar.

Along the same lines, some of the embed code that news sites offer always work when it's used on 3rd party sites. When this occurs, there's a good chance that the video actually works on the news site itself. Most sensible bloggers will post the link to the original along with the embedded video; when not, it's usually a google away and, more often than not, on youtube as well.

At any rate, I've been living without Flash at all for the past two years or so. Admittedly, I never played Flash games, nor used it for much other than youtube videos, so your mileage may vary. For what it's worth, I don't miss it at all.

Re:The remaining (ironic) reason I still use IE (1)

xenoc_1 (140817) | about a year ago | (#42422655)

Chrome comes with a built-in, supported-by-google. inline-process version of Adobe Flash. Yes, even in Linux, in fact that is the only supported Linux version of Flash going forward. Sounds to me like you have a misconfigured Chrome with it using the separate Adobe Flash Netscape-type plugin, the one you have for Mozilla-based products. Chrome's built-in Flash works fine, even on relatively low-resource machines. Since you are on Windows, you should be able to use it without problems on anything approximating an 8-year-old machine or newer. Unless you have totally horked your system, in which case have fun..

Re:The remaining (ironic) reason I still use IE (0)

Anonymous Coward | about a year ago | (#42422703)

Youporn and Porntube work nicely in non-flash supporting Chrome on my Android tablet, Redtube made Chrome download some random apk which I refused to install, I don't know about others.

Re:The remaining (ironic) reason I still use IE (0)

Anonymous Coward | about a year ago | (#42422623)

I just tried disabling Flash in Chrome, and all I get is a little thing where the video should be, telling me I need Flash. Were you saying I should uninstall Flash from IE? That doesn't really solve my problem, namely the sole remaining dependency in IE, and the poor performance of Chrome on my older hardware. I don't think I should have to totally uninstall Flash from Chrome to get HTML5 vid, should I?

URL (2)

DrYak (748999) | about a year ago | (#42422709)

http://youtube.com/html5 [youtube.com]
to manually enable/disable HTML5 video.
if you're logged in, this preference can even be saved.

Youtube automatically detects which codecs are supported (Chrome and Firefox both support WebM. Chrome also supports H.264. Older versions of Firefox don't (due to licensing restrictions), newer version of Firefox will tap into whatever system codecs is available for firefox to use: GStreamer on Linux, DirectShow in Windows, hardware codecs wherever supported).

Also, video ads require flash to play.

I don't feel sorry for those IE users (1, Interesting)

Kergan (780543) | about a year ago | (#42421899)

Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

Re:I don't feel sorry for those IE users (0)

Anonymous Coward | about a year ago | (#42421973)

Why would anyone deserve to get hacked for just running an old version of a software?

Re:I don't feel sorry for those IE users (3, Insightful)

Kergan (780543) | about a year ago | (#42422035)

Why would anyone deserve to get hacked for just running an old version of a software?

Because the immense majority of them are corporate users whose IT managers should know better.

Re:I don't feel sorry for those IE users (0)

Anonymous Coward | about a year ago | (#42422267)

And those corporate users are manipulating your confidential information such as: SSN, bank loans, financial information, your health status, insurance information, etc.

Want those leaked out on the internet?

Re:I don't feel sorry for those IE users (0)

Anonymous Coward | about a year ago | (#42422505)

Nope. That's exactly why they should upgrade. At least to Linux Mint if not OS X. Either way would free them from worrying about IE (and Windows) security issues.

Re:I don't feel sorry for those IE users (0)

Anonymous Coward | about a year ago | (#42422719)

You are kidding right?

Those corporations would either choose between:

- IBM WebSphere / DB2 / IBM HTTP Server / J2EE (Expansive)

- Microsoft IIS / SQL Server / ASP.NET

over RedHat Linux / Apache / Apache Tomcat / J2EE (inexpansive)

Even if that means that they would have 80% of their stuff in Java and 20% in .NET

Not kidding.

Re:I don't feel sorry for those IE users (1)

rizole (666389) | about a year ago | (#42422491)

Fair enough - never mind the collateral damage eh, carpet bombing is a proportionate and reasonable response.

Re:I don't feel sorry for those IE users (0)

Anonymous Coward | about a year ago | (#42422933)

Because the immense majority of them are corporate users whose IT managers should know better.

Devils advocate here.

I'm still waiting on your check to pay for our ERP vendor to release a version of software that runs under Windows 7, your other check to pay for upgrading all the intranet/internal web apps, and your final check to pay for the licenses needed to do so (client, server, and cal)

It seems management isn't interested in writing such a check to completely replace what doesn't appear broken to them. You personally won't put your money where your mouth is either.

So as an IT manager, clearly you expect me to purchase multiple millions of dollars of software out of my pocket, after insulting my intelligence claiming I am not aware of the issues.
You go on to blame me for their situation (using Microsoft products) that was already in place more than a decade before I even knew this company existed let alone worked for them.
You then refuse to provide me a replacement job making at least what I currently do, to follow your second suggestion to quit my current job where the bean counters won't listen to the guy that explains why it is broken despite us being lucky and not appearing so right at the moment.

P.S. Thanks for the baseless insult too.

Re:I don't feel sorry for those IE users (1)

PNutts (199112) | about a year ago | (#42423049)

Why would anyone deserve to get hacked for just running an old version of a software?

Because the immense majority of them are corporate users whose IT managers should know better.

IT Managers manage the entire attack surface area, which is why corporate users are typically behind a number of defenses that shield them from malware. And corporations often have policies in place that govern use of the browser/internet. Yes, it's still possible to go out and get zapped. Where I work that person will have a visit from the Security Dept. to be reminded of our policies and explain their browsing / download history. IMHO it boils down to more of a user problem than an old version technology problem. One person can be safe on IE 7 and someone else can get popped on Windows 8.

Arrogant Computing Users (5, Insightful)

tuppe666 (904118) | about a year ago | (#42421981)

Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything, and have been rarely been out of education, some things take years to learn. The truth is why should everyone be executed to be experts at computing.The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

Re:Arrogant Computing Users (0)

Anonymous Coward | about a year ago | (#42421999)

Terrible analogies. Before you go around driving a car by yourself, you typically learn how to drive a car with the help of others so you don't put others in danger, right? Why should ignorant computer users get a pass?

Thank you for your example. (1)

tuppe666 (904118) | about a year ago | (#42422235)

Terrible analogies. Before you go around driving a car by yourself, you typically learn how to drive a car with the help of others so you don't put others in danger, right?

...but not replace the engine.

Re:Thank you for your example. (0)

Anonymous Coward | about a year ago | (#42422737)

This is where car analogies fall apart, the engine of a computer is the CPU, but they are usually much easier to change than a car engine except when then are surface mounted. But no I wouldn't expect the average user to be able to change a CPU, but installing a new web browser is something every computer user should be able to do, it isn't really any harder than sticking a new satnav to your windscreen and plugging the cord in the cigarette lighter socket.

Except is not a car analogy... (1)

tuppe666 (904118) | about a year ago | (#42423047)

This is where car analogies fall apart, the engine of a computer is the CPU, but they are usually much easier to change than a car engine except when then are surface mounted. But no I wouldn't expect the average user to be able to change a CPU, but installing a new web browser is something every computer user should be able to do, it isn't really any harder than sticking a new satnav to your windscreen and plugging the cord in the cigarette lighter socket.

....Its a skill analogy...It could have been butcher; baker and marine biologist. This week indirectly I paid hundreds of people for their skills, some as basic as *packing*,and vast majority of them were completed better than I ever could, and many would require thousands of hours to become an expert.

As a side note the CPU in the Car...is part of the driver ;)

Re:Arrogant Computing Users (1)

Kergan (780543) | about a year ago | (#42422071)

But then, your argument completely falls apart because these users are mostly corporate users whose IT managers should know better.

Households users either worry about it and upgrade themselves, or have more savvy family or friends who do it for them. Do you leave your grand parents, parents or friends with a batshit crazy outdated browser lying around? Of course not. You upgrade it when you notice, and you ideally configure the PC to do so automatically in the future.

Re:Arrogant Computing Users (1)

VortexCortex (1117377) | about a year ago | (#42422289)

The truth is why should everyone be executed to be experts at computing.

One does not simply avoid getting Malware. Only the dead can know peace from this evil.

Re:Arrogant Computing Users (0)

Anonymous Coward | about a year ago | (#42422599)

Oh it is rather easy, just use Linux, like my 3 year old kid does.

Re:Arrogant Computing Users (0)

Anonymous Coward | about a year ago | (#42422465)

Yes you do. There someone said it.

Re:Arrogant Computing Users (2)

Velex (120469) | about a year ago | (#42422695)

The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

There's nothing sad about this. Not everybody needs a general purpose computer. What they want is a Facebook machine, a Tumblr machine, a Youtube machine, and a Netflix machine. And give it to them. I'm sick and tired of hand-holding users who can't handle a general-purpose computer that can run more than 1 thing at once. I don't run Windows at home. I don't get paid to do support. When something blows up, I get called over to read over the dialogs and apply common sense, because I'm the "computer guy," and apparently anything on a computer is illegible to anyone who isn't a "computer guy." Maybe there's a small hope that when folks get their MyFace device, they'll take responsibility for knowing how to operate it themselves.

Where your post really baffles me is this:

I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything

When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

Back when I used to try to help people improve their computing experience, I would regularly recommend Firefox and install it for them after cleaning up a ton of malware.

Then a month later when they were drowning in malware again, what did I find? They were back to using IE.

I'm afraid GP is correct, but partially. If a home user is still using IE on XP, they've probably already been warned multiple times by experts, and they deserve whatever happens to them.

However, as others have pointed out, the most likely to be affected by this is corporate users. I've started to run into web apps at work that refuse to work under IE 8, but guess what? Installing Firefox or Chrome isn't even an option because we have vendor lockin to a call center vendor that insists on using IE 8 despite what the default browser is. I also have a feeling that there's no way the company will pay to upgrade about 30 agent stations from XP to 7. After all, why should they? The vendor we're locked into considers Vista support experimental, and it's not like XP's gotten rusty and is breaking down or anything.

This is just a sad, sad tale of vendor lockin and short-sightedness by closed-source corporate software developers. Welcome to the world of closed-source! Yes, we know it's broken, but shit we can do about it! It's closed-source, and the vendor I was talking about, Microsoft, and any other closed-source vendor doesn't give a shit how much pain they cause end users.

Re:I don't feel sorry for those IE users (1)

yuhong (1378501) | about a year ago | (#42422295)

Well, clearly MS disagrees. In fact, a week or so ago I reported a security bug that only affects IE7 (as far that I have tested) to ZDI. I will not reveal any more details until it is patched, of course.

For Microsoft, vulnerabilities are profitable. (1, Insightful)

Futurepower(R) (558542) | about a year ago | (#42421911)

It's not surprising to me that a Microsoft product would have a vulnerability that might encourage people to pay more money to Microsoft.

With so little U.S. government supervision of abuses, having a virtual monopoly allows many tricky ways of making money.

The Future Looks Worse (-1, Offtopic)

tuppe666 (904118) | about a year ago | (#42422135)

With "Secure Boot" and other abuse misnamed technology technology, Locking down devices to a non-upgradable[under the guise of an electronic device] Microsoft Platform, and allowing only Applications from a Microsoft store...where already Mozilla and Google are running to anti-trust groups saying their software is locked out [and no, pointing out how awful iOS is, does not solve the problem or excuse it] the fact that Microsoft cannot secure their own software, while it still occupies 40% of the market is just offensive, customers should be given their money back.

Conspiracy theory (1)

MLBs (2637825) | about a year ago | (#42421933)

Microsoft has wanted for ages that those users upgrade.
Would they resort to this method to scare people into upgrading?

Poor method of Gaining Customers. (2)

tuppe666 (904118) | about a year ago | (#42422027)

Microsoft has wanted for ages that those users upgrade.
Would they resort to this method to scare people into upgrading?

Microsoft aren't even getting a sales bump from launching a new version of their platform, providing a shitty experience on their platform has them running to any other platform, and have yet to transition to the new world, where they are not the Daddy!. Android is set to surpass them next year. I'd argue it was more to provide advantages over previous versions of their OS when really their is very little real advantages present. Simply leaving the older unmaintained version insecure is simply a bonus.

Re:Poor method of Gaining Customers. (1)

MLBs (2637825) | about a year ago | (#42422113)

Well, I didn't suggest it was a smart move, just a move that could fit.

Re:Poor method of Gaining Customers. (0)

Anonymous Coward | about a year ago | (#42422321)

The older versions of IE are maintained. There will be a security patch for this.

Gotta love the summary (4, Funny)

MyLongNickName (822545) | about a year ago | (#42421939)

Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
Then: People using Internet Explorer 9-10 are not impacted.""

Could someone please tell me which versions are vulnerable and which ones are not?

Re:Gotta love the summary (0)

Anonymous Coward | about a year ago | (#42422021)

6,7,8 trollbait

Re:Gotta love the summary (2)

Nyder (754090) | about a year ago | (#42422041)

Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
Then: People using Internet Explorer 9-10 are not impacted.""

Could someone please tell me which versions are vulnerable and which ones are not?

It clearly states multiple times that IE 6-8 is affected and 9 & 10 aren't.

Re:Gotta love the summary (0)

Anonymous Coward | about a year ago | (#42422167)

*woosh*

Re:Gotta love the summary (0)

Anonymous Coward | about a year ago | (#42422653)

Are you retarded? All of those sentences are consistent with each other.

This is a serious question. I would genuinely like to know if you have been diagnosed with some type of learning disability.

Re:Gotta love the summary (1)

MyLongNickName (822545) | about a year ago | (#42422817)

It is called a joke. Sorry you didn't get it, but I promise not to make fun of slow individuals like yourself.

New IE Vulnerability: The answer my friend.. (0)

Anonymous Coward | about a year ago | (#42421977)

Is Firefox. (Opera is a good 2nd choice)

Funny how MS doesn't readily patch things that are not on its immediate marketing agenda. No patches for IE 7 so if you insist on using a standard broken product like IE, you need to use Windows 7. Next will be patched browsers that are only available on Windows 8. I Remember MS Office 2000+ had a similar pattern: Want critical bugs fixed, BUY the latest version. (Many bugs were only fixed on the next iteration even when acknowledging the bugs). Firefox on the other hand, works on ALL of these platforms (as well as MacOS, Linux, etc..) and you don't have to pay for bug/security fixes. Plus IE had a way of spitting on W3C standards for years (and to an extent still is).

MS's security record isn't all that great either: IIS Web server vulnerabilities by default (rather than locking them down), ActiveX on the Internet (later disabled by default after numerous security issues), MS Specific HTML/Javascript breaking standards. Perhaps if the market share of IE goes down to, say 30%, Balmer and his cohorts will get a clue. Until then, don't expect this culture or its security/standards issues to change anytime soon.

Re:New IE Vulnerability: The answer my friend.. (1)

1s44c (552956) | about a year ago | (#42422727)

MS's security record isn't all that great either

And the understatement of the year award goes to Anonymous Coward.

Damn. Good thing I'm still using Mosaic. (0)

Anonymous Coward | about a year ago | (#42422033)

Damn. Good thing I'm still using Mosaic.

What about Compatibility View? (5, Interesting)

93 Escort Wagon (326346) | about a year ago | (#42422161)

Compatibility View seems to turn IE 8-10 into IE 7... And I find people using it all the bloody time (and for no good reason other than they didn't like how the newer version CORRECTLY rendered some random page they were used to seeing broken!). So is Compatibility View immune to the exploit? I'm unclear whether IE has a separate engine for this or just uses some bizarre CSS definitions to achieve the brokenness...

Re:What about Compatibility View? (1)

ahabswhale (1189519) | about a year ago | (#42422637)

Don't forget that IE also has a selectable document mode. So, I'd like to see a full matrix of browser modes and document modes that are effected (if it applies).

Earlier Submission (2)

deeqkah (2755701) | about a year ago | (#42422213)

The better story about this vulnerability is the fact that the entire delivery of the malware (from a compromised US foreign policy think tank, no less), was limited to people with the ability to view English (American English), Russian, Japanese and traditional Chinese characters. It's supected of being a 'watering hole' attack. Read more from the earlier submission [slashdot.org] which didn't include bullshit link bait for advertising dollars.

no more xp (0)

Anonymous Coward | about a year ago | (#42422543)

As a tech that insists on bringing value to customers, i no longer work on xp machines. I can hand them a linux live cd or offer to accompany them to the local computer store.
an xp machine on the internet is just stupid, considering the monthly cost of internet access.

Re:no more xp (1)

1s44c (552956) | about a year ago | (#42422715)

Sorry if this is a dumb question, but what does the monthly cost of internet access have to do with it?

#WindowsRage (0)

Anonymous Coward | about a year ago | (#42422697)

#WindowsRage #WindowsRage #WindowsRage #WindowsRage

Microsoft Trustworthy Computing. (1)

1s44c (552956) | about a year ago | (#42422707)

LOL. What?

The only way to make Microsoft software trustworthy is to cut power to the computer.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...