| View previous topic :: View next topic |
| Author |
Message |
John Doe
Server Admin
Joined: 12 Aug 2001
Location: Edmonton, AB
Posts: 4979
|
 Posted: Wed Jun 23, 2004 1:52 pm Post subject: Its time to Dump Internet Explorer |
 |
|
I doubt many of you know but IE is the root of so many problems that people have with their PCs. The security holes in it have caused grief for countless numbers of people that never protect themselves while online. Even those that are careful, maintain updates, security patches, run a firewall and antivirus software are still getting nailed by browser hijackers, spyware and all sorts of other crap that malicious sites try to install when you visit them.
Here is a link to an article that was just released by the people at Security Focus. Read it if you have a moment and then seriously consider dumping IE for your day to day activities and only use it when required. Your PC will thank you 
http://www.securityfocus.com/columnists/249
| Quote: |
Time to Dump Internet Explorer
It's time to tell our users, our clients, our associates, our families, and our friends to abandon Internet Explorer.
By Scott Granneman Jun 17 2004 07:54AM PT
One of my many weaknesses is a fondness for stupid jokes. Here's one that I like:
Why do ducks have webbed feet?
To put out forest fires.
Why do elephants have flat feet?
To put out burning ducks.
Not very sophisticated, I know, but it makes me smile every time I read it. Here's another classic, one that relates directly to many Internet users:
A man goes in to see a doctor. "Doc, whenever I lift my left arm, I get a shooting pain in my shoulder. What should I do?" The doctor replied, "Stop lifting your left arm."
I think many of us are in the position of that man, and today I'd like to act as your physician. Except that I'm not going to talk about left arms and pains in the shoulder; I'm going to talk about a piece of software that causes us pain in a different part of the body - Internet Explorer.
The latest version of IE is 6, and it has certainly accumulated an impressive record of holes: 153 since 18 April 2001, according to the SecurityFocus Vulnerabilities Archive. There have been some real doozies in there. For instance, last August, Microsoft issued a patch that fixed a hole that the company described this way: "It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it would be possible for the attacker to exploit this vulnerability without any other user action." Oh, is that all? Well, that's super - simply visit a Web page, and you're 0\/\/N3d, d00d!
"IE is a buggy, insecure, dangerous piece of software, and the source of many of the headaches that security pros have to endure..."
A little over a week ago, the SecurityFocus Vulnerability Database reported the "Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability," which "may permit cross-zone access, allowing an attacker to execute malicious script code in the context of the Local Zone." That was just one of the six reported so far this month - and we're only halfway through!
In fact, it's gotten so bad that now spyware creators (AKA, scumbags) are using flaws in IE to surreptitiously install the I-Lookup search bar (or one of several others) into the browser. Again, the user doesn't need to do anything - just visit a Web site or click on a URL in an email. The results? Your home page is changed, a bunch of new bookmarks show up in your Favorites, and popup windows for porn sites open constantly.
I could go on and on. Look, let's be honest with each other. We all know this is true: IE is a buggy, insecure, dangerous piece of software, and the source of many of the headaches that security pros have to endure (I'm not even going to go into its poor support for Web standards; let that be a rant for another day). Yes, I know Microsoft patches holes as they are found. Great. But far too many are found. And yes, I know that Microsoft has promised that it has changed its ways, and that it will now focus on "Trustworthy Computing." But I've heard too many of Microsoft's promises and seen the results too many times. You know, fool me once, shame on you; fool me twice, shame on me. Who's shamed when it's "fool me the 432nd time"? Who's the fool?
We're security pros, and we know the score. It's time. It's time to tell our users, our clients, our associates, our families, and our friends to abandon Internet Explorer.
A better browser: Firefox
On Monday, the Mozilla Foundation released its latest preview release of Mozilla Firefox, available for download and ready to run. As most of you probably already know, the Mozilla browser is great, but it's also a huge software project, encompassing a Web browser, an email program, an address book, a Web page editor, and much, much more. Mozilla Firefox is an effort to pull out the browsing component, resulting in a faster, more focused, and more innovative Web browser. And you know what? It's working.
I've been using Firefox for more than a year, and it's performed admirably. I've experienced a little bit of bugginess here and there - after all, it's just now getting to 0.9, with the full 1.0 release expected at the end of the summer - but on the whole it's been just fine, certainly good enough for full-time use. Its feature set is enviable: pop-up blocking, tabs, integrated search, an awesome level of customizability, and excellent support for Web standards. But it has really shone (as has the Mozilla Project as a whole, actually) in the area of privacy and security.
All software has bugs, and none is totally "secure". As has been said so many times, security is a process, not a product. So I'm quite aware that Firefox has had security issues, and will have more in the future as sure as the sun rises. But the record so far with Firefox has been positive. Security issues are not common, but when they are found, they are openly discussed and fixed quickly. This is very good, and security pros should appreciate such responsiveness.
In addition to a good track record in the past, Firefox and the Mozilla Foundation are taking a proactive approach to securing the Web browser in the future. The privacy and security settings available in Preferences are intelligent and effective, and the browser itself does not accept ActiveX controls, a key vulnerability in IE. Firefox uses XPI files to install themes, extensions, and other add-ons. Recently, new changes to the browser's handling of XPIs were introduced, including a three second countdown when installing XPIs, in order to give the user time to read the dialog box, and an optional XPI whitelist, which will allow XPI installations only from approved sites. Both are good ideas; in particular, the latter should be enabled by security pros on the machines they oversee, as it will greatly reduce the likelihood of miscreant installs (the link above implies Firefox is not implementing the XPI whitelist; Mozilla bug 240552 contravenes this).
As people who care about security - and who so often work with people who care nothing about security - it's our responsibility to spread the word about a better Web browser that does not constantly compromise the basic security of our computers and networks. Why is IE the most widely-used Web browser on the Net? It's not because of quality, and certainly not because it's better than the alternatives. In fact, IE hasn't really been improved in years, and other browsers now offer far more innovative features and capabilities. It's because Microsoft leveraged its monopoly to force IE down the throats of users. And in a case of kicking users while they're down, Microsoft has pledged to tie IE even closer to the Windows operating system, guaranteeing plenty of security problems in the future.
It's all about the marketing. Microsoft owns the desktop, so they can bundle IE with every copy of Windows. To combat that, security pros are going to have to engage in counter-marketing. Sit down with the computer users you oversee, and explain to them the security issues associated with IE, and the benefits of moving to Firefox. If you need help, a short piece entitled "Why You Should Switch to Firefox" may help. If you're feeling nervous about the not-yet-finished status of Firefox, just wait a bit longer, and then start evangelizing it, but be aware that lots of folks have been using it for quite some time, happily and successfully.
I already know one of the objections I'm going to get in emails from my readers: "My bank, fill-in-name-here, requires Internet Explorer to work!" Let me deal with that point now, in an effort to reduce the email I'll get. First of all, this problem is decreasing all the time. Several years ago, many more Web sites were written to work with IE only, but now, thanks to the efforts of the Mozilla Foundation, Opera, and Apple (who will actually contact the owners of sites and help them to get their sites to work with other browsers), coupled with the increasing awareness of Web standards among developers, the vast majority of Web sites work in all modern browsers.
Second, if your bank (or e-commerce site, or whatever site that matters to you) doesn't work with Firefox, email, call, and write them (all three can be an effective combination) and, in a polite tone, inform them that their site isn't working and ask them to fix it. If a site does work in Firefox, email, call, and write the owners and thank them. Positive feedback can do wonders.
Finally, if you have to use IE, you have to use IE. But use it only with the site(s) that require it. The people reading this are smart enough to use Firefox 98% of the time, and then switch to IE when necessary. But is your mom? Here's a suggestion for you to help Mom: install Firefox and tell her to use that when she want to "use the Internet." Rename the Internet Explorer icon to "First National Bank" or whatever it is that Mom uses, and change the home page to http://www.firstnationalbank.com. Then tell Mom that Firefox is for the Internet, but there's a new program that's just for her bank, and the icon is right on her desktop. When she gets done banking, close her "bank program" go back to Firefox. (Feel free to substitute "Sue in marketing" for "Mom" above if necessary)
I'm tired of vulnerabilities in Microsoft's Web browser that take over computers, install spyware and God knows what else, and ultimately cause us to spend hours cleaning up messes on the computers of clients, friends, and family. How much money, time, and energy have we all spent fixing the problems caused by IE? It's time for security pros - the folks that should know better - to start dumping IE and start promoting Firefox, a better Web browser. Enough is enough. How many times are we going to put out the fires that IE starts, only to get stomped on, again and again?
|
_________________
 |
|
| Back to top |
|
 |
Stevo
Ville Supporter
Joined: 08 Dec 2002
Location: Orange County Guild: TVR
Posts: 9514
|
|
| Back to top |
|
|
Kazebari
Official Mall Ninja
Joined: 28 Apr 2002
Posts: 935
|
| Posted: Wed Jun 23, 2004 3:19 pm Post subject: |
|
|
Opera is the answer.
No, wait.
OPERA IS THE FUTURE. |
|
| Back to top |
|
|
Clay Pigeon
Registered User
Joined: 29 May 2002
Location: Michigan
Posts: 1049
|
| Posted: Wed Jun 23, 2004 3:59 pm Post subject: |
|
|
| Mozilla 1.7 was released recently. It's more robust that foxfire. |
|
| Back to top |
|
|
Potato-VS-
Registered User
Joined: 16 Jul 2002
Location: Ontario Canada
Posts: 1562
|
| Posted: Wed Jun 23, 2004 5:02 pm Post subject: |
|
|
| Yea, IE is bad. I dled Mozilla and it seems to work well - but it runs slower then IE for some odd reason, perhaps my firewall is the cause... Either way, its fairly well done. |
|
| Back to top |
|
|
Simpleman
Server Admin
Joined: 30 Dec 2001
Location: Ceres,CA GUILD:<eVa>
Posts: 3138
|
| Posted: Wed Jun 23, 2004 5:08 pm Post subject: |
|
|
The only thing I have a problem with is I can't open enternalvillealiance.org site with it so I have to use IE to view are website  But other than that it is a little bit slower like tater said but O well we will see how it goes.
_________________
<eVa>Simpleman-V$=<RIP> |
|
| Back to top |
|
|
Stevo
Ville Supporter
Joined: 08 Dec 2002
Location: Orange County Guild: TVR
Posts: 9514
|
| Posted: Wed Jun 23, 2004 6:15 pm Post subject: |
|
|
| Simpleman wrote: | | The only thing I have a problem with is I can't open enternalvillealiance.org site with it so I have to use IE to view are website But other than that it is a little bit slower like tater said but O well we will see how it goes. |
That's because they are using txt files instead of htm or a web extension. I thought KRG was going to fix that.
_________________
The Official TVR Website
Fopp
Song of the Week |
|
| Back to top |
|
|
Chan
Registered User
Joined: 01 Nov 2001
Location: In a pool of cess
Posts: 2311
|
| Posted: Thu Jun 24, 2004 7:11 pm Post subject: |
|
|
I use avant browser... http://www.avantbrowser.com/
Check it out.. i think it's worth it.
_________________
 |
|
| Back to top |
|
|
Stevo
Ville Supporter
Joined: 08 Dec 2002
Location: Orange County Guild: TVR
Posts: 9514
|
|
| Back to top |
|
|
Gamepro65
Registered User
Joined: 02 Dec 2001
Posts: 710
|
| Posted: Thu Jun 24, 2004 8:09 pm Post subject: |
|
|
well, i do not know if this is just me. but after using firefox a few days. i noticed that when i leave the window minimized for long ammounts of time, it seems to lag really bad then i come back to the window. its a good program, nice pop up block, idk if i can deal with that lag tho....
_________________
 |
|
| Back to top |
|
|
Twisted29
Registered User
Joined: 12 Aug 2001
Location: Rochester, NY
Posts: 1321
|
| Posted: Fri Jul 02, 2004 8:21 pm Post subject: |
|
|
| I've used both Opera and Firefox. Both are excellent, but have a slight learning curve. Most of the time I still use IE, but thats only because im lazy..... |
|
| Back to top |
|
|
Mulder
Registered User
Joined: 31 Oct 2002
Location: South Louisiana, USA
Posts: 772
|
| Posted: Fri Jul 02, 2004 8:39 pm Post subject: |
|
|
Tried opera and diddnt really like it so now im running firefox but it doesn't like the eVa site
_________________
Rest in Peace Blue Ruler: May 18th, 2004
Last edited by Mulder on Fri Jul 02, 2004 10:18 pm; edited 1 time in total |
|
| Back to top |
|
|
Twisted29
Registered User
Joined: 12 Aug 2001
Location: Rochester, NY
Posts: 1321
|
| Posted: Fri Jul 02, 2004 8:41 pm Post subject: |
|
|
| Mulder wrote: | | Tried opera and diddnt really link it so now im running firefox but it doesn't like the eVa site |
Who does Mulder? |
|
| Back to top |
|
|
Mulder
Registered User
Joined: 31 Oct 2002
Location: South Louisiana, USA
Posts: 772
|
| Posted: Sat Jul 03, 2004 12:57 pm Post subject: |
|
|
tee hee hee
_________________
Rest in Peace Blue Ruler: May 18th, 2004 |
|
| Back to top |
|
|
DaKon
Ville Supporter
Joined: 19 Feb 2002
Posts: 2342
|
| Posted: Sat Jul 03, 2004 7:24 pm Post subject: |
|
|
The patch is out for IE as of friday to fix the latest attack option. So run windows update.
_________________
P4E @ 4.00 Ghz, LeadTech 6800GT 420mhz/1.16Ghz, 1 gb Corsair PC 4400, Creative X-fi, Raptor
 |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
