Friends don't let friends use Internet Explorer – advice from US, UK, EU Microsoft has warned of a new security flaw in all versions of its Internet Explorer web browser for Windows PCs. A patch has yet to be released for the crocked code. Vulnerability CVE-2014-1776, to give the problem its formal name, allows miscreants to hijack at-risk Windows computers. It's all due to “the way Internet …
"Who cares.... it's an IE bug. Just run FF or Chrome or whatever."
The reason why I'll be watching and giggling is _precisely_ that it's an IE bug. A very large fraction of those businesses which are still on XP are still there because they use IE6. They _can't_ change browsers, not even to another version of IE, as some/most/all of their web-based software will break on contact with anything except IE6. ActiveX idiocy, mostly.
(Yes, not only are they still on XP, they're on XP SP2, as SP3 installs IE7, which breaks their stuff. They've been out of support for a while now...)
Unfortunately, for the vast majority of the clueless Windows XP users, the big blue "E" IS "the Internet". Getting them to change browser is virtually impossible. I've even heard "IT professionals" describe Internet Exploder as "essential for compatability"...
This particular can of worms is just going to get worse and worse. XP "users" will continue to be abused and exploited - it's just easier now!
"They _can't_ change browsers, not even to another version of IE, as some/most/all of their web-based software will break on contact with anything except IE6. ActiveX idiocy, mostly."
Not just 6, but 7 and 8 as well.
And not just Active X, but a LOT of badly written Java as well. And I do mean a LOT.
Or as I like to stay, "Stuck in 6." Both IE and Java ver 6.
Now, as I was saying about XP...
Never mind, we can see the sarcasm, and the fact you didn't decide to post "anonymously" is a good indication you're above the anonymous trolls anyway.
(Yes, Heartbleed was damaging, but at least in itself, it wasn't a remote execution exploit, and all the Linux distributions have patched it. I don't think Microsoft are going to patch IE6 on Windows 2000 or XP…)
...to me.
Because IE hasn't been working AT ALL on Win 8.1 on my machine. Refuses to open. There are lots of complaints about it on the support forums too. Brilliant move M$ - update your OS and bork your browser.
Which is fine - it's crap anyway. The two websites that didn't work well without it - I found I could get along just fine without them.
...and oh by the way, I tried out the M$ "Enhanced Mitigation Experience Toolkit". It's REALLY GOOD - at SLOWING YOUR COMPUTER to a zombie-death-crawl.
Gives Norton a run for its money.
This is the future of computing - machines that spend 100% of their processing power on security algorithms and that do zero actual work. Correct that - this may actually be the current state of computing.
This is the future of computing - machines that spend 100% of their processing power on security algorithms and that do zero actual work. Correct that - this may actually be the current state of computing.
It most definitely is the current state of computing. I well remember Intel suggesting that the advantage of a second core (when the first dual-core CPUs came out) was that it could run the AV software while the first core did real work (since of course no software was multi-threaded back then)
There are still websites that demand a web browser with just a 10% market share?
Wow, that's true loyalty.
ZOMG. I didn't realize that all internet users went to w3schools.com.... /sarcasm. Puh-leeze. Browser stats/trends from that website are less than meaningless.
Wikipedia has a much larger audience and their stats are quite interesting. Is IE at the top? no, but everyone puts them firmly in the #2 spot. Be sure to read through how those various counters came by their numbers.
http://en.wikipedia.org/wiki/Usage_share_of_web_browsers
If you do want IE working (for whatever reason) try this - go to search 'internet options'. You get the default options that are available in IE but that you probably cannot access. Then go to the advanced tab, and hit the 'reset' button.
I had same issue, IE would just load but everything blank or disabled. This fixed it for me.
@cap'n - "If you do want IE working (for whatever reason) try this - go to search 'internet options'. You get the default options that are available in IE but that you probably cannot access. Then go to the advanced tab, and hit the 'reset' button."
Nope. Same thing - IE never starts up at all. I've read that it's some corrupted Win process, and I could use DISM.exe from the command line to fix it (MS's "Deployment Image Servicing and Management tool"). I just had to go through a variety of uses of DISM to get Win Update working again, not really looking forward to spending a couple more hours watching DISM spin away and finding the exact correct command line parameters that will get IE working. Especially for a browser I'll probably never use again.
Maybe in a couple weeks, next time I get seriously bored.
... to me either.
Why?
Because I stopped using IE from very the moment I had a choice, first with Opera and then Mozilla. This was around the time I instaled W98SE, if my memory serves me right.
Also blocked IE from doing anything with the firewall I installed.
Easy enough.
Cheers.
I wish.
IE is so embedded into windows that even if you don't think you're running it, _something_ ends up making use of its dlls.
Let's not even go into the fact that I can't get my 75yo father to stop using WinXP or IE - because he doesn't see why anyone would attack his connection, all available documentation to the contrary.
Oh FFS. What is it with all the "my fave OS or application is so much better than yours!" playground crap??
All software has bugs and flaws, I think the past couple of months have made that painfully obvious - Heartbleed, Mac and iOS, Windows, to name just a few high-profile ones I can think of.
Why not grow up and put some thought in to why it still is that software is released in a work-in-progress way that other industries would never be allowed to get away with, instead of just playing the nerr-nerr game?
"Oh FFS. What is it with all the "my fave OS or application is so much better than yours!" playground crap??"
Hmmm. Microsoft never say you should be using their software rather someone elses, because theirs is better??
If Microsoft didn't indulge in such "playground" tactics then we wouldn't be having a go at them all the time.
Oh FFS. What is it with all the "my fave OS or application is so much better than yours!" playground crap??
Because 10 year old bugs from a company NOTORIOUS for an extremely vulnerable browser from the very beginning is by definition, crap and deserving of far more than ridicule.
But for some reason, software makers get a pass for bad products causing damage that would get the pants sued off in any other industry in the damn world.
So ridicule is the order of the day.
That's what.
"BTW, isn't the "Heartbleed" problem also a "use after free" (whatever happened to "uninitialized variable(s)")bug?"
It's been several days, but not as I recall. Heartbleed was failing to sanitise external input and consequently exposing a load of memory. It was made worse by the fact that the OpenSSL allocator didn't overwrite-on-free, and so the memory was potentially "interesting".
Overwrite-on-free is trivial-to-code and fairly inexpensive. Its primary purpose, however, is not to render buffer overruns less interesting but rather to make use-after-free much more likely to be fatal. Bugs are therefore caught during development rather than three years after release.
And regarding the "uninitialised variables", that's arguably the complete opposite problem: use-before-allocate. I say "arguably" because although in C initialisation doesn't exist and allocation is considered complete when uninitialised memory is handed to the application, most other languages try to ensure that something like zero-initialisation happens. Again, it is trivial for a debug allocator to ensure that insane-initialisation happens by default and so any bugs in this area show up during development.
Without wishing to slag off Microsoft (coz others have already done that for me) it *would* be interesting to know just how bugs of this nature are making it into the current release of IE, a decade after Microsoft's big splash about secure software development. In the case of OpenSSL it was because they made a conscious decision to bypass all the help that might have found them sooner. With hindsight, that was such a bad decision that OpenSSL may not exist in a few years time (having been replaced by its fork).
In IE's case, no "fork" is possible, but we're long past the time when you had to run IE because most websites didn't work on anything else. Alternative browsers exist and end-users ought to be asking whether IE's development practices are up to snuff.
Edit: In the context of "uninitialised variables" it is perhaps relevant to note that Microsoft's C++ compiler has a long-standing bug in *failing* to initialise built-in types in scenarios where the standard requires it to do so.
BTW, isn't the "Heartbleed" problem also a "use after free"
No. It's a read-buffer overrun. It's not at all hard to understand, and there are explanations aplenty, so why even speculate and appear too lazy to look it up? Is it because you're too lazy to look it up?
(whatever happened to "uninitialized variable(s)")bug?
They're still around, and they're not the same as use-after-free or buffer overrun (though a buffer overrun can be due to an uninitialized variable, and it's conceivable that a use-after-free could be too, due to some sort of convoluted logic).
If you can't tell these types of vulnerabilities apart, I'd suggest programming in a language that provides safeguards against them.
Heartbleed allowed you to attack servers hanging on the net. Anything that presented a vulnerable OpenSSL-backed service, really. This requires the user to go to the site.
Also: Linux is evil cancer that only nerds with no lives would ever use and Microsoft is unicorn farts that tastes like rainbows.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
