Wow - Germany & France say MSIE is a security risk!

[kyanwan]

http://news.bbc.co.uk/2/hi/technology/8465038.stm

Captain obvious sure - but goddamn - MSIE a security risk, find an alternative immediately?   Damn sweet.   I've never seen anything like this before.   

But imo they're in the right - MSIE is borderline on a national security risk ( literally! ) for any nation in the world.   Warning your people, your agencies, your states & municipalities to switch immediately - is a good thing. 

MS should pay some penalties for unleashing this horrible application on the world.   

Come to think of it - it reminds me of their other crapware - Windows.   We're still sporting code that's been around  since 3.11 - why?  Because they're afraid to take old obsolete part & replace them with working ones.  Hello?   Is that reason to keep old insecure shit around - for "backwards compatibility." 

Eh ... I could rant on for a while.   But I think there's really not all that much to say - except gaze in wonder at the kick-ass-ness of France & Germany.   

[DaggerLite]

As long as the majority flocks to one or two decent products, I can use a less popular decent product without worrying too much about security. It's basically the same thing as Windows (PC?) vs. Mac, where Windows has constantly been the target of more crackers than its counterpart. At least, that's what I'd think.

What makes IE "bad" is simply the fact that it fails to comply with standards.

[Lupin]

Stupid users are security risks.

[Drew]

Stupid users are security risks.

This.

Also, if you're still using IE and haven't moved on to Firefox or Chrome you're kinda asking for it anyway.

[kyanwan]

As long as the majority flocks to one or two decent products, I can use a less popular decent product without worrying too much about security. It's basically the same thing as Windows (PC?) vs. Mac, where Windows has constantly been the target of more crackers than its counterpart. At least, that's what I'd think.

What makes IE "bad" is simply the fact that it fails to comply with standards.

The whole MS concept of supporting ancient and outdated tech - with the core of the OS ... actually, not the core - goes more into architecture stuff ... microkernel & the supporting libraries -

*cough* the libraries, we've still got 16bit Win3.11 libraries stuck in WinXP and forward.  It's all backwards compatible - ancient arcane libraries stuck in there, who knows what exploits.   All one needs to do is dust off the more ancient corners of the OS - and viola, you've got a whole new plaything to tinker with.  

Not everyone plays by the rules - but MS is betting on "well, everyone plays by the rules, and uses the new features only."  

*gasp*  what happens when someone digs up an old feature from way back when ... like this.  

Disaster!  WOOHOO!   And it effects the whole product line from start to finish - and all the versions inbetween.  

This isn't a "Firefox is better" "Safari is better" or "MS is just more popular" - it's more like "MS Architecture is poorly designed".  

Their new versions are just updates of the old product - we're using the same thing, but improved.  Over and over and over - till it gets the way it is.  

Oh god ... I just broke my whole train of thought now.   I answered a telemarketing call and said "I don't speak english" and the guy on the other side played along ... it lasted about a minute and now ... I'm all red from laughter.  XD    Well - something something something ... microsoft.  something something something ... DARK SIDE.   There, your argument is invalid.  I win.  You lose.  

*shrug*  I just forgot completely what I was writing about, and I'm not about to start over.

er, anyways MS architecture is based on shit.  They keep piling new shit on the old shit - and it gets too complex for them to manage effectively.  That's about the whole point I was making.   Their software design sucks on a low level.

[Xiong Chiamiov]

...

Oh yes, just what we need - another discussion of whether or not the insecurity of Microsoft's products is from their popularity.

[kyanwan]

...

Oh yes, just what we need - another discussion of whether or not the insecurity of Microsoft's products is from their popularity.

It's not "popularity".   The architecture is bad.   This microkernel/driver/backwards compatibility stuff is just poor design.

ATM machines are popular.  Are they insecure?  Car door locks are popular - are they insecure?

Computers are machines.  They have guts just like other things.   Reliable security is out there - just as I said, woo ... like 12 years ago now ... that Javascript was one of the most insecure technologies ever ( hey!  I was right.  I guess I deserved my sweet A in the network security course I took way back then. ) ---- well ---- right about this too. 

I know my stuff when it comes to this kind of garbage. 

I wouldn't be working in the field otherwise.  ( Hey!  Even in a bad economy.   So I guess I'm worth my weight eh? )

[DaggerLite]

ATMs have proved to be insecure time and time again when targeted by criminal gangs. They install card readers, or hack the terminals to deliver details about cards and codes. The fact that many of them use Windows XP doesn't really play much of a role here. The newer chip systems are more secure, though. Car door locks can be broken if you learn the system, or even forcefully circumvented if you don't.

However, you can't really compare those in my opinion. It's not like whatever system is behind those devices is openly connecting to random computers around the world, or compromising themselves by others being able to find them and connect to them from the outside. It has happened at times, sort of like how Google was recently targeted by some skilled Chinese hackers. Another point is that these systems operate with high security prioritized, even after implementation. They are surveyed and controlled by a large group of people who earn money for doing just that. They (generally) operate on a low level, which further decreases vulnerability.

An OS is huge. I don't think OSX or Linux is much better than Windows. They're decent alternatives - I'm not trying to say anything is worse than Windows. Linux specifically is just not worth targeting yet because of the level of users who generally use it. The programs are also not as advanced as some of the Windows programs you see, thus a lot less prone to security holes.

In short: I agree with you when you say IE users are more prone to attacks at the moment, but I don't think it's simply because the program is so insanely insecure. It is simply tried on a much larger scale than other browsers.

[geoffreak]

The people who say that market share is the determining factor as to which browser gets attacked don't know what they are talking about. In actuality, this theory would only hold true if all browsers were equally easy to crack. The truth is that whatever is the easiest to crack will be cracked, so long as it has at least one person with money using it.
Case and point: A look back into history will show that Mac OS 9, with less than a 10% market share of the computing market, had far more viruses written for it than Windows at the time.

Microsoft has invested quite a bit in Internet Explorer and won't change the inner workings, likely ever. They focus more on backwards-compatibility than security. Other browsers are constantly rethinking what it means to be a browser and coming out with great features, speed, and security. The only element that IE takes from them is the features, because these are what most users notice. Microsoft's idea of security is warning messages, most all of which are ignored by the user (I bet even you don't read them).

A good analogy is that IE is a top of the line 1995 car that completely outclassed all the other cars in the day. Now, it may have a new paint job and some body work to look like today's cars, but the insides haven't changed. It still gets 1 mpg, rapes the environment and kills babies, but hey, it's a classic.

It is scary to think about the number of viruses that get on to a computer through Internet Explorer. Not using IE can prevent upwards of 90% of viruses.

[kyanwan]

Microsoft has invested quite a bit in Internet Explorer and won't change the inner workings, likely ever. They focus more on backwards-compatibility than security. Other browsers are constantly rethinking what it means to be a browser and coming out with great features, speed, and security. The only element that IE takes from them is the features, because these are what most users notice. Microsoft's idea of security is warning messages, most all of which are ignored by the user (I bet even you don't read them).

Not only that - but you can make completely fake system messages using vbscript, jscript, and javascript.    You shouldn't be able to mimic the operating system completely with the browser & in-page scripts - that's madness.

So you don't know which are legit or fake with MSIE.  

This is why I use software restriction policies & guest-type accounts to protect my systems now.

[kostya]

I will take the unpopular opinion and point out a couple things in defense of Microsoft:

One, backwards compatibility is a major selling point. See the Vista launch issues when Microsoft decided to drop a bit of compatibility so random hardware abandoned by the original manufacturer stopped working. People had hissy fits over it. Microsoft learned better and mostly anything that was written for a Microsoft operating system newer than DOS will work. People like that. No company wants to spend millions of dollars to license 1000 copies of a piece of software and then have to do it all over again 5 years later because a new OS came out that does not support the software.

Second, Linux has a lot more backwards and obscure hardware compatibility than Windows (look at all the configuration options of a distro like Gentoo). Linux makes a point of providing the same user interface as the first version of Unix (by which I mean that all the same commands and common programs are there or emulated).

Third of all, many of the IE security vulnerabilities arise from the fact that a shockingly large amount of people still use IE6. Why? Because it came installed with Windows XP. Firefox users will always have a version not much older then when they downloaded it. IE users are too often the type of people who would not run Windows Update (yes, you have to run it for it to upgrade to a version that will automatically install important updates).

Fourth, you cannot blame Microsoft for the horror that is JavaScript. It was invented by Netscape. Those same people who invented it are the ones who founded and are running the Mozilla project.