Why people should stop using IE - comp.os.linux.advocacy

http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon Because Microsoft only patches bugs which: - are publicly known - for which working exploit code exists - is being exploited on a massive scale - people start to jump ship towards other browsers Most importantly: Microsoft IGNORES all other bugs and security exploits if they are used on a 'limited' scale. For most bugs they'll tell you to switch to a new, safer Windows (please buy a new computer too) and install a newer version of IE. There are more than likely hundreds of potential security bugs in IE which aren't patched and which hackers may or may not know about. Large U.S. companies and defense contractors are learning that they are beseiged by hackers almost on a daily basis using zero day holes in both IE and Adobe Acrobat Reader and Flash software. I suspect that the hackers (the Chinese government) are using these zero day holes aparingly opting for massive simultaneours breakins before the holes are patched. That's why we see waves and waves of attacks targetting U.S. multinationals and defense contractors. The bottom line is: Windows and Internet Explorer simply can't be trusted anymore and the U.S. government should publicly advise that people need to move towards Linux and Firefox. I suspect that this will happen this year (in 2010).

Non scrivetemi pulled this Usenet boner: > http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon > > The bottom line is: Windows and Internet Explorer simply can't be > trusted anymore and the U.S. government should publicly advise that > people need to move towards Linux and Firefox. I suspect that this will > happen this year (in 2010). It already happened (in 2004): http://www.internetnews.com/security/article.php/3374931 US-CERT: Beware of IE The U.S. government's cybersecurity unit recommends ditching Internet Explorer in favor of other, safer browsers. June 29, 2004 -- You get along very well with everyone except animals and people.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____/ Non scrivetemi on Wednesday 20 Jan 2010 21:58 : \____ > http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon > > Because Microsoft only patches bugs which: > > - are publicly known > - for which working exploit code exists > - is being exploited on a massive scale > - people start to jump ship towards other browsers > > Most importantly: Microsoft IGNORES all other bugs and security > exploits if they are used on a 'limited' scale. For most bugs they'll > tell you to switch to a new, safer Windows (please buy a new computer > too) and install a newer version of IE. > > There are more than likely hundreds of potential security bugs in IE > which aren't patched and which hackers may or may not know about. Large > U.S. companies and defense contractors are learning that they are > beseiged by hackers almost on a daily basis using zero day holes in > both IE and Adobe Acrobat Reader and Flash software. I suspect that the > hackers (the Chinese government) are using these zero day holes > aparingly opting for massive simultaneours breakins before the holes > are patched. That's why we see waves and waves of attacks targetting > U.S. multinationals and defense contractors. > > The bottom line is: Windows and Internet Explorer simply can't be > trusted anymore and the U.S. government should publicly advise that > people need to move towards Linux and Firefox. I suspect that this will > happen this year (in 2010). Microsoft was also caught patching security bugs secretly (no disclosure and no access to code). The numbers they give are bunk. - -- ~~ Best of wishes Steve Ballmer is even monkier than his moniker suggests http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E Tasks: 140 total, 1 running, 139 sleeping, 0 stopped, 0 zombie http://iuron.com - knowledge engine, not a search engine -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAktYh+AACgkQU4xAY3RXLo5buwCfWHrfoPUHEbZA1WjtZqQH5f8s Xy4AoIXZcnsqUe2u5XEkQn0r/fOVcnLb =irxb -----END PGP SIGNATURE-----

>Non scrivetemi wrote: >>[...]Windows and Internet Explorer simply can't be trusted >>anymore and the U.S. government should publicly advise that[...] >> Chris Ahlstrom wrote: >It already happened (in 2004): >[...]June 29, 2004 > http://www.kb.cert.org/vuls/id/713878 That was actually CERT's second time putting out the advisory. (The second time included a bit more detail.)[1] The first advisory was April 5, 2004. http://www.kb.cert.org/vuls/id/323070 .. .. [1] The fallout from a conjunction of an IE vulnerability and an IIS vulnerability was actually covered by the corporate news outlets. When your crap makes the national TeeVee news, it's obvious that you screwed up massively.