f



Why people should stop using IE

http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon

Because Microsoft only patches bugs which:

- are publicly known
- for which working exploit code exists
- is being exploited on a massive scale
- people start to jump ship towards other browsers

Most importantly: Microsoft IGNORES all other bugs and security 
exploits if they are used on a 'limited' scale. For most bugs they'll 
tell you to switch to a new, safer Windows (please buy a new computer 
too) and install a newer version of IE.

There are more than likely hundreds of potential security bugs in IE 
which aren't patched and which hackers may or may not know about. Large 
U.S. companies and defense contractors are learning that they are 
beseiged by hackers almost on a daily basis using zero day holes in 
both IE and Adobe Acrobat Reader and Flash software. I suspect that the 
hackers (the Chinese government) are using these zero day holes 
aparingly opting for massive simultaneours breakins before the holes 
are patched. That's why we see waves and waves of attacks targetting 
U.S. multinationals and defense contractors.

The bottom line is: Windows and Internet Explorer simply can't be 
trusted anymore and the U.S. government should publicly advise that 
people need to move towards Linux and Firefox. I suspect that this will 
happen this year (in 2010).

0
Non
1/20/2010 9:58:38 PM
comp.os.linux.advocacy 123962 articles. 0 followers. Post Follow

3 Replies
382 Views

Similar Articles

[PageSpeed] 18

Non scrivetemi pulled this Usenet boner:

> http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon
>
> The bottom line is: Windows and Internet Explorer simply can't be 
> trusted anymore and the U.S. government should publicly advise that 
> people need to move towards Linux and Firefox. I suspect that this will 
> happen this year (in 2010).

It already happened (in 2004):

   http://www.internetnews.com/security/article.php/3374931

   US-CERT: Beware of IE

   The U.S. government's cybersecurity unit recommends ditching Internet
   Explorer in favor of other, safer browsers.

   June 29, 2004

-- 
You get along very well with everyone except animals and people.
0
Chris
1/20/2010 11:01:01 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____/ Non scrivetemi on Wednesday 20 Jan 2010 21:58 : \____

> http://www.itworld.com/security/93253/who-cares-if-ie-patched-soon
> 
> Because Microsoft only patches bugs which:
> 
> - are publicly known
> - for which working exploit code exists
> - is being exploited on a massive scale
> - people start to jump ship towards other browsers
> 
> Most importantly: Microsoft IGNORES all other bugs and security
> exploits if they are used on a 'limited' scale. For most bugs they'll
> tell you to switch to a new, safer Windows (please buy a new computer
> too) and install a newer version of IE.
> 
> There are more than likely hundreds of potential security bugs in IE
> which aren't patched and which hackers may or may not know about. Large
> U.S. companies and defense contractors are learning that they are
> beseiged by hackers almost on a daily basis using zero day holes in
> both IE and Adobe Acrobat Reader and Flash software. I suspect that the
> hackers (the Chinese government) are using these zero day holes
> aparingly opting for massive simultaneours breakins before the holes
> are patched. That's why we see waves and waves of attacks targetting
> U.S. multinationals and defense contractors.
> 
> The bottom line is: Windows and Internet Explorer simply can't be
> trusted anymore and the U.S. government should publicly advise that
> people need to move towards Linux and Firefox. I suspect that this will
> happen this year (in 2010).

Microsoft was also caught patching security bugs secretly (no disclosure and no
access to code).

The numbers they give are bunk.

- -- 
		~~ Best of wishes

Steve Ballmer is even monkier than his moniker suggests
http://Schestowitz.com  |  Open Prospects   |     PGP-Key: 0x74572E8E
Tasks: 140 total,   1 running, 139 sleeping,   0 stopped,   0 zombie
      http://iuron.com - knowledge engine, not a search engine
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAktYh+AACgkQU4xAY3RXLo5buwCfWHrfoPUHEbZA1WjtZqQH5f8s
Xy4AoIXZcnsqUe2u5XEkQn0r/fOVcnLb
=irxb
-----END PGP SIGNATURE-----

0
Roy
1/21/2010 4:59:12 PM
>Non scrivetemi wrote:
>>[...]Windows and Internet Explorer simply can't be trusted
>>anymore and the U.S. government should publicly advise that[...]
>>
Chris Ahlstrom wrote:
>It already happened (in 2004):
>[...]June 29, 2004
>
http://www.kb.cert.org/vuls/id/713878
That was actually CERT's second time putting out the advisory.
(The second time included a bit more detail.)[1]
The first advisory was April 5, 2004.
http://www.kb.cert.org/vuls/id/323070
..
..
[1] The fallout from a conjunction of an IE vulnerability
and an IIS vulnerability
was actually covered by the corporate news outlets.
When your crap makes the national TeeVee news,
it's obvious that you screwed up massively.
0
JeffM
1/21/2010 7:04:06 PM
Reply: