CERT recommends anything but IE - Page 3
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 33

Thread: CERT recommends anything but IE

  1. #21
    Senior Member
    Join Date
    May 2004
    Posts
    519
    /me just started using firefox and loves it.

    i like how you can open up new tabs instead of just opening more browsers

  2. #22
    Senior Member
    Join Date
    Jul 2003
    Posts
    217
    heard what everyone has to say and most have good points.

    IE being the default browser in your system and coming instaled already when you purchase a new system is the problem. If it didnt come with new systems people will have a choice and there would be more variety in the browser used by regular people(not talking about techs here).

    I know that you might say that they have a choice even now since they can always install and use another browser. But human nature is to use whatever is there already and since IE comes in every windows machine. most regular usrs are gonna use IE cos its too much work instaling and learning a new browser.

    And thats where the problem lies. cos these regular users are the ones that are least likely to have high spd internet access, update their OS, have a firewall or antivirus. They might have some but they might have not configured them properly or even know how to use them.

  3. #23
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    A lot of my friends and family use Opera as their default.

    The tabbed browsing, no popup-showers (just kill one app and all windows close) etc makes it a better browser for them..

    My parents have the paided version.. That's how much they like it.. And they aren't even close to tech-savy..
    Nor have their local tech support at hand ( I moved out over a year ago )
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #24
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295
    Originally posted here by Faqt
    Give credit where credit is due....they have been trying to find alternative means for dial-up users (for all users actually I suppose)
    http://www.microsoft.com/security/protect/cd/order.asp

    I ordered this security cd...free of charge (not even shipping and handling)....it's a wonderful thing.

    Ok, yes, it's a nice thing that you can order a CD for free, but here's my case:

    - I live in Switzerland, and run Windows in English
    - You can only get CDs in French or in German for Switzerland

    So if you are either Italian speaking or prefer English, you're screwed for the free CD.

    Oh well, maybe I'll order the French CD just so I can find out if it's any use to me.

    I will however say that this is progress for Microsoft.

    Cheers,

    BrainStop
    "To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

  5. #25
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    IE flaw may boost rival browsers

    A major security hole discovered in Microsoft's Internet Explorer last week has become a golden marketing opportunity for alternative browsers such as Mozilla and Opera that are unaffected by the flaw.
    To avoid falling prey to a concerted attack aiming to steal log-on information and passwords, some security experts advised Web surfers to either turn off some Internet Explorer (IE) features or switch to another browser as the best immediate fix. Unknown attackers who had taken control of several Web servers used the flaw last week to install a remote-access program, dubbed JS.Scob.Trojan, onto the PCs of visitors to those sites.

    "I hope that Microsoft will come up with a patch soon," said Johannes Ullrich, chief technology officer for the Internet Storm Center, a site that monitors network threats. "Until they do, you basically have two choices: Disable JavaScript in Internet Explorer or install another browser."

    Last week's broad attack has been blunted by Internet engineers that disconnected the Russian site that hosted the Scob Trojan horse program from the Web. However, the latest vulnerability could tilt security-conscious companies and home users in favor of adopting an alternative browser--and perhaps chip away at Microsoft's dominant share of the Web browser market.

    At least 130 Web sites were still attempting to infect visitors as of Sunday, according to Internet security firm Websense, which discovered that more than 200 of its customers attempted to download the Trojan horse from the malicious Russian site in the past week. None of the servers were top-rated Web sites, but they all ran Microsoft's Internet Information Service 5.0 Web software and Secure Sockets Layer, or SSL, encryption, the firm said.

    Non-Microsoft browsers, such as the Opera browser and the Mozilla and Firefox browsers made by the Mozilla Foundation, don't have many of the vulnerable technologies and tend to focus more on just providing Internet browsing features, keeping the project size smaller, said Hakon Wium Lie, chief technology officer of Opera Software, which makes the browser of the same name.

    "Our code base is small, compared to other browsers, and by actively addressing problems that arise, we end up with a highly secure browser," Lie said.

    Such a focus differs from Microsoft, which has chosen to tightly integrate IE into the operating system, in part to sidestep antitrust issues. A representative of the software giant was not available for comment.

    The suggestion to use other browsers also underscores some security researchers' arguments that software diversity can improve security.

    Borrowing a term from agriculture and the fight against pests, software developers and security experts have warned about the hazards of "monoculture." The term refers to the widespread farming of a single variety, making the entire crop vulnerable to a single pest. Historians pin such disasters as the Irish potato famine on monoculture.

    Mozilla acknowledged that much of the value of using its software, or that of Opera, stemmed from the hazards of monoculture rather than any inherent security superiority.

    Microsoft's browser currently dominates the Internet landscape, with more than 95 percent of Web surfers using the browser, according to WebSideStory, a Web analytics firm. Mozilla, on the other hand, makes up 3.5 percent, and Opera accounts for 0.5 percent of all users of the sites monitored by WebSideStory.

    "Since there is such a disproportionate use of IE on the Internet right now, it does make it a very high-profile target," said Chris Hofmann, the Mozilla Foundation's director of engineering. "That's what people who are writing exploits are targeting, because that's where they get the biggest bang for the buck."

    Hofmann called the war against software homogeneity one of the raisons d'etre of his group.

    "If we were in a world where there were less of a monoculture for browsers, it would make it harder to design exploits that would affect that much of the marketplace," Hofmann said. "That's one of the driving forces of the Mozilla Foundation--to provide choices so that someone can't come up with an exploit that affects nearly the whole population."

    IE a sitting duck?
    But Mozilla claims some inherent security advantages as well. Internet Explorer is a fat target for attackers, in large part because it supports powerful, propriety Microsoft technologies that are notoriously weak on security, like ActiveX.

    Security experts also noted that Web surfers using non-Microsoft operating systems, such as Linux or Apple Computer's Mac OS, were not affected by last week's attack.

    Among security groups advising a browser switch is the U.S. Computer Emergency Readiness Team (US-CERT), the official U.S. body responsible for defending against online threats. The group on Friday advised security administrators to consider moving to a non-Microsoft browser among six possible responses.

    "There are a number of significant vulnerabilities in technologies relating to" IE, the advisory stated. "It is possible to reduce exposure to these vulnerabilities by using a different Web browser, especially when browsing untrusted sites."

    The advisory noted that Internet Explorer has had a great many security problems in several of its key technologies, such as Active X scripting, its zone model for security and JavaScript. However, the group pointed out that turning off certain features in IE increases the security.

    "Using another Web browser is just one possibility," said Art Manion, Internet security analyst with the CERT Coordination Center, which administers US-CERT. "We don't recommend any product over another product. On the other hand, it is naive to say that that consideration should not play into your security model."

    CERT also noted that people who opt for non-IE browsers but who continue to run the Windows operating system are still at risk because of the degree to which the OS itself relies on IE functionality.

    Mozilla's Hofmann recommended that Windows users who want to ditch Internet Explorer increase their security level in Windows' Internet options to help thwart those kinds of attacks. While Windows comes by default with those options on "medium," Hofmann said that setting them to "high" would have offered sufficient protection against last week's exploit.

    He also encouraged Web developers to stop writing Web sites that rely on ActiveX. Game and photo-uploading sites are among the worst offenders, he said.

    "We encourage people not to use these proprietary technologies that we've seen security vulnerabilities associated with," Hofmann said. "ActiveX is one of the biggest areas where these exploits have occurred, and from these recent exploits, you can see that exposing users and making that technology available has some real danger. Sites need to rethink what they're doing to protect users."
    Source : http://zdnet.com.com/2100-1105_2-5250697.html
    -Simon \"SDK\"

  6. #26
    Junior Member
    Join Date
    Jun 2004
    Posts
    14
    Quit banging M$ for been a popular browser. If IE wasn't so popular of user friendly than there would be no virus. Have you ever heard a company making tons of money for writing BSD software. Hell most of the users in here probably never even seen BSD. No virus on it no news who the hells care about it. I would suggest people have some common sense in surfing the internet. You don't go buy a Jag from Joe Schmo around the corner. THen don't go to a web site that has virus. I have been running a M$ product for so long that my last virus was Word Marco 97 and I got that from school.

  7. #27
    Quit banging M$ for been a popular browser. If IE wasn't so popular of user friendly than there would be no virus.
    This is a popular myth not only amoung browsers but also Operating Systems. People believe that popularity == amount of exploitation But you have to remember that even if IE is more popular, thousands upon thousands of eyes look over Mozilla and other open source projects each and every day. This doesn't just mean that the source code is in danger because of how popular it is to the linux crowd, but also that even if IE is popular on a more roundabout percentage, the smarter and brighter people of the computer world are going to be in Linux and using Open Source web browsers (on a percentage basis) but yet their code still remains more secure overall than IE. The smarter people with the power to exploit the code, choose not too.

    So, it doesn't come down to popularity, or else Gnome and KDE would be riddled with holes. It comes down to how well a program is exploited. According to the way IE was coded, it is -very- easily exploited and thus why the attraction to continue exploiting it. Mozilla and Firefox, etc etc, have a history of being rock solid in terms of security and thus the less appeal to exploiting it (even though the source is secured by hand each day).


    I would suggest people have some common sense in surfing the internet. You don't go buy a Jag from Joe Schmo around the corner. THen don't go to a web site that has virus.
    Seriously now, you can't know 100% if a website will infect a user or not until it is too late. Sure, we can distinguish what may be a hazard and stray from, but in the end it's a huge margin of unpredictability. CNN, for example, got nailed with this recent IE bug on their servers and before they could stop it, it nailed a few hundred of their visitors. CNN, for tao's sake, not www.haxyermom.cracks. My point being, you can only preform guess work on what is safe and what is not. And while yes, you can do a great degree of self protection with common sense, as in the CNN case... sometimes it just isn't possible.

    Don't get me wrong, I'm not IE or MS bashing (everyone here should know this lol). Just clearing up a common rumor.

  8. #28
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    THen don't go to a web site that has virus.
    Did you even read the articles regarding the latest vulnerabilities/exploits?

    http://www.securityfocus.com/columnists/251

    IIS 5 servers are being cracked and the crackers are inserting code into the pages without the web masters knowledge. AFAIK it is not yet known how the servers are being exploited. How are users to know if the pages they visit day in and day out (and would normally trust) has been exploited?

    How can users protect themselves when there are no fixes to the IE vulnerabilities?
    The crackers are exploiting several unpatched vulnerabilities in both IIS and in IE.

    Even the feds are warning users NOT to use IE...
    http://enterprise-security-today.new...ry=winsecurity
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #29
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    MSN and AOL won't ever do the 'send our cds together' because of the issue they had a while back where MS wanted IE to be in the forefront of the browsers and AOL wanted their gateway to be the main program in any typical windows install. At least, that was a few years ago, who knows what happened since then.

    It'd be prudent though although you'd have to have a better way to present it because everyone I know, including me, throws everything from AOL away immediately. It doesn't even get the courtesy of being a coaster.

    As for IE being the most used and hence, the most vulnerabilities being found for it..my refute to that is as follows:

    Where is the responsibility being taken by MS for all vulnerabilities and exploits found due to bad programming, tons of issues caused by "too many fingers in the dike" routine, and never actually FIXING a problem, merely patching it with a workaround until a later time...?

    That's where I think most of the problems are. The ONLY way MS has a hope, prayer, or chance with IE as a browser on their OS is if they ditch 6.0 entirely and rewrite the entire thing. Or have 6 on standby while they write 7.0 from scratch, fixing everything they know as a problem from the start as well as implementing better security. Forget features, forget "ease of use" for just 10 minutes, and think about a browser that looks good, is efficient, does its job, is stable and secure...think about it. I'm sure users would get used to it if it looked similar to IE 6 but the backend was entirely new code with many more safeguards in place.

    IE being on fire right now in the security field is merely the chickens coming home to roost and they have no means to prevent the problems they inherently caused by decisions made years ago to sacrifice utility, security, and stability for convenience and a glitzy front-end.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  10. #30
    Junior Member
    Join Date
    Feb 2004
    Posts
    12
    about autoupdate
    i work reloading pcs for end users mostly and they go out with autoupdate on they come back with all the patches downloaded ready to install and tons of worms
    so autoupdate is not the problem the end users are not installing them is part of it.
    some dont know and most dont care untill ......

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides