Forgot your password?
typodupeerror
Internet Explorer The Internet Security United States

Dept. of Homeland Security Says to Stop Using IE 1069

Posted by CowboyNeal
from the warning-is-years-late-in-coming dept.
LWATCDR writes "I have been saying this for a long time but now it is offical. From Yahoo News: 'The Department of Homeland Security's U.S. Computer Emergency Readiness Team touched off a storm this week when it recommended for security reasons using browsers other than Microsoft's Internet Explorer.'" In related news, rocketjam writes "According to Wired, the widespread Internet Explorer security exploit last week and CERT's subsequent recommendation that IE users should consider switching to another browser has resulted in a large spike in downloads of the Mozilla Organization's Mozilla and Firefox web browsers."
This discussion has been archived. No new comments can be posted.

Dept. of Homeland Security Says to Stop Using IE

Comments Filter:
  • by erick99 (743982) * <homerun@gmail.com> on Friday July 02, 2004 @11:51AM (#9592466)
    Rather than come right out and say that their I.E. browser is not yet up to snuff in terms of security issues, Microsoft issues this absolutely delicious serving of corporate double-speak:

    "In the meantime, we have provided customers with prescriptive guidance to help mitigate these issues."

    This translates to a set of instructions for making changes in I.E. settings since the default settings are not terribly good for security. THe MS spokesperson said that a "comprehensive" security pack for I.E. will be out later this summer. You gotta love this. You just cannot make stuff up like this!

    Cheers!

    Erick

  • by Anonymous Coward on Friday July 02, 2004 @11:53AM (#9592486)
    I didn't listen to them when they asked me to duct tape and plastic wrap my house, I didn't listen to them when they raised the alert level 5 different times, I didn't listen to them when they told me to trust them, but I am glad that other people do... Perhaps this will do double duty! It will fix websites that cater to IE only so that they work with the currently "broken" Firefox so that I don't have to refresh or cross my fingers to get it to work.
  • by ch-chuck (9622) on Friday July 02, 2004 @11:54AM (#9592493) Homepage
    the courts have ruled that Msft's bundling and pushing IE with every OS purchase is good for the consumer. Let business be free to manipulate their customers! It's good for the economy.
  • Opera (Score:1, Insightful)

    by brilinux (255400) <(ten.lrra) (ta) (kxq4gk)> on Friday July 02, 2004 @11:55AM (#9592497) Homepage Journal
    Now that everyone and his brother are using Mozilla Firefox, I guess that I will have to go back to using Opera again. At least the ads do not take up as much space as they used to.
  • switch (Score:5, Insightful)

    by damballah (691477) on Friday July 02, 2004 @11:56AM (#9592517) Homepage Journal
    Hopefully people switching to FF will mean that more bugs will be squatched from it. Perfect timing for that 1.0 release.
  • Re:Great News (Score:2, Insightful)

    by ChozSun (49528) on Friday July 02, 2004 @11:58AM (#9592545) Homepage
    I donated to Trillian when they were in Beta... I felt that my little bit went a long way.

    I have purchased Opera and I have never regretted that decision.

    I will wait until Firefox is as smooth as Opera then I will donate.
  • This just means.. (Score:2, Insightful)

    by Pranjal (624521) on Friday July 02, 2004 @12:00PM (#9592569)
    ..that the hackers will start targetting Mozilla/FireFox now as it might become the dominant browser out there.

    They will always target the browser having the most user base as the probablity of exploit becoming successfull increases.
  • by bodrell (665409) on Friday July 02, 2004 @12:01PM (#9592575) Journal
    Where I work, the new management is enamored of IE. Although our current IT dept. installed Mozilla on all our computers (and REMOVED IE) I hear we'll be forced to use Outlook for email in the near future. It makes me want to vomit. Whenever family or friends tell me about their computer problems, whether viruses or adware or whatever, my main advice is 1) stop using Internet Explorer and 2) stop using Outlook.

    I've been posting news articles like this one around the workplace, but man, is it hard to get anyone to listen. If HQ won't even listen to this headquarters's own IT department, why should they listen to someone in R&D?

    Bah. Anyone have any advice on this?

  • by MntlChaos (602380) on Friday July 02, 2004 @12:06PM (#9592654)
    Actually, I believe any account that can execute code in its home directory should work. Firefox is downloadable as a zip (or was about a year ago).
  • by LostCluster (625375) * on Friday July 02, 2004 @12:07PM (#9592666)
    "Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.

    Let's see what we have here.
    - First sentance tells us that Microsoft isn't going to try to attack the credibility of CERT because that'd be unlikely to get anywhere.
    - Second sentance is trying to blame "the media" for misreporting the story, but the media's working from a primary source that has a section heading called "Use a different web browser". I don't know how you're "misrepresenting" that when you take that as a suggesting to download any browser that isn't Internet Explorer which means Mozzila, Opera, Netscape or any other compeitor out there. They want CERT to take back the recomendation to just stop using IE... that's the only kind of "clarification" that's possible here.

    Microsoft clearly wants a CERT retraction. But do they stand any chance at getting one?
  • by Groucho (1038) on Friday July 02, 2004 @12:07PM (#9592669)
    I've got a better way to convince users.

    We need to stand up and tell all the family members and friends we're supporting for free - we are, after all, unpaid Microsoft technical support, without whom the users might as well be using command-line Unix - that they can either stop using IE, stop calling us for support, or expect a $200.00 per hour charge, with a one hour minimum per call.

    Enough is enough. No more unpaid work cleaning up after Bill. It's like walking behind an elephant with a dustpan and a broom.
  • by arieswind (789699) * on Friday July 02, 2004 @12:07PM (#9592672) Homepage
    I realize this, but if I went up to my mom and said, "Hey mom, the CERT recommends you stop using IE" she would just be like "Who is that, why should I care?" but if I said, "Hey mom, the Department of Homeland Security recommends you stop using IE" she would instantly know who I am talking about. Its all about the names "normal" people would recognize.
  • by green pizza (159161) on Friday July 02, 2004 @12:08PM (#9592678) Homepage
    I use IE on most of my PCs because it's fast. Not just fast to launch (that's obvious) but faster at loading pages and faster at scrolling.

    In the Real World, Pentium II systems are the norm. Not everyone has a watercooled P4 monster. Heck, in most of the machines I see and work with, you're lucky to have a real video card. There's nothing like a PII/350 with onboard video using shared PC100 RAM. Sooo slooow.

    Back to IE, it's *much* faster than even the latest builds of Mozilla and FireFox. With config tweaking and other incantations, the gap narrows a bit, but IE still wins.

    I would love Mozilla, *IF* it was faster.
  • by Anonymous Coward on Friday July 02, 2004 @12:11PM (#9592714)
    It's nice to see such a rush of good news.

    * Valenti gets the boot.
    * AU sets up a free CA.
    * European software patents are being rejected.

    And now this... I guess we Americans will have a lot more to celibrate on the 4th, at this rate? :)
  • by Platinum Dragon (34829) on Friday July 02, 2004 @12:12PM (#9592725) Journal
    Anyone want to place bets on whether some clever MS lawyer is preparing to argue that any antitrust action related to the browser bundling should be tossed out, because the feds are now encouraging people to use browsers written by the competition? After all, if the government acknowledges that there is legitimate competition, then clearly, MS must not be abusing its desktop monopoly, since so many people are now downloading those free alternatives... right?

    As an alternative... imagine if DHS came out and said that a flaw in GM vehicles aided terrorists, and people should purchase Ford and Chrysler vehicles until the flaw is repaired. Do you think GM would immediately start demanding financial compensation for lost sales and market share from the federal government?

    Now, extend that to MS, despite the fact that IE is, effectively, free. If the whole thing still seems unbelievable, insert Robert Heinlein's quote about corporations thinking they have an unassailable right to make a profit above all else here. I'll bet good money MS is already preparing the legal briefs for some kind of retaliation.
  • by LostCluster (625375) * on Friday July 02, 2004 @12:12PM (#9592729)
    Having the lead in market share doesn't affect the number and severity of security flaws in the program.

    It affects the impact of an exploit should one be released, but you can't release a damaging exploit until a flaw is descovered that allows the exploit to work. The stakes are raised, but the game is still the same.

    A secure-at-the-start program leads to no exploits possible and cuts the problem off at the head. Sure, there's going to be more people looking for the flaw, but if there's no flaw to find they won't get anywhere.
  • by arieswind (789699) * on Friday July 02, 2004 @12:13PM (#9592733) Homepage
    Suppose that because of this announcement, all of a sudden 60% of browsers are running FireFox. Surely web site designers will not ignore the fact that if it does not look right in FireFox, then it does not look right in 60% of people's screens.

    No techie who knows anything will overlook that fact. I think what we will see is more "Looks best in FireFox 0.x" disclaimers at the bottom of sites, which is a very good thing for all of us.
  • by Midnight Thunder (17205) on Friday July 02, 2004 @12:13PM (#9592738) Homepage Journal
    Cool, will that mean that some of the idiot web designers will actually start taking non-compatibility complaints seriously? Like those ladened with Javascript that works nowhere else but with IE. Take Expedia.com, where the calendar pop-ups [expedia.com] only work with IE or Priston Tale web site [pristontale.com] where the side menus don't appear if you don't have IE (I already supplied a fix which was ignored) - actually this one should be lumped with the GIS2 web site for excesive use of Flash.

    Maybe pigs will fly first?

    Just one note Mozilla has one big advantage over Opera and Safari for MS base corportate networks: it supports NTLM.
  • Ahem, Ahem (Score:5, Insightful)

    by WhiteWolf666 (145211) <sherwin@[ ]ran.us ['ami' in gap]> on Friday July 02, 2004 @12:13PM (#9592743) Homepage Journal
    I'd like to take this opportunity to emphasize the negatives of an unhealthy competitive market.

    When monopolists crush the competition, and you have one company with 95% marketshare, that company gets lazy.

    It produces shitty products, slows development (compare development now with when they were trying to crush netscape), all the while making monopoly profits.

    Thankfully, the GPL seriously reduces the barriers to entry, because it would be DAMN hard to get either Gecko/Mozilla or KHTML/Konqueror/Safari relicensed and 'shut-down', or integrated into the MS lineup.

    Mark my words, if there was no one else but Opera, MS would think long and hard about crushing it.

    Monpoly bad, folks, m-kay?
  • by Anonymous Coward on Friday July 02, 2004 @12:16PM (#9592774)
    > Repeat after me: Global Class Action Lawsuit against Microsoft.

    Tried where, the hague? Why not just call jihad. Dumbass.
  • by stinkyfingers (588428) on Friday July 02, 2004 @12:16PM (#9592781)
    Homeland Defense keeps messing with the terrorist threat alert level. I ignore it all the time. But when something happens, they'll inevitably say "HA! WE TOLD YOU SO!!!", when in actuality, they throw so much shit against the wall that sooner or later, something will stick.

    Anti-MS basher types are always quick to say "THIS IS IMPORTANT!!! IT'S THE END OF MICROSOFT'S REIGN!!!". They've been saying it for so long, it's noise. But should the day ever come that Microsoft suffers, the basher will say "HA! WE TOLD YOU SO!!!". In reality, there's so much shit tossed against the wall ...

    You know who you are
  • Re:A fix for IE?? (Score:4, Insightful)

    by Anonymous Coward on Friday July 02, 2004 @12:17PM (#9592785)
    Too bad that ADODB.Stream is just a symptom and not the root cause of IE's problems. Applying this will only temporarily break some of the IE rootkits, until they come up with a different method for writing files.
  • by Anonymous Coward on Friday July 02, 2004 @12:17PM (#9592793)
    For some odd reason, no one cares how bad IE is. I am sure a lot of people here will provide anecdotal evidence of this news switching their friends and family. However, I have never had a hard time convincing people IE and Windows have serious flaws. The people I have spoken to believe I am credible (or so I think!) and I don't think that now that the DoHS is recommending against IE that anyone will listen. They will believe you when you describe the problem, but they don't understand it.

    The average Joe just does not care how much windows or IE suck. They probably have 20-30 spyware and adware programs installed and probably more than a handful of resident virii. And they don't even know! Most people will just read the news and wish they understood it, or wish they knew someone who could help them deal with it. Ultimately, all this news means is:

    A) Average Joe has to figure out all this on his own, find an alternative browser, learn how to install it, and learn how to use it.

    B) Average Joe has to hire someone to do this for him.

    C) Average Joe has to call every family member and or friend he knows who might be even the slightest bit more computer literate than he is in hopes of finding help.

    D) Average Joe moves on to the next news story about people dying in Iraq and resigns himself to yet another of the world's problems that he can do nothing about.

    E) Average Joe just cracks open a beer.

    But the stark reality of this Microsoft world is that people don't understand and are afraid of their computers. Many people don't even know what a browser is. They think Internet Explorer is the internet... etc.

    Anyways, I am hopeful that the recent CERT news and DoHS news will challenge people to make a change, but I've seen too many catastrophic flaws discovered in Windows to be hopeful. It seems each time people just resign themselves to inferior software.

    What if the whole world drove Ford Pintos and no one realized they suck? A thousand auto mechanics would be shouting, "Pintos suck and are dangerous" and no one would listen. Because Pintos would be crammed down the throat of every car buyer and would be just about the only car on most people's block. People just don't understand cars, and don't realize that they don't have to suck. What an odd world that would be.

  • by genner (694963) on Friday July 02, 2004 @12:18PM (#9592808)
    Use opera. It's the fast browser with the unmarketable name.
  • by cK-Gunslinger (443452) on Friday July 02, 2004 @12:19PM (#9592819) Journal

    So? MS software (like most) comes with no guarantee of saftey or security. Can we also have Class Action suits against Sendmail or Apache or any of the other linux software that could have be vulnerable to attacks?

  • by newt (3978) on Friday July 02, 2004 @12:20PM (#9592830) Homepage
    Wow. Think how much worse this'd be for Microsoft if IE was a core part of the operating system!

    - mark
  • by at_kernel_99 (659988) on Friday July 02, 2004 @12:20PM (#9592843) Homepage
    Then it will be interesting to see if Mozilla has the same inherent weaknesses as IE, won't it? For years MS has used the excuse that they're the largest installed base, thus the target for most virii, etc. I say lets see if thats true.
  • by Anonymous Coward on Friday July 02, 2004 @12:21PM (#9592856)
    I do have a comment.

    As an IT Manager myself, I can definitely say that *OUR* life is easier if the endusers get a basic suite of tools, on Linux, which WILL enable them to do their job.

    I've done extensive testing using Linux and OpenOffice, and I can say that for 95% of our users, it will do the trick.

    However:

    Move an icon, rearrange a menu, and you have unhappiness with users. We're not talking about slight unhappiness. We're talking about a significant amount. And all it takes is for 3 or 4 users (my company size is about 300 in my location) to complain to the right management about things not working right, and *WHAM* - IT is blamed.

    Senior staff listen to basic arguments, and that's about it. Arguments about security, while valid and sane, are not going to sway them - after all, "why did we spend all that money on firewalls?". You and I know that there's no rationale for that - but ease of use is what they want.

    As far as telling endusers to stop using the basic tools - that's garbage, IMO. It's lazy administration, and bordering on irresponsible. The correct thing to do is to tell them about the dangers, show them how to turn off a few obvious things (preview pane, etc) and then tell them about other tools that will do pretty much the same thing without the risk. Users tune out when people make sweeping statements about "microsoft" in general, and you can easily scare users away by changing the tools they know about.

    I can do basic stuff on my car (air filter, spark plugs, etc). Rearrange my engine to where the plugs are in the back of the compartment instead, and make me change them on the side of a busy highway, and I'll be swearing, too. For many users (especially lower-skilled ones in an office environment), it's like that. They're under pressure to get stuff done, and it's not IT's job to mess with that - except in dire circumstances. We're there to enable and provide basic guidance, not oversee and rule.
  • by finkployd (12902) on Friday July 02, 2004 @12:22PM (#9592866) Homepage
    The difference of course is that Sendmail and Apache fix security vulnerabilities in a reasonable amount of time (usually days, if not hours)

    Furthermore, there are generally also configuration changes you can make in the mean time to these products to nullify the vulnerabiltiy. There is nothing you can do with IE except disable ActiveX and set the security level to high which (1) makes IE somewhat unusable and (2) STILL doesn't completly protect you.

    Finkployd
  • Re:Great News (Score:3, Insightful)

    by Xabraxas (654195) on Friday July 02, 2004 @12:23PM (#9592882)
    This is a big problem for free software. I don't have to pay. I am willing to pay for software if there is a price, but if the price is zero but please donate..sorry, I'll pay zero. It is an unfortuante business model for the free software providers, I honestly don't know how any of them stay in business.

    Not many companies are in the business of selling open source software, Mozilla included. Mozilla isn't even a company for that matter. The companies that do offer open source software often don't ask for donations, but charge for support instead.

  • by Anonymous Coward on Friday July 02, 2004 @12:26PM (#9592911)
    I have always been of the opinion that someone somewhere would go to court to sue M$ for providing such blatantly bad software for all of the billions in lost revenue over the years due to virii and worms.

    Now that the Dept of Homeland "Security" has given out a warning about IE, perhaps it is time.
  • by BeerMilkshake (699747) on Friday July 02, 2004 @12:26PM (#9592920)
    You mu$t phra$e your propo$al$ in term$ that management under$tand$ ... Seriously, though, you need to obtain quantifiable evidence that proves the organization will save money, and how much. Anybody who knows what you are doing will resist you, so watch out...
  • by Skavookie (3659) on Friday July 02, 2004 @12:27PM (#9592923)
    Once Mozilla gains sufficiently market shares, we will see exploits for that browser more and more often. And yes - there will be exploits. IE is not compromised so often just because it's poorly written, but because it's so popular that hordes of script kiddies are trying out every possible hack. [emphasis mine]

    No, it's not just because IE is poorly written, although that is a big factor. There are several fundamental differences between IE and Moz that make IE more vulnerable (well, there's more than just these , but these are the important ones):

    First of all, when an exploit is discovered in Moz we can fix it right away. When an exploit is discovered in IE we're told not to click on any hyperlinks for the next few months.

    Second, Mozilla will never truly take over the market while IE is bundled with 'doze and 'doze rules the desktop. Too many people will simply use what's already there.

    Finally, a substantial portion of those looking for exploits will continue to look for them in IE for the two reasons given above and because Microsoft is somewhat dispised and, I'm guessing, attacking Microsoft is more "prestigious" among crackers than attacking Mozilla. "Oh, you found a vulnerability in Mozilla. Add it to the bug tracker." vs "Wow! Another vulnerability in IE! Dude! u r l33t!"
  • by MrWim (760798) on Friday July 02, 2004 @12:28PM (#9592939)
    no one is expecting nor wants mozilla/firefox to dominate the browser market like IE does, diversity is good for any system when infection is considered, such as in the animal kingdom. Also there being no mega-browser means much more standards compliance, which in turn means more diversity where the respective browsers can be compared on an equal footing, instead of "oh, this browser's broken because web page x doesn't display properly". i.e diversity breeds diversity which is good.
  • by tchuladdiass (174342) on Friday July 02, 2004 @12:28PM (#9592940) Homepage
    You could always set up a proxy server and put in rules to block these exploits. Just scan each page for the malicious active-x controls, and drop them in the bitbucket.
  • by finkployd (12902) on Friday July 02, 2004 @12:28PM (#9592952) Homepage
    You know, everyone says that but I never have problems. I've been using Mozilla (and then FireFox) for ages and I constantly do online banking (psecu), access my (admittedly too many) credit cards (mbna, discover, amex, etc) via web sites, get all my news online, buy stuff online, etc. The only time I ever had a serious problem using a website that was designed for IE and didn't work in Mozilla was AT&T's Blackberry webmail client. Seriously, that is THE ONLY ONE.

    I think this whole "IE is required for banks, online stores, etc". is a big FUDdy myth. Start pointing out sites that do not work with standards if there are so many and let's all encourage those sites to fix their broken stuff.

    Finkployd
  • by arieswind (789699) * on Friday July 02, 2004 @12:29PM (#9592968) Homepage
    Microsoft clearly wants everyone to bow to their every wish and command, and surely will do everything in its power to make it happen. What else is new? really.. this is the way of Microsoft, if you havent noticed. They are probably aready readying their platoon of lawyers to go to war and try to "get rid of" or "eliminate the threat of" Mozilla.
  • by chainsaw1 (89967) on Friday July 02, 2004 @12:35PM (#9593024)
    It would be equally interesting if the US decided to class action the GOP for allowing MS to continue bundling IE in the OS when it
    a) knew of the problems at hand
    b) had already proven this was a monopolistic practice because of lack of choice
    c) Balked at the chance to remedy the situation after b) was proven true in court, thus forcing numerous citizens to be exposed to risk without their choice or consent

    "Willful neglect"?

    (FTR: I do not generally approve of a sue-happy society)
  • by flossie (135232) on Friday July 02, 2004 @12:35PM (#9593027) Homepage
    I think what we will see is more "Looks best in FireFox 0.x" disclaimers at the bottom of sites, which is a very good thing for all of us.

    I use Firefox and I *don't* want to see "Optimized for Firefox" or similar appearing on the web.

    I want web designers to follow the W3C standards. I want to be able to browse in Lynx as well. I want the blind to be able to access web content. It is for that reason that I don't want Firefox to take 90% of the browser market. If 4 or 5 browsers have roughly equal share, there will be much more incentive for web designers to do their job properly. </rant>

  • by Penguinshit (591885) on Friday July 02, 2004 @12:35PM (#9593035) Homepage Journal

    I believe the poster was referring to a company knowing about a severe defect in a product and simply failing to address the issue for a ridiculously extended period of time. It's especially dreadful when the same general problem keeps recurring. For major OS products, when a problem is revealed it is quickly fixed, and the problem *stays* fixed. You simply can NOT say this about Microsoft's products.

    So yeah, we have a pattern of extreme negligence on the part of Microsoft. But I guess it can't be helped because they have no incentive to fix it (thank you USDOJ).
  • by gosand (234100) on Friday July 02, 2004 @12:36PM (#9593036)
    Translation: After all those horses get out of the way, we'll have your barn door fixed in a jiffy.

    More like "we'll build you a new barn. Promise."

  • The PR Spin Cycle (Score:5, Insightful)

    by Izago909 (637084) <tauisgod@gmail.cIIIom minus threevowels> on Friday July 02, 2004 @12:36PM (#9593043)
    Gary Schare, director of the Windows Client Division at Microsoft, said that CERT's advice had been misrepresented in much of the press coverage.
    So the press misquoted CERT? I've read the text and almost everything I've seen is a quote, albeit summarized occasionally.
    I think it's absolute comedy that when MS plays hardball, it's just business as usual, but when things swing the other way they can't stop complaining how they aren't getting a fair shake.

    Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice," Schare said.
    Translation: We are currently researching ways to extort CERT into issuing a new statement saying our browser is the most secure as long as you don't use the default settings we chose for you. Fact: IE is the most secure browser when completely blocked by a firewall.
  • by Bull999999 (652264) on Friday July 02, 2004 @12:37PM (#9593047) Journal
    I don't think that average Joe user would know how to set up a proxy server or disable ActiveX.
  • by DrEldarion (114072) on Friday July 02, 2004 @12:41PM (#9593096)
    Yeah... it's not going to change much.

    How many users actually know what Internet Explorer is?
    How many of those users will hear about this message?
    How many of those users will know where to get an alternative browser?
    How many of those users will be motivated enough to actually want to switch browsers?
    How many of those users will be competent enough to download and install a new browser?
    How many of those users will be competent enough to handle any problems that come up instead of just saying "this sucks" and switch back to IE?

    I recently switched to FireFox because of this horrible security hole, and even though I'd consider myself a very advanced user, I had a couple problems getting things running smoothly. It would randomly lock up and crash on me - turns out that importing old IE settings is what caused it. Oh, and you want to reinstall it to get rid of your problems? Have fun hunting down that user profile directory that you don't know exists and doesn't automatically remove itself on uninstall. Configuring the UI is a huge pain in the ass.

    Ironically, it doesn't display Slashdot right sometimes, either.
  • by shaitand (626655) * on Friday July 02, 2004 @12:41PM (#9593097) Journal
    More than anything the difference in terms of lawsuits is push and pull. Microsoft pushes their browser out, consumers have no choice in the matter.

    Sendmail and Apache however are pull, they are available freely but you must go out and get them yourself.

    For most software it's a question of cost. In terms of free software Microsoft is the only company in a position to "push", they push using their monopoly onto oem installs. Since nobody else has that monopoly, there is nobody else who produces and distributes free (as in beer) software who should be held liable for glitches in said software.
  • by HighOrbit (631451) on Friday July 02, 2004 @12:44PM (#9593129)
    Is IE targeted because it is widespread? Perhaps. But that does not mean Mozilla is just as insecure.

    It's not just that IE is widespread, but its a design issue. If the usage numbers were inverted, IE would still have more exploits because it has some extremely poor design concepts behind it. First, it is directly hooked into the OS. If an exploit executes on the browser, then it is a very short leap for it to execute on the OS. Second, IE has a promiscuous plug-in model that allows nasty malware to execute without enough checks or controls.

    What drug was the IE design team engineers taking when they decided to to let (or at least failed to prevent) untrusted program execution? The drug is named "Market-share". They were trying to turn on as many features as possible to capture every possible market. Microsoft made an early design decision to tout features over correctness. It is a fatal defect that now is probably nearly impossible to correct.

    Now that MS is re-starting IE development, they should probably do what the Mozilla team was forced to do years ago. When Mozilla first inherited NS-Navigator 4.X, they looked at it and decided to ditch most of it. They started clean with new design concepts. I think MS is going have to do the same thing. The current design of IE is fattaly flawed. It will have to be rebuilt from the ground up with a new security model.
  • by Bibo (111206) on Friday July 02, 2004 @12:44PM (#9593133)
    It is bad PR for Microsoft and we are all exited about people now starting to install Firefox and Opera. But what in the world makes us believe Microsoft will just sit and watch?

    Sooner or later MS will provide some kind of fix for the security holes. Then there will be a version of IE coming which has tabbed browsing and all the other niceties in Firefox and Opera. That new IE will enter the desktop conveniently through Windows Update. That day people will be happy that IE is safe and they will go back to using it. Just because they are used to it and they do not need to bother finding and installing some other strange program.

    Today Firefox and Opera are attractive because they offer better features and improved security over IE. What makes us believe it will always be like that? And are features and security good enough to battle the desktop monopoly?

  • by finkployd (12902) on Friday July 02, 2004 @12:45PM (#9593151) Homepage
    I would venture to guess that the majority of users who (1) know to do this and (2) know how to do this are probably not using IE anyway.

    Finkployd
  • by aaandre (526056) on Friday July 02, 2004 @12:46PM (#9593163)
    A dramatic increase in the userbase will also make the mozilla/firefox platform more attractive for exploit seekers/writers. Such increased level of "real-world testing" will benefit the quality of the browser in a very positive way if handled properly by the developers.
  • by ajs (35943) <<moc.sja> <ta> <sja>> on Friday July 02, 2004 @12:47PM (#9593167) Homepage Journal
    This is the wrong way to to. MS should lose market share for being insecure, that's certainly true, but the #1 reason that we suffer so much from MS' operating systems is the homogeneity of the OS market, and while they've fought as hard to stay on top as any other corporation would have, I'm not willing to say that it's their fault that everyone has been saying "screw security, I need Word" for 10 years.

    We knew better, but we got burned. Now is the time to take responsibility for our actions and switch to non-MS products.
  • by idiotnot (302133) <sean@757.org> on Friday July 02, 2004 @12:47PM (#9593173) Homepage Journal
    Yes and Yes.

    THIS SOFTWARE IS PROVIDED "AS-IS" WITHOUT ANY WARRANTIES....

    Class action lawsuits are bullshit anyway. Only the attorneys and the class-leader(s) get any significant money. Everybody else gets twenty bucks after they fill out a mountain of paperwork. I'm glad I live in a state with no class action status.
  • Govt. sites (Score:4, Insightful)

    by sumdumgai (92866) on Friday July 02, 2004 @12:48PM (#9593191) Homepage
    So when is the Govt. going to fix all of their web sites to work with Mozilla? Currently there are a great number of sites that only work with IE and some businesses rely on those sites.
  • by Aslan72 (647654) <`psjuvin' `at' `ilstu.edu'> on Friday July 02, 2004 @12:48PM (#9593193)
    "The Microsoft browser, the government warned, cannot protect against vulnerabilities in its Internet Information Services (IIS) 5 server programs, "
    I don't want to stem the tide of MS bashing, but does this sentence make sense to anyone? To me it doesn't and it implies that the browser is linked to IIS 5.0.

    Beyond that fact that you're either dumb or stuck if you're running IIS 5.0 these days, does it make sense to link IE w/ IIS 5.0?

    --pete

  • by finkployd (12902) on Friday July 02, 2004 @12:49PM (#9593203) Homepage
    You misunderstand. I am referring to the difference between making a mistake, but then making an effort to fix it, and making a mistake, and then blaming everyone but youself. All the while not fixing it.

    I'm wondering at what point it becomes criminal negligance.

    Finkployd
  • Re:switch (Score:3, Insightful)

    by Mr. Sketch (111112) * <mister.sketch@gmaiQUOTEl.com minus punct> on Friday July 02, 2004 @12:49PM (#9593209)
    Have you used Firefox?

    No, but the parent was expecting people to report bugs and I was just saying that probably wouldn't happen since if the user encountered the bug, they wouldn't report it anyways.
  • by JoseBar (696602) on Friday July 02, 2004 @12:49PM (#9593212)

    I was hoping to find the links to the CERT and Homeland Security where this information was posted. I assume those would be available online somewhere. The links I see here are all in news sites that actually don't point to the source.

    Anyone cares to post the links?
  • Because one of the biggest hurdles of getting people to change software is the interface. Most end users say to hell with functionality, if they can't recognize how it looks.
  • by bev_tech_rob (313485) on Friday July 02, 2004 @12:51PM (#9593239)
    'Microsoft certainly respects the work CERT does to help protect the Internet and users. Regarding the consideration that users switch browsers, it is unfortunate that the published articles have misrepresented CERT's suggestions, and we are working with CERT to clarify their advice,' Schare said. In other words, M$ is saying CERT should retract the statement or else. Bet there already have been some nasty letters sent their way on law office letterhead...
  • by Alan (347) <.arcterex. .at. .ufies.org.> on Friday July 02, 2004 @01:05PM (#9593416) Homepage
    Also, if you see the bug in sendmail you can (in theory) find the bug and recompile, or download a patch from someone else who has done the same.

    With IE you have no option but to depend on Microsoft for patches and updates.
  • by Syberghost (10557) <syberghost@@@syberghost...com> on Friday July 02, 2004 @01:05PM (#9593426) Homepage
    I didn't listen to them when they asked me to duct tape and plastic wrap my house,

    Which they didn't do.

    I didn't listen to them when they raised the alert level 5 different times,

    Which they didn't expect you to do, unless you're a first responder or official of a state or municipal government.

    I didn't listen to them when they told me to trust them

    Yet you're trusting that this isn't part of a master plan to get us all to expose ourselves to some back door they've worked into the Mozilla code base?
  • Re:Great News (Score:2, Insightful)

    by mindfucker (778407) on Friday July 02, 2004 @01:08PM (#9593456)
    I donated $100 to the Mozilla Foundation not because I like their browser (I like epiphany better), but because I see them as an organization which has -- through the rather arbitrary and random nature of the history of the Internet -- been given the responsibility of guarding and furthering the integrity of the Internet (something I'm definitely willing to contribute to), rather than as just another producer of a Web Browser.
  • Here's one (Score:4, Insightful)

    by zogger (617870) on Friday July 02, 2004 @01:11PM (#9593499) Homepage Journal
    "money" , and the reality that most people use IE because of illegal monopolistic actions that resulted in MSOS being the defacto install on their computers, so they use what came with the package, which includes IE, and they are encouraged to go onto the internet without adequate instructions, or without adequate protections, both of which are well known to MS and the various vendors who sold them their computers.

    When you have the vast bulk of PCs the last decade and a half being shipped with MSOS, they had a responsibility to make sure they weren't violating anti trust laws, which they failed to do, and got convicted of it.

    The consumer was long ago denied any reasonable* expectation of free market choice, when the vendors themselves conspired with MS to ONLY include MSOS to such an extent. It's intent, and to my way of seeing it, is an example of RICO action and should have resulted in MS and several large vendors getting charged with criminal violations, not just civil violations, and several billionaires going to jail over it.

    Even though IE is a free download, it is easily observed that most people did not have some other OS OR of their free will go "download IE", it came as a bundled app with their monopoly enforced distribution of MSOS, and the product is seriously flawed. Seriously. The EULA should be challeged, and we need to get a determination of when and how any product may be profited from, but still avoid an implied warranty for suitability for purpose. If they get granted a patent and a copyright, they have certain responsbilites when they trade it in some fashion for money. When you receive something for free, it's a different story. That's the major difference there. And if that again causes a shift in free/open source, how it's distributed, it would be worth it to force closed source/propietary and for-profit sodftware to get classed as a product that is sold, and have normal consumer protections. The tradeoffs are worth it, IMO.

    * please note, I said reasonable as opposed to technical. Technically yes, they had a choice, reasonably, no, there was little choice, and still not much. Walk into any big computer store, what is the default install on the boxes there? Are any of them safe to go on the net "as is", how they are sold? No, they are not. The EULA basically is an example of a vast huge case of consumer fraud, IMO. People assume their brand new computers will work, and part of their entire computer package they purchase with real money is the software that comes with it. They would sell little if any new computers bundlked with MSOS if they were merely labled truthfully, as in "you will probably get infected with virus, malware, trojans, backdoors, etc within one hour of being on the internet with the default install and configuration if you click accept on the EULA provided for the bundled microsoft software". If that sticker was on the outside of the boxes, the stores wouldn't seel hardly any of them. How many computers and copies of MSOS would they sell then, if they were merely required to tell the truth, even keeping the current EULAs in place, exactly how they are written now?

    I personally *do not care* if the entire software industry top to bottom, left to right, inside to outside has to change licensing,thinking, what they do or how they do it, enough's ENOUGH on claiming a 60 year old industry that has raked in untold hundreds of billions of dollars or more isn't mature and sophisticated enough to offer products that can be covered by minimum consumer implied warranties. Time to take the training wheels off, and get rid of the EULA get out of any responsibility "license". If it slows down releases and causes huge shifts in PHB and investors thinkings and stock holders profits, I could care less, and I bet millions more consumers feel the same exact way. Software will still be written and sold or given away, just of much better quality. Releases will be slower, but they will be much better quality. Pressure will shift from get i
  • In Other News... (Score:3, Insightful)

    by BeBoxer (14448) on Friday July 02, 2004 @01:13PM (#9593518)
    Mozilla and others work to make their browsers just as insecure as IE:

    Browser Plug-in Standard [slashdot.org]

    I'm sorry, but "rich" web content basically equates to "insecure" from what I can tell. The more dynamic and powerful you make downloaded code, the harder it is to keep it in check.

    Save the "rich" content for some separate application-oriented protocol and leave it out of HTML. That way I can download and run some sort of OS-independent application (the goal) from a trusted site when I need to, and don't have to worry about Joe-random web site abusing it. Surfing the web and running some site-specific application are two distinct tasks with quite different security requirements. I wish folks would stop mixing them, as the problems caused are only going to get worse IMHO.
  • by kimgh (600604) on Friday July 02, 2004 @01:22PM (#9593600)
    Sorry, this analogy doesn't work. If a window is unlocked, it's easy to see that is so and how to lock it.

    Going a little deeper, it's all about risk/benefit. People know the risks of having a window, and feel it's worth it to have the benefits of a window.

    You simply cannot say that about the Windoze/IE flaws. Most people have little understanding (even now) of the risks of using insecure software and little or no understanding of how to mitigate the risks. The benefits are obvious, but the risks are still an unknown to most users.

    IANAL, but I'm willing to believe that a class action suit against MS could be mounted and might even prevail, based on the negligence of the company.

  • by ggambett (611421) on Friday July 02, 2004 @01:25PM (#9593632) Homepage
    This may be the beginning of the end... if people massively switch to Firefox (which is open source, not from MS, and damn good), the perception about FOSS will certainly change... people will realize MS is not the only choice.

    The next step could be a Windows desktop, but with Firefox, Thunderbird, OpenOffice, and all free/open software with Linux counterparts... once they get used to all that software, the final switch to Linux is seamless.
  • Capitolism (Score:5, Insightful)

    by mosb1000 (710161) <mosb1000@mac.com> on Friday July 02, 2004 @01:25PM (#9593640)
    "Global Class Action Lawsuit against Microsoft"

    This is what people don't understand about capitalism. If you don't like the product, you don't have to sue, just stop using the damn product.

    I really hate this attitude, "the man keeps us down, so lets sue." It makes absolutely no sense at all. Corporation uses child labour to make affordable products, sue them. Heaven forbid you should accept responsibility for it and stop buying their low-quality products. MSFT sells software for too much money, sue them, don't simply use something else. It's no wonder we have so much unnecessary litigation in this country.
  • by Anonymous Coward on Friday July 02, 2004 @01:28PM (#9593663)
    um the window was designed with GLASS. something that is insecure by nature.

    are you saying MS designed the software with knowlignly insecure material?

    not to mention the software industry scales in a much different fashion than physical products. fix once, its good forever. where as using stroner glass has a price point per window.

    software, it costs the same to fix regardless of sales, sell 1 copy, or a billion.

    glass usually doesnt shatter just by blowing at it. which is precisley how MS windows is.
  • by BCW2 (168187) on Friday July 02, 2004 @01:33PM (#9593730) Journal
    I must admit it's going to be funny to hear them justify all the claims that M$ bought off the Bush Admistration after this. Actually they will probably sulk quietly until they come up with a new rant.

    You can only hide poorly written software for so long. Then it screws up bad enough that you look stupid.
  • by .com b4 .storm (581701) on Friday July 02, 2004 @01:33PM (#9593735)

    The problem with that analogy is that the very nature of a window is inherently insecure in various ways. If you can make it 100% (or 99%) secure, it's probably not a window anymore. But there's no such attribute of an operating system and its applications - it is not a given that software is reasonably expected to be insecure, especially a many $$$ operating system. And when there are security flaws that can be fixed and they are left unfixed, that is a heckuva lot more worthy of a lawsuit than windows not made out of "1/4-inch steel".

  • by walt-sjc (145127) on Friday July 02, 2004 @01:36PM (#9593766)
    Maybe this is a good time for all those to start badgering "IE Only" web sites (especially financial institutions) to wise up and support other browsers due to the security issues. I'm lucky my bank has already "seen the light" and started supporting any standards compliant browser.

    For a while, I have had to have my browser lie to web sites about what it is on too many sites. For the most part, this is no longer needed.
  • by love2hateMS (588764) on Friday July 02, 2004 @01:39PM (#9593822)
    The #1 reason for security holes in MS products is NOT the homogeneity of the OS market. It is clearly a failure of Microsoft to take security seriously from the start. They programmed an OS that did everything for the stupid user so the stupid user wouldn't have to think. They ignored all the standards and specs to throw in their own proprietary garbage.

    It amazes me that no one has pointed out the obvious:

    With their TREMENDOUS market share, Microsoft has a moral (and probably legal) obligation to secure their software and they have failed to do this for years. Entire industries depend on MS software. There is no excuse. Failure to do this is simply immoral and unethical, but we have come to expect this behavior from MS.

    Frankly a class-action lawsuit is long-overdue.
  • by cyberformer (257332) on Friday July 02, 2004 @01:39PM (#9593827)
    You need multiple layers of defence: give everyone Firefox, but use a proxy server in case someone decides to use IE anyway. (Some sites still need it, and it's impossible to remove fully.)

    If it's just a single Windows PC, update to XP SP2. Although it's still technically a beta, it's been fairly well tested by now (RC2), and the risks of running it are probably less than those of running an unpatched Windows system.
  • Re:Capitolism (Score:5, Insightful)

    by ebh (116526) <ebh-slashdot@hST ... .org minus berry> on Friday July 02, 2004 @01:41PM (#9593843) Journal
    "Capitolism": The tendency to put golden domes on buildings.

    Seriously, avoiding certain purchases only goes so far. If action isn't taken to proactively stop clothing manufacturers from using sweatshop child labor, then they'll keep doind so, forcing everyone else to do the same thing or get priced out of the market. When it's all made that way, what do you do then, build a loom and start farming sheep and cotton?
  • by Grishnakh (216268) on Friday July 02, 2004 @01:46PM (#9593903)
    This is pretty stupid. For one thing, most burglers don't break in through windows. They look for unlocked windows and doors, or try to pick a door lock. Smashing a window is fairly dangerous; a shard of glass can seriously wound or even kill you, plus it makes a lot of noise that alerts neighbors.

    Secondly, windows are required by building codes, in order to provide an emergency exit in case of fire (and also to provide sunlight). It might be possible to use bulletproof glass instead, but the cost would be astronomical, and the benefits negligible, so people use standard glass instead.

    Back to computers, Windows is the other way; it costs a lot more than its OSS competitors which are much more secure, and it's insecure by design. There's no good reason for Windows to be insecure (this is a product of shoddy design), and other OSes have demonstrated that it's not that hard to make a secure system that's still usable (Linux, MacOS X).

    So basically, this is just a troll.
  • by Kludge (13653) on Friday July 02, 2004 @01:54PM (#9593980)
    It would randomly lock up and crash on me

    Firefox is still test software. Use Mozilla 1.7. It's rock solid.
  • by stevesliva (648202) on Friday July 02, 2004 @01:56PM (#9594005) Journal
    Let's see.. 10 years ago I was thinking how cool it was that I could have a windowing system of any kind on a cheap generic computer. What were the alternatives to Win3.1 on DOS for my 486? By the time OS/2 came out, it was too late. Windows owned the market. Why bother with OS/2 then?

    I mean, really. In 1994, I was not thinking, "Oh geez, these worms and trojans and virii sure are a pain unique to Windows--maybe I could switch to some UNIX-like OS on my Intel computer." I was thinking, "How can I get the web working with my 14.4 modem?" and "Wow, CD-ROM drives sure are cool."

  • Re:Capitolism (Score:3, Insightful)

    by mosb1000 (710161) <mosb1000@mac.com> on Friday July 02, 2004 @02:04PM (#9594075)
    No, avoiding certain purchases really does go that far, or do you think companies will keep making cheep clothes despite the fact no one buys them? That sounds like pretty bad business to me.

    The only reason everyone uses cheap labour is because price is all most purchasers care about. If shoppers would even think about child labour, they would stop buying these clothes. The problem isn't that evil corporations are forcing people to buy these clothes, it's that thoughtless people are so apathetic they don't care. The people that do care would rather just sit around and complain about it than educate the public and make good purchasing decisions. You would not believe how many friends I have who complain about how Wal-Mart does all these horrible things, but then buy just about everything from those same stores.
  • by 99bottles (257169) on Friday July 02, 2004 @02:06PM (#9594104)
    <tinfoilhat>
    This must by how John Kerry raised over $3 million on Wed. They're obviously using stolen credit card numbers harvested with the help of I.E.
    <\tinfoilhat>
    http://www.nytimes.com/2004/07/02/politics/campaig n/02donate.html?ei=5006&en=5c451b599da13f1d&ex=108 9432000&partner=ALTAVISTA1&pagewanted=print&positi on=

  • by Phragmen-Lindelof (246056) on Friday July 02, 2004 @02:10PM (#9594128)
    "the #1 reason that we suffer so much from MS' operating systems is the homogeneity of the OS market"
    If this were true, then Apache should have many more security problems. The fact is that MS OSs are poorly written with respect to security. I do agree with your last comment; when 50% (or fewer) computers run some version of Windows and the remaining computers run other OSs (linux, *BSD, OSX, BeOS, OS 2, "UNIX", etc.), then web page browser support and security problems will be less important (but still very important) issues.
  • Re:Yeah Right (Score:2, Insightful)

    by doorbot.com (184378) on Friday July 02, 2004 @02:10PM (#9594131) Journal
    Once the alternative web browsers are identified, they will have to be tested to make sure that they are secure and compatible they are.

    If this is the criteria used, how was IE ever selected in the first place?

    Granted, this is operating on the assumption that the browser should have the highest level of security and compatibility.
  • by 1010011010 (53039) on Friday July 02, 2004 @02:11PM (#9594151) Homepage

    How about the majority of folks who are not using Windowx XP? Can they install "IE SP2"?

  • by digime (681824) on Friday July 02, 2004 @02:21PM (#9594245)

    Besides not being exploitable by this bug:

    [The ActiveX Plugin] is configured to only work with the Windows Media Player control.

    You should read the description of the ActiveX Plugin. Having said that, the developer is assumably trying to get all ActiveX to work with Mozilla eventually. I think this should be taken out of the plugins list before Joe Sixpack finds it. The developer can release it on his own if he likes. But making it even possible for Mozilla to be as insecure as IE is not a good idea IMHO.
  • Big question (Score:3, Insightful)

    by LWATCDR (28044) on Friday July 02, 2004 @02:24PM (#9594292) Homepage Journal
    Will the US Goverment require the removal or disabiling of IE on all of it's computers for security reasons?
    If Microsoft continues to claim that they can not remove IE from Windows will the US goverment start removing Windows from there computers and replace it with Mac OS/X and or Linux?
    Since they Include IIs in this what does it mean server 2003 and Longhorn?

    Remember people that write websites that only work in IE are terrorists.
  • Re:Capitolism (Score:4, Insightful)

    by GSloop (165220) <networkguru AT sloop DOT net> on Friday July 02, 2004 @02:27PM (#9594313) Homepage
    Oh those Ford Pinto's that exlpode in flames when rear-ended? Don't sue, just don't buy the things...

    No, lawsuits are a reasonable way to redress injury caused by faulty product design.

    The economic pressure by fewer sales is one too, but especially in monopoly markets, legal instruments may be the only effective way to curtail abuses in a reasonable amount of time.

    If you produce crap defective product, expect lower sales AND lawsuits. Both reduce the profit of the company and can be used a lever to induce better behavior. Both are legitimate tools.

    Cheers,
    Greg
  • by spitzak (4019) on Friday July 02, 2004 @02:32PM (#9594360) Homepage
    Though Apache is demonstratably better than IIS, and there is plenty of proof that anything database, filesystem or network related is far better in Linux than in Windows, I am uncertain about desktop software.

    My impression is that the stuff being forced onto the Linux desktop is as huge of a bloated and hacked mess as anything coming out of Redmond, and that only the variety and minor market share of any of them is preventing exploits as bad or worse than anything in IE. Though I doubt anything on Linux is as bad as Outlook, but neither is anything else from Redmond that bad.
  • by jokewallpaper (449100) <steve@kremer.com> on Friday July 02, 2004 @02:46PM (#9594489) Homepage

    I remember a TV commercial...maybe you remember it too....Big conference has come to a halt because of the computer running the PowerPoint presentation has frozen. The audience is yelling out suggestions..."Try restarting, Try Control-Alt-Delete, etc." There is a pause...then someone yells out..."You should've bought a Mac."

    After 11 years of Windows 3+, Win 95, Win 98 and Windows 2000...I got tired of the crashes and then the viruses and spyware. I got a PowerBook. I now do my online banking with Mac OS X and Safari.

    Be safer online...buy a Mac.

  • THIS IS CRAZY (Score:2, Insightful)

    by superpulpsicle (533373) on Friday July 02, 2004 @02:52PM (#9594536)
    One comment from the defense folks is doing more damage to IE than netscape did in 10 years.

  • by berzerke (319205) on Friday July 02, 2004 @02:55PM (#9594566) Homepage

    ...Entire industries depend on MS software. There is no excuse. Failure to do this is simply immoral and unethical, but we have come to expect this behavior from MS.

    Remember, M$ is a corporation. Corporations have but one gole: profit. Morals come into play only when they affect profit. As M$ has a virtual desktop monopoly (for the moment), they have no need of morals.

    Now if high level executives start doing hard time for the crimes the corporation(s) they run commit, morals will have a much greater influence.

  • by cK-Gunslinger (443452) on Friday July 02, 2004 @03:13PM (#9594718) Journal

    My windows aren't easy. I can't just stand in my house and determine whether my windows are locked or not. Ihave to walk ove to them. I have to look at the lock. Then I have to actually try to lift the damn window, since the locks are internal and I can't ever remember if "lever to the left" means locked or unlocked. Do I have grounds for a lawsuit if I can't tell if my house is secure?

    You seriously better hope a class action lawsuit *never* comes up for this. That would seriously turn the entire software industry on it's head. Where would it stop?

    If I'm playing a competitive game of UT2k4 and the mouse driver cuts out, can I sue Logitech for loss of potential profits?

    If I'm writing my thesis and the power cuts out, can I sue the Utilities Company for my lost tuition?

    If I'm using a statistical package and, due to some bug, I determine that shooting myself in the face with a loaded shotgun has a -0.314159 probability of death, can my mourning relatives sue the company?

    At what point does the software manufacturer get to say "Hey, we did our part. The rest is up to you."

    It's a very slippery slope.
  • by cK-Gunslinger (443452) on Friday July 02, 2004 @03:25PM (#9594841) Journal
    um the window was designed with GLASS. something that is insecure by nature.

    Umm.. IE was designed to connect to millions of anonymous computers on the internet, something that is insecure by nature.

    not to mention the software industry scales in a much different fashion than physical products. fix once, its good forever. where as using stroner glass has a price point per window.

    So, you can secure your home windows with some extra $$ and effort, but you can *never* secure your home PC? Ever? Not even by spending hundreds of dollars on AV packages, Firewalls, Routers, etc? That's odd.. in my 12 years of PC usage, I've had *one* security breach (that Windows RPC/Blaster thing last year.) How much does this fortress of security cost me? Well, I spend about $50 every couple of years on a decent router. That's it. Combine that with some freeware AV and frequent software updates and I feel pretty safe.

    Am I still vulnerable? Most definitely. Do I feel that any single software vendor can be held directly liable for any attack on me that causes me a loss? Nope.

    glass usually doesnt shatter just by blowing at it. which is precisley how MS windows is.

    Odd.. I can get some of my more nefarious cohorts to try and '0wnz0r my box,' but they all admit defeat after a few hours. Oh, they all agree it can be done, given enough time, but it's not exactly as if I have left the keys in the front door, no matter what you, Mr. Anonymous Coward Security Expert, claim.
  • by emil (695) on Friday July 02, 2004 @03:33PM (#9594903) Homepage

    ...because they are a monopoly (in regard to the IE bugs and the DHS advisory).

    They will be sued because they were willfully negligent in the maintenance a monopoly product, the sabotage of which inflicts material damage upon third parties in the range of hundreds of millions of dollars.

    Don't let your dislike of antitrust law cloud the real harm that this software has done. If Standard Oil had sold petroleum products that destroyed the engines of their customers during their monopoly breakup, would they still be liable for damages? Of course.

    p.s. IANAL.

  • by michaelggreer (612022) on Friday July 02, 2004 @03:49PM (#9595037)
    They are not "bullshit." The the only way for regular people to get justice from a huge company is to band together. You could rightly say that not enough money gets to the plantiffs, and perhaps we should pass laws limiting attorney's fees in class action cases, but there is no other reasonable mechanism, so you can't just write it off. Lawsuits are just too expensive for regular people, or even small companies, to pursue by themselves.
  • Re:Capitolism (Score:4, Insightful)

    by ArekRashan (527011) on Friday July 02, 2004 @03:57PM (#9595095) Journal
    You don't quite seem to understand capitalism, I'm afraid. It's not a system that responds to public opinion and the needs of the collective social good - it responds to supply, demand, efficiency, convenience, & price. When a person makes a purchase decision, there is a very complex multi-variable equation being solved, a reflex calculation of interfering and intersecting desires as opposed to the prices of the objects for sale.

    People will without fail attempt to make the choice they feel is most advantageous to themselves. Valuation is in the eye of the purchaser, and it is this that the purchaser's ethics and ideals of social good must affect in order to affect the outcome of any purchase.
    People who complain about Wal-Mart's behavior yet continue to purchase Wal-Mart's goods, for example, do not weigh the cost of the social ill they believe Wal-Mart creates heavily enough against the value of the goods to stop them from making the decision to buy Wal-Mart's product.

    This is exactly the same reason why consumers won't pay a price premium for the privilege of not fucking over struggling third-world coffee farmers. Bad shit that happens to other people isn't seen to be as important as bad shit that happens to one's self, even when the bad shit that happens to you is relatively trivial, such as having to spend that extra $3 for the guilt-free version.

    This is precisely why courts of civil and criminal law at the state and federal levels have authority over business activities - there are many sorts of behavior that will give a company a large competitive advantage that are collectively perceived as undesirable, but which will clearly be rewarded financially by a pure system of capitalism. Undesirable and socially harmful behavior can be proscribed and reprimanded by the courts, which is a socialist aspect of our American marketplace, like it or not. I think that overall it's more beneficial than harmful, but that's just my opinion.

    As regards the question of whether or not Microsoft's activities have been sufficiently harmful to consumers to merit the prosecution of a class-action lawsuit, I would suggest that it is certainly the right of American citizens to raise that question in a court of law if they feel that there is sufficient reason to do so, and that the social order we have wherein, where we would accept the decision of the court in this question, is working reasonably well in such an instance.
  • by XO (250276) <blade,eric&gmail,com> on Friday July 02, 2004 @03:58PM (#9595111) Homepage Journal
    Bloated and hacked desktops on Linux, how about..

    KDE.
    Gnome.

    Although the latest updates to GNOME that have landed in Debian-unstable and Debian-experimental have GREATLY improved the resource bloat, and I can now actually USE more than one application at a time within GNOME on a 128MB system without going into swapper hell.

  • by DynaSoar (714234) * on Friday July 02, 2004 @04:00PM (#9595139) Journal
    ...who advised everyone to use Microsoft products, despite the fact that one of their own organizations made a secure Linux available for free?

    Dear Homeland Security,
    Compare and contrast:
    (1) Your ass
    (2) A hole in the ground.
  • by Flamingcheeze (737589) on Friday July 02, 2004 @05:00PM (#9595678) Homepage Journal
    microsoft shall be cleansed of all the evil wealth it created and be forced to continue to work for free on open source projects

    Is /. populated by communists? The parent should be labeled "Insightful." Seriously, if the product is bad, let the market kill it. As soon as the wonderful and egalitarian Linux is actually usable, I'm there! In the meantime, I'm stuck with a kludgey P.O.S. OS, and continuously patching it.

    I use Mozilla for everything internet related and OOo for office tasks because I can actually use them! Call me a moron, but I really don't relish the thought of using an OS that can't do all the stuff I need it to do, specifically, Quicken, Photoshop, and 3D CAD (SolidWorks). I rely on those programs. Make Linux run them and I'll switch immediately. Until then, I suffer with MS crap, along with the rest of the world.

    But, please, spare me the Marxist bunk about some "ideal" Star Trek world in which everyone has a perfect job and never wants for anything. It ain't gonna happen.

  • IE is not free (Score:4, Insightful)

    by AxelBoldt (1490) on Friday July 02, 2004 @05:16PM (#9595805) Homepage
    You should be entitled to the full price of Internet Explorer. Oh wait.. they offer it for free.

    They don't. By their own testimony, IE is an integral part of their operating system. And indeed, several important operations in Windows are impossible to perform without IE installed. The operating system is not free, and neither are its integral parts.

  • by jotaeleemeese (303437) on Friday July 02, 2004 @05:59PM (#9596089) Homepage Journal
    I don't know where you USian guys get this rubish about companies have only one goal, the damned profit.

    You have been brainwashed and repeat your little mantra like the good Chinese workers used to parrot Mao's Red Book.

    Companies can be the expresion of an ideal, the realization of a dream or the intent to attack social problems. You have companies that have been set up to ensure fair trade of tea and coffee, other companies that operate in a cooperative basis in which the workers are owners and benefit.

    In Brazil a well known style of management (like some forward thinking USian companies like Google) support their employees to start their own businesses on their free time using company's resources that otherwise would not be utilized.

    Many companies have programs to vinculate them with their local communities (mine is one of them) helping with reading skills, IT skills on deprived schools, and promoting on their employees a culture of solidarity and social responsibility. Many of you don't know, but many corporations have strict guidelines about what is legal or moreal and what is not, and employess are lectured constantly (to the point of boredom) about legal and moral obligations.

    There are companies out there that compete trying to put innovative products on the market and not by the shameful "embracing and extending" touted by the greatest megalomaniac of the IT industry.

    The companies are what you want them to be, if they only pursue profit without regards for the consequences it is because greedy unscrupulous individuals have been made heroes by their peers, the media and unsuspected Red Book reciters.
  • to be fair (Score:2, Insightful)

    by zogger (617870) on Friday July 02, 2004 @06:55PM (#9596449) Homepage Journal
    people were really conned on this. advertising works, it's a multi billion dollar a year industry. Perople are NOT told it is difficult, or dangerous, to buy and use a computer. They are told it's easy, safe, fun, cheap, new and shiny and they will be losers if they don't jump in the pool with everyone else. When they go to the whitebox sho or back to best buy or whatever, they have never been told to load an alternativ OS, or even a browser, they are just charged for a patch of a fix or sold even more sioftware that alleges cures their computer ills. At work, where their bosses got faked out, they are confronted with the exact same thing. At the store, no choice practically speaking.

    Yada yada. Although I think some blame can be laid on the victims,for putting up with it and paying for it for yearsm most of it can go to the actual pepetrators of the scams and cons and on the black hats as well for taking cruel advantage of people because it's easy for them to both do so and to remain anonymous and commit sociopathic actions they normally wouldn't do in meatspace.
  • by DunbarTheInept (764) on Friday July 02, 2004 @07:27PM (#9596648) Homepage

    Quicken, Photoshop, and 3D CAD (SolidWorks). I rely on those programs. Make Linux run them and I'll switch immediately. Until then, I suffer with MS crap, along with the rest of the world.

    Your reaction makes perfect sense - use what OS you need to to run the apps you want - but your post also contains the incorrect implication that there's something that Linux could do to make those apps run on it. There isn't. It's entirely in the hands of the application writers, and market forces. That's not something linux itself can change. It's a social problem, not a technical one. The apps don't exist on linux because the companies that make them don't think the effort to port would bring them enough new customers. This has nothing do to with any deficiencies in the OS itself. None.
  • Re:Capitolism (Score:2, Insightful)

    by mosb1000 (710161) <mosb1000@mac.com> on Friday July 02, 2004 @07:29PM (#9596659)
    "which do you think is the quickest easiest way to get things done?"

    I think this is the exact problem I'm talking about. People want quick and easy, they don't care about right.

    Let me ask you. Which is the best way to get things done? Lets think about some other problems:

    Americans waste a lot of water watering unnecessary lawns.

    Americans waste millions of barrels of petroleum each day because they don't want to walk.

    Americans generate millions of tons of garbage each year that could be reused of recycled.

    Americans continue to support corporations which pollute the environment.

    Now, your solution solves one problem until corporations figure out a way around the silly law. My solution solves all these problems and many more permanently.

    Which do you think is better now?
  • by Svartalf (2997) on Friday July 02, 2004 @08:54PM (#9597077) Homepage
    Plug-ins are not something that automatically gets downloaded and installed on your machine. You have to knowingly download and then install them. This is for Windows or any other OS that the plug-in framework is residing on.

    On the other hand, IE provides "helpful" features like self-installing plug-ins (ActiveX) and a help framework that completely circumvents the security- all without ANY user intervention.

    In the proposed solution you offer, there is no difference with the plug-in model of things- you have to actually install something with your own intervention to be able to view "rich" content. The moment you do anything Internet centric, you change the security profile completely. Having one or more applications to do things doesn't change the amount of work, etc. like you seem to think it does. In fact, in some cases, you just made the work harder because now you've got to add more rules in your firewall and monitoring tools which could leave loopholes in your security. And it still doesn't stop idiots from running malware passed along via e-mail, etc.

    Your whole premise doesn't work.

When you don't know what to do, walk fast and look worried.

Working...