Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Internet Explorer The Internet Security

'Lower Rights' IE 7.0 Coming 378

blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."
This discussion has been archived. No new comments can be posted.

'Lower Rights' IE 7.0 Coming

Comments Filter:
  • So basically ... (Score:4, Insightful)

    by DeVryGuy23 ( 869999 ) on Wednesday June 08, 2005 @08:25AM (#12756672)
    ...just some of the key features of Firefox and Safari?
    • Re:So basically ... (Score:4, Informative)

      by Dogers ( 446369 ) on Wednesday June 08, 2005 @08:28AM (#12756708)
      Without the CSS support.

      Marvellous!
    • by evilbessie ( 873633 ) on Wednesday June 08, 2005 @08:30AM (#12756728)
      Yes, that's is what they are doing but an interesting thing about the article
      "Nine months ago, we started hearing from partners like Dell that spyware was a major issue. Our own data from [Dr Watson] crash reports was telling us that 30 percent of all machines had some form of spyware. It reached a point where we had to do something."
      So yes they implement security but only when someone else points out that over 25% of all computers are infected with malware. Obviously this new Security concious microsoft takes some time to believe thaty they may be wrong... enjoy
    • by dioscaido ( 541037 ) on Wednesday June 08, 2005 @09:37AM (#12757419)
      ...just some of the key features of Firefox and Safari?

      What are you talking about? When you run Firefox under an Administrator account, it runs as an Administrator. In linux if you run Firefox as root, it runs as root. Neither provide any sort of explicit protection against this environment. Or am I missing something here? If you run your windows desktop account as a limited user (not an Administrator), then IE6/5/4 and all other browsers on the market today run as a least priviledged process.
      • by bluGill ( 862 )

        I have to disagree, firefox never runs as root because linux users almost without exception do not browse the best when they log in as root. Linux programs are designed you can get all features without being root. Windows programs are not.

        Thus in theory you are right. In practice though, Linux users are never logged in as root, while Windows users always are.

      • If you run it as root under Linux, you could use SELinux to limit what a process can do, what files it can see and change. You can control what is doable with files created by or downloaded from the browser.

        E.g. you could make it impossible to execute files downloaded by your browser if you did it as root (or any other user you want to limit).
        That means that in fact, the root user could be given less permissions when running their browser than an ordinary user running the same program.

        The SELinux security
      • by Cally ( 10873 )
        If you run your windows desktop account as a limited user (not an Administrator), then IE6/5/4 and all other browsers on the market today run as a least priviledged process.
        No. As a matter of fact, large chunks of IE *always* run as SYSTEM.
  • by bgarcia ( 33222 ) on Wednesday June 08, 2005 @08:25AM (#12756676) Homepage Journal
    IE 7.0 will add support for IDN (International Domain Names)
    Oh, goodie!

    I was wondering when IE would be able to support the Unicode URL spoofing attacks! [slashdot.org]

    • Firefox's solution was to turn off international domain names, while Opera's solution was to only allow IDNs on top level domains that have a responsible attitude towards granting domain names.

      So no .coms, nets or orgs.
      • Anyone heard if Firefox is going to implement a true solution? Turning it off is just not acceptable.

        The only thing that turning it off does, is remove chances of spoofing a URL that has not international characters at the cost of increasing the spoofing risk of those that genuinely use international characters in their domain name (and YES those are needed. Not everybody speaks, nor wishes to speak, English).

        The result of the current solution is that pages with genuine foreign characters show up as

      • "Firefox's solution was to turn off international domain names"

        This is incorrect. We turned them off while working on a long-term fix, which is basically the same thing as Opera's.
  • WHAT?? (Score:3, Informative)

    by to_kallon ( 778547 ) on Wednesday June 08, 2005 @08:26AM (#12756679)
    "We've re-architected it to defend against exploits," Mangione said

    architect IS NOT [m-w.com] a verb!!
    great laugh to start the day though.
  • by wyoung76 ( 764124 ) on Wednesday June 08, 2005 @08:26AM (#12756686)
    IMO, Microsoft has made the correct decision in announcing this change in IE. The main audience is the so-called "mom & pop" audience which haven't the faintest idea of how to do things, and just want things to work. They also tend to get hit with more problems which the typical /. crowd probably ends up having to fix.

    Microsoft may be a bit slow to get there, but they'll get there in the end.

    • by Mithrandir86 ( 884190 ) on Wednesday June 08, 2005 @08:34AM (#12756775) Journal
      Good to see that competition from Mozilla's Firefox is inspiring Microsoft to improve IE.

      Regardless of who wins in the battle of open-closed ideologies, the ultimate winner shall be the consumer. Which is exactly how it should be.

    • by Motherfucking Shit ( 636021 ) on Wednesday June 08, 2005 @08:37AM (#12756790) Journal
      From TFA,
      The enhancements will build on the Security Zones feature in current versions of IE that allows customers to prevent untrusted Web sites from invoking ActiveX controls.
      Sounds to me like ActiveX will still be enabled by default, they're just going to improve on the ability to block it on a per-domain basis instead of a per-zone basis. This isn't enough. IMO, ActiveX is the biggest (non-bug) avenue by which users become infected with all sorts of shit. It needs to be outright disabled out of the box if IE is going to get serious about security.

      The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.
      • We've all experienced Microsoft doing bad (patents) and doing good (giving millions to buy underprivileged families computers). While this situation isn't as extreme as either of those examples, I believe that Microsoft has a real chance to do good here by stepping up to the plate and simply eschewing ActiveX. Then all the websites that rely on it instead of better choices would be forced to get rid of it. Maybe Joe 6er's sites wouldn't work right away, but the big ActiveX offenders (Yahoo) would fix themse
      • Hopefully this is just marketing-speak for eliminating the "zone" system altogether.

        There's really two very different applications for IE -- the primary one is as an Internet Browser where it should simply be impossible to break out of the sandbox. The "Zones" tried to do this but were a massive technical failure. When you say "ActiveX is the problem", you really mean "Those stoopid broken Security Zones that let ActiveX rape the system are the problem".

        The secondary applicaiton is as a local library that
        • The ideal solution would be to just create two seperate binaries -- IE-Internet and IE-Local, and make damn sure that it's virtually impossible to break the sandbox in IE-Internet.
          Fuck that, fully separate Internet Explorer as a web browser and Explorer as a local computer browser, they should never have been merged in the first place. No sandbox, just two completely different programs that don't share any damn blasted thing they could *not share*, and not a single hook from the web browser to the innards of the computer.
          • Shoulda, woulda, coulda ... I agree.

            But you have to realize there's always going to be some "sharing". Look at Firefox -- XUL, Java Applets, Flash or custom plugins -- all of these have been used to "break out" of the browser and infect the local machine. You could gimp your browser, but the real answer is probably some better form of OS access controls.
          • by magickalhack ( 648733 ) on Wednesday June 08, 2005 @11:47AM (#12759126) Homepage
            By extension, you should have a separate computer that is connected to the internet with no hooks whatsoever to the computer you use to run your tax form preparation program, write your letters, balance your checkbook, etc. Oh, what's that? You want to e-file? You want to send e-mail? You want to bank online?

            Integration may be scary, but it isn't something you should intellectially shy away from. Convenience and security have always been at odds, and I don't see that changing any time soon. The balance beteween them isn't a zero-sum-game, however, and the solution, IMO, isn't to discard all notions of integrated solutions, even if they are less secure in the short term. We need to keep moving forward, not idolize some rose-colored past that never existed.
      • The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.

        I am not trolling here, but exactly which mainstream sites (which I assume you meant by "Joe SixPack") rely on ActiveX? In my personal experience, the vast majority of websites I have visited now work perfectly fine in Firefox and Safari. It seems a lot of sites of moved to the slightly-less-annoying Flash-based interfaces if they want to do some things.

        Porn si

        • microsoft.com relies on activex, especially the windowsupdate section, but also the genuine advantage section and others.

          Ewan
        • I am not trolling here, but exactly which mainstream sites (which I assume you meant by "Joe SixPack") rely on ActiveX?

          Assuming you use IE at all, go to Tools > Internet Options > Security, define a custom level for the Internet zone if you haven't already, and set all of the ActiveX settings to "prompt." You'd probably be surprised how many of the sites you visit on a day to day basis start throwing up dialogs asking whether or not it's okay to run this or that.

          I'm not saying that the sites don't

    • by matth ( 22742 ) on Wednesday June 08, 2005 @08:46AM (#12756877) Homepage
      My only thought is... in Server 2003 they do this (I think) by default and it's annoying as all get out... to the point of being unable to really browse the web without security boxes popping up all over the place. Isn't there a way to do it without being intrusive on the user? This is just going to force the user to increase the security level.
      • In my experience, users who decide to lower the security, overcompensate when doing so. Instead of setting the security to what they need it at, they set it to the "Bend over and rape me" setting.

        Microsoft: Stop writing buggy software with "accidental" hooks that let you install device drivers from a god-damn active X control! THEN you won't need crutches like "Security levels".

        I agree with the parent 100%: this won't be effective.
      • You shouldn't be browsing the web from your server anyway!

        yes, let's lower the security settings on my server so I can go read Yahoo! and check my email.

        The only "browsing" you should be doing from the server is to Windows Updates. And you can usually skip that, since most of the really important patches and service packs aren't even listed there.
      • and damned if they don't. It doesn't really matter one way or the other, because they're already in hell. And (as is true of humans), they are there because they chose to go there.

        See, Microsoft started by creating "features" (like ActiveX on the web) that are horrible security ideas. Now they are trying to fix things. But they can't make it really secure (remove the feature), because too many web sites depend on it. So they have to try to fix the security without removing the features, and are coming
    • for once I think this is a good move for microsoft. Programs should not run by default from IE directly from websites. Users should be restricted by default. If they know what they are doing then they can change that in the options. It is not fair to have a grandpa open a page and get bombarded with spyware. Thus if by default he is prevented to execute programs then he will have less problems. Until now I have just installed Firefox and told them to use that. I will probably also do so in the future, even
    • If this configuration is anything similar to the Windows 2003 "Enhanced Security" configuration of IE6, then the so called "mom & pop" users will be completely clueless on how to do anything.
    • Maybe Microsoft would be better by not announcing this before its released.
      Then execute a "silent" release (ala Google style) as beta. There are enough MS zealots that would download, try and report bugs and problems. Then when they reach an acceptably low level of bugs they can make a public announcement with all the fanfare.
      By making an announcement before the product is available, they take a bigger risk when the product doesn't live up to the hype.

      just my $0.02
    • Microsoft may be a bit slow to get there, but they'll get there in the end.

      I'm hoping you are talking about Chapter 11 here.
  • New Features? (Score:4, Insightful)

    by Jackdaw Rookery ( 696327 ) on Wednesday June 08, 2005 @08:26AM (#12756689) Homepage Journal
    So what will Microsoft be offering in IE7 that is new, and not just a take on Mozilla/Firefox/Opera?

    It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?

    Why would people move back to IE even after the release of IE7? I'm guessing they won't and this is for those that won't or can't move from IE.
    • That's easy! History has taught us:
      1/ MS will offer this as a 'critical' update.
      2/ Sheeple will install it
      3/ IE7 automagically becomes the new default browser
      4/ Profit!! (sorry I couldn't resist)
    • I think the problem at Microsoft is that they are trying to be all things to all people. Anti-Spyway, OS, Xbox, Browsers, applications, etc, etc. SUN tired this and got away from what they were good at...Solaris and Servers. MS needs to evaluate what they are really good at, and stick to that.
    • Re:New Features? (Score:5, Insightful)

      by Gorath99 ( 746654 ) on Wednesday June 08, 2005 @08:40AM (#12756828)
      So what will Microsoft be offering in IE7 that is new, and not just a take on Mozilla/Firefox/Opera?

      It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?


      To be fair, Firefox has taken many (most?) of its features from other browsers as well.

      Let MS copy what they want. If IE improves, so much the better. Firefox et al will have a reason to find new ways to improve and I'll have a better browser when I'm stuck on a Windows box at work/school/whatever.
    • Re:New Features? (Score:3, Informative)

      by alvinrod ( 889928 )
      It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?

      Microsoft has largely been playing catchup throughout its entire existance. Before there was ever Windows, there was Apple's OS. Before there was IE, Netscape was king of the browser world. Spam Blocking and Security? Been around for a long time before Microsoft built it in to their products. Almost everywhere you look, Microsoft is trying to make up lost ground. Almost any inovation in computing has been "borrowe

    • It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?

      You're assuming that they ever had the ability to innovate there.

      DOS was bought for them and given to them. Windows is because of Xerox PARC and because Jobs never believed Gates would decompile the Macs. IE was based on Mosaic and Netscape. The Office suite comes from any number of word processors, Lotus 1-2-3, and Harvard Graphics. SQL Server was based on Sybase (they had a joint venture for a while).

      They ha

    • has invention died over in Redmond?

      Not to troll, but has it ever lived? Try and list the things that have been "invented" in Redmond, and you'll find there are a lot less than you think.

  • by grasshoppa ( 657393 ) on Wednesday June 08, 2005 @08:27AM (#12756691) Homepage
    You can use msn! Or, maybe you'd prefer msn!

    Or, if those two options don't suit you, you can use MSN!
  • by the linux geek ( 799780 ) on Wednesday June 08, 2005 @08:27AM (#12756692)
    People will notice that all of MS's "New Features" have been in OSS for years.
  • Possible MS logic? (Score:5, Insightful)

    by B5_geek ( 638928 ) on Wednesday June 08, 2005 @08:28AM (#12756702)
    Hmm let me guess, this 'less-priviledged' IE "user" will be unable to install 3d party apps & addons (let's call them "plug-ins").

    Idiot #1: I want to install these smile-themes and weather app, but IE won't let me. It says that these "plug-ins" are unsafe and operate at a higher priviledge level. I don't know what that means BUT I WANT MY SMILES! ...... you guys know the rest of the story.
    • no no no (Score:5, Funny)

      by hsmith ( 818216 ) on Wednesday June 08, 2005 @08:33AM (#12756767)
      when you type in "google" Clippy pops up and asks you "It looks like you want to do a search, we will take you to a far superior search engine" and will redirect you
    • Yeah, they 'su root' and mess up their system.

      No wait, that was the wrong OS...

      But seriously, even l337 hackers do these "I know better" mistakes now and then.

      Nothing new, nothing specific to Microsoft.
  • by Dancin_Santa ( 265275 ) <DancinSanta@gmail.com> on Wednesday June 08, 2005 @08:28AM (#12756709) Journal
    I remember about 6 or 7 years ago when I was switching from Netscape 3 to IE 4 that there was a huge argument over whether Netscape 4 or IE 4 was the better product. The step up from versions 3 was significant.

    Lately, having switched to Firefox to avoid rampant security issues, I feel fairly comfortable with this browser. There are some things that I wish were better like better Googlebar and better plug-in handling, but am pretty happy with it.

    So with IE7, what's the draw? What features will it have that will encourage me to jump ship again? The feature list doesn't impress me as much as the jump from Netscape 3 to IE 4 did. And security is not an issue with Firefox, so that's not a good enough reason.

    I guess I'll just have to download the mandatory Critical Update and try out the browser for myself.
    • *What features will it have that will encourage me to jump ship again?*

      The feature where Windows Update complains that you haven't updated to it yet, over and over and over and over...
    • by Mr_Silver ( 213637 ) on Wednesday June 08, 2005 @08:39AM (#12756809)
      So with IE7, what's the draw? What features will it have that will encourage me to jump ship again? The feature list doesn't impress me as much as the jump from Netscape 3 to IE 4 did.

      I don't believe that Microsoft are intending IE 7 to draw people from Firefox, but rather encourage users not to consider switching. Remember, they still have 90%+ of the market share so getting back those 10% isn't going to be a priority. However keeping the 90% is.

      And security is not an issue with Firefox, so that's not a good enough reason.

      Funny, I've been seeing rather a lot of security related alerts regarding Firefox recently. Granted it's not as wideopen as IE - but saying that security isn't an issue is a tad off the mark.

    • by Kjella ( 173770 ) on Wednesday June 08, 2005 @08:44AM (#12756853) Homepage
      So with IE7, what's the draw? What features will it have that will encourage me to jump ship again?

      Nothing. In short, IE7 is there to 1) stop people from installing a 3rd party browser and 2) when you get a new machine with IE7 installed, be too lazy to install a 3rd party browser again.

      It is quite simple really, let Firefox/Opera do all the R&D and find out what the "must-haves" are and what is fluff, then tag along. Having a Windows monopoly is the ultimate way to "unconvert" people. If people had to actively choose to install IE over other browsers, things would be different. But for each time, you have to actively do something NOT to use IE. From there it is all about laziness.

      Kjella
      • > let Firefox/Opera do all the R&D and find out what the "must-haves"

        Interesting argument because it took Mozilla Firefox & Opera about 5 years to match the functionality of Internet Explorer 5.0. Things like CSS support and a solid DHTML implementation are "must-haves" and IE had them long before anyone else. (of course since then it's been surpassed).

        If MS starts taking the development of IE seriously, they could easily lap the competition again. Starting a standards-fight with a monopoly i
  • Interesting (Score:4, Interesting)

    by James_Duncan8181 ( 588316 ) on Wednesday June 08, 2005 @08:31AM (#12756734) Homepage
    So Microsoft are finally properly going at a least-rights solution, but on a per app basis? This is quite a concession, as it shows that the MS campaign to have people not run as admin is not really working at all in the real world. There are still far, far too many shops who are used to coding for 9x to make multiuser practical, even among coders who should know better (I'm looking at you EA/Medal of Honor!).

    The other way that this will be fun is watching all of the *really* bad ISVs who assume that IE is a complete solution for their apps and will of course be able to alter the system config when they use it as a component.

    And you thought SP2 broke things? *laughs evily*

  • That's right folks, set right up and try the new IE 7.0. It's got everything our competition has already had for the last year or more.

    This is the problem with Microsoft. They're capable of making a good product when they want to, but they throw their weight around and make it the only product on the market. After this, what incentive do they have to continue to make their product better or keep it up to date? IE hadn't changed forever and didn't look like it ever would until people started using Firefo

  • Slow ears (Score:5, Funny)

    by KiloByte ( 825081 ) on Wednesday June 08, 2005 @08:31AM (#12756742)
    From TFA: "Nine months ago, we started hearing from partners like Dell that spyware was a major issue."

    Hmm, let's see. (5 years-9 months) times the speed of sound... this means that Dell's headquarters are 46 million kilometers from Redmond.
  • Prolonged?! (Score:4, Insightful)

    by LegendOfLink ( 574790 ) on Wednesday June 08, 2005 @08:32AM (#12756752) Homepage
    Too little, too late, perhaps? Why has it taken Microsoft over 5 years (and counting) to release an upgraded version of IE? Oh well, I want to thank Microsoft, because the only browser I used on my WinXP boxes was IE...then FireFox came out.

    Yes, I admit it, I used to be an IE user...but now, I will never go back. For once when you see the great bird that showers fire and thunder at the masses, then you know that the forces of Mammon will never succeed at world domination.

    about:mozilla
    • but now, I will never go back

      Not that I'm in favor of supporting MS but saying that you will never go back to a particular vendor isn't exactly a reasonable statement to make. Always look for the appropriate tool for a job. Maybe you'll have a bias when evaluating the tools, but don't limit your research for an application.
  • IDN or IDNA (Score:3, Interesting)

    by Ded Bob ( 67043 ) on Wednesday June 08, 2005 @08:33AM (#12756762) Homepage
    After checking information on IDN [wikipedia.org], I noticed that there are two variations of international domain names. Anyone know whether Microsoft will actually be using IDN [wikipedia.org] or Internationalizing Domain Names in Applications (IDNA [wikipedia.org])?

    I apologize in advance for my anti-Slashdot action of reading a little before commenting. :)
  • by Lord Bitman ( 95493 ) on Wednesday June 08, 2005 @08:34AM (#12756772)
    If IE came pre-loaded with the most popular plugins (Flash, Quicktime), so that the majority of people would have no reason to ever turn off the reduced privledge mode, as opposed to turning it off several times soon after they have gotten their initial installation, it may work. If people are immediately conditioned that turning off reduced privledge mode is something that you need to do in order to get your browser to work right, then this will do nothing.

    Of course, simply never allowing write-access to anything but /cookies-and-bookmarks on a kernel-level might help too
  • MSN , of course as in the ,
    "and seamless search that will include choices of search providers"
    And while 80 % of internet users have NO idea whatsoever how to change their settings, so it will stay as such forever.
  • by rlp ( 11898 )
    Hope they do IDN right, otherwise it will make phishing and spoofing easier.
    • is money grabbing registries.

      until those who run the major domain registries can come up with sensible rules for IDN (which imo means no international stuff in .com/.org/.net and only stuff appropriate to the language in question in the cctlds) then IDN is just going to be a paradise for troublemakers

      of course the regsitries don't care because all they care about is selling as many domains as possible which the current don't care policy promotes.

      if i were running a dns server i'd be very very inclined to
  • by buckhead_buddy ( 186384 ) on Wednesday June 08, 2005 @08:43AM (#12756844)
    Recently, Microsoft already lowered the rights of gays and lesbians by dropping support for a major state anti-discrimination bill. Based on that wildly popular success (with right wingers at least) we'll be dropping the rights for everyone in the next release of Internet Explorer; trust us, we know what's good for you. And for those anxious about what the future holds, worry no more; coming with Longhorn, we'll offer new digital rights management features. Just remember, all your rights are belong to us.
    • Didn't they recant and support that bill in the end?

      And how does MS's opinion on any bill "lower the rights of gays and lesbians"?

      If you'd spent any time on the MS Redmond campus you'd know it's one of the most gay-friendly work environments on the planet.
  • You know damn well the default start page is going
    to default to msn search and nobody is going to change it. If google was going be a leader and remain a leader it should have as I said all along been pushing firefox like a mad man. Instead they are about to learn the same lesson Netscape did the hard way. If the market share of the users have a msn search start page and I am a advertiser where am I going to spend my dollars.

    I love google, it is going to be sad to see them go.
  • Ok... (Score:3, Interesting)

    by http101 ( 522275 ) on Wednesday June 08, 2005 @08:46AM (#12756873) Homepage
    Who the hell titles these articles? Lower rights and Lower permissions mean completely different things...

    If MS is adding support for IDN, I'm really going to stick with Mozilla. Does anyone remember the IDN spoofing exploit from Firefox on February 7, 2005? http://secunia.com/multiple_browsers_idn_spoofing_ test/ [secunia.com]

    Let's hope MS caps this hole before it happens. Unfortunately, MS has a reputation for adding bugs along with new features.
  • While LH will default to setting up accounts as limited users and not administrator, for those who run as Administrator, most applications will run as lower priviledged processes anyway, unless the priviledges are explicitly elevated by the user.
  • So are they going to run IE as a different user like we run Apache (as user apache). I don't think Firefox does that.
  • It looks like they're talking about the Enhanced Security Mode like IE 6 has in Win2003 servers. That thing sucks pretty bad, and no desktop user would ever keep it turned on.

    If they're thinking of running IE as a less-priv user, then that's closer to the mark. When people are tricked, an exploit is used, or they outright say, "install this, yes I agree to have you screw with me," then you better hope that app doesn't have rights to HKLM\Software\Microsoft\Run and C:\WINDOWS\SYSTEM32.

    Of course if IE7 doe

    • The article is light on technical details, but it does sound like the Enhanced Security mode of WS2003. Running IE as a seperate user with less privileges is better, but that wouldn't work in a multi-user environment. Every user would have the same access to a shared profile for storing bookmarks, saved forms and the like. There is a more elegant solution: restricted tokens [microsoft.com].

      Restricted tokens are a feature available in Windows 2000 and later that allows any user to create a new process with less privileges
  • I can picture the yellow tooltip now.

    Internet Explorer blocked access to the following potentially unsafe websites: The Internet.
  • That "Lower Rights" IE should go really well with the lower rights Longhorn will enforce. *rimshot*

    Thank you! I'm here all week.
  • A story about Microsoft removing rights that isn't designed to screw over the consumers.... odd week indeed
  • 30%, Try 80% (Score:5, Informative)

    by blazerw11 ( 68928 ) <blazerw AT bigfoot DOT com> on Wednesday June 08, 2005 @09:22AM (#12757240) Homepage
    Here are just a few references pointing out the real percentage of computers infected with spyware:
    80% [pcworld.com]
    8 out of 10 [com.com]
    88% [tomshardware.com]
    Or, just search [google.com] it.
    So, 5 years to admit to the problem as it was 3-ish years ago.
  • Damn! It's a big problem and it would be a 1. godsend for scum to catch legitimate domains and 2. lots of unnececary expenses. For example many russian characters look like english, but they aren't. So there are many words that could be spelled both in cyrillic and english, and now suppose you see an url printed in paper journal "http://www.poca.ru" -- what's that? "Dew" in russian and I have to type this in cyrillic or just an abbreviation and should be typed with english letters? As result sites with wel
  • by mindaktiviti ( 630001 ) on Wednesday June 08, 2005 @09:35AM (#12757402)
    When I installed Debian for the first time, it really urged me to have a regular user account, and to only use super user for things that require it, but otherwise I would just log in regularly. In Windows when you install it, you're an administrator automatically. How about they ship Windows with lower rights as well? I'm not being a troll or anything, but damn it - they need to do this for the greater good (i.e. internet).
  • by aduzik ( 705453 ) on Wednesday June 08, 2005 @09:41AM (#12757459) Homepage

    Remember how Microsoft said that Internet Explorer is a fundamental part of the operating system and cannot be removed? Well, this is what happens when you integrate the most security-vulnerable software on any OS (the browser) directly with the OS, then have everyone run as a full-privilege account by default.

    See, what makes it so bad is that IE has such deep hooks into the OS that cracking into IE is effectively the same as getting a root shell. Now we've seen that Microsoft's insistence on forcing a web browser into the OS at any cost is having detrimental effects on security.

    There are, of course, security exploits for lots of other browsers, but since IE has such tight integration with the rest of the OS, the stakes are much higher. Breaking into IE is to breaking into Firefox as breaking into a house is to breaking into a tool shed.

  • by RichM ( 754883 ) on Wednesday June 08, 2005 @12:54PM (#12759848) Homepage
    "...and seamless search that will include choices of search providers."

    MSN.com
    MSN.co.uk
    MSN.co.fr
    MSN.co.de
    MSN.co.kr
    MSN.co.ie
    MSN.co.jp
    and so on...

You do not have mail.

Working...