Penn State Tells Students To Ditch IE 486
Hoyceman writes "About 80,000 students and staff are being told to use an alternate browser. The Penn State ITS department sent the alert 'because the threats are real and alternatives exist to mitigate Web browser vulnerabilities.' InformationWeek is carrying the story."
Nice! (Score:2, Interesting)
Re:About time (Score:2, Interesting)
Temple not quite that far (Score:2, Interesting)
Brown's been saying this and acting on it (Score:5, Interesting)
safari? (Score:4, Interesting)
Security (Score:5, Interesting)
But even without security, FireFox is just plain better. Tabbed browsing is huge, Bookmark toolbar, extensions, find-as-you-type (HUGE improvement over CTRL+F search)... Now I look at IE (the rare time I need to open it for windowsupdate) and it just feels...dirty.
Funny, I got my account disabled for using Firefox (Score:5, Interesting)
Recently I became unable to login to my student account, with a message "Your account has been disabled, please speak to your network administrator."
Well I went and found my network administrator [mailto] to ask about what was up. Apparently it is against school policy to install programs on their computers. This is totally understandable and reasonable, and I apologized. But he decided I needed to be chewed out and he had a killer fact that he just knew would crush me.
Looking me in the eyes he proceeded to tell me that due to me installing Firefox and Winamp on two of the open lab computers they no longer function and had to be totally reformatted. This man, who is in charge of keeping the school network secure, seriously thinks that Firefox and Winamp could possibly be the root of a computer's DEATH. I did not argue the matter no matter how ridiculous it is; I just wanted my account back.
How is it they let people become the network administrator for an entire technical college, a college that hands out degrees in technical fields, that are just that ignorant. How can any competent network admin possibly think Firefox and Winamp are causing a computer to not boot?
So now under threat of permanently losing my student account I am forced to use IE. It is excruciating, because I am not the only person installing software on the open lab computers, just the only one knowledgeable enough to install useful non adware-infested programs. Just opening Internet Explorer results in about 3 minutes of closing popups.
Re:80,000 (Score:1, Interesting)
http://live.psu.edu/still_life/2004_10_28_04_en
Re:About time (Score:3, Interesting)
The college students don't give a hoot as to what they are running, so long as they can screw it up. Remember the GNVQ Computer Studies reboot technicians can do little else than delete files. The Art students don't care if it says "Internet Explorer" or "Mozilla FireFox" at the window title, just so long as they can access hotmail.
The college administrator will not have to worry so often that something has screwed around with the network because the MS product is faulty.
How exactly do you remove IE from Windows without breaking their support agreement?
Re:safari? (Score:2, Interesting)
Re:security through obscurity (Score:4, Interesting)
I'm sorry, but that is FUD. Opera will be the first browser to patch the latest, cross-browser, issue [secunia.com].
A fixed 7.54u1 is being distributed at this moment. See the Opera advisory [opera.com].
And as far as solutions go: why expect perfect safety online, when we don't have it offline either? Software should improve, online systems should be more secure (it is stupid if money can change hands online only secured by a single login), and most people will smarten up in time. Perfection will not be reached.
MSIE has a track record of leaving critical holes open for a while, but most reported holes are not critical. And MSIE is much more informative about it issues than either Opera, which only recently started publishing advisories, and Firefox (what advisories?) Selling Firefox purely on the safety issue will come back to bite it in the long run.
My previous employer has gone backwards. (Score:5, Interesting)
They've recently been merged with/taken over by a larger college in a nearby town, and the surviving IT department is in the process of converting the site from
Common Sense doesn't always win.
IE is evil (Score:2, Interesting)
Re:Article Misleading (Score:3, Interesting)
Project (Score:3, Interesting)
My college. (Score:1, Interesting)
At Harvard... (Score:3, Interesting)
Of course, the best thing is that once the user is firewalled and virus-protected and has SP2 and Firefox, he or she will probably never come into the Clinic again!
Re:I go to Penn State (Score:2, Interesting)
Instead of reinstalling every time get the zipped distro of firefox and put it on a usb drive. It can be personalized a little:
replace Firefox\defaults\profile\bookmarks.html with your saved bookmarks
and copy the contents of Firefox\plugins to Firefox 1.0\plugins on the usb drive.
I havn't tried it with any themes or extensions yet.
Re:Now the question is... (Score:3, Interesting)
Probably the wrong approach (Score:3, Interesting)
My school has a slightly different way of dealing with this (at least for dorm computers): If your machine appears to be infected, they cut your internet access. Then, they'll fix your computer and give you a talk about security, but only once.
If you get infected again, you lose internet access, and don't get it back until you demonstrate that your machine has been reformatted. Every time. All of a sudden, even the most non-techie people start to be a little more careful, and start listening to you.
Re:safari? (Score:3, Interesting)
A live hand grenade with the pin pulled is less dangerous than IE for Windows.
True, IE for Mac doesn't have any of the vulnerabilities of its Windows cousin. For one thing, when malware tries to install to "c:\windows", Mac OS says, "Huh? What?" That, plus the fact that the Mac development team wrote the browser from scratch, so the two have little or no code in common.
IE for Mac is getting quite old, but it still has its uses. It's the only Mac browser that runs VBScript, and a client site that we inherited from another company makes heavy use of VBScript on the client side, so I end up having to use IE once or twice a week.
It used to be the best browser on any platform, back in the day. Now it looks as bare-bones next to Firefox as Notepad looks next to MS Word.
I actually took it to the boardroom (Score:5, Interesting)
I pointed out that students get zero education on computer security, and that if they really wanted to fix the problem, they would create a 1 credit required gen-ed course on personal computer security. Students would thus be required to learn how to keep junk off their desktops one hour a week for a semester (plus it would be an excuse to give remedial computer usage insruction to some of the freshmen that come from living-under-a-rock high school.)
That idea raised some eyebrows. They said "now, THAT's thinking out of the box." They diligently noted it in their notepads and pointless PDA gizmos.
And then, did absolutely nothing.
But that's about what I was expecting, that just because they had the wherewithal to recognize a good idea when they heard it, didn't mean they would remember it for more than a week. That's not how it works. If it doesn't reach crisis proportions, these types of people don't do crap about it.
Re:Nice! (Score:3, Interesting)
The IT director that works there is a good friend of mine. when he took the IT position I helped him out for awile and eventually worked there while I was still in college.
Security was priority one there. We didn't screw around when it came to protection of the network. We also understood that our PC's had to be rock solid since they had direct static IP connections to the internet.
Virus wise, I can remember one machine in the 2 years I was there getting infected once we took over, and it was a machine that was setup before we showed up and was so mission critical that PSU main did not let us touch it until we forced them to let us take it over. Hacking wise the only problem we had was outside the network with a particular virus spamming the JetDirect cards with garbled data sothat they would print constantly, which we soon fixed with firmware updates, and this is coming from a place that ran Windows 2000 2 weeks after it went RTM.
Security is only as good as the initial setup of the lab PC. If it is set up correctly no virus can infect it. Basicially you have to handle protection similar to a layer system. that way if the browser protections are compromised then the virus scanner takes over, all the way to user access and the os core itself. Frankly. I can guarantee that the reason their sending that to the students is because it's easier to tell them to switch to something that the spyware people haven't directly targeted yet then give them a five page lesson it how to secure their OS.
MS isn't blame free on this. The best thing on earth that could ever happen to IE is that they lose the Eolas Case, Cause thats the reason their in this hole in the first place. 90% of the exploits in IE occur becuase of their stupid ActiveX plugin automatic download and install garbage that they developed to beat Java. If ActiveX install went away IE would be as secure as any other browser out there. MS knows it and and they know they screwed up and could fix it by removing activeX altogether and replacing it with something that makes some sense, but they will never do that cause they dont want Sun to start pointing the finger saying "see I told you so" or have millions of ActiveX programmers drive to redmond with their pitchforks and torches looking for blood.
Re:safari? (Score:3, Interesting)
Go download it, and tell me I'm wrong.
p