Forgot your password?
typodupeerror
Internet Explorer The Internet Security United States

Dept. of Homeland Security Says to Stop Using IE 1069

Posted by CowboyNeal
from the warning-is-years-late-in-coming dept.
LWATCDR writes "I have been saying this for a long time but now it is offical. From Yahoo News: 'The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.'" In related news, rocketjam writes "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
This discussion has been archived. No new comments can be posted.

Dept. of Homeland Security Says to Stop Using IE

Comments Filter:
  • by erick99 (743982) * <homerun@gmail.com> on Friday July 02, 2004 @11:51AM (#9592466)
    Rather than come right out and say that their I.E. browser is not yet up to snuff in terms of security issues, Microsoft issues this absolutely delicious serving of corporate double-speak:

    "In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."

    This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer. You gotta love this. You just cannot make stuff up like this!

    Cheers!

    Erick

    • by jo42 (227475) on Friday July 02, 2004 @12:00PM (#9592562) Homepage

      Repeat after me: Global Class Action Lawsuit against Microsoft. Bunch of bumbling fubars. And that ain't the only whole they haven't plugged in months...

      • by Platinum Dragon (34829) on Friday July 02, 2004 @12:21PM (#9592857) Journal
        Repeat after me: Global Class Action Lawsuit against Microsoft. Bunch of bumbling fubars. And that ain't the only whole they haven't plugged in months...

        That last sentence gives me a better idea... forget the lawsuit. Encourage their spouses to deny them until those bugs get fixed.

        Call it Project Lysistrata.

        Uhh... that assumes they have spouses to deny them. If not, distribute their pictures to every singles bar and sweaty-palm dating site, with a "DO NOT TOUCH THIS PERSON." warning.

        If they're not plugging holes now, they certainly won't be plugging holes until the bugs get fixed!*

        * "or get plugged", depending upon gender and orientation. Deny, deny, deny until the bugs are fixed!
      • by Richthofen80 (412488) on Friday July 02, 2004 @12:32PM (#9592997) Homepage
        What is a 'Global Class action Lawsuit'? is this when the entire planet sues a company?

        Perhaps Microsoft didn't adhere to Global Law and will face a Global Court. In front of this World Court where juristiction is not in any way ambiguous, microsoft shall be cleansed of all the evil wealth it created and be forced to continue to work for free on open source projects.
      • by chainsaw1 (89967) on Friday July 02, 2004 @12:35PM (#9593024)
        It would be equally interesting if the US decided to class action the GOP for allowing MS to continue bundling IE in the OS when it
        a) knew of the problems at hand
        b) had already proven this was a monopolistic practice because of lack of choice
        c) Balked at the chance to remedy the situation after b) was proven true in court, thus forcing numerous citizens to be exposed to risk without their choice or consent

        "Willful neglect"?

        (FTR: I do not generally approve of a sue-happy society)
      • by ajs (35943) <ajs&ajs,com> on Friday July 02, 2004 @12:47PM (#9593167) Homepage Journal
        This is the wrong way to to. MS should lose market share for being insecure, that's certainly true, but the #1 reason that we suffer so much from MS' operating systems is the homogeneity of the OS market, and while they've fought as hard to stay on top as any other corporation would have, I'm not willing to say that it's their fault that everyone has been saying "screw security, I need Word" for 10 years.

        We knew better, but we got burned. Now is the time to take responsibility for our actions and switch to non-MS products.
        • by walt-sjc (145127) on Friday July 02, 2004 @01:36PM (#9593766)
          Maybe this is a good time for all those to start badgering "IE Only" web sites (especially financial institutions) to wise up and support other browsers due to the security issues. I'm lucky my bank has already "seen the light" and started supporting any standards compliant browser.

          For a while, I have had to have my browser lie to web sites about what it is on too many sites. For the most part, this is no longer needed.
        • by love2hateMS (588764) on Friday July 02, 2004 @01:39PM (#9593822)
          The #1 reason for security holes in MS products is NOT the homogeneity of the OS market. It is clearly a failure of Microsoft to take security seriously from the start. They programmed an OS that did everything for the stupid user so the stupid user wouldn't have to think. They ignored all the standards and specs to throw in their own proprietary garbage.

          It amazes me that no one has pointed out the obvious:

          With their TREMENDOUS market share, Microsoft has a moral (and probably legal) obligation to secure their software and they have failed to do this for years. Entire industries depend on MS software. There is no excuse. Failure to do this is simply immoral and unethical, but we have come to expect this behavior from MS.

          Frankly a class-action lawsuit is long-overdue.
      • Capitolism (Score:5, Insightful)

        by mosb1000 (710161) <mosb1000@mac.com> on Friday July 02, 2004 @01:25PM (#9593640)
        "Global Class Action Lawsuit against Microsoft"

        This is what people don't understand about capitalism. If you don't like the product, you don't have to sue, just stop using the damn product.

        I really hate this attitude, "the man keeps us down, so lets sue." It makes absolutely no sense at all. Corporation uses child labour to make affordable products, sue them. Heaven forbid you should accept responsibility for it and stop buying their low-quality products. MSFT sells software for too much money, sue them, don't simply use something else. It's no wonder we have so much unnecessary litigation in this country.
        • Re:Capitolism (Score:5, Insightful)

          by ebh (116526) <ebh-slashdot&hyperreal,org> on Friday July 02, 2004 @01:41PM (#9593843) Journal
          "Capitolism": The tendency to put golden domes on buildings.

          Seriously, avoiding certain purchases only goes so far. If action isn't taken to proactively stop clothing manufacturers from using sweatshop child labor, then they'll keep doind so, forcing everyone else to do the same thing or get priced out of the market. When it's all made that way, what do you do then, build a loom and start farming sheep and cotton?
    • by ackthpt (218170) * on Friday July 02, 2004 @12:02PM (#9592590) Homepage Journal
      Original: "In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."

      This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer.

      Translation: After all those horses get out of the way, we'll have your barn door fixed in a jiffy.

    • by Anonymous Coward on Friday July 02, 2004 @12:11PM (#9592714)
      It's nice to see such a rush of good news.

      * Valenti gets the boot.
      * AU sets up a free CA.
      * European software patents are being rejected.

      And now this... I guess we Americans will have a lot more to celibrate on the 4th, at this rate? :)
    • by mge (120046) on Friday July 02, 2004 @12:14PM (#9592754) Homepage Journal
      "In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."

      Ummm... I don't think so.... here is a link to the US-CERT Vulnerability Note VU#713878 [cert.org] which (I think) is where this all starts. Go right to the bottom (OK, this is slashdot, so I'll cut-and-paste)

      Use a different web browser

      There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, the DHTML object model, MIME type determination, and ActiveX. It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when browsing untrusted sites. Such a decision may, however, reduce the functionality of sites that require IE-specific features such as DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control, or the HTML rendering engine (MSHTML).


      The way I read that last sentence, CERT say you are not safe unless you get rid of the IE6 functionality.
    • by cK-Gunslinger (443452) on Friday July 02, 2004 @12:24PM (#9592891) Journal

      Well, at least the DoHS didn't recommend cover your Windows with plastic and using duct-tape to seal the cracks this time...
  • by ackthpt (218170) * on Friday July 02, 2004 @11:51AM (#9592467) Homepage Journal
    Bad, bad, bad! No more bribes for you!

    What's next, a recommendation that everyone stop using Microsoft Windows?

    New: Microsox Windlls FU SP7 w/Ubernet Exploiter (a free pile of bugs in each release!)

    I have been saying this for a long time but now it is offical.

    <Shakespeare mode=Hamlet>: There needs no ghost, my lord, come from the grave to tell us this.</Shakespeare>

    Really. How long before the Whitehouse figuratively grabs Tom Ridge by the lapels and tries to throttle him. Such harsh treatment for a huge dono^H^H^H^Hemployer. Oddsbodkins, what next, the GWB DoJ was soft in pursuing the danger of monopoly exploitation of the browser market?

  • Its About time (Score:5, Interesting)

    by arieswind (789699) * on Friday July 02, 2004 @11:51AM (#9592468) Homepage
    Horray for the Department of Homeland Security! LWATCDR is not the only person that has been saying "get off of IE" for a long time.

    Now the pressure is on Microsoft to get their shit together and make IE more secure, or risk losing their commanding lead in the web browser department. Even my dad, who would rather not use a computer than have to start using different programs, has asked me to put FireFox on his system. And my dad's boss, who is quite possibly one of the most computer illiterate people in the world, has expressed interest to him in moving the whole office off of IE onto another browser.

    It really says something for how widespread this news is. If I was MicroSoft, I would be scared at this point.
  • Of course (Score:5, Funny)

    by savagedome (742194) on Friday July 02, 2004 @11:52AM (#9592483)
    resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers

    Duh. All our friends at Microsoft need it too.

    *grin*
    *grin*
  • by Anonymous Coward on Friday July 02, 2004 @11:53AM (#9592486)
    I didn't listen to them when they asked me to duct tape and plastic wrap my house, I didn't listen to them when they raised the alert level 5 different times, I didn't listen to them when they told me to trust them, but I am glad that other people do... Perhaps this will do double duty! It will fix websites that cater to IE only so that they work with the currently "broken" Firefox so that I don't have to refresh or cross my fingers to get it to work.
    • by DrEldarion (114072) on Friday July 02, 2004 @12:41PM (#9593096)
      Yeah... it's not going to change much.

      How many users actually know what Internet Explorer is?
      How many of those users will hear about this message?
      How many of those users will know where to get an alternative browser?
      How many of those users will be motivated enough to actually want to switch browsers?
      How many of those users will be competent enough to download and install a new browser?
      How many of those users will be competent enough to handle any problems that come up instead of just saying "this sucks" and switch back to IE?

      I recently switched to FireFox because of this horrible security hole, and even though I'd consider myself a very advanced user, I had a couple problems getting things running smoothly. It would randomly lock up and crash on me - turns out that importing old IE settings is what caused it. Oh, and you want to reinstall it to get rid of your problems? Have fun hunting down that user profile directory that you don't know exists and doesn't automatically remove itself on uninstall. Configuring the UI is a huge pain in the ass.

      Ironically, it doesn't display Slashdot right sometimes, either.
  • Great News (Score:5, Interesting)

    by devphaeton (695736) on Friday July 02, 2004 @11:53AM (#9592487)
    "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."

    I hope that this also translates into a large spike of donations to the mozilla organization. Firefox and T-bird are teh moh scheezi, and i started using mozilla years ago.

    I've donated about $150 over the years, how bout y'all?
  • by ch-chuck (9622) on Friday July 02, 2004 @11:54AM (#9592493) Homepage
    the courts have ruled that Msft's bundling and pushing IE with every OS purchase is good for the consumer. Let business be free to manipulate their customers! It's good for the economy.
  • by laigle (614390) on Friday July 02, 2004 @11:55AM (#9592500)
    Now all us computer nerds will lose our counter culture edge. Plus you'll no longer be able to detect a fellow geek merely by his browsing choice. I guess we'll have to go back to tossing off random Kevin Smith quotes and seeing who catches on.
  • Firefox, you need to do yourself a favor. Flawless pop-up blocking, the beauty of tabbed browsing...real standards implementation...the list goes on and on. Now, if only Windows would be declared a national security risk...
  • Profit (Score:5, Funny)

    by richdun (672214) on Friday July 02, 2004 @11:55AM (#9592506)
    1) Create product that a smaller portion of the population uses, thus keeping the effectiveness of attacks on your product less desirable than the other 2) Give your product away for free, open sourced, and up to date with all the latest standards, oh, and make it more secure (novel idea, really) 3) ??? (wait about five or six years for a government agency to declare your competitor's product unsafe enough to get the CERT all riled up) 4) Profit, or How Mozilla Pays M$ Back for The Whole Killing of Netscape Thing
    • by Scott Richter (776062) on Friday July 02, 2004 @01:03PM (#9593401)
      4) Profit, or How Mozilla Pays M$ Back for The Whole Killing of Netscape Thing

      It's so great to see Mozilla rising from the smoldering ashes that MS left Netscape in, only to come back and bite MS in the ass. It's so symbolic, they should change Mozilla's name to "Phoenix" or something.

      Huh? Oh. (Gilda Radner on SNL voice....) Nevermind.

  • switch (Score:5, Insightful)

    by damballah (691477) on Friday July 02, 2004 @11:56AM (#9592517) Homepage Journal
    Hopefully people switching to FF will mean that more bugs will be squatched from it. Perfect timing for that 1.0 release.
    • Firefox's Gestures (Score:4, Informative)

      by Ruonkrak (788831) on Friday July 02, 2004 @12:04PM (#9592618)
      After making the switch to Mozilla Firefox and using it for two days, I'm hooked. I downloaded the All-in-One Gestures extension, and I can't for the life of me figure out how I ever lived without it. It's a whole new paradigm in browsing. This is another milestone in the MS exodus towards open source and Linux. Disclaimer: I do not work for Mozilla... just a satisfied user.
  • by the_2nd_coming (444906) on Friday July 02, 2004 @11:56AM (#9592519) Homepage
    wow!!
  • by Malor (3658) * on Friday July 02, 2004 @11:56AM (#9592521) Journal
    From the Yahoo article:

    Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines.
    Phew, thank goodness the open source coders are smart enough to leave those nasty HTML rendering engines out of web browsers!
  • Recently I was cleaning rather obnoxious spyware off of my sister's laptop. To prevent further infection, I was asking her to install Firefox. I said it'll block popups. Still reluctant. Tabbed browsing? Nope. More secure? Nu uh, still stubborn. Stop the spyware? No. (She's getting irritated at this point). CERT Recommended to stop using IE? Still won't let me install it.
    *pause*
    She then asks if our mother uses it. I said yes (thanks to me).
    "Ok, install it."

    Homeland security be damned, it's the MOTHERS we need to convert.
    • by Groucho (1038) on Friday July 02, 2004 @12:07PM (#9592669)
      I've got a better way to convince users.

      We need to stand up and tell all the family members and friends we're supporting for free - we are, after all, unpaid Microsoft technical support, without whom the users might as well be using command-line Unix - that they can either stop using IE, stop calling us for support, or expect a $200.00 per hour charge, with a one hour minimum per call.

      Enough is enough. No more unpaid work cleaning up after Bill. It's like walking behind an elephant with a dustpan and a broom.
      • by mandolin (7248) on Friday July 02, 2004 @12:19PM (#9592822)
        We need to stand up and tell all the family members and friends we're supporting for free - we are, after all, unpaid Microsoft technical support, without whom the users might as well be using command-line Unix - that they can either stop using IE, stop calling us for support, or expect a $200.00 per hour charge, with a one hour minimum per call.

        Riiiight... see, if you do that, your family might kick you out of the basement. Not that I would know or anything. Nosiree.

        (What, did you think you were good for anything else?)

  • by tabdelgawad (590061) on Friday July 02, 2004 @11:58AM (#9592541) Homepage
    For those considering installing Firefox on Win2k PCs they don't have 'administrator' accounts on, I can report that it installs and works perfectly well from a 'power user' account. Perfect for those considering an installation on a work PC.

    You should probably find out if IE uses any work-related proxy-server and change that setting manually in Firefox once the install is complete.

    Happy browsing!
  • Yeah Right (Score:5, Interesting)

    by BigDork1001 (683341) on Friday July 02, 2004 @11:58AM (#9592543) Homepage
    Homeland Security says to stop using IE but in the Air Force we're still using it and I haven't heard any plans to switch to something else. It's good to know that the DoD is listening to the security measures of the other departments.
    • Re:Yeah Right (Score:5, Informative)

      by armypuke (172430) on Friday July 02, 2004 @12:48PM (#9593189) Homepage
      Same here in the Army. But you are expecting a LOT if you think that the military will change the web browser overnight.

      First a committee/team has to be put together to verify the recommendation not to use IE. Then an alternative will have to be selected. This means another committee/team will have to determine what the alternatives are. Once the alternative web browsers are identified, they will have to be tested to make sure that they are secure and compatible they are. This testing can very depending on how indepth they go and how soon they realize that a large number of military web sites are IE only!! Once a replacement browser is selected, a Plan of Action has to be determined to figure out how the new web browser will be installed and how the completed installation is reported back up the chain of command. Once all of this has been completed, it will then be briefed to the head shed at the Pentagon who will then make some modifications before giving an order that all computers have a new web browser installed.

      This doesn't take into account any turf battles that may come up during this process, fixing all of the IE only military web sites, complaints and stubborn refusal from users (IE will have to be completely removed otherwise people will still use it), all of the modifications to the Plan of Action as it goes down the chain of command, the several weeks it will take for each DOIM and unit to figure out how they are going to implement the Plan of Action, DoD civilians.....

      It should take the military a few months to install a new web browser.....
  • Kinda funny... (Score:5, Interesting)

    by devphaeton (695736) on Friday July 02, 2004 @12:00PM (#9592560)
    Not 4 months ago MSN.com (obviously slanted) was trumpeting around "BROWSER WAR IS OVER!!!" and proclaiming that IE was the clear victor (though they never gave the conditions that made it a victor, they just sensationalized and re-iterated the same shit over and over in different wording in True Fox News Style(tm))

    MS to "win the browser war" just in time to have their browser shot down every time they turn.

    They had better wake up to this, too... These days, "internet" is about 85% of what computing is about. MS with all their attempts to blur the lines between your computer and the internet, and their flagship web application is poo.
  • by Midnight Thunder (17205) on Friday July 02, 2004 @12:01PM (#9592570) Homepage Journal
    I use Mozilla for most things, though on my Mac I increasingly use Safari, for the simple reason that I feel that Mozilla's rendering engine needs work. Gecko is slower at rendering pages than the engine powering Safari. Maybe had I a more recent computer I wouldn't notice the difference so much, but for many people this could be a sticking point. Some people I have spoken to still feel Mozilla and Firebird lose out against IE for just this reason. Other than that, I like the browser (Mozilla that is), and I am using the most recent release.
  • by bodrell (665409) on Friday July 02, 2004 @12:01PM (#9592575) Journal
    Where I work, the new management is enamored of IE. Although our current IT dept. installed Mozilla on all our computers (and REMOVED IE) I hear we'll be forced to use Outlook for email in the near future. It makes me want to vomit. Whenever family or friends tell me about their computer problems, whether viruses or adware or whatever, my main advice is 1) stop using Internet Explorer and 2) stop using Outlook.

    I've been posting news articles like this one around the workplace, but man, is it hard to get anyone to listen. If HQ won't even listen to this headquarters's own IT department, why should they listen to someone in R&D?

    Bah. Anyone have any advice on this?

  • A fix for IE?? (Score:5, Informative)

    by Sergeant Beavis (558225) on Friday July 02, 2004 @12:02PM (#9592588) Homepage
    Microsoft [microsoft.com] released a fix for this issue today. Basically it disables the ADODB.Stream object. However, it requires a regedit to implement. I imagine a hotfix is forthcomming. Still, Firefox and Mozilla don't suck at all, so people should at least use this as an excuse to give them a try IMO.
    • Re:A fix for IE?? (Score:4, Insightful)

      by Anonymous Coward on Friday July 02, 2004 @12:17PM (#9592785)
      Too bad that ADODB.Stream is just a symptom and not the root cause of IE's problems. Applying this will only temporarily break some of the IE rootkits, until they come up with a different method for writing files.
  • by orangeguru (411012) on Friday July 02, 2004 @12:02PM (#9592599) Homepage
    The Department of Homeland Security recommends not to use George Bush anymore - because of serious security leaks and erratic behaviour.
  • by mgoss (790921) on Friday July 02, 2004 @12:04PM (#9592617)
    A support article [microsoft.com] by Microsoft suggests a solution to the holes in their product, specifically the one where an address can be spoofed and displays a different url than the one you're actually at. Solution: Don't click on links! :)

    "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself."
  • Serious for MS (Score:5, Interesting)

    by Decaff (42676) on Friday July 02, 2004 @12:06PM (#9592650)
    This kind of thing could be serious for Microsoft. Their strategy is 'thick client' - the browser and other features are integrated into the operating system. If security issues remain while the browser becomes a fundamental part of future Windows use, their are in trouble.
  • by bubba451 (779167) on Friday July 02, 2004 @12:07PM (#9592665)
    If we all stop using Internet Explorer, the terrorists have won!
  • by LostCluster (625375) * on Friday July 02, 2004 @12:07PM (#9592666)
    "Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.

    Let's see what we have here.
    - First sentance tells us that Microsoft isn't going to try to attack the credibility of CERT because that'd be unlikely to get anywhere.
    - Second sentance is trying to blame "the media" for misreporting the story, but the media's working from a primary source that has a section heading called "Use a different web browser". I don't know how you're "misrepresenting" that when you take that as a suggesting to download any browser that isn't Internet Explorer which means Mozzila, Opera, Netscape or any other compeitor out there. They want CERT to take back the recomendation to just stop using IE... that's the only kind of "clarification" that's possible here.

    Microsoft clearly wants a CERT retraction. But do they stand any chance at getting one?
  • by devphaeton (695736) on Friday July 02, 2004 @12:10PM (#9592697)
    1) IBM is our friend
    2) Apple is no longer just for coddled sheep
    3) Sun is dying
    4) Sun is embracing linux
    5) Sun is no longer embracing linux
    6) SGI is dying
    7) ???

    8) We might be watching the beginning of the end for Microsoft. Not just in this, but the whole pile of events over the last couple of years. If Microsoft loses relevance, and market share, and withers away...

    Who Is Going To Be The New Evil Empire????

    I want to know who to unconditionally hate next!!
  • by Platinum Dragon (34829) on Friday July 02, 2004 @12:12PM (#9592725) Journal
    Anyone want to place bets on whether some clever MS lawyer is preparing to argue that any antitrust action related to the browser bundling should be tossed out, because the feds are now encouraging people to use browsers written by the competition? After all, if the government acknowledges that there is legitimate competition, then clearly, MS must not be abusing its desktop monopoly, since so many people are now downloading those free alternatives... right?

    As an alternative... imagine if DHS came out and said that a flaw in GM vehicles aided terrorists, and people should purchase Ford and Chrysler vehicles until the flaw is repaired. Do you think GM would immediately start demanding financial compensation for lost sales and market share from the federal government?

    Now, extend that to MS, despite the fact that IE is, effectively, free. If the whole thing still seems unbelievable, insert Robert Heinlein's quote about corporations thinking they have an unassailable right to make a profit above all else here. I'll bet good money MS is already preparing the legal briefs for some kind of retaliation.
  • by Midnight Thunder (17205) on Friday July 02, 2004 @12:13PM (#9592738) Homepage Journal
    Cool, will that mean that some of the idiot web designers will actually start taking non-compatibility complaints seriously? Like those ladened with Javascript that works nowhere else but with IE. Take Expedia.com, where the calendar pop-ups [expedia.com] only work with IE or Priston Tale web site [pristontale.com] where the side menus don't appear if you don't have IE (I already supplied a fix which was ignored) - actually this one should be lumped with the GIS2 web site for excesive use of Flash.

    Maybe pigs will fly first?

    Just one note Mozilla has one big advantage over Opera and Safari for MS base corportate networks: it supports NTLM.
  • Ahem, Ahem (Score:5, Insightful)

    by WhiteWolf666 (145211) <sherwin@NOSPam.amiran.us> on Friday July 02, 2004 @12:13PM (#9592743) Homepage Journal
    I'd like to take this opportunity to emphasize the negatives of an unhealthy competitive market.

    When monopolists crush the competition, and you have one company with 95% marketshare, that company gets lazy.

    It produces shitty products, slows development (compare development now with when they were trying to crush netscape), all the while making monopoly profits.

    Thankfully, the GPL seriously reduces the barriers to entry, because it would be DAMN hard to get either Gecko/Mozilla or KHTML/Konqueror/Safari relicensed and 'shut-down', or integrated into the MS lineup.

    Mark my words, if there was no one else but Opera, MS would think long and hard about crushing it.

    Monpoly bad, folks, m-kay?
  • by devphaeton (695736) on Friday July 02, 2004 @12:18PM (#9592809)
    Netcraft confirmed in a report today that the beleagured Pop-Up Advertisement industry is citing Mozilla and Firefox as the driving force that has snuffed out their livelihood and threatens to drive them into extinction....

    (c'mon, someone else can do this better than me) :-D

    In other news.... when parasites and popups are no longer possible, what sorts of nefarious crap will the nefarious-mongers do next?
  • by newt (3978) on Friday July 02, 2004 @12:20PM (#9592830) Homepage
    Wow. Think how much worse this'd be for Microsoft if IE was a core part of the operating system!

    - mark
  • by danielrm26 (567852) * on Friday July 02, 2004 @12:20PM (#9592838) Homepage
    Here's my piece I did on the topic about a week before the CERT announcement:

    http://www.dmiessler.com/reading/ie.html
  • by ctid (449118) on Friday July 02, 2004 @12:25PM (#9592901) Homepage
    It's easy to bash Microsoft, but I think we should give credit where it is due. After all, Microsoft has acted very quickly to fix this problem; users who have patched their version of IE can no longer access the Department of Homeland Security's webpage [dhs.gov].

  • by bratboy (649043) on Friday July 02, 2004 @12:29PM (#9592963) Homepage
    my question is, if 1) there's no patch yet for IIS servers to defend against the attack, and 2) the microsoft update servers are all IIS, then how can we know that microsoft update hasn't been hacked? hmm? (oh the humanity!)
  • The PR Spin Cycle (Score:5, Insightful)

    by Izago909 (637084) <tauisgodNO@SPAMgmail.com> on Friday July 02, 2004 @12:36PM (#9593043)
    Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
    So the press misquoted CERT? I've read the text and almost everything I've seen is a quote, albeit summarized occasionally.
    I think it's absolute comedy that when MS plays hardball, it's just business as usual, but when things swing the other way they can't stop complaining how they aren't getting a fair shake.

    Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
    Translation: We are currently researching ways to extort CERT into issuing a new statement saying our browser is the most secure as long as you don't use the default settings we chose for you. Fact: IE is the most secure browser when completely blocked by a firewall.
  • by mi (197448) on Friday July 02, 2004 @12:39PM (#9593073) Homepage
    Instructed the internal webmaster team to ignore all other browsers -- to save valuable time and effort, of course. Which -- since they use Microsoft web tools only -- instantly led to the whole intranet web-site becoming disfunctional in Mozilla, Konqueror, and Opera.

    I objected and got called "Ayatollah of web-compliance" :-)

  • by stecoop (759508) * on Friday July 02, 2004 @12:41PM (#9593094) Journal
    Alternative browsers such as Mozilla or Netscape may not protect users, the agency warned, if those browsers invoke ActiveX control or HTML rendering engines

    Did anyone RTFM from the Yahoo link. It says at the very bottom that Mozilla is vulnerable too. I use Mozilla myself but it appears that the real culpret is ActiveX which you can install on Mozilla [mozdev.org]. I don't think this plug in will work on platforms other than windows so it's really a platform issue.
    • by Anonymous Coward on Friday July 02, 2004 @01:02PM (#9593377)

      Uh, it is reported that the trojan only automatically installs itself with IE. For other browsers, you have to download and run a GIF image that is disgused as an EXE with the infamouse double-extension social engineering trick.

      Did you read the page you linked to?
      This plugin is included with Netscape 7.1, and is configured to only work with the Windows Media Player control.
  • by tcyun (80828) on Friday July 02, 2004 @12:42PM (#9593102) Journal
    a link [cert.org] (http://www.kb.cert.org/vuls/id/323070) to the US-CERT pub recommendation. It is also interesting to note that the suggestion to "use a different web broswer" is the last offered (see section III. Solution).
  • by operagost (62405) on Friday July 02, 2004 @12:46PM (#9593160) Homepage Journal
    The left-wing Slashdot community (that is, 99.8% of Slashdot readers) immediately becomes Internet Explorer advocates in order to avoid being on the same side as the Bush Administration on anything.
  • by Anonymous Writer (746272) on Friday July 02, 2004 @12:55PM (#9593290)

    The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.

    CERT gave the warning on June 10 [cert.org]. BBC reported this on June 14 [bbc.co.uk].

  • by qwasty (782400) on Friday July 02, 2004 @05:21PM (#9595841)

    This browser warning [zesiger.com] page thoroughly trashes MSIE, but every phrase is linked to a news article that uses the exact same verbiage in order to demonstrate that it isn't just anti MS FUD - It's the honest truth. It's designed and maintained for webmasters to deliver to the IE-using visitors to their webpages. You can read the source code for some more information about that. In case you're curious, here's a paste of the text and links that it has - This should prove quite effective with anyone you're trying to convince to stop using IE:

    Warning!

    Your web browser - a version of Microsoft Internet Explorer - may not function properly on this website [com.com], and could have a large number of problems [microsoft.com] that allow hackers to hijack it [pcworld.com] with viruses [microsoft.com]. These viruses could be used by criminals to secretly take over your computer [cnn.com], download child-pornography [theage.com.au], or to commit acts of terrorism [channelnewsasia.com] and fraud [guardian.co.uk]. You may automatically update it now [microsoft.com] with Microsoft's available patches, however, there is a possibility that a necessary patch will not be available [techweb.com] due to Microsoft's somewhat sluggish development schedule [ecommercetimes.com].

    The US Department of Homeland Security [yahoo.com] strongly suggests [wired.com] that you stop using Internet Explorer immediately.

    There are several standards-compliant [webstandards.org] web browsers that you may use instead of Internet Explorer. Please install one of them as a replacement.

    If you suspect that your computer is already being used for criminal activity, it is critical that you seek help from a computer professional in your local area. You may also try one of the free web-based virus scanners [wilders.org] that are available.

The clearest way into the Universe is through a forest wilderness. -- John Muir

Working...