Forgot your password?
typodupeerror
Bug Microsoft Security

Microsoft to Issue Out-of-Cycle Patch for IE 391

Posted by CmdrTaco
from the download-reboot-repeat dept.
rsw writes "Microsoft will be breaking their normal patch cycle and issuing a patch for the Download.Ject attack (a.k.a. Scob). They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob." Note that this does not mean that they are replacing IE with FireFox.
This discussion has been archived. No new comments can be posted.

Microsoft to Issue Out-of-Cycle Patch for IE

Comments Filter:
  • by Mz6 (741941) * on Thursday July 29, 2004 @02:59PM (#9835034) Journal
    Seems as though all of the exploits coming out against IE has finally got to them. I've counted about 5+ just from the Full Disclosure and BugTraq mailing lists in the past few weeks. All of them different in nature of thier attacks.
    • by EnnTeeDee (799496) on Thursday July 29, 2004 @03:08PM (#9835185)

      "Our [Microsoft IE] users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," Hachamovitch said.

      Umm, yeah, we should (in a perfect world) be able to have confidence that the biggest software company on the planet puts out the best product. But Microsoft is too big and juicy a target to inspire confidence.

      We also should be able to trust our elected leaders to be able to spend our tax funds wisely, but I'm not holding my breath on that either.

  • Wow (Score:5, Insightful)

    by Anonymous Crowhead (577505) on Thursday July 29, 2004 @02:59PM (#9835035)
    The released a patch when it's needed, not when it's scheduled. How novel.
    • Re:Wow (Score:5, Informative)

      by chrisgeleven (514645) on Thursday July 29, 2004 @03:04PM (#9835118) Homepage
      Except this patch was needed a few weeks ago (and the exploit if I remember right has been known for months).
      • Re:Wow (Score:3, Interesting)

        by Anonymous Coward
        But didn't MS say it's the patches that cause the exploits?

        Plus the patch won't be ready till NEXT week.
        Normally MS doesn't PR their minor patchs. Maybe their Service Packs, but i don't really know.
        So, how much of this PR stunt has to do with what Home Land (in)Security had to say about IE?
    • Re:Wow (Score:5, Insightful)

      by EtherAlchemist (789180) on Thursday July 29, 2004 @03:44PM (#9835698)
      I'm only playing devil's advocate here, but it's possible (likely?) that Microsoft suffers from internal politics, like many other software companys, that actually work against the process.

      I work for a software company where fixes to bugs on live products are held up for weeks and months on end while managers seek the person to blame, assign blame, come up with a plan to make the fix, revise the plan to include 8 other random and unrelated things they want to fix, slap them into one rollout that will now require 6 developers on 3 teams and 4 QA guys who will follow the spec to the letter (even if it is mispelled) and file 200 new bugs. This cycle goes on for a month or so and by the time the fix is released, a dozen other problems have surfaced and been deemed not important enough to fix now. Afterall, we just had a hariy cycle trying to get the last fix out.

      Now, the way it should have gone: Identify the problem, design a fix, make the fix, test the fix, deploy the fix. Days, not weeks or months.

  • Firefox (Score:5, Interesting)

    by FortKnox (169099) on Thursday July 29, 2004 @03:00PM (#9835050) Homepage Journal
    Note that this does not mean that they are replacing IE with FireFox.

    Good, cause firefox has render problems on slashdot all the time (where as IE doesn't). I don't think its firefox, either, cause it doesn't happen on any other site I go to.
    • Re:Firefox (Score:3, Informative)

      by Mz6 (741941) *
      Well... I think someone submitted that as a Slashdot bug and they wrote it off as a Mozilla one instead.
    • Re:Firefox (Score:2, Interesting)

      by Billobob (532161)
      It could have something to do with the fact that Slashdot doesn't exactly use standards-friendly HTML...
    • Re:Firefox (Score:3, Insightful)

      by datadriven (699893)
      I only use firefox. What render problems? I haven't been able to get IE to run on slackware anyway.
    • Re:Firefox (Score:4, Funny)

      by Malc (1751) on Thursday July 29, 2004 @03:07PM (#9835173)
      Come on now! You don't think the /. authors live up to expectations and actually develop under Linux using one of the many standard's compliant browsers do you? It's obvious that they code for and test with IE! ... how else could you explain it?
    • Re:Firefox (Score:5, Interesting)

      by hattig (47930) on Thursday July 29, 2004 @03:11PM (#9835233) Journal
      I think it is a problem with Firefox. I've noticed that it happens a lot on table layout pages, especially large ones. Livejournal can have the same problem.

      Basically it guesses widths of table cells/columns at some stage, then sticks with them as more of the page loads, and doesn't compensate for the new contents, which may include more tables, which will then overflow other elements on the page. Well, it is something like that. I think it could be solved by merely re-formatting the page after it has fully loaded ... although the simple Resize Font trick fixes everything anyway (ctrl+mousewheel)
      • Re:Firefox (Score:3, Informative)

        by dsanfte (443781) *
        Occaisionally the slashdot homepage will not fully render in Firefox. It will appear blank except for images until a reload or two is done. The comments pages also tend to be text-biased too far left on occaision, rendering the comments' text a bit into the Sections and help left-sidebar. This is also fixed after three or four reloads.
        • Re:Firefox (Score:3, Insightful)

          by bryhhh (317224)
          Occaisionally the slashdot homepage will not fully render in Firefox. It will appear blank except for images until a reload or two is done.

          I've seen this a few times, but it's been a while since I last saw it happen.

          The comments pages also tend to be text-biased too far left on occaision, rendering the comments' text a bit into the Sections and help left-sidebar.

          For what it's worth, this is caused by the vertical ad on the right side of the page.

          Even with the Adblock extension it still exhibits this
      • Thanks for that useful tip! Having now spent the last couple of minutes trying to stop the stupid thing from either going too small or too large (overshooting the original size), I am going to make sure I NEVER try that again.

        Reminder to self - go and see optician tomorrow.
    • Comparing Firefox 0.91 vs. Internet Explorer 6.0, rendering this page. Settings are nested.

      Right off the bat, IE is placing the Dell ad located under the story over some of the topic icons. This is only because I've got the browser resized to 1/3rd of the screen for side by side viewing. Firefox is displaying everything fine... I'm running all this in Windows XP.

      I do see problems with rendering for Firefox, mainly with the Universal Table Editor by Tom Wellige. Some Flash pages don't work as advertised, Q
    • Re:Firefox (Score:2, Funny)

      by Anonymous Coward
      So that's the problem - Firefox rendering Slashdot. I just thought they were using a new sickening glowing olive color for the IT section.
    • Personally I've had more problems with IE rendering Slashdot then any other browser. Seems to me Slashdot and this colour scheme is seriously messed.
    • As I sat at the library doing my browsing on my laptop (500mhz 600x with mdk10), I discovered yesterday that this ALSO happens in konq (not normally a kde user but I've been playing lately). I didn't see it on the main page but the "reply submitted" page is completely fucked up and the mozilla back/forward trick don't fix it.

      How ironic is it the website most commonly linked to "the linux community" REFUSES to create a site that consistently renders properly in anything except MSIE?

    • Good, cause firefox has render problems on slashdot all the time (where as IE doesn't).

      I rarely get this problem. It really seems that the source of the problem is the advertisements on Slashdot. Since I started using Adblock, the problems seem to be way less. Sometimes, if Adblock takes care of the ad in a strange way, I'll get the problem, but a simple reload makes it go away.

      I feel sort of guilty about using Adblock on Slashdot. One of the prime reasons for getting a subscription is that you have to pu

    • Re:Firefox (Score:3, Informative)

      Apparently this is fixed on trunk, but not on the aviary branch.

      http://bugzilla.mozilla.org/show_bug.cgi?id=2175 27
  • Damn (Score:3, Insightful)

    by Billobob (532161) <billobob@gma[ ]com ['il.' in gap]> on Thursday July 29, 2004 @03:01PM (#9835053) Homepage Journal
    Note that this does not mean that they are replacing IE with FireFox.

    Awww damn, and here I thought that Microsoft would include one of its strongest competing products instead of it's own that millions of dollars were funneled in to. Maybe I'm just too naive...

  • by AngryScot (795131) on Thursday July 29, 2004 @03:01PM (#9835063)
    and if they do why?

    I mannaged to get my work to use fireFox after showing them a /. thread about it
    • Of course they do. IE is by far the most used browser in the world. It is, after all, included with the most used OS's in the world. Those who know their stuff don't use a lot of Microsoft products, but a lot of people aren't in the know.
    • Maybe I can convince my boss to let me play Doom 3 on my workstation. I'll just show him a /. thread on it. ;-)
    • Many users are not aware that there are good alternatives to IE. What firefox needs is publicity. Sure we all know about firefox but many home users havent heard about it yet.
      • Many users are not aware that there are good alternatives to IE. What firefox needs is publicity. Sure we all know about firefox but many home users havent heard about it yet.

        For the time being, that's just as well. My corp runs Mozilla exclusively. They're so hooked they won't touch IE with a ten foot pole. That being said...

        What Firefox needs is a web that is mostly compliant with W3 standards, not MS standards. Until IE loses about 10% more user-base to Mozilla, Firefox, etc web developers will

    • by ErichTheRed (39327) on Thursday July 29, 2004 @03:08PM (#9835188)
      The problem I found is that a lot of web apps are coded for IE's "extensions" that don't translate over to Firefox. We have a few internal apps at work like that, but there are public examples too. E.g, my power company paid some contractor to put together an online bill pay system for them, and obviously they're not interested in fixing it. Open the page in IE, and it works fine. Open it in Firefox, and you get a blank screen.
      • "The problem I found is that a lot of web apps are coded for IE's "extensions" that don't translate over to Firefox... my power company paid some contractor to put together an online bill pay system for them, and obviously they're not interested in fixing it."

        Complain! Even with major companies it can be that easy. Verizon Wireless's pages were IE-only for a while - I (along with many others, I'm sure) complained about it and threatened to take my business elsewhere; and they fixed it.
    • Please feel free to demonstrate how FireFox can seamlessly (and securely) used a user's workstation credentials to authenticate to a web server without requiring a username/password as IE does with Windows Integrated Authentication.

      That is one of the larger issues that cannot be solved by just tweaking some HTML to make it more compliant. It's also a big deal from a user experience standpoint in the corporate intranet world.
      • Use client certificates instead? Sure, it's not using Windows credentials, but it's nearly as easy. After the certs are installed (couple steps) they just 'magically work' as far as the end user is concerned.
    • If you look at most large websites that get lots of hits from the random public (i.e. yahoo, etc.), I think you will find that their browser stats show 90-99% of people using IE. Several years ago the place I worked at was at the 99% mark with IE so we simply stopped worrying about Netscape compliance, etc.

      Those numbers may have changed some since '99 but even back then Netscape was supposed to be "big". It just wasn't big enough for us to care.

      • by aWalrus (239802) <sergio@nosPAM.overcaffeinated.net> on Thursday July 29, 2004 @05:16PM (#9836963) Homepage Journal
        That conclusion is a non sequitur, since it is usually made from the standpoint of webmasters who have non-compliant sites that break in alternate browsers. If you're looking at the traffic statistics for your site that breaks in Firefox, it is *obvious* that you won't find very many Firefox users, since you're driving them away.

        To provide some numbers, check the Google Zeitgeist [google.com]. Although it does show that IE 6 has a clear dominance, the Mozilla traffic is on par with IE 5.0 and IE 5.5 -- If you support those, you should support Mozilla.

        If you go to more techie-oriented sites you'll see very different results. In my site's own stats, IE accounts for less than 50% of visitors (and yes, there *are* more than 5 people visiting daily).
    • by Anonymous Coward
      I work for a very large corporation, with employees ranging at least in the hundreds of thousands, if not more. When corporate IT puts the newest releases of IE on every single desktop, and states that we *will* use it as the one browser, we use IE. A few holdouts still use Netscape 4.7, as they work on contracts requiring it for some reason.

      As an internal web developer, I try to make sure my apps. are cross-browser compliant, but I am not everyone. Even some of the web apps. we use that have come
  • I've migrated ove... (Score:4, Interesting)

    by Ratchet (79516) on Thursday July 29, 2004 @03:03PM (#9835088) Homepage
    ...the most finiky of users, my Mom, to Firefox without her even knowing it. Now if Dad would stop playing Solitaire long enough for me to get at his computer then I'd de-IE him as well.
  • Slashdot (Score:4, Funny)

    by john_smith_45678 (607592) on Thursday July 29, 2004 @03:03PM (#9835092) Journal
    ...where I come for all my MS IE patch news.
    • Re:Slashdot (Score:5, Insightful)

      by LilJC (680315) on Thursday July 29, 2004 @03:14PM (#9835287)
      Parent has been modded funny, but I think a lot of us do.

      I've walked into work before with the owners complaining of not being able to get to half the web sites they like to peruse and hit slashdot to see what's up. Half the time I'm back in 20 seconds with an satisfactory explanation about a recent or in-progress attack.

      Of course, I have to (for the umpteenth time) explain to my boss/CEO that I can't fix other peoples' servers, only ours. Wish I could at least get that guy to remember how a sort works in Excel.

  • From the article: "Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience," So there you go. Nothing to see here. Move Along.
  • by garcia (6573) * on Thursday July 29, 2004 @03:04PM (#9835112) Homepage
    I am throwing Karma out the window on this one as my comments on this subject fall on deaf ears here but... Firefox is not an acceptable replacement for IE for 90% of the users out there so I really think we could have done without the snide comment.

    Yesterday I mentioned that nearly everyone who visits my site with Firefox are coming in from Slashdot URLs. It may come as a surprise to you but more than 90% of the Internet users out there aren't aware or concerned with IE vulnerabilities. It may also come as a surprise to you but Firefox isn't exactly the best browser out there if you want 100% compatibility with the "broken" sites on the Internet. These same users that don't know of the issues w/IE are more concerned that they cannot reach their online banking, see their sites the way that the "broken" authors intended, and have a seamless browsing experience.

    Firefox is not the answer to MS' issues. Better preparation for security is.
    • by kid_wonder (21480) <public AT kscottklein DOT com> on Thursday July 29, 2004 @03:08PM (#9835183) Homepage
      I disagree. I use firefox for just about everything; online banking, online account management, etc. Every once in a while I need to open up IE to view a flash animation or some other stupid site that uses ActiveX - but at that point I know what they are trying to do and can establish the risks of going to it in IE.

      btw, regarding all these /. problems, for some reason I get this render problem intermittently, but a simple reload typically handles the problem.
      • Ocassionally the text overlaps with the menu on the left side of /.

        A page refresh usually clears this up for me.

      • To view flash? I don't have any trouble viewing flash with firefox (which is my primary browser).

        I recently had a friend tell me something similar, as well as how he had trouble getting firefox/mozilla to use java under linux. I laughed and said I hadn't had any trouble.

        If you can't get flash and java to work on your computer, then you are not doing something right. Granted, my gentoo box set everything up for me, but why NOT use firefox?
    • by PeteQC (680043) on Thursday July 29, 2004 @03:09PM (#9835210)
      There is a lot of "broken" sites that won't be right in IE when Microsoft will release it's SP2 for XP with a lot of added security to IE.

      Pop-up won't show, and all the non-correctly defined elements won't show right neither. So, maybe finally the webmasters will correct their sites.
    • To most people it's not the sites or authors who are broken, but Firefox!
    • "more than 90% of the Internet users out there aren't aware or concerned with IE vulnerabilities."

      That's odd. At least every week I have someone mention some new spyware or popup they run into, and how do I deal with it. Many of them are now quite happily running Mozilla or Firefox.

      And the problem with viewing people's sites isn't my problem, it's the site's. If it doesn't work, I go elsewhere. And my bank's site works just fine with Moz.
      • That's odd. At least every week I have someone mention some new spyware or popup they run into, and how do I deal with it. Many of them are now quite happily running Mozilla or Firefox.

        That's odd. Most of the people I know have little to no idea what Spyware is, how to combat it other than to run Adaware, and that it comes from the issues built into IE. You are either talking to a better informed group (which I assume you are), the people that I know are just that clueless about computers and the world
      • Yeah, and I just noticed this on a site I need to use for work...

        Attention Netscape Users! The FSAFEDS web site now supports Netscape browser versions 6.1, or higher due to accessibility requirements.

        Good 'ol 508. Funny thing is that their site worked on Firefox anyways. (It's mostly forms, html pages, & a few PDF's.)
    • Better preparation for security is.

      Yes, and this "better preparation" is coming in the form of XP SP2. However, as a result, a number of the "broken" sites on the Internet will no longer function in IE either, as security features already present in Firefox are added to IE.

      From what I've read so far, the compatibility of Internet Explorer will most likely drop down to or even a bit lower than that of Firefox, come service pack 2.
      • Everyone seems to put all this faith into SP2...but let's face it: a significant portion of the population doesn't install patches to begin with. What makes anyone think they're going to sit through a download 10x bigger...and that's assuming they even know about it.

        SP2 will be popular in corporations (hopefully), but as far as the end users who are causing all the problems to begin with, I don't see much of a change coming.
    • I don't honestly know what 90% of the users you are referring to, but I've been slowly replacing Is on my friend's, family, and now my employees machines.

      No one complains, they are all happy, functionality is similar and IE users easily adapt to it. I've only encountered one person with an issue - they used the portfolio tracking section related to the Globe & Mail didn't seem to act properly. I didn't have time to investigate so moved them back to IE temporarily.

      Unlike many other open source prod

      • Netscape still has the name recognition.

        If someone fights against Mozilla, just have this conversation:

        "I'm installing Firefox on your machine to use instead of IE"

        "NO! I need IE, I dont want to try some other software!"

        "Ummm, ok, how about Netscape?"

        "Sure!"

        Firefox isn't even to a 1.0 release. It's good, but it's not finished. It's not ready to be shoved down everybodies throats, there are still plenty of issues.
    • I'll put it this way:

      Most people don't care which TV has the absolute best picture quality, or the biggest screen. They buy a TV which has good enough picture quality, a large enough size, and fits in their budget.

      In the case of IE vs. Firefox, cost is a non-issue. Something like 95% of computers come with Windows. Firefox is a free download. So the decision really comes down to "is it good enough". IE, being the majority browser by a huge margin, displays pretty much every site that people want to v
    • Huh? The reason Firefox isn't a good replacement is because so many sites out there have been tuned for IE's non-standard rendering? That's not Firefox's fault. That is the fault of the people that set up those few offending sites.

      Few sites are like that, although there are some, like Engenius Tech's site that won't bother serving a page to Firefox, that's not Firefox's fault either.
    • Bank of America's site, including online banking, statement printing, and bill paying, works just fine with Mozilla/Firefox.

      Bank of America has one of the best online bill payment systems around. No fees. They'll transfer money to major companies with which they have an arrangement, and mail checks to anyone else you select.

      Bank of America is the biggest bank in the United States.

      Point this out to any bank that wants you to use IE.

    • My system reports whatever I tell it. Most of the time it reports I am using netscape on unix no matter what computer I am at because my proxy corrects this information on all outgoing transactions. However, I also often use MSIE5 because I don't have to sweat the "this site only work with IE" messages when I am going to those banking (etc) sites. MOST of those site,s in fact, seem to only claim their site doesn't work with other browsers, so if you change the header info you're golden - just as a 16 year o
    • The reasons you state do not support your assertion that "Firefox is not an acceptable replacement for IE for 90% of the users out there"

      1)"more than 90% of the Internet users out there aren't aware or concerned with IE vulnerabilities"
      So what? That has no bearing on whether Firefox would be an acceptable replacement. It might address WHY people find no incentive to switch, but not whether that switch would bew a good idea.

      2)"Firefox isn't exactly the best browser out there if you want 100% compatibilit
    • I still would like someone to post a list of sites that don't work because of a true firefox issue. Sometimes, some sites are just badly designed, and the differences in rendering engines allows them to look "ok" in one browser, but not another.

      My main bank works perfectly fine with Firefox, as do all my other banks (about 6 financial institutions total). I don't buy that for a second, if your bank doesn't work with a non IE browser, leave it. There's plenty that work just fine.

      I recently had a bit of fu
    • Firefox is most of the answer. People programming websites to adhere to standards such that IE and Firefox can render them correctly and using cross-platform non-monopolistic technologies instead of things like ActiveX is another part of the answer.

      I have trained about ten broadband users to use firefox with limited javascript, cookie firewalling, zero disk cache, and zero java for everything, and if an important page (like online banking, or online billpay systems) doesn't work correctly, to look at that
    • by gnu-generation-one (717590) on Thursday July 29, 2004 @03:54PM (#9835851) Homepage
      "Firefox is not an acceptable replacement for IE for 90% of the users out there so I really think we could have done without the snide comment."

      Huh?

      Microsoft Internet Explorer isn't an acceptable browser for 90% of the users out there.

      Nevermind your "snide" assertions about the websites that don't work, people are getting owned here. It's a serious problem. It's the spam problem and the virus problem and all the tech support problems, all stemming from this one application that's so insecure that everyone, from DHS to MSN themselves recommend getting rid of it immediately.

      If your favorite website doesn't work in a generic web-browser, get them to fix it, or get a new supplier. Even the banks have got HTML websites now.
  • by Anonymous Coward on Thursday July 29, 2004 @03:04PM (#9835115)
    ...with the Rhythm method?
  • by RonnyJ (651856) on Thursday July 29, 2004 @03:08PM (#9835197)
    They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob."

    So, are their patches normally NOT long-term solutions to vulnerabilities then?

  • by Klar (522420) <curchinNO@SPAMgmail.com> on Thursday July 29, 2004 @03:09PM (#9835215) Homepage Journal
    shhh, don't tell anyone, but I'm still using IE6.. I dunno, I'm just so used to using it, and it seems to work well for me. I haven't had any virus or security problems(that I know of).. I always want to try firefox after reading posts about its power, but man.. IE is just so..so.. easy.
    • please be joking, please be joking, please be joking... joke?

      If you have always wanted to try it, try it already!

    • by GigsVT (208848) on Thursday July 29, 2004 @03:24PM (#9835415) Journal
      My wife was infected by spyware by simply visiting a site that was an etrade affilliate site (they were offering a free PDA if you opened an etrade account).

      She told me at the time the only difference between her computer and her friend that sent it to her was that she had Sun Java installed and he didn't. He didn't get infected and she did.

      This was several months ago, she searched and didn't find any exploit info about it.

      A couple days ago she found the exact exploit she had encountered on a vulnerability list, a combination of Sun Java and an IE bug cause a certain vulnerability.

      So you might think you are safe, but how many "zero day" or unknown exploits, such as the one my wife got infected by spyware via are out there?
      • Spyware has more to do with social engineering by visiting questionable than anything else. Most people click "OK" past the IE security warnings when spyware is trying to install itself. Microsoft is doing it's part to try and mitigate this problem in XP SP2 by making warning dialogs more clear and urgent, and in some cases even adding a timer before the user can actually click OK (Outlook 2003 currently does this if any outside program tries to send email through it. It's annoying but it's better than th
    • Removing IE will not remove the vulnerability. The vulnerability is in the MS-HTML control not in the Internet Explorer executable. Any application that uses the MS-HTML control is vulnerable.

      • The vulnerability is in the MS-HTML control not in the Internet Explorer executable. Any application that uses the MS-HTML control is vulnerable.

        The answer is obvious, remove Windows. Then there sould be no possibility of accidently using an app that relies on the MS-HTML control (unless you run some kind of emulation).

  • by gearmonger (672422) on Thursday July 29, 2004 @03:12PM (#9835253)
    "long-term solution" hee hee ha ha *snort* [coke comes out nose] riiiight.

    Rightly or not, that Homeland Defense notice got some peeps in senior management a little spooked and asked our IT department to start making Firefox the default browser on all new systems they set up for employees.

    As a long-time Mozilla and Firefox user, I couldn't be happier. Whether it's the right reason or not, I couldn't care -- at least there's a hint at the IE domination trend slowing down a bit, and that is good for consumers.

  • IE vs Mozzy (Score:3, Interesting)

    by Anonymous Coward on Thursday July 29, 2004 @03:13PM (#9835262)
    Microsoft may have won the browser-war in the late 1990's but at what cost???

    Mozilla/Netscape as of the last couple of years made fantastic progress and is definately now the better browser in both functionality, security and last but not least mozilla looks better to me and renders websites better too...

    M$FT should just throw in the towel on IE and reduce its function to Windows Update and able to download Mozilla/Netscape, (just make it a ftp downloader tool)
  • It seems that ... (Score:3, Insightful)

    by Hatfieldje (147296) <hhatfiel@cs.byu.ePARISdu minus city> on Thursday July 29, 2004 @03:18PM (#9835329)
    One of the biggest complaints against MS is that they are slow to respond to user need, while quick to add profit-margin-stretching-even-though-the-user-does n't-want/need-anyway "features" (e.g. Clippy). So how is the /. community going to react when MS actually starts listening to the customer and adding true features like security, speed, efficiency?

    I've noticed over the past couple of months that there have been a few of opinions coming out. One is that it's too late for MS. They screwed the pooch years ago and their entire user base will end up jumping ship.

    Another is that this is nothing but a marketing ploy. MS isn't really changing their ideology, they're just making us think they are, so we're better off jumping ship.

    The other (my personal opinion) is that it's a welcome change. I will be glad when Windows becomes an environment that is as stable and easily configurable as linux. I love competition. It's what makes America thrive, and if MS can become competitive (again) in the eyes of /. geeks, just think about how much more time/effort will go into linux to make it even better. And, as for jumping ship, we'll have no need. But we may have a fleet comprised of MS, *nix/*BSD, etc.

    Kudos to MS for trying to fix their old mistakes, and hopefully in a couple of years, they'll have them fixed and we can really have an OS War!
    • As far as IE is concerned, they can make it super-fast and super-efficient and super-secure, but it's STILL horribly broken as far as standards support goes, and therefore quite deserving of scorn. Scorn, scorn, scorn! A pox on the house of IE, I say, until they commit publicly and fully to web standards (which they haven't done to this day, even the 'new' IE team).
    • So how is the /. community going to react when MS actually starts listening to the customer and adding true features like security, speed, efficiency?

      I'm sure that a lot of the community will look upon MS a little more favourably if and when that happens.

      However, the design of Windows is, in itself, flawed in terms of features like the registry (which ultimately limits speed & efficiency by virtue of its fragmentation and growth) and by the deep integration of apps and APIs that allow gateways deep

  • Do people care? (Score:5, Informative)

    by taylortbb (759869) <taylor@byrnes.gmail@com> on Thursday July 29, 2004 @03:31PM (#9835515) Homepage
    Do people care about IE security problems? Most do actually, people just either don't know about the vulnerabilities or if they do they don't know there's anything that can be done.

    Everyone I know when I talk to them about how bad IE is, if they listen, switches to Mozilla, I switched my school's computers and those of atleast 60 others.

    People are listening now more than ever, its becoming so bad (atleast one a week) the mainstream media is even going "Another Internet Explorer vulverability has been found".

    All I tell people is that:
    1. Mozilla works faster
    2. It has a pop-up blocker
    3. It is immune to those once a week IE vulnerabilities
    4. You just about don't get spyware (and mention keyloggers). <---The Killer One And BTW, I use Firefox 0.9.2 (mozilla.org build for Linux/x86) and have never had problems with how /. renders.
  • by CHaN_316 (696929) on Thursday July 29, 2004 @03:32PM (#9835529)
    "Our users should have confidence that as long as they're running the latest browser with all the latest security fixes, they will have the most powerful and secure browsing experience." - Microsoft group product manager for Internet Explorer

    Yes they should have this powerful secure browser .... funny funny. Maybe they're talking about FireFox 1.0.
  • by gpinzone (531794) on Thursday July 29, 2004 @03:35PM (#9835567) Homepage Journal
    It just got too scary for me when my whole PC got infested with spyware. It's true that I didn't have IE patched to the abosulte latest version. However, there's exploits coming out all the time and the time to patch is way too long. I'm glad I did switch and I doubt I'd go back. Firefox's popup filter does everything better than IE with the google toolbar. Adblock is the best comprimise (so far) for simplicity and effective ad blocking.

    I admit that the features in SP2 sound promising, but I'm already too comfortable with Firefox.
  • Avoid IE (Score:2, Interesting)

    by UMhydrogen (761047)
    The problem with security does in fact lie within Internet Explorer or many of the Office products. Most of the worms these days either take advantage of 1) Internet Explorer or 2) Outlook or Outlook Express. It should be Microsoft's duty to patch these holes as soon as their brought to our attention. It is nice to finally see Microsoft take a strong stance and release an out-of-turn patch.

    This should not surprise you though. As seen by the eventual release of Window XP SP2 you will see a new version of W

  • by oogoliegoogolie (635356) on Thursday July 29, 2004 @03:36PM (#9835586)
    It's hard to keep up with what MS patch fixes which exploit, but I thought a patch for this was issued a few days after the exploit was discovererd. Am I confusing this with that that recent firefox run-shell bug?

    All these bugs are difficult to keep track of. It was so much simpler before the net. Virus scanner updates came once a month, windows updates came once a quarter or longer, and most of them were fixes for feature or performance bugs, not security updates. Now we have daily virus updates and each week half a dozen OS updates for serious exploits.

    Man I am starting to sound like an old fart.
    • No, that didn't fix the problem, it just disabled the buggy feature by making a registry edit. Supposedly this time it'll really be _fixed_. Well, _this_ bug, anyway.
    • by pandrijeczko (588093) on Thursday July 29, 2004 @04:10PM (#9836057)
      It was so much simpler before the net.

      Not strictly true.

      The development of TCP/IP allowed the ARPANet to happen (which later became the Internet follwing commercialisation in the late 80s).

      UNIX-based servers formed the core of the ARPANet because TCP/IP has always been built into UNIX and UNIX was designed as a multi-user multi-platform network operating system.

      Microsoft assumed that the world would use their poor quality NetBIOS/LanManager protocols until the early 90s when they were forced to include TCP/IP support into Windows - that was after they almost ruined Novell by worming their way into using IPX/SPX networking protocols.

      In other words, a kludgy operating system had to be kludged even more to support TCP/IP. This is a legacy that has lived with MS since and while the support of TCP/IP has improved over the various Windows iterations, the fact is that the Windows architecture is not as suitable for Internet connectivity as UNIX.

      Everything in UNIX is designed for simplicity - one program doing one task. If you need a network service, just turn it on - if you don't, turn it off.

      Where UNIX has a weakness is the security model because, in ARPANet days, information was open and there was no need to secure servers. However, that has improved a thousandfold over the years with features like shadow passwords, better authentication models and secure protocols. The simplistic security model of "you, those you trust and the rest of the world" now works to it's advantage because it's very easy to apply to a system - the difficult part is knowing all the potential holes to apply it to that can only come from experience.

      If Windows was not an Internet OS today, we would still have crackers and security exploits on UNIX. However, there would be less of it because fewer crackers would be clever enough to break into a UNIX system and whilst there might be the occasional worm program, email viruses simple would not exist.

  • by NitroWolf (72977) on Thursday July 29, 2004 @04:45PM (#9836527)
    I've been contemplating which thread to post this to, so I'll post it here.

    Why does everyone thing we're "winning" against Microsoft/IE with Mozilla Firefox? It's not that we are winning, it's that Microsoft isn't playing anymore.

    There's no reason for them to have the dominant browser on the market anymore, and one HUGE reason for them to explicitly NOT have the dominant browser. Their DOJ investigations focused, in part, on the fact that IE was bundled with Windows and thus constituted a monopoly. However, if Microsoft now lets IE flounder and lets Mozilla (or another browser) become dominant, they have a huge lever to use against any future DOJ or legal inqueries. They can then say they aren't a monopoly, as another browser is dominant.

    And why not? There's no money to be made on IE - it's strictly a resource drain. They don't make a single dime from it... why pay someone to keep IE up to standards, when they can get the whole Open Source community to do it for free - in the form of Mozilla.

    Stop and think about it for a moment, there's absolutely NO reason for MS to have the dominant browser any longer... there's no financial or legal advantage to it. A browser is effectively a commodity, and anyone developing one is going to have to expend resources to do so - with no return on that investment. Thus, Microsoft's only real logical conclusion would be to let IE slowly fade away, it solves not only the money/resource drain, but also protects them from further DOJ inquiries.

    So Firefox isn't winning, exactly... Microsoft just took their ball and went home, because the game had no point for them anymore.

    • This isn't about winning in terms of more users using Firefox than IE - that's irrelevant because Open Source is not about smashing Microsoft to a pulp but ensuring everyone has a choice.

      If MS release a patch that unwelds IE from the rest of Windows into an independent browser (thus closing the major security holes in it) and makes it fully HTML/XHTML standards compliant, that would be good enough because then every web site would also have to be standards compliant and we could all browse all web sites n

Surprise your boss. Get to work on time.

Working...