Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Bug Operating Systems Software Windows

Another Serious MSIE Hole 731

Posted by timothy from the why-my-dad-gets-no-tech-support dept.
pjrc writes "Infoworld is reporting another new security hole that allows links to executable files to appear to be any other type of file, such as text or pdf. When combined with a previously reported spoofing bug, that Microsoft still hasn't fixed, Infoworld claims the result could be 'devastating'"
This discussion has been archived. No new comments can be posted.

Another Serious MSIE Hole More

Another Serious MSIE Hole

Comments Filter:

  • The Demo (Score:5, Informative)

    by trp642 ( 551059 ) * on Wednesday January 28, 2004 @04:37PM (#8116211) Homepage
    A little demo [secunia.com] for those still using IE...

    • If I had a dollar (Score:5, Funny)

      by BoomerSooner ( 308737 ) on Wednesday January 28, 2004 @04:49PM (#8116415) Homepage Journal
      for every person who constantly bitches about "pop-ups" or something messing up my computer related to IE. I'd retire. All I say is go to mozilla.org [mozilla.org] and leave me the hell alone.

      I guess being a computer professional is like being a doctor. Everyone asks you anything related to your field regardless of the situation (ie, dinner, getting dental work done, ...). I try to explain I'm a $100/hour (yes, outsourcing is my fault) contract software engineer. If you want me to reinstall your OS, Drivers, Applications and backup your data that will be about 6-8 hours (assuming they have any legit install disks) and roughly $600 to $800 total. They usually quit calling after that.

      It's like calling a mechanical engineer to change your fucking tire. Figure it out, it isn't that hard.

      • Re:If I had a dollar (Score:5, Insightful)

        by planetmn ( 724378 ) on Wednesday January 28, 2004 @05:10PM (#8116700)
        Why is it that a lot of people here don't know how to do a nice thing for somebody.

        If my in-laws computer needs some work, next time I am over there, I'll take a look at it, or try to help over the phone, it takes all of what, maybe 20 minutes.

        My uncle owns a small business, if I can save him some money by making recommendations for him or giving him some free tech-support, great.

        If you're nice to somebody, they are going to be nice to you, believe me, in the end, it's a wash.

        Plus, life is too short to be an asshole all of the time.

        -dave

        • Re:If I had a dollar (Score:5, Insightful)

          by Phenris Wolfe ( 725404 ) on Wednesday January 28, 2004 @05:27PM (#8116951)
          You don't get used as free tech support by a lot of people, do you? I for one know that certain members of my family, and certain "friends" of mine will probably be calling me for the first time since the blaster worm thanks to MyDoom or whatever it is. They don't have time for me except when their computer goes to hell. Surely I'm not the only one here....
          • Amen, brother! The worst part is if you do help someone (say a good friend), then they casually overhear that one of their good friends has a computer problem, you're going to be tapped to help that person, too. If I had a dollar for every friend-of-a-friend-of-a-friend's computer I had to un-fsck-up, I'd be rich.

            The worst part is that all these people are getting their kit fixed through that one friend as a proxy, and since you didn't charge them (because you were just being nice, really drunk, trying

          • Re:If I had a dollar (Score:3, Insightful)

            by root_42 ( 103434 )
            I second that emotion! I am always glad to help people with their computer problems. But over time they start to take it for granted that I help them for free. I don't know why that is so, but most of the time I am happy to get a thank you.
            Nevertheless I still like to help people with their computer problems, because that's what I love to do.
            It's not about being an asshole all the time, but one has to know when to say "No", and when it's ok to spend some of your time to help others for free.

            • Re:If I had a dollar (Score:5, Interesting)

              by Afrosheen ( 42464 ) on Wednesday January 28, 2004 @07:05PM (#8118337)
              You're exactly right.

              When enough people get to know you as the local computer guy, you'll get phone calls, visits, you name it. People will expect it to be free by default unless you set a price. Make it fair but worth your time.

              Anyone on here bitching about 'feeling obligated' to provide 'free support', stop bitching. It's your own fault it's free. Charge a price. Believe it or not people are willing to pay their friends a reasonable fee, even if it's not cash. Tell them to rent a movie for you and bring it over, or bake a cake, or get a six pack of Guinness, whatever. I have a big box of Krispy Kreme sitting here from a friend of mine that needed spyware removed yesterday.

              Once you get people trained to think that indeed, your time and expertise are worth something, you won't even have to make requests. People will open their wallets or bring you stuff automatically.

              Don't let your passive-aggressive geek nature leave you with regrets or feeling used. Assert yourself.

          • Re:If I had a dollar (Score:5, Informative)

            by StringBlade ( 557322 ) on Wednesday January 28, 2004 @06:00PM (#8117437) Journal
            I do a lot of free tech support for friends and family. However, I take the time to educate them on what not to do and give them the tools they need to help protect themselves.

            For example, when I find someone is prone to visiting lots of websites with "fun stuff" to download and play with (such as card-making programs and other crap like that) I find oodles of spyware and adware on their computer bogging it down. I explain to them that the sites they visit and the software they're downloading in installing this junk on their computer and that's why it's slow. Refraining from downloading these things will help prevent this in the future.

            Additionally I give them:

            and make sure their AV software (which most have) is up-to-date.

            Finally, for the worst offenders, after giving them tips (writing them down even) and explaining it over and over again, I limit them to 5 - 10 fixes. After that, they cannot ask me for help unless it's a completely different problem (if I find it's the same old same old, I leave and tell them to fix it).

            You can be nice, but you don't have to be a pushover. Developing a methodology for helping others simplifies the process and helps alleviate the frustration on a case-by-case basis.

            As much as we all hate cliches sometimes they apply: Give a man a fish and he is not hungry for a day; teach a man to fish and he is not hungry for a lifetime

            ...or the other less well known proverb: Give a man a blanket and he is warm for a night; set him on fire and he is warm for the rest of his life. :-)

        • Re:If I had a dollar (Score:4, Insightful)

          by Silvers ( 196372 ) on Wednesday January 28, 2004 @05:52PM (#8117338)
          Please. I worked tech support for 2.5 years at my university.

          I'll spend 5-10 minutes trying to help someone who just randomly comes up and says 'Hey, I remember you from the help desk. I have this....' Or some friend of a friend. 'Hey, this is my buddy, his computer is...' But thats it. I hardly know the person, and I don't have time. Between my own computer issues and those I was dealing with at work, I want some time not devoted to dealing with how buggy people can make their systems.

          If its a close friend, of course its not a problem. But apparently just because you don't get asked frequently, doesn't mean others don't. Don't let that stop you from making sweeping generalizations though.

        • Re:If I had a dollar (Score:3, Insightful)

          by gad_zuki! ( 70830 )
          >Plus, life is too short to be an asshole all of the time.

          Arguably, assholes are created not born. After the nth time explaining to the same people the same concepts (virus scanner, only download from download.com, etc) its time to face facts, accept the fact they will never learn, and tell them to leave you alone and buy a Mac for their next computer.

          I don't mind doing small favors or explaining something, but I can only do this so many times. On top of it, once people know they can get a hold of y

        • It depends. (Score:3, Interesting)

          by solios ( 53048 )
          On the end user.

          I've done work for free for some people, and they're quite happy. They make me dinner or take me out for a few drinks or something.

          I've also done work for free for some people, and they're never happy- to the point of hassling me every time they see me because they need help with some piece of software (that has extensive documentation, installed), they did something I told them not to do and broke something, or, in general, are too thickheaded to learn for themselves and want me to do th

      • Re:If I had a dollar (Score:3, Interesting)

        by Ironica ( 124657 )
        for every person who constantly bitches about "pop-ups" or something messing up my computer related to IE. I'd retire. All I say is go to mozilla.org and leave me the hell alone.

        Yeah... now tell me how I get the sysadmins in the computer lab at school to go to mozilla.org. "But, then we'd have to *support* it!" which would be oh-so-hard... it would cut into their smoke breaks something awful. (and they'd have less to clean up than with IE.)

        These are the same folks that just "got rid of" profiles on all

        • Re:If I had a dollar (Score:3, Insightful)

          by blincoln ( 592401 )
          "But, then we'd have to *support* it!" which would be oh-so-hard...

          End users always complain about this attitude without understanding the reasons behind it.

          It isn't your one Mozilla installation they *really* care about. It is what allowing you to do it would mean: pretty soon people would be running IE, Netscape, Opera, AvantBrowser, and a whole host of other oddball web clients.

          In a situation like that, when someone comes to you with a problem, it multiplies the number of possible reasons by so many

      • Re:If I had a dollar (Score:5, Funny)

        by Luscious868 ( 679143 ) on Wednesday January 28, 2004 @05:19PM (#8116831)
        I guess being a computer professional is like being a doctor. Everyone asks you anything related to your field regardless of the situation (ie, dinner, getting dental work done, ...). I try to explain I'm a $100/hour (yes, outsourcing is my fault) contract software engineer. If you want me to reinstall your OS, Drivers, Applications and backup your data that will be about 6-8 hours (assuming they have any legit install disks) and roughly $600 to $800 total. They usually quit calling after that.

        You hit the nail on the head there brother. I'm so sick and tired of people that I barely know calling me when their computer breaks asking for help. It always turns into a friggin 2 - 6 hour event. You know the routine. Uninstalling all the crap that people have downloaded. "Hey, let's install this cool looking Bonzi Buddy thingy, what can it hurt?". The idiots should be shot. Removing spyware, removing the 80 virues that have found there way onto the system. "Hey look at this funny attachment, it's called 'Dont Open Me I'm a Fucking Virus and I'll Fuck Up Your Computer.exe' why don't I open it and see what happens. Maybe it's a funny joke or something."

        I think I'm going to start telling people that I work for the post office and I'm currently taking court ordered anger management classes. That will shut them the fuck up real quick.

      • Re:If I had a dollar (Score:5, Funny)

        by GMFTatsujin ( 239569 ) on Wednesday January 28, 2004 @05:59PM (#8117422) Homepage
        I work for Local University (TM) at the medical library, which handles tech support for the campus. With the recent outbreak of the worm of the day, I've taken it upon myself to create a web page for our users on best computing practices. I'm still putting it together, so mostly it's just getting blocked out for structuring the content.

        Here's one of the sections that I wrote more out of catharsis than actual informative intent. It certainly won't make the web, but it got my point across.

        Don't Put Strange Things in Your Mouth


        It doesn't take fancy book-learnin' to catch on when you recieve an emailed attachment that you didn't ask for -- especially when it starts turning up from lots of different addresses in a short period of time. Opening an unrequested email attachment is about as hygenic as chewing on a urinal cake, and you should know better. That means you, Doctor Six-Years-in-Medical-School.

      • Re:If I had a dollar (Score:3, Interesting)

        by Kris_J ( 10111 ) *
        A friend at work said that he couldn't stop IE from going to a range of search pages with pop-ups when he started it. He'd run Adaware and still couldn't get rid of the problem. He went away with a USB flash device containing the latest Mozilla installer.

        I'm going to have to pull a weekend at work soon installing a new version of our database client on every PC. I'm going to put Mozilla on all the machines at the same time. Won't make it the default or anything, but if anyone starts to have problems wit

  • In other words,... (Score:5, Funny)

    by burgburgburg ( 574866 ) <splisken06@@@email...com> on Wednesday January 28, 2004 @04:37PM (#8116219)
    it's Wednesday.

    • Re:In other words,... (Score:3, Interesting)

      by tonyr60 ( 32153 ) *
      It is easy to be less than serious about this issue but...

      Spam pretty nuch killed newsgroups, it is its way to doing the same thing for email.

      Microsoft is on track to kill the internet because it cannot deliver a product that can look after your average user. The problem is that unlike newsgroups and email, the internet is a significant contributer to world economy.

      It is near impossible to educate users on how to be carefull, either the products must be secure, or we take a giant step backwards as users

  • Hmmmm... (Score:5, Insightful)

    by instantkarma1 ( 234104 ) on Wednesday January 28, 2004 @04:37PM (#8116222)
    Wasn't good ol' Bill just extolling the virtues of Windows Security in comparison to other 'unnamed' operating systems the other day?

    Would you like some more pie, Bill?

  • very simple fix... (Score:5, Insightful)

    by mike77 ( 519751 ) <mraley77&yahoo,com> on Wednesday January 28, 2004 @04:38PM (#8116228)
    Anyone can do it.

    DON'T use IE!

    • Not that simple (Score:5, Insightful)

      by blorg ( 726186 ) on Wednesday January 28, 2004 @04:53PM (#8116478)
      I use Opera myself and absolutely detest IE, but that doesn't help with the fact that IE is embedded in both the OS and very many other products - Outlook is an obvious example, but there are countless others, such as Winamp's minibrowser. It's very easy for developers to embed IE (e.g. the MSHTML control) in a product.

      Mozdev has some tips about completely disabling IE [mozdev.org], even in other applications.

  • it is... (Score:3, Insightful)

    by fuentes ( 711192 ) on Wednesday January 28, 2004 @04:39PM (#8116238)
    "Infoworld claims the result could be 'devastating'"

    ...to those still using IE.

    • Re:it is... (Score:3, Informative)

      by hendridm ( 302246 )
      I wouldn't say those are the only people affected by exploits and outbreaks. I'm using Firebird and Thunderbird, but my inbox still fills up with virus forwards from others who are not, and my connection is often slow or down while the latest worm is making its rounds.
    • Remember that IE isn't an app as much as a COM object. If you use Yahoo Messenger, AOL, or explorer, etc., you use IE.

  • this will show them (Score:5, Funny)

    by atari2600 ( 545988 ) on Wednesday January 28, 2004 @04:39PM (#8116242)

    A demonstration of the hole is currently on security company Secunia's website and demonstrates that if you click on a link, and select "Open" it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

    Haha this will show them - i am downloading the latest patch from www.mikerowesoft.com - m defen is str..o..noo!!..hel..elp

  • I wonder (Score:3, Funny)

    by Anonymous Coward on Wednesday January 28, 2004 @04:39PM (#8116250)
    I wonder how well I can navigate the internet with out clicking on any hyperlinks.

  • Microsoft says: Don't click URLs anymore... (Score:5, Interesting)

    by jea6 ( 117959 ) on Wednesday January 28, 2004 @04:40PM (#8116264)
    "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER."

    Find that hard to believe? http://support.microsoft.com/default.aspx?scid=kb; [ln];833786 [microsoft.com]. Remember, type, don't click.

  • From the article (Score:5, Funny)

    by nate1138 ( 325593 ) on Wednesday January 28, 2004 @04:40PM (#8116267)
    From the article text:

    Doom worm currently reeking havoc across the globe.

    So it's a smelly worm? Or are they trying to say that Windows stinks?

  • But, but, but Bill said... (Score:5, Funny)

    by Space cowboy ( 13680 ) on Wednesday January 28, 2004 @04:41PM (#8116282) Journal
    ... that Windows is far more secure than Linux or OSX because it gets tested so many more times out there in the wild..

    [Editors note: replace 'tested' with 'tested and found wanting']

    Simon.

  • No more dangerous than normal. (Score:5, Interesting)

    by doublem ( 118724 ) on Wednesday January 28, 2004 @04:41PM (#8116284) Homepage Journal
    As MyDoom is showing, hackers don't need an exploit to spread. The social engineering is still more than enough to spread.

    This is a cute vector that can be used to take in another 10% of users, but since it looks like most of them will run any attachment you send them anyway, it's a moot point.

    A few years back, I coded an app and e-mailed it to all our users. The message came "from" the company owner and said "This is a virus, you will destroy all the data you have access to if you run this file."

    If they ran the file, it sent me a message with their computer name, username and other details.

    About 80% of the users ran it.

    I lost all faith in the human race that day.
    • It's too bad you couldn't code it so if they clicked on the attachment it:
      • sent you an email
      • locked out their account
      • forced a reboot of thier PC

      This way, the user who was an idiot, must now call you and confess as much (even though you already knew). Additionally, you could take the information and collect it for presentation to your superiors suggesting that your organization is in dire need of some anti-virus education because clearly they are posing a threat to the operations of your company.

      If you

  • not really anymore.. (Score:3, Interesting)

    by gl4ss ( 559668 ) on Wednesday January 28, 2004 @04:41PM (#8116288) Homepage Journal
    the ie has been so full of holes, and there's shitloads of unpatched ie's out there as well, that nobody who wants to have any control over their computer is using it anymore(unless they're stupid enough to trust some middlesoftware like nortons, or simply don't know why their computer is getting less usable by the day. "hey I just wondering why am I getting popups even when I'm not browsing?? it really gets in the way of my spreadsheet work").

    if you have a stock ie and you browse around with it you WILL GET infected with some spyware or another, sooner or later. this is how it has been for the past few years(!) so a new hole hardly changes anything(it has not been trustworthy enough for years to use on random urls from irc/forums/whatever, so another bug is unlikely to change anything).

  • I don't think MS cares anymore (Score:5, Insightful)

    by Ignorant Aardvark ( 632408 ) <cydeweys.gmail@com> on Wednesday January 28, 2004 @04:42PM (#8116296) Homepage Journal
    I really don't think Microsoft cares any more. They certainly don't care about the security of their customers. I supposed their objective with IE was to dominate the market by packaging it with Windows, and once that was completed, they simply stopped caring about IE. They haven't updated it in over two years, and its competitors have added all sorts of useful features in the meantime. And now that these bugs have been exposed and nothing is being done about it, it's time for people to move on to using other browsers - permanently. If people aren't convinced by the merits of other browsers, maybe they'll be convinced when their "tried and true IE" allows them to be scammed/defrauded.

  • Ye gods... (Score:3, Insightful)

    by Cleon ( 471197 ) <cleon42 AT yahoo DOT com> on Wednesday January 28, 2004 @04:43PM (#8116305) Homepage
    There are times when I wonder if Microsoft isn't purposely trying to get everybody on the Net own3d.

    I mean, what kind of frikkin' bug would make an executable link pretend to be something else? If I believed in conspiracy theories, I'd swear it was deliberate.

    • Re:Ye gods... (Score:4, Insightful)

      by El ( 94934 ) on Wednesday January 28, 2004 @04:53PM (#8116480)
      "Never attribute to malice that which is adequately explained by stupidity."

    • Re:Ye gods... (Score:3, Interesting)

      by nate1138 ( 325593 )
      There was a theory (from Cringely, I believe) that Microsoft is doing all this intentionally. They really missed the boat on the whole "Internet" thing in the begining, and this was their plan of attack:
      1. Plague windows with remote insecurities
      2. Blame this on the designs of the open standards that currently power the net
      3. Release MSTCP/IP, with built in encryption, authentication and DRM as a "solution" to the problem at hand (virus, spam, etc)
      4. Profit!

      Yeah, I didn't really buy it either (and I LIKE conspi

  • According to Bill, this is a good thing (Score:5, Informative)

    by burgburgburg ( 574866 ) <splisken06@@@email...com> on Wednesday January 28, 2004 @04:43PM (#8116310)
    While at a Longhorn Developers conference in London, Bill explained [com.com] that ""A high-volume system like (Windows) that has been thoroughly tested will be by far the most secure," than it's low-attack competitors like Mac OS X and Linux.

    Gates also explained "To say a system is secure because no one is attacking it is very dangerous," and proposed that "hackers are good for maturation" of the platform, because they have forced the company to develop new inspection techniques for the code.

    Of course, virus writers are getting lazy now. According to Microsoft software architect Chris Anderson, "Today, virus writers don't find holes," he said. "They just sit back and wait for patches to appear, and then it is a race to write the first virus. We want to get patch deployment down from days or weeks to hours."

    • "They just sit back and wait for patches to appear, and then it is a race to write the first virus. We want to get patch deployment down from days or weeks to hours.

      Is that so virus writers won't have to wait days or weeks before releasing a new version?

      Tim

    • We want to get patch deployment down from days or weeks to hours."

      Of course that'll solve all the problems! We patch a hole 1 hour after it's discovered (not like that ever happened) and then it takes three months (also overly optimistic estimate) for the average user to actually download a patch with the next service pack, if ever. The result? The end user is just as vulnerable as he has ever been. But we can now blame the end user for not patching their system in time, because the patch was available e

  • small detail, slightly OT (Score:4, Insightful)

    by happyfrogcow ( 708359 ) on Wednesday January 28, 2004 @04:43PM (#8116317)
    in fact it is an HTML executable file.

    Maybe I'm behind the times, could someone explain precisely what they mean by an HTML executable file? That doesn't make sense to my "HTML is plain text" portion of knowledge.

    • Re:small detail, slightly OT (Score:4, Informative)

      by arkanes ( 521690 ) <<arkanes> <at> <gmail.com>> on Wednesday January 28, 2004 @05:02PM (#8116599) Homepage
      I'm mostly guessing here but it looks the the CLSID identifies it as an HTA (HTML application) component, which MS was hyping as all the rage in application developlment a few years back. Basically, it's like an XUL app - written in HTML and JScript. Portions of the Win2k+ UI are written using it, like the add/remove programs dialog.
    • Maybe I'm behind the times, could someone explain precisely what they mean by an HTML executable file? That doesn't make sense to my "HTML is plain text" portion of knowledge.


      The demo version sends and "executes" an HTML file, but the same channel could be used to send and execute an executable. They were just being careful to make their exploit demo safe to use.

    • Re:small detail, slightly OT (Score:5, Informative)

      by shfted! ( 600189 ) on Wednesday January 28, 2004 @11:37PM (#8120348) Journal

      Okay, you have a file, called trojan.exe on the webserver. You make a link in the html to link to "trojan.exe". Then you configure the web-server to tell the web browser that the mime-type (a way to indentify the content of the file) of trojan.exe is "text/html". IE sees "text/html" and says "ahh! I know what to do! Open this!", thinking it's a webpage. IE then looks at the file and says "ahh! This file ends in .exe! I know how to open this!" and executes the file. The user is thusly infected ;)

      Of course, there is no prompt: who wants to see a prompt every time they navigate to another page on the web? And who wants to see a prompt every time they double-click an executable file in Explorer?

  • Exploit (Score:5, Informative)

    by Anonymous Coward on Wednesday January 28, 2004 @04:47PM (#8116379)
    This appears to use the MS CLSID as the target. To find the CLSID for any file type, simply look in the windows registry in HKEY_CLASSES_ROOT. If you attach the CLSID to the end of the filename, windows will hide this from you completely. Thus, if you request a file iloveyou.vbs.txt.{5e941d80-bf96-11cd-b579-08002b30 bfeb} - it will show up as a text file. Other holes would allow the web site to hide the .exe, vbs, etc part of the file name. In the past, the workaround for this was the big IE warning that you were downloading a harmful file... however this is now undermined.

  • Mozilla Firebird (Score:4, Interesting)

    by Peredur ( 597190 ) on Wednesday January 28, 2004 @04:50PM (#8116426) Homepage
    It appears that Mozilla is only partially safe from this type of bug. When I went to the test page it still showed up as being a pdf in the filename field but identified as a html file. It then asked me what I wanted to do and defaulted to "open with mozilla firebird". This bug may be bigger than reported.

    • Re:Mozilla Firebird (Score:3, Interesting)

      by pacsman ( 629749 )
      When I went to the demonstration site and clicked the link in Mozilla 1.5 it showed the file name as "ie.%7B3050f4d8-98B5-11CF-BB82-00AA00BDCE0B%7DSec u nia_Internet_Explorer%252Epdf" and asked what to do with it, by default saving it to disk. Even if you were an internet clueless person somehow using Mozilla this still doesn't seem as dangerous if for no other reason than the bizarre filename, which doesn't look the least like it's a .pdf file. On IE it asks if you want to download "...Secunia_Internet_E

      • Re:Mozilla Firebird (Score:3, Interesting)

        by GoofyBoy ( 44399 )
        >this still doesn't seem as dangerous if for no other reason than the bizarre filename, which doesn't look the least like it's a .pdf file.

        It does look like a pdf file.

        "something ending with the letters pdf. It must be a pdf file. Lets just run it."

  • Redundant headline (Score:5, Funny)

    by DocSnyder ( 10755 ) on Wednesday January 28, 2004 @04:55PM (#8116500)
    "Another Serious MSIE Hole" could be shortened a bit:

    • Another - unnecessary.
    • Serious - less serious holes don't get any attention.

    What's left: "MSIE Hole".

    • Hole - what else?

    Still left: "MSIE"

    As most serious security problems affect MSIE, it can be omitted as well. The least redundant informative headline would be:

    • ""

  • Another? (Score:3, Insightful)

    by djupedal ( 584558 ) on Wednesday January 28, 2004 @05:03PM (#8116612)
    Infoworld claims the result could be 'devastating'"

    I claim the result of MS on the world to be 'devastating'.

    There. The 'cut-to-the-chase' summation of where this thread should eventually go.

    How many times to do we have to be reminded of the vulgarity that has seeped out of Redmund since the beginning?

    hi/HELLO/Error/Status/The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

  • If you aren't (Score:3, Interesting)

    by Apreche ( 239272 ) on Wednesday January 28, 2004 @05:04PM (#8116627) Homepage Journal
    This is just another opportunity to check and make sure. If you are still using IE, switch to Firebird [mozilla.org]. Now. If you don't see the obvious benefit [mozilla.org], something is wrong with you. If anyone who still insists on using IE reads this post, please tell me why you wont switch. I really want to see what people are thinking who are still using IE. There is really no excuse anymore in my eyes.

    Really, I'm genuinely interested in reasons IE users are still using IE. I just can't comprehend what you're thinking.

  • Suggestions? (Score:3, Interesting)

    by EvilOpie ( 534946 ) * on Wednesday January 28, 2004 @05:05PM (#8116643) Homepage
    I know this isn't an ask slashdot topic, but does anyone have any tips for how to get people to switch from IE to Mozilla/Firebird? I just don't understand why I can't get people to change, and Lord knows I've tried.

    I don't understand it, I really don't. I've seen people complain about viruses, bugs, pop-ups, and ads, and yet when I suggest that they go with Mozilla, they don't want to switch. Why? "Because IE's there." Or "because Mozilla takes too long to load." "Using quickstart isn't worth it because IE starts when the system does, so why run two browsers at the same time?" But yet they'll complain about a 5 second load time for Mozilla, when they'll spend more time than that closing pop-ups and resetting their homepage from where someplace changed it. I've even come across the situations where people won't switch because Mozilla had a different print screen (even though I used an IE skin so the rest looked the same), and one didn't want to use it because when you opened a "new" window, you didn't get the old window in it. Even after I showed them the clone window extension (which is pretty close to the same functionality), he didn't switch. It's just frustrating.

    It's sad, Microsoft has people so brainwashed that they'll complain until they're blue in the face that IE sucks, and yet they won't switch unless you put a gun to their head. So does anyone have any suggestions for just how to make them switch? (without actually putting a gun to their head)

    • Re:Suggestions? (Score:4, Insightful)

      by Baron_Yam ( 643147 ) on Wednesday January 28, 2004 @05:51PM (#8117313)

      Convince the IT manager to let you demo Mozilla for them. Use the Windows skin, and whatever plugins you wish to make it as IE-like as possible.

      Assuming you convince the manager, continue on with testing Mozilla for compatibility with every critical bit of software the company needs.

      If that works, take the results of your exhaustive tests, add in a report on what problems you're solving by abandoning IE, and get the IT manager to sell it to the Director.

      Now, once the Director makes it policy, you can force the rollout on the users.

      This doesn't work with friends and family, of course, but I am involved in this very process right now at a client site where they are getting quite fed up with security advisories, but aren't ready to move from the Windows OS yet. If I win with Mozilla, I'm trying OpenOffice next.

  • Thank You Microsoft! (Score:3, Funny)

    by Luscious868 ( 679143 ) on Wednesday January 28, 2004 @05:07PM (#8116670)
    Thank you so much for the wonderful idea of fully integrating your web browser into your very secure and stable operating system! Windows XP is simply a joy to work on. I absolutely love it when I'm browsing the web and Internet Explorer crashes, which causes all open windows, including those that have nothing to do with your wonderful little browser, to close as well. What a well thought out idea it was to integrate the browser into the operating system!

  • So, is this really unfixable? (Score:4, Insightful)

    by ru-486 ( 73117 ) on Wednesday January 28, 2004 @05:08PM (#8116681)
    Quote from the article:

    "The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer's viability as a browser."

    They claim that this bug appears to be unfixable while not really providing evidence to support the claim other than implying that if it was indeed fixable Microsoft would have fixed it already.

    Is this just FUD?
    For the love of god I'm sick of patching. Thankfully we are using Microsoft Software Update Services which I highly recommend for automating your MS patching needs. (Hey it's free and works)

  • New Acronym: "A.S.S. Hole" (Score:5, Funny)

    by tds67 ( 670584 ) on Wednesday January 28, 2004 @05:15PM (#8116769)
    Another Silly Software Hole.

  • Work around for thos of us stuck with M$ IE... (Score:3, Informative)

    by PSaltyDS ( 467134 ) on Wednesday January 28, 2004 @05:34PM (#8117063) Journal
    I was trying the DEMO PAGE [secunia.com], and noticed a minor work-around. The article says to save the file to disk before believing what it claims to be, which is sound advice, but you don't have to get that far to see something is wrong. As soon as you click on the link a "File Download" dialog is presented asking what to do with it. If you click on Open, based on the fake file extension displayed... your're screwed. If you click on Save, the next dialog box shows the true file type in the "Save as type" box.

  • Oh, it'll all blow over... (Score:5, Insightful)

    by ch-chuck ( 9622 ) on Wednesday January 28, 2004 @05:36PM (#8117091) Homepage
    It always does. We've been thru dozens of these 'devestating' quality issues and the victims just queue up at Local Computer Store to buy another one. That's why they keep legions of hungry microsoftie out there to clean up after the latest worm de jour, meanwhile the gazillionair will be awarded a Nobel Peace prize or something.I mean, cheezus, it's only software - it's not like people are getting killed in poor quality cars or anything. Everybody knows you should backup important data anyway so just chill out and obey old your pc overlords.

  • Microsoft suggests customers stop surfing the net.

    In response to flaws recently exposed in it's software Microsoft has suggested that customers stop using hyperlinks -- the core feature of the World Wide Web. The bugs, which were exposed in the last few weeks, allow scammers on the net to make their website links to look like a legitimate site (e.g. Microsoft, Ebay or Visa), where they can then ask for identifying information, card numbers and passwords, or cause you to launch executable programs that Internet Explorer describes as more innocuous types (e.g. PDFs).

    Rather than immediately releasing a bug fix, Microsoft is now suggesting that users no longer click on web page hyper-links. Their suggested solution is that users manually type in any web address they want to visit in the menu bar.
    .....

    Other web browser providers (e.g. Mozilla) claim that their browsers are not susceptible to these bugs, and claim that users surfing the web with their browsers are not subject to these problems.

  • Factory Browser (Score:3, Insightful)

    by Cytlid ( 95255 ) on Wednesday January 28, 2004 @05:47PM (#8117258)
    Isn't a browser that comes with the computer, or comes with the operating system kinda like a radio that comes "stock" with a car? And we know what sort of quality those are...

  • Original post by http-equiv to NT-BugTraq (Score:3, Informative)

    by Helevius ( 456392 ) on Wednesday January 28, 2004 @05:48PM (#8117267) Homepage
    The original post by http-equiv is found on NT-BugTraq [derkeiler.com].

    Helevius

Slashdot Top Deals

BLISS is ignorance.

Close