Proof that IE should just DIE

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
User avatar
RMcGirr83
Former Team Member
Posts: 21684
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Proof that IE should just DIE

Post by RMcGirr83 »

http://blogs.zdnet.com/security/?p=5250&tag=nl.e550
Hackers linked to China used a zero-day vulnerability in Microsoft’s Internet Explorer browser to compromise corporate systems at more than 30 U.S. companies, including Google, Adobe and Juniper Networks.

According to Microsoft, the vulnerability is still unpatched and can lead to remote code execution attacks if a target is lured to a booby-trapped Web site or views a malicious online advertisement.
Nice. :roll:

So I wonder what M$ is waiting for to submit an update. I know I have gotten any not that I use that POS browser anyway.
User avatar
3Di
Former Team Member
Posts: 16052
Joined: Mon Apr 04, 2005 11:09 pm
Location: Milano 🇮🇹 - Frankfurt 🇩🇪
Name: Marco
Contact:

Re: Proof that IE should just DIE

Post by 3Di »

There is a plenty of nubs over there. They spend a lot of moneys having nothing else than a M$virus, IMHO.
User avatar
Tom
Former Team Member
Posts: 2665
Joined: Tue Jun 20, 2006 2:12 am
Name: Tom Catullo
Contact:

Re: Proof that IE should just DIE

Post by Tom »

Just the latest in the endless saga of Internet Explorer's vulnerabilities. Microsoft should just accept the fact that they cannot create a web browser and give it up. In other news, I hear Netscape Navigator is making a comeback. ;)
Tom Catullo - Former Moderator Team Member
phpBB3 Smiley Pak Generator | Legend Repositioning MOD | My GitHub | My Site
User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Proof that IE should just DIE

Post by AdamR »

Actually, while IE7 and IE8 are vulnerable to this attack, in the overwhelming majority of cases it is not exploitable. Most of the time, it requires a IE6/WinXP machine. By default, Vista and 7 as well as IE7/IE8 will not be vulnerable by default due to two factors:
  • IE7 and IE8 use sandboxing which limits the extent of the attack
  • DEP is enabled by default on IE8, as well as at the OS level on Vista/7
While the vulnerability is valid, this isn't a widespread issue and is being blown way out of proportion. The average user does not have to worry about this. So basically, if you're running IE8 and haven't intentionally disabled security features, you're not in harms way. ;)

Source: http://www.microsoft.com/technet/securi ... 79352.mspx

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton
User avatar
RMcGirr83
Former Team Member
Posts: 21684
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Proof that IE should just DIE

Post by RMcGirr83 »

So basically, if you're running IE8 and haven't intentionally disabled security features, you're not in harms way
Uhmmm, those security features need to be disabled in order to use the language drop down within a mod install.xml file. At least that's what I was told lately.
User avatar
Anon
Former Team Member
Posts: 7019
Joined: Fri Jan 02, 2004 7:33 am
Location: Christchurch, New Zealand

Re: Proof that IE should just DIE

Post by Anon »

User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Proof that IE should just DIE

Post by AdamR »

RMcGirr83 wrote:Uhmmm, those security features need to be disabled in order to use the language drop down within a mod install.xml file. At least that's what I was told lately.
IE7/IE8 on Vista/7 does not require you to manually disable the script blocking due to Protected Mode.

IE7/IE8 on XP-SP3 does require you to manually allow the blocked content. IE7 is potentially exploitable, but IE8 is not due to DEP.

So again, if you're running IE8, you're safe unless you've messed with the security settings.

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton
JonnyFiveHundred
Registered User
Posts: 2
Joined: Mon Feb 05, 2007 5:52 pm
Location: Sheffield, UK
Contact:

Re: Proof that IE should just DIE

Post by JonnyFiveHundred »

Why bother with the hassle? Just use a different browser. I can't beleive anybody in the industry is still using IE for their regular browsing. It just isn't worth the risk.
User avatar
RMcGirr83
Former Team Member
Posts: 21684
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Microsoft readies emergency IE patch to counter public explo

Post by RMcGirr83 »

Microsoft has started dropping broad hints that an emergency patch for Internet Explorer will be released very soon to counter targeted attacks and the publication of exploit code for a “browse and you’re owned” vulnerability in its flagship Web browser.

The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend.
It has a "remove this browser" button? :)

http://blogs.zdnet.com/security/?p=5268&tag=nl.e539
User avatar
god0fgod
Registered User
Posts: 227
Joined: Wed May 30, 2007 5:25 pm
Contact:

Re: Proof that IE should just DIE

Post by god0fgod »

But Microsoft told BBC News that IE8 was the "most secure browser on the market" and people should upgrade.
I know it's subjective but most people would agree that that statement it completely outrageous. Since it's subjective you can't really call it a lie though.

If it was measurable such as the number of vulnerabilities then IE will outright lose.
User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Proof that IE should just DIE

Post by AdamR »

god0fgod wrote:If it was measurable such as the number of vulnerabilities then IE will outright lose.
It's measurable. Take note of the last two paragraphs. ;)

Number of vulnerabilities != level of insecurity. With what I've seen of IE8, the only reason I'm using a different browser is rendering speed.

- Adam
Last edited by AdamR on Tue Jan 19, 2010 9:18 pm, edited 1 time in total.
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton
User avatar
RMcGirr83
Former Team Member
Posts: 21684
Joined: Wed Jun 22, 2005 4:33 pm
Location: Your display
Name: Rich McGirr

Re: Proof that IE should just DIE

Post by RMcGirr83 »

With these NSS Labs reports, the company is trying to show that third-parties also find IE8 to be a solid competitor, but the fact that the software giant sponsored the reports blunts their impact (the way that one designs the test has a huge impact on the results).
User avatar
AdamR
Former Team Member
Posts: 9731
Joined: Tue Mar 02, 2004 5:40 pm
Location: Tampa, Florida
Name: Adam Reyher
Contact:

Re: Proof that IE should just DIE

Post by AdamR »

AdamR wrote:Take note of the last two paragraphs. ;)
I'm not arguing that IE8 will protect you against everything out there. Nor will I ever argue that for Firefox/Chrome/Opera/Lynx, but it is not as insecure as it's made out to be. Not by far.

It's like taking 2.0.x's security record and applying it to 3.0.x. While people have done it, they're silly, uninformed, and downright wrong for doing so.

- Adam
phpBB Support: Welcome | Userguide | Knowledge Base | Search
Honored supporter of the phpBB Group!
"If I have seen a little further it is by standing on the shoulders of Giants." - Isaac Newton
User avatar
Peetra
Registered User
Posts: 291
Joined: Mon Jun 04, 2007 1:41 pm
Location: Kokkola, Finland
Contact:

Re: Proof that IE should just DIE

Post by Peetra »

JonnyFiveHundred wrote:Why bother with the hassle? Just use a different browser.
It is handy to let your friends browse only with IE, they won't mess around with your stored bookmarks and pws. I do like my friends, so I let them use my daughters computer rather than IE. ;)
I am so hooked on bubbles, that I made a Bubble Witch Saga WP-site! Most addictive game since Tetris!
ToonArmy
Former Team Member
Posts: 4608
Joined: Sat Mar 06, 2004 5:29 pm
Location: Worcestershire, UK
Name: Chris Smith
Contact:

Re: Proof that IE should just DIE

Post by ToonArmy »

Well IE7 apparently doesn't opt into DEP protection so it's vulnerable. Not that I care, Microsoft don't make a browser for my platform. http://www.computerworld.com/s/article/ ... or_IE7_IE8
Chris SmithGitHub
Post Reply

Return to “General Discussion”