Corporate Servers Spreading IE Virus [Updated] 1028
uncadonna writes "ZDNet is reporting that corporate web servers are infecting visitors' PCs. The combination of two unpatched IE security holes and hacked corporate websites is apparently distributing malware via
several high-credibility sites. ZDNet says users have 'few options' other than alternative browsers or platforms." Update: 06/25 14:50 GMT by J : A reader points out Microsoft's What You Should Know page. Here's the short version for avoiding this Critical severity attack: you must install add-on software, and change multiple settings in multiple programs, thus causing "some Web sites to work improperly." By changing more settings, you can regain functionality for a particular site if "you trust that it is safe to use," which you have no way of knowing. Or try Firefox. Update: 06/25 19:30 GMT by J : Reuters reports the attack installs a keysniffer which can steal credit card numbers, passwords, and so on. The story offers safety tips, but fails to mention that, after patching the hole, many users will be infected without their knowledge. Shouldn't the "fix" include ceasing to type anything important into your computer until you purchase software which can detect and remove the Trojan? And will you be downloading that software with Mastercard or Visa?
Firefox (Score:2, Insightful)
Go get Firefox Firefox [mozilla.org] now!
Wonder How Microsoft Will React (Score:5, Insightful)
However, I doubt Microsoft will do anything for at least two months. Hopefully by then a major news source will pick up the story and everyone will hear it.
FUD ? (Score:4, Insightful)
I however think that besides nda policy or whatever, they should give the names of the sites that should be avoided for security reason.
I'd personally advise the corporate DNS maintainer to redirect these to somwhere safer.
This could finally be it (Score:5, Insightful)
But as bad as this may be this might also mean that finally more and more people and institutions will come to the conclusion, that a global infastrcuture depending on one product from one company simply isn't the way to go. Especially if this company has such a horrid track record when it comes to security.
one thing I never get... (Score:4, Insightful)
They won't list the sites (Score:5, Insightful)
"There's a pretty wide variety," he said. "There are auction sites, price comparison sites and financial institutions."
The Internet Storm Center, which monitors Net threats, confirmed that the list of infected sites included some large Web properties.
"We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched," the group stated on its Web site.
WHY NOT? I've been trying to think of a reason NOT to list the sites infected, but I can't think of a good one. "To prevent further abuse"???? Wouldn't giving the public NOTICE about these sites help prevent more infections by having people NOT go to those sites?
Re:FUD ? (Score:3, Insightful)
They could be sued for lost business if they released the names. The compromised sites could fix their problem, but the warnings would still be out there, hurting their business.
It sucks, but that's the way it is.Re:Wonder How Microsoft Will React (Score:5, Insightful)
Very very few. I've got firefox installed on my family computer. Despite them getting infected with adware and spyware through IE, none of them want to use firefox. I've asked them many times, and even gone to the point of deleting IE, but their resillence to use anything else forced me to put it back on (amongst other reasons).
However, while Mircosoft are normally very good at patching these secuirty faults, this time they have totally failed. The blame doesn't rest with stubborn users who refuse to switch. The blame rests with Microsoft's inability to provide a patch in time.
Once they do supply a patch, it will then turn into the case of a supid user who doesn't patch. (and my server's apache logs show this, I'm still getting attacked by Code Red from infected servers who have not been patched).
Hopefully Microsoft will adapt to the pressure created by the users not being happy with the situation and release a patch.
Then again, looking at the age of IE and the number of requests to make a better version added to the time its taken them to respond, I'm stating a pool for those who want to bid on the release date of the patch. All dates start from 2005 onwards...
NeoThermic
Hello? Use Firefox! (Score:4, Insightful)
But How Many People Will Switch? (Score:5, Insightful)
He'd rather have me wipe spyware and adware from his machine than deal with it. It's a symptom of having w3schools.com graduates making web sites in Frontpage that only work on front page.
Of course, now IE doesn't work at all, so he runs AOL through his broadband connection to surf the Internet.
And yes, I have since stopped wiping adware/spyware from his machine. I told him if he wasn't going to buy a machine that didn't get the stuff, or use a browser that was secure, he can deal with it himself.
public health comparison? (Score:4, Insightful)
If there was a public health risk - such as biohazardous material - even in a private storefront - the city or state would close off the area and warn people not to go there. Yes, you might have people wanting to go anyway, but they've been warned.
I know the analogy isn't all that great, but it's the best I can do right now.
I call bullshit (Score:5, Insightful)
I don't buy it.
If your goal is to have the problem fixed, then name names, contact the affected companies so they can fix it (or have their contracted webmasters fix it) and move on.
The whole thing stinks of FUD tactics, and the last line in the article seals it for me: Puleeeeeze
--
Re:yes (Score:5, Insightful)
The great firewall of ... Western countries (Score:2, Insightful)
Besides... AKs aren't allowed over here
Re:They won't list the sites (Score:3, Insightful)
As big a fan of MS as I am (the email address above really is valid), I truly hope this doesn't turn out to be as big and nasty as it looks so far.
Re:But How Many People Will Switch? (Score:1, Insightful)
You're an enabler of his poor behavior.
Seriously, use mozilla, not firefox; at this point is the better browser. As far as things not working, get him to show you which sites don't work.
Re:what sites are infected? (Score:5, Insightful)
Avoid them? Hell, I'd start by blocking them on my web proxy immediately until I get the all clear. We've got thousands of desktop users running IE. This could get nasty.
Because it would make me ANGRY (Score:5, Insightful)
Re:public health comparison? (Score:4, Insightful)
I'm so happy (Score:3, Insightful)
Just yet another "security" problem than I won't have to care about. Ahhhh.
Re:They won't list the sites (Score:5, Insightful)
Nope, I think the real reason is protecting the businesses.
Even if the sites' admins had aleady removed the infecting code, a "dangerous sites" list like that would likely prevent many potential visits to the site for weeks to come.
Re:Wonder How Microsoft Will React (Score:2, Insightful)
Re:MSN Search is infected (Score:3, Insightful)
You can download the trojan from here:
http://search.msn.com/msits.exe
There is no file there
Maybe someone at MSN Search reads slashdot?
Hello? If you're reading this Mr MSN Search, you might like to check out this cool site [google.com].
Re:Wonder How Microsoft Will React (Score:3, Insightful)
Re:Because it would make me ANGRY (Score:3, Insightful)
And this is a good thing... because? Why the hell shouldn't these companies be exposed as unable to keep their servers secure, and why the hell shouldn't they be angry at Microsoft for their buggy software?
These companies should be forced to take responsibility for infecting their customers' PCs: it's the only way they'll be likely to be more careful in future.
Re:Wonder How Microsoft Will React (Score:5, Insightful)
Who I am beginning to hope will start to react to this kind of thing is our governments. As we depend on the WWW/Internet for so much of our daily lives, I think it's time for a summit to be called about improving the state of "Information Superhighway". This particular highway is beginning to look like one of these roads you hear about in Afghanistan where you can't get from point A to B without something nasty happening.
What we need is a solution to the monoculture of Microsoft and not just another fine (like what recently happened with he EU) that MS will just write off in their next quarterly statement. We need them to skip the fines and simply say: Fix your crappy software or we will shut you down. It will never happen, of course.
Re:Another nail in Javascript's coffin (Score:2, Insightful)
Let's see Microsoft astroturf this! (Score:3, Insightful)
Secondly, this puts the lie to the most common Microsoft trolls here every time a new virus/trojan outbreak occurs:
1. Viruses are spread by clueless lusers that click on e-mail attachments. No luser inteeraction seems to be needed here, just browse on by your favorite corporate web-site!
2. If everyone kept their systems patched, there would be no way that viruses like this could spread. Microsoft has known about the IE vulnerabilties used in this case for months now and still hasn't released a patch! To be fair, the article also says that Researchers believe that attackers [may] seed the Web sites with malicious code by breaking into unsecured servers, so an IIS vulnerability that has previously been patched might be part of the problem here, but that still leaves no excuse for the unpatched IE vulnerabilty!
3. Virus writers always use disclosed patch descriptions to determine how to write new viruses; none of them are capable of finding and exploiting vulnerabilties on their own. Note that the article says this may be spread by using a previously unknown vulnerability in Microsoft's Web software, Internet Information Server (IIS).
4. Up-to-date anti-virus software is sufficient to stop these exploits. The article says: the malicious program uploaded to a victim's computer is not currently detected as a virus by most antivirus software.
Nothing else needs to be said.
Re:I thought ZD were MS shills (Score:3, Insightful)
sPh
RTFA "To prevent further abuse" (Score:5, Insightful)
What if it is a Zero day exploit on IIS. There is no fix yet. Admins are struggling to clean the servers, but have no clue if what they did to prevent whatever is going on, actually works. Criminals all over the world will be searching for clues on what the exploit is and will want to actively exploit it as well. We don't know what is going on, so it might be possible to put a nice little rootkit undetectible on the server and later use it for interesting purposes. By not naming the sites they are putting an extra, albeit thin, layer of protection around the sites. The list of websites for criminals to target, will be much longer than it could have been if each and every site that was affected would be named on the internet. Most sites are (hopefully) clean right now, so the public is not at risk, but until we know what goes on, the server sure is.
Re:not detected by AV software? (Score:3, Insightful)
There's one thing that distinguishes most spyware from what historically would have been classified as viri or trojans... EULAs. Often, the EULAs are cloaked in various ways and trick the user into agreeing to them, or play various tricks with the online equivalent of "shrinkwrap agreements", but one way or another, they're there. Would any sane jury ever actually uphold a EULA promising to deliver targeted advertising in return for the "service" of notifying the contacts in one's address book of free porn, particularly if it were buried in the middle of a EULA the length of __War_and_Peace__? Probably not. But that doesn't mean companies behind it wouldn't go after Symantec anyway and force them to bear the expense of defending themselves against hundreds and hundreds of lawsuits filed against them in every jurisdiction of the world.
Of course, lawsuits against them for helping users to breach EULAs is just one possibility. In common-law countries, actions for libel are another possibility. God only knows what they could be sued for in a civil-law country.
It's the same reason why DELL's tech support refuses (or at least did as of a few months ago... not sure of their current policy) to assist with spyware removal.
Remember, most companies that financially support spyware are on the shady side anyway. For companies like them (can we say, "Sco?"), selling goods and providing services are just ONE element of their money-making plans. They view things like, say, suing their own victims, as a perfectly legitimate strategy.
Re:Wonder How Microsoft Will React (Score:3, Insightful)
Why not? Very good alternatives are available, and you're even ready to install and configure for them?
If they don't even want to try them, then they shouldn't bitch about the spyware etc at all. They choose not to seriously look at alternatives. You can hardly blame MS for that.
Very few sites actually need IE (internet banking here in the Netherlands is one example). For those sites, if they use them, keep IE around.
Re:I call bullshit (Score:2, Insightful)
Re:I had been infected. (Score:2, Insightful)
Re:Wonder How Microsoft Will React (Score:2, Insightful)
Re:Wonder How Microsoft Will React (Score:5, Insightful)
Its fairly simple where the blame lies here. With Microsoft. No matter how you view it, by not providing a patch, they are the ones to blame. If there was a patch avalible, then yes, blame the users.
If its still hard to see, consider this.
Say a car had a problem by which it would be easy to break into even when locked, without any signs of breakin. You would *expect* the manafacture of the car to recall all the cars and fix them. If they didn't then the blame (and possible lawsuits) lie with the manafacture.
Its the same with this instance. You would *expect* Microsoft to release a patch ASAP. They haven't and thus the blame lies with them.
NeoThermic
Re:Education (Score:5, Insightful)
--
Okay, here we go.
First, you need to download a decent web browser. The #1 cause of all that spyware is Internet Explorer allowing websites to automatically install things. (its from all that porn browsing you do.)
Try firefox. Its only 5 megs to download, and its the most simplistic web browser available. You will get no popups. Its very popular, even among non-computer-obsessed folk. My mom uses it.
http://ftp.mozilla.org/pub/mozilla.org/firefox/
Now, I assume you are getting wacky popups and stuff, even when not webbrowsing.
You need to install some spyware killers.
I reccomend Spybot and adaware. These two are will rip through your pc, killing spyware dead. Blam. It may kill some software you like, but its for the better. There will be something out there that can replace anything you have to get rid of. Oh no, no more gator cursors. Whatever. Deal with it, or dont get online ever again.
http://www.safer-networking.org/index.php?page=
http://www.lavasoftusa.com/software/adaw
If those sites arnt working, you can always try "spybot download" and "adaware download" in google.
Then, on top of THOSE. (I know, I know) You need to run a virus scan proggy. Try AVG, its free and better then McAffe
http://www.grisoft.com/us/us_dwnl_free.ph
and last, but almost definitely not least, Windows Update.
Open up IE (you have to use IE for this) and go to www.windowsupdate.com Have MS scan your computer and install all the security stuff. Then reboot. This may take a long, long time, but it is the most crucial step.
comprehensive enough?
--
Re:Another nail in Javascript's coffin (Score:3, Insightful)
Re:Wonder How Microsoft Will React (Score:5, Insightful)
And just WHY should CNN, or any other news service, "push" one product over another? What possible interest could they have?
What is needed is for people (Slashdotters???) who provide "level one" tech support to family and friends to do what I did on my fiancee's computer about three weeks ago.
Her installed IE would crash while launching and ask if she wanted to send an error report to MS. I ran ad-aware on her box and found about a dozen "browser hijacks" in amongst all the malware cookies, etc. I removed them, removed all the "Shortcuts to IE and Outlook Express from her desktop, installed Firefox and Thunderbird (along with the AdBlock and Things They Left Out extensions and a theme she liked), then made sure they were set as the default browser and mail program. Next I imported her Inbox from Outlook Express into T-bird. Finally, I turned on pop-up blocking and showed her how to use AdBlock to block ad servers.
She's been happy as a clam ever since. To quote, "Getting on the 'net is fun again."
Don't ask the media to do our job for us.
Anyone else find this troublesome? (Score:2, Insightful)
What good is publicly acknowledging that there are some major sites that are infected if they wont tell us which? Are they worried about the large sites' reputations? What about all the users that are going to be infected because they weren't made aware of which sites to avoid with IE?
I'm on a company system and don't have priveleges to install Firefox, and I doubt I'm the only one.
Re:our governments... (Score:1, Insightful)
Dont encourage them.
Re:Microsoft Published Workaround (Score:2, Insightful)
Step 1: Set Your Browser Security to High
Yes, this will break a lot of web sites.
Step 2: Add Safe Web Sites to Trusted Sites
We know that even popular high-profile web sites are at risk so we cannot add any sites to the trusted zone.
Step 3: Read E-Mail Messages in Plain Text
Marvellous.
Step 4: Block Pop-Up Windows in Your Browser
Add third party product to correct IE flaws.
This is the Internet Experience as supplied by Microsoft: web pages with all fancy features turned off and plain text email. Might as well run mutt and lynx on a Unix based OS.
tough love (Score:5, Insightful)
Re:Wonder How Microsoft Will React (Score:5, Insightful)
A much better approach would be to sit down with the users with both browsers, and surf to good and bad sites with both to demonstrate the differences.
Re:Wonder How Microsoft Will React (Score:5, Insightful)
So the only recourse to introducing the new software is to *trick* people into using it? Doesn't sound like a very effective (or fair) argument.
Re:Wonder How Microsoft Will React (Score:5, Insightful)
May I ask why? Your users (family) are obviously telling you something: they don't like your solution. In addition, if you're actually deleting IE (not just removing the icon) you're probably breaking a lot of apps like Norton Antivirus that requires the MSHTML.dll (among others), making things worse.
Always make new software an option, not "trick" the user or remove their old software. Explain the reasons for the change and the benefits of the new software. If they don't find any, obviously your argument doesn't hold as much weight as you thought it would.
Re:Wonder How Microsoft Will React (Score:3, Insightful)
THIS is a technology expert?
Re:What's it going to take to make people switch? (Score:3, Insightful)
So they quick bought spyglass, renamed it I.E., knitted it into Windows 98. To get around "bundling" provisions in Anti-Trust law they wrote the browser into the OS as the file manager. This "functionality" is the infection vector used by most viruses. Since you use it to browse your files, as well as the Internet, the software requires far more privileged access to the OS than any Internet-Only browser would require.
File this under Evil and Rude [catb.org].
Re:yes (Score:3, Insightful)
Re:Wonder How Microsoft Will React (Score:2, Insightful)
CEO: I have just recieved word that our ERP package won't work with your new browser. We have lost millions is lost time and revenue.
IT Manager: Uhhh, but were more secure.
CEO: YOU ARE FIRED !!!!!
Re:Little things (Score:5, Insightful)
IE works.
Well, the fact that you can become infected with a trojan simply by VISITING a web site, with no user interaction at all required, tells me than NO, IE does NOT work.
But that's just a reflection of my personal criteria for whether or not something works.
Re:Wonder How Microsoft Will React (Score:3, Insightful)
2.) Even IF the CEO was involved, I'd hope he/she would ask questions like "Do any of our critical pieces of software besides web browsing require IE libraries? What kind of downtime are we looking at to install on several hundred/thousands machines? What kind of training?"
Switching browsers isn't easy for a corporation.
NetSec's Houlahan advocated drastic action: (Score:5, Insightful)
Uh, use a different browser...remind me to never buy anything NetSec says (whoever they are)or sells henceforth.
Re:Microsoft Published Workaround (Score:3, Insightful)
Re:Wonder How Microsoft Will React (Score:2, Insightful)
Cool. Once this exploit is installed, the haX0rs are automatically authenticated on your company's intranet applications.
Re:Wonder How Microsoft Will React (Score:3, Insightful)
Do you know what their interests are online? If you can find out what they like to do, you can show them how Firefox makes it better.
Let me give you an example. I got my entire family, including my mom!, using Firefox, but it wasn't by removing IE and saying, "Firefox is better."
I did that many times, though, and got frustrated because each time no one would switch. But then one day I was browsing a news site and opening a bunch of links in new tabs and I realized how I could get my family to switch. My mom loves to go read news sites, and message boards and I realized that this would be a perfect use for tabs. So one day I installed it on her computer, had her come over then I opened a couple of her favorite sites then demonstrated how to open news articles in a new tab. She was an instant convert and hasn't gone back since. She even commented that it was much faster, and easier to use.
If you really want your family to switch, I don't think just telling them it's better is going to make them jump ship and use Firefox instead of IE. What we need to be doing, IMHO, is looking at our target audience, seeing how they surf the web, then show them some way that Firefox makes it better. People will switch if you give them a reason and make it painless. Install Firefox for them, show them how to use it for what they do, then let them sit down and use it with you and I would bet that you would have an instant convert.
MHO, of course...
Re:yes (Score:3, Insightful)
It may not be informing anybody here, but it is a good article for those of us trying to initiate changes in internet policy. We can show it to our management as a reason to say "See! This is why we need that proxy server!" or "This is why we should switch to Opera!" or any other change.
I for one... appreciate the ammunition. (Bet you thought I was going to welcome our new browser overlords, didn't you?)
Re:Wonder How Microsoft Will React (Score:3, Insightful)
I agree with this to a certain point. I think that given small scale problems, government is not the place to look for a solution. But you have to admit the problems of the Internet are becoming wide-scale. Most of the email that now moves around is spam. Most of this is moved by zombied PCs running Windows. Most of the spy ware, malware and other maladies out there take advantage of flaws in Windows. 90%+ of all PCs in the world run Windows. Microsoft is a monopoly. Monopolies cannot be fixed by market forces - because they fix the market. If government can't fix it, and the market is no longer capable of doing it, then who/what will?
Re:Wonder How Microsoft Will React (Score:5, Insightful)
I don't think they should push one product over another, but I would love to see them identify the product & vendor of the vulnerable software. Too often these stories are very generic, saying that the virus infects your computer when you visit a website -- whereas they should say that the virus infects Microsoft Windows(tm) when you use Microsoft Internet Explorer(tm) to visit a website.
In addition, rather than saying that you should just keep your anti-virus software up-to-date, they should offer the useful tidbit that the virus could also be avoided by using alternatives the vulnerable products. They don't have to mention Opera or Mozilla. They don't have to mention Linux or MacOS X. Just let the users know that there are other things they could do beyond paying Symantec (et al) for a more recent anti-virus package.
What's possible interest could they have in doing this? To inform. That's a novel concept for a news source, I know...but I'd still like to see it happen now & then.
Re:Wonder How Microsoft Will React (Score:3, Insightful)
And just WHY should CNN, or any other news service, "push" one product over another? What possible interest could they have?
A commercial interest. AOL/Time Warner owns both CNN and Netscape.
Re:Wonder How Microsoft Will React (Score:4, Insightful)
Re:Don't Forget Opera (Score:3, Insightful)
Rant at other people complaining about it not being free:
Just because IE is free and open source doesn't have a choice doesn't mean that something you have to pay for is not worth paying for. If this held true why would anyone use any peice of software that had a free alternative? I'm not saying that Mozilla or Firefox aren't good, but I am saying Opera offers something for a price that some people will be willing to pay (or live with the non intrusive text ads).
Re:Liability of sites that recommend IE? (Score:2, Insightful)
What would be nice is to whip up a quick, standardized text that we could email to every webmaster we find the "best viewed with IE" tag on.
Something like:
Dear Webmaster:
While visiting your site, I noticed that it expresses a preference or requirement to view the site using Internet Explorer. I would like to suggest that you make the web page standardized so that any standards-compliant browser can view its complete content.
The World Wide Web Consortium (www.w3c.org) provides specifications and guidelines for web standards. Most mainstream web development tools, with the exception of Microsoft's FrontPage (which uses proprietary code which might only work in its own product, Internet Explorer), are designed to be in compliance with these specifications.
Internet Explorer has been proven time and again to be an insecure product, and is a large cause of malware and other security problems on clients' machines. While specialized code developed to work exclusively in Internet Explorer might be convenient, it may be harmful to the users who view your site.
Please consider using another tool or adjust your web design practices so that the resulting pages may be viewed with any standards-compliant web browser.
Re:one thing I never get... (Score:3, Insightful)
First of all, their product costs are near zero; remember, there's not really a pill that makes your penis huge. Sugarpills are pennies per thousand. Add a B&W label and a plastic bottle, and you have a product with a net cost of about $0.50.
Second of all, this assume you get sent a 'product' at all. Who are most of these clowns buying drugs going to call if they spend $100 on x.a.n.a.x from and get nothing? The cops? "Ahh, yeah, I mail-ordered some Vicodin and I didn't get anything....no, I don't have a perscription to take to Walgreen's....uhh, I'm under arrest? Shopping for narcotics without a prescription is a felony?"
Thirdly, where do you think your credit/bank/identity information goes when you "buy" something from a spammer? Into their encrypted database at their multimillion dollar secure hosting center staffed with highly trained, background-checked professionals? No, it gets resold to scam artists and theives who bilk your cards and then sell what's left of your identity to pros who work it over even harder.
So for every $100 "sale" that even ships a product you have about $95 in profit, another $500 in credit card fraud (double/triple charged), an identity resellable to identity theives for maybe $1000 if you do it quick before the victim cancels the card (which can then be bilked for another $1000 or more if you can do some quality ID theft).
So there you have it -- $2k pretty easily from a single sale. How many of those do you have to make before it's considered profitable? 3? 10?
story (Score:3, Insightful)
I do NOT fix peoples cars now, or even offer advice beyond telling them (anyone, this is true facts now) to just buy older cars without ridiculous computer crap on them and just replace the engine or transmission or whatever when it gets completely worn out. Much cheaper and better for them and less hassle for me.
Re:one thing I never get... (Score:3, Insightful)
Spammers don't care whether people buy products through spam. They're not selling to you. They're selling "marketing services" to people too stupid, lazy or unethical to care about the overall effects of their actions.
Re:Liability of sites that recommend IE? (Score:2, Insightful)
Generally speaking, one should always ask nicely. But I think you're overdoing it here. These sites are exposing their customers to risk. Under the circumstances I think one is justified in being a little more direct. Perhaps replace this by:
As a user of your web site, I object most strongly to your faulty web-site design, which compels your users to expose themselves to security problems.
Re:Wonder How Microsoft Will React (Score:5, Insightful)
The problem is that most people think that that Blue E == The Web == The Internet. E.g. many don't see they're also using internet when they're e-mailing. When you say "I'm gonna remove IE and give you firefox.", they think "He's gonna remove my internet access for some fire security reason! Ahrg!" They somehow just can't grasp what the internet is. What they see is the web, therefore they assume that the web == the internet. To start 'the internet', they click the blue E, therefore they assume that the blue E == the internet.
Somehow you've got to educate those people that The Internet != The Web != Blue E. Now you're just abusing their primitive assumptions. ;)
Re:Wonder How Microsoft Will React (Score:1, Insightful)
How many people do you know that refer to bandages as "band-aids" or tissues as "kleenex" or spreadsheets as "Excel" or operating systems as "windows".
Have you ever set up software on an executives machine (CEO for instance)?? You'll start calling everything "Explorer" too, because you will say "This is Firefox it's more secure blah blah" and he'll say "okay great". Then next week you'll hear "I'm having trouble with Explorer". And you'll think "Whoa, did he figure out how to run it", buy it will be firefox. It can say firefox in huge flaming letters and he'll still call it explorer.
You're doing them a FAVOR by keeping things simple. Hell, even I used to call all P2P services "napster" for a while, e.g. "just get it off napster".
Most people don't *care* about this stuff. It's just more words on the screen.
Re:Okay, just this once: (Score:3, Insightful)
Protect the Corporations from Further Abuse (Score:3, Insightful)
That's great an all, but what about protecting the users, which can mount to millions of IE users being infected, because they aren't willing to say..."This week don't visit: eBay, Bank of America, etc., etc."
I'd say its more important to protect the uninformed masses of millions of IE users that they need to not visit 25-50 websites for a week, or switch web browsers, then it is to protect those 25-50 websites.
Monopolies create their own competition (Score:4, Insightful)
Re:yes (Score:3, Insightful)
Oh, and by the way, I just tried cbs.sportsline.com and had _zero_ problems with firebird 0.9 under Linux and MS Windows.
Now go back to your popups, spyware, adware and expliots in IE.
Re:One major issue with Mozilla..... (Score:2, Insightful)
Seriously, that's the best way to keep all the data safe and backed-up. Indeed, if you can afford a GigE LAN (not all that expensive anymore, but if not, a Fast Ethernet LAN will do well enough), you can run thin clients and run everything off the server, like they do in Largo, Florida. If you're not an all-*nix shop, that must be possible with Windows, too.
While some people might squawk a bit, in truth, most users do not need a full-fledged PC on their desk as work. All the apps they need (or that you want them to have, at least) should be provided by and controlled by the IT department. It's the only way to keep your network safe. Developers might need a full-blown PC, but stick them off on a LAN segment firewalled off from the rest of the PCs, because just being a programmer doesn't mean you won't soon have your machine burdened with 400 pounds of malware and sporting all the latest viruses, too. I think we've all seen programmers who can write code but don't actually know squat about computers or how to keep them secure.
So hand a thin client to everyone you can. They'll get used to it, and you'll save a bunch of money.
You can build one, or if you want to see a nice turn-key system, take a look at a Sun Ray. Sun employees have a card that they stick in the reader on the Sun Ray (and a userid and password I would suppose, or the person with your card 0wnz0rs joo) and their