Comments

You have commented 339 times on Rantburg.

Your Name

Your e-mail (optional)

Website (optional)

	My Original Nic Pic-a-Nic Sorry. Comments have been closed on this article.
Foto

Submit your comments on this article

Science & Technology

Attacks, Flaw Reports Mar IE 7 Release

2006-10-22

Microsoft released a major update of its Internet Explorer Web browser this week, but the red-letter occasion was stained by reports of anti-virus miscues, phishing attacks and what turned out to be untrue reports that the new product contains previously documented security flaws.

First came a run of junk e-mail claiming to be from Microsoft that tried to get recipients to click on a link and download the latest version of IE (the link, as you may have already guessed, installs a Trojan horse program that opens a back door for hackers on infected PCs.)

Then came reports of a vulnerability in IE 7 that was somehow carried over from the older IE 5.5 version. Vulnerability watcher Secunia said it developed a proof-of-concept attack using the bug that could allow a maliciously crafted Web site to steal any data a user may enter at a separate Web site. Not exactly, Microsoft responded. In a post to its Security Response Blog Thursday evening, Microsoft said the problem is related to a component of Outlook Express, the default e-mail client installed on Windows PCs. "These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express," the company said.

Microsoft urged users to temporarily disable anti-virus and anti-spyware software before installing the program, noting that IE 7 makes a large number of changes to the Windows registry, which the table of contents on Windows that determines which programs should be loaded when Windows or certain user accounts are started up. Some security software will block those changes.

Finally, some of the top tech blogs have been less than impressed with IE 7, according to a round-up at USA Today. Computerworld also has a decent compilation of IE 7 coverage. I have traditionally been hard on Microsoft with respect to security in IE, and I don't think undeservedly so, either. I'm afraid it's going to take some time for Microsoft to win back some credibility on browser security (and plain old functionality) in the tech community.

For my part, I was asked several times in today's Security Fix Live Web chat what I thought about IE 7. In retrospect, my response the final time I answered was probably below-the-belt, but it gets to the point I was just trying to make about trust. A reader asked: "Why should I bother upgrading to IE 7 since Firefox is a superior browser? IE6 works fine for the limited amount of usage I need."

My response: "Would you leave a loaded gun sitting on the table in a house with toddlers? Hopefully not. Okay, that's a little harsh, but think of it this way: lots of things on Windows use IE's built in rendering engine, and if you have a more secure version of the browser available, why not switch to it? This advice is especially aimed at households where more than one person uses the PC. "

Final note: If you want to install IE 7, keep in mind that it requires you to validate your copy of Windows.

Posted by:Fred

#41 That graphic in the OP is simply priceless. I have retained it for posterity. The spark gap electrodes above the ancient manual typewriter and cheesy B&W television screen are just icing on the cake!!!!!!!

Posted by: Zenster 2006-10-22 23:53

#40 None of these is theft. The authors of the programs made them available through these channels.

thank you.

Because you've enlightened me Mrs. lotp, ima now feel Legal and a better informed cretin.

»:-)

Posted by: RD 2006-10-22 22:22

#39 At least that's one thing I don't have to worry about at My job. No one is going to release an open-source AMRAAM software. (Though if you'd seen, you would never complain about the Bourne shell or USER.EXE ever again.)

Posted by: Jackal 2006-10-22 22:12

#38 CNET offers downloads of software that is either free or available on free trial. It depends on the program.

Some of the programs on CNET are free, but you are requested to donate if you like and use them.

Some are free, period.

If it's a free trial (only), the program will usually start with a message to the effect that you only have xxx days to evaluate it, or that some features are disabled. Those programs usually urge you to pay for a copy. If the evaluation period ends and you haven't paid for a license key, you will either not be able to use the software or will be bugged a lot each time you try. ;-)

None of these is theft. The authors of the programs made them available through these channels.

Posted by: lotp 2006-10-22 21:52

#37 Shouting Out to all Super Fly Geeks out there, twobyfour, lotp, Abdominal Snowman, .com....and any other komputerized freaky geek..

Question from a lowly non Geeky person afflicted with cretinism, and pleasa speaka de ENglish slo hand por favor.

my Dell was purchased from Dell and thus WidNoze-XP came with it.

hang on...

On occation I've downloaded programs from C-Net etc. for free.

Is that theft of software?

for real, cuz I wouldn't know.

>::

Posted by: RD 2006-10-22 21:39

#36 IMHO the RIAA can get f*cked when they ask us to pay for information (book, recording, image) that we've already purchased via some other medium. Congress is bought and paid-for in extending patent and copyright laws past all reason (20 yrs)

Posted by: Frank G 2006-10-22 20:48

#35 Well .... do I want to jump into this thread?

I've written some GOOD software. And had it pirated. I've written some well-selling technical reference books. And had them uploaded to the Web and downloaded for free.

The royalties from both were targeted to paying my kid's college tuition. So a bunch of jerkoffs hanging around in school on their parents' dime got it for free, and I didn't have that money to pay for her school as a result.

Which is the point .com is making, I think.

Posted by: lotp 2006-10-22 20:19

#34 "it is like you're saying that because you know your slashdot crowd, ergo ipso, anyone who uses open source stuff is a thief"

2x4 - Jesus Ergo Fucking Ipso Christ. You're as dense as a rock. Can you read and comprehend English? Just leave me out of any further moronic nitpicking, K? Big Thanks.

Posted by: .com 2006-10-22 19:06

#33 Of course stuff that's out of production, but still desirable, is an exception. There's an infinitely safer / better alternative to the file-sharing venue - and that's UseNet. The readers for you machine are free - such as Free Agent from Forte (www.forteinc.com) - a decent news server (with probably 10-20 music groups) will cost - usually depends upon the download quota you want. I could recommend NewsGuy, SuperNews, GigaNews, and a few more, if you're looking for unique stuff that can't be found through other channels anymore. You can request it and be amazed when someone posts it - to your attention. Very friendly user crowd, usually.

Posted by: .com 2006-10-22 19:04

#32 Anyway, .com, we luv ya, but in this regard, you are as dense as rock. ;-)

Posted by: twobyfour 2006-10-22 19:03

#31 .com, it is like you're saying that because you know your slashdot crowd, ergo ipso, anyone who uses open source stuff is a thief. For instance, Fred here runs the server with GNU Debian. Why? Because he is a thief? No, because of the constant problems he had with windoze.

You did not talk about honesty, you did generalize talk about apriori dishonesty of those that use open source.

Posted by: twobyfour 2006-10-22 19:01

#30 I scavenged Napster in it's pirate days to my delight. I ended up DL'ing stuff I already owned on vinyl (scratched up, but 600-700 albums) and old stuff (40's-50's), old blues like Lightnin Hopkins, Howlin Wolf, Robert Johnson, Muddy Waters, etc....that were clearly beyond a legit copyright. I have an Ipod 40GB with 4000+/- songs...and it's full :-)

Posted by: Frank G 2006-10-22 18:57

#29 Holy Cow! They LOVE you!

I have about 10 movies and maybe 20 music CD's - all legal. In Saudi Arabia '92 you couldn't buy legal music (no movies at all were available back then) - so I ended up with ripoff cassettes. They all died within a year in the heat. On my second tour, I took only music CD's with me - and the Customs guys checked them to make sure it was music - not porno movies with fake labels. When I got back to the world again, I bought only a few good 'uns - I have every movie channel cable offers, so I don't really need to buy much, nowadays.

Posted by: .com 2006-10-22 18:44

#28 LOL - PD - if it's any comfort, I own roughly 1100 CD's (legitimately purchased) and 200+ DVD's (same) - the music and movie industry has artificially maintained high prices with congressional payola.

Posted by: Frank G 2006-10-22 18:39

#27 If you paid good money for shit, is that me - or you?

I'm haven't advocated anything here except honesty. I've observed that the open source crowd I know have the mindset that stealing / pirating is okie-dokie. I've indicated that if it was you the theives were stealing from, then a cavalier attitude about it would be less likely. That's it. Everything else you've derived is of your own manufacture.

You've written this big pile of shit and seem to think you frustrations are my fault for saying the obvious. Who cares? I don't.

Use it, don't use it. Cheat, steal, buy, whatever. You only have yourself to answer to.

If you still feel hinky, well Jeez -- fuck you. There's nothing here except two observations and one fact.

Posted by: .com 2006-10-22 18:34

#26 It is open. It is free.

No. It's open source code, it may be free, or it may be not free. There is a plenty of business applications that are open source (you can review and modify the code), but you have to pay the license.

I think your involvement with slashdotters warped your perception.

Posted by: twobyfour 2006-10-22 18:33

#25 .com, you're assuming that if people are for open source, then they're for stealing from you... you've created this huge strawman argument and you've got all the anecdotes in the world to back it up, like anecdotes are data. And you're ready to unload your personal grievances on anyone who thinks windows is a lousy OS and has instead used an open source alternative?

Let me spell it out to you plainly: I use all three of linux, mac os, and windows on a daily basis for each of them. I have also _spent_ about a thousand dollars on commercial software over the past year. I'll be spending more on it this year.

The specialized CAD software that needs to run on windows... will be running on a windows machine that's disconnected from the internet, because it's a piece of fucking shit that can't handle it.

I have had three of the major commercial antivirus software suites, all of them paid for, either included in the purchase price of the machine, or off-the-shelf in a shrinkwrap package, fail on me at their stated task.

I think I've paid enough, in both money and lost time, that I have the _right_ to say that a great deal of commercial software is shitty in comparison to much open source software.

The major commercial vendors have enough cash (billions in the case of Apple, tens of billions in the case of Microsoft) that IMHO they don't really have an excuse for the low quality of the junk they put out. If you're worried about the health of programming as a profession, or the commercial software industry, then IMHO you have a lot more to be concerned about than some guy with a ponytail and pizza sauce stains on his t-shirt writing an open source application (or maybe even an OS) somewhere. You need to be concerned about your alleged industry leaders instead.

Posted by: Abdominal Snowman 2006-10-22 18:26

#24 so my old Napster days makes me a bad guy?

Do you pick your toes in Poughkeepsie?
/Popeye Doyle

Posted by: .com 2006-10-22 18:24

#23 2x4 - I know what open source is. I did not say it is theft - it's software which is distributed, usually, with source code. It is open. It is free. I fucking get it - you're the one who's not "getting it".

My experience is that the open source crowd are commonly software thieves. Once they get X and Y for free, they seem not to want to pay for anything, ever, and steal software regularly.

Pirated software, software which is not meant to be distributed via open source, i.e. free, is theft. It is the right of anyone to ask for payment for their creations. If it's shit, then you don't want it, free or not. If it's not shit, and it's not free, but you steal it, then you're a thief. Jeezus this is boring.

I've picked nits with the open source / slashdot dickheads for years. They're mainly jackoffs who couldn't write commercially viable software if their fucking lives depended upon it. Somehow that makes their derision of commercial software just a tad less convincing to me.

Posted by: .com 2006-10-22 18:21

#22 ,com, no badge of honor or sumthin. I run linux because it does a better job. I did run windoze for a long time, but after constant crashing, I simply got tired of it. If windoze was a better OS, I'd run windoze. That is all to it.

Posted by: twobyfour 2006-10-22 18:19

#21 so my old Napster days makes me a bad guy?

Posted by: Frank G 2006-10-22 18:19

#20 .com, you are generalizing, based on times gone. I'venture to submit that there are thieves everywhere and proportionally as many people run illegal copies of windoze as with any other OS. You can, of course, download most linux OS distros free, but then when you need support, you're SOL. People buy licenses of linux OSes just for that exact reason. Some buy licenses because it's right. Students usually don't, but you as likely find on their boxes an illegal version of windows as anything else.

I, for instance, have 3 hosting servers, with RH and Plesk, all licenses paid for, and here at home I run Mandriva, also paid for. I often download an upgrade, but always buy a retail pack later on. I have also some apps under linux that are not free as beer, and all paid for.

I am sure that there is a plethora of business people that run linux and you'd find the same.

As for Open Source concept, you are still confusing it with FSF copyleft. It's not the same.

Posted by: twobyfour 2006-10-22 18:10

#19 Sheesh. Who the fuck cares, beside you?

You goofballs seem to think there's some badge of honor in it. There's not. Common sense says you should first figure out what apps you need / want, then you pick the OS that has those apps. Everything is is simply stupid. Ponytails and pizza-stained t-shirts are optional.

Stealing software, from the POV of a programmer, is the act of a thief. Go figure, huh?

If I pilfered from you, you wouldn't find it particularly endearing either, methinks.

If you wanna fight with me about your choice of Linux, then you're an idiot. I couldn't care less. Your choice. I made my observation regards the open source crowd - and it stands. If you have pirate software on your machine, then you're a thief. Parse that baby and see where I'm wrong.

Posted by: .com 2006-10-22 18:03

#18 I gave up solitaire because I kept losing at it.

Posted by: Abdominal Snowman 2006-10-22 17:58

#17 If I'm using an OS for which there aren't that many commercial apps to begin with (and speaking for myself, those I have I have paid for) then what the fuck is out there to even steal?

.com, I hate to break it to you, but I run Linux not just because windows is a piece of shit, but because most of the commercial and free software on it is crappy too.

Posted by: Abdominal Snowman 2006-10-22 17:56

#16 I don't care, Furry One. Do you cheat at solitaire?

I'll bet you do.

Posted by: .com 2006-10-22 17:53

#15 Oh I understand 2x4, I was a programmer for over 30 years. And I reiterate -- I believe, if you inventoried the machines of those who advocate open source, you'd find they're little socialists, i.e. thieves. It's not like "taxes" - it's like "theft". No apology offered because I know more than a few and my comment is based upon their lack of ethics and honesty.

Gee, .com, what do you want me to do? Confess that I pirated both the copy of Excel for Linux _and_ the copy of MS Word for Linux that I'm running on this computer?

Posted by: Abdominal Snowman 2006-10-22 17:52

#14 LOL good Dr!

Posted by: RD 2006-10-22 17:03

#13 Just don't let Jobs offer you any options, Steve. Not at the moment, anyway LOL

Posted by: lotp 2006-10-22 17:03

#12 Awright, awright, make fun of my Mac and I shall call Cupertino and get an iFatwa called down on you ...

Posted by: Steve White 2006-10-22 17:01

#11 Mac is just better.
My brother's 6 figure paycheck says "Computer Scientist"
I let him sit down at my Mac.
He bought two.

Posted by: J.D. Lux 2006-10-22 16:27

#10 Oh I understand 2x4, I was a programmer for over 30 years. And I reiterate -- I believe, if you inventoried the machines of those who advocate open source, you'd find they're little socialists, i.e. thieves. It's not like "taxes" - it's like "theft". No apology offered because I know more than a few and my comment is based upon their lack of ethics and honesty.

Posted by: .com 2006-10-22 14:36

#9 heh what about a Mac, isn't one of our finest ere at RB a Dr. devotee of Mac? I've never owned a Mac myself tho..

The whole Mac culture thingy leaves me a bit...

clicky pic

clicky pic

Posted by: RD 2006-10-22 13:48

#8 Another thing .com, open source does not mean it's free, it just means that the software code is transparent upon inspection.

It's like with taxes. Currently, you may call the tax system closed destination. You don't have any say how your taxes are applied. If you had choices how your taxes could be distributed, it would be open destination. ;-)

Open source is a software development model, not a software distribution model.

Posted by: twobyfour 2006-10-22 13:31

#7 btw UBCD4Win.com is good for browsing the net. You can not infect a closed cd.

Posted by: 3dc 2006-10-22 13:16

#6 .com, I bet there are far more illegal copies of windoze and windoze apps out there than "stolen" software on linux boxen.

Posted by: twobyfour 2006-10-22 13:16

#5 UBCD4Win.com
a CD based windows XP that lets you clean your system properly.

Look at the software list and note that you boot from a CD into XP-PE so nothing from your harddisk will affect the operation of your sick machine.
It contains various anti-virus software, malware/adware disk stuff networking etc..

Posted by: 3dc 2006-10-22 13:14

#4 Final note: If you want to install IE 7, keep in mind that it requires you to validate your copy of Windows.

Lol. This will do the trick for the "open source" people are actually little socialists who steal their software.

Posted by: .com 2006-10-22 05:08

#3 thanks twobyfour for the explanation, and more confidence building for Linux.

To make Windoz work consistently, I've learned to hunt up patches even before MS releases them on occasion, and ultimately was bludgeoned into windoz defender, Symantec, Ad-Aware, Ghost Surf Premium, yahoo tool bar, googlr tool bar etc.

which is a pain in the a$$.

I haven't tried it but coincidentally my brother in law st gave me a small monitor and a cpu the last week end. It has Linux loaded on it so now I'll try it sooner.

It's purpose is for some 12 volt security IR cams [high def for IR] w/ receivers units here upstairs I'm experimenting with.

Im thinking about moving up from my Dell 8250 to a dual core thingy, or possibly the bro/in/law will insist one of his server units that he builds.

Posted by: RD 2006-10-22 04:47

#2 RD, you don't have to be a whiz kid to run linux, nowadays. In some ways, it is actually easier once you digest some conceptual differences. I don't have to worry about security as much as windoze users.

Example: I bought a camera recently, and installed software it came with under windoze. Whenever I plugged it into USB interface, it took almost half an hour to get list a listing of files (images) in the camera. Almost impossible to transfer images. I got frustrated and decided to see how it fares under linux.

Plugged it in, and rebooted with hardware recognition on (did not really have to do that, but wanted to be sure problem is not the camera). Logged on and viola! An icon representing the camera as new removable drive popped up. Opened the directory in file manager and files all listed in that moment. Previewed in file manager, image displays immediately. Transferred files to my working directory, no problem, nada, zipo.

Some time back, I had a problem to make my scanner work under windoze. Same story, plugged it in uder linux and yewbetcha, that made my day.

I love linux. It just works!

Posted by: twobyfour 2006-10-22 02:35

#1 whats the big problemo with WiDoes IE 6? It doesn't seem any better or worse than Modzilla Medulla to me.

I went on a Bill Gates Vista junket about 7-8 [?] months ago and it crashed thrice in one day so I ~~shit canned~~ dumped it.

My brother inlaw is a Californium whiz kid & highly recomends Linux??, but then again, he's a komputerized freak and well... you know.

Posted by: RD 2006-10-22 01:46

00:00