| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Security vendor patches dangerous IE bug | |
|
||
| Time: 07:47 EST/12:47 GMT | News Source: ComputerWorld | Posted By: John Quigley | ||
|
MARCH 27, 2006 (IDG NEWS SERVICE) - With Microsoft Corp. saying that it may wait until April 11 to patch a critical vulnerability in its Internet Explorer browser, security vendor eEye Digital Security has released what it calls a "temporary" patch to address the problem. The bug, which concerns the way IE processes Web pages using the createTextRange() method, is now being exploited by attackers on hundreds of malicious Web sites (see "Update: Microsoft tests fix for IE bug as exploits appear"). Users who might be tricked into visiting these Web sites could have unauthorized software installed on their computers, security experts warn. Though Microsoft has described these attacks as "limited" in scope, the problem is being taken seriously by the software maker because the exploits can be used to seize control of a user's machine. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 325 Last | Next |
The time now is
7:45:56 AM
ET.
Any comment problems? E-mail us |
| #1 By 25030 (68.34.14.140) at 3/28/2006 10:26:51 AM |
| The article is misleading. No where does it say that the patch "automatically uninstalls" once the MSFT patch is released. eEye itself in its advisory instructs those who employ the patch to uninstall it once the MSFT patch is released. |
| #2 By 15406 (216.191.227.68) at 3/28/2006 10:44:35 AM |
|
MS, what a bunch of clowns. They'll get around to patching it one of these weeks. In the meantime, they claim the attacks are limited in scope. Yeah, limited to anyone running IE. For those who don't want to wait, the patch is here:
http://www.mozilla.org/firefox/ |
| #3 By 6859 (206.156.242.36) at 3/28/2006 12:52:10 PM |
|
When I see a third-party release a patch to software they didn't write or have all the code for, I cringe. While I'm pretty sure eEye can be trusted, I'm not 100% certain they understand the issue from an IE-internal point-of-view fully to be releasing anything for software they didn't write.
Additionally, when I see people "pimp" Firefox, I cringe again. Firefox still has the issue with vendor-neutral CSS sheets that causes images to "slide" down--a refresh of the page fixes it. If they can't get image tags to work properly, what else may they have messed up?... It does beg the question. I think the best solution is actually to set all options for IE to "prompt" and turn off ActiveX and scripting (Java or otherwise); although that will mess up your browsing experience, it does go a long way to secure the system. So does using the machine from a non-administrator account....but we know how well that works. |
| #4 By 32132 (64.180.219.241) at 3/28/2006 1:18:45 PM |
|
"So does using the machine from a non-administrator account....but we know how well that works. "
You could try the psexec / sysinternals approach to running IE and Outlook with minimal privledges. http://www.sysinternals.com/blog/2006/03/running-as-limited-user-easy-way.html |
| #5 By 15406 (216.191.227.68) at 3/28/2006 1:49:09 PM |
|
#3: I'd rather have a few wonky images than having my system 0wned monthly. Orders of magnitude of difference. I don't think I have seen that bug. The worst I've seen is overlapping text on SlashDot that is fixed with a page reload.
#4: Interesting. This is the most intelligent thing I've heard from you. |
| #6 By 61 (72.64.155.167) at 3/28/2006 2:32:05 PM |
|
Latch, he was using that as a refference, not a comparison.
He was saying "If they can't get this right, what else could be wrong?" |
| #7 By 15406 (216.191.227.68) at 3/28/2006 2:45:13 PM |
| #6: Firefox isn't without its problems. Nobody is denying that. However, saying that some outstanding CSS bugs is indicative of much larger problems is speculative at best. I'd rather hang out with the guy with the funny haircut than the guy that's kicked me in the crotch 6 times. |
| #8 By 32132 (64.180.219.241) at 3/28/2006 5:06:48 PM |
|
"kicked me in the crotch 6 times"
How about 67 times since leaving beta? http://www.mozilla.org/projects/security/known-vulnerabilities.html This post was edited by NotParker on Tuesday, March 28, 2006 at 17:07. |
| #9 By 15406 (216.191.227.68) at 3/29/2006 8:21:29 AM |
|
#8: Sorry, Parkkkker. Now matter how you spin it, IE has WAY more severe "own-your-box" holes than Firefox ever will. Try again.
|
| #10 By 16797 (70.48.253.14) at 3/29/2006 8:35:30 PM |
|
Latch: so, having 67 holes is better than having, say, 84 holes? Indeed, it is. Still, both suck.
Let me introduce you both to Opera: free, NO KNOWN HOLES (according to Secunia.com), very good ACID-2 results (**MUCH** better that Firefox or IE). Has all the whistles and bells like popup blocker, tabs, etc, etc.. Currently, 0 out of 13 Secunia advisories, are marked as "Unpatched" in the Secunia database. You guys give it a try. I use it as my main browser at home for some time now and it works well. I can even browse MSDN with no problems at all (I always had problems doing that with Firefox). Oh, did I mention that it is small and fast (unlike FF)? If you want the best, you use Opera. If you're OSS fanboy, you use Firefox. If you don't care about browsers too much you use IE. As simple as that. This post was edited by gonzo on Wednesday, March 29, 2006 at 20:37. |
| #11 By 15406 (216.191.227.68) at 3/30/2006 8:49:51 AM |
| #10: I tried Opera a few years back and didn't like it. Plus it had ads or some such. I must admit I haven't looked at it lately, mainly because I'm happy with Firefox. |
| #12 By 16797 (142.46.227.65) at 3/30/2006 11:42:42 AM |
|
Happy with Firefox?
You're happy with Firefox's memory consumption & speed? You're happy with all those security holes? You're happy with all those patches & fixes (oh, yes, they do not call them "patch", they call it -- "New version.") ? In just one year since v.1.0 they released, iirc, *SEVEN new versions* of Firefox (all fixing major security holes). You're happy with horrible support for w3c standards (compared to say Opera, Safari or Konqueror)? But then, it is you who always have a problem if other people are happy with IE 6. Strange. |
| #13 By 15406 (216.191.227.68) at 3/30/2006 2:32:10 PM |
| #12: Yes, I'm happy with Firefox. With 3 tabs active, FF is using 38 MB of RAM out of the 512 MB I have. So what? All those security holes are for the most part minor. As for patches, software has bugs. This is nothing new. How many new builds of Opera have there been over the same timeframe? At least when a problem arises, it's fixed relatively quickly. Lastly, I wouldn't call FF's W3C standards support "horrible", even if it's not as good as the browsers you mentioned. If you want to use Opera, go for it. I won't knock you for it. However, using IE is just plain stupid. |
| #14 By 16797 (70.48.253.14) at 3/30/2006 7:27:51 PM |
|
I just fired up Firefox and opened 3 tabs:
1. ActiveWin.com (writing this post) 2. Amazon.com (title page) 3. NBA.com (title page) = 67 MB with Firefox, 48 MB with Opera. Test #2: 1. Slashdot.org (title page) 2. MSDN.com (title page) 3. BBC.co.uk (title page) = 63 MB with Firefox, 24 MB with Opera. Yeah right.. 38 MB. What 3 pages have you opened? Three empty HTML files, I guess :-) Using IE is just plain stupid? I could say the same for Firefox. Use Firefox and stop harassing other people for using IE. It works for them, just as FF works for you and Opera for me (although I use all three just for fun :-) |
| #15 By 15406 (216.191.227.68) at 3/31/2006 8:18:52 AM |
| #14: whatever, gonzo. I notice you cleverly avoided answering my question about how many builds of Opera there have been over the past year or so. |
| #16 By 16797 (142.46.227.65) at 3/31/2006 11:31:20 AM |
|
But you, of course, didn't notice anything else. All other arguments are not important to you, right.
The only thing that is important to you is to go around trashing MS. When it appears that Firefox is far from the best among browsers, then your answer is: "FF is good enough for me". Funny, because many other people feel the same about IE. |
| #17 By 15406 (216.191.227.68) at 3/31/2006 3:40:23 PM |
|
#16: Your other arguments aren't important to me, you've got that one right, insomuch as they don't affect me. I've never noticed any standards flaws, I've never been hijacked or the victim of a driveby download. I don't care if the browser uses 50 MB of RAM or 100 MB of RAM because I have tons of it. btw this is a cache setting from what I've read, so it can be adjusted to not hold so much in memory. This may come as news to you, but I don't have to run the best thing in the world to point out that some other thing is crap. I slam IE because it is horribly broken from a security standpoint. Do you, as an Opera user (supposedly), dispute this?
And you still didn't answer the question about Opera's updates. |
| #18 By 16797 (70.48.253.14) at 3/31/2006 6:11:19 PM |
|
I can't answer because I don't know - I am not using Opera that long (it was not free browser always). Do you know the answer? If you do, please say it.
I don't care if the browser uses 50 MB of RAM or 100 MB of RAM because I have tons of it LOL No need to comment this. If IE user said this you'd be laughing all day long on how bloated IE is. I slam IE because it is horribly broken from a security standpoint. Do you, as an Opera user (supposedly), dispute this? No, but from security standpoint of Opera user both Firefox and IE are heavily broken. So, you have every right to say that IE sucks, but for me, so does Firefox. Mind you: 0 known vulnerabilities. btw this is a cache setting from what I've read, so it can be adjusted to not hold so much in memory So can IE be adjusted to disable ActiveX, run under less privileged account, etc. Basically, your answer is: I don't care if Opera is better than FF. Well, people don't care if IE is worse than Firefox. Learn to live with it and stop being annoying. And whenever you trash IE, remember that there's more secure browser than your beloved FF. Again: 0 known vulnerabilities according to Secunia.com. If security is your primary concerm and if you're going to recommend another browser instead of IE, then why settle with something in the middle (Firefox)? Be fair and recommend the best, the most secure browser - Opera. Just be fair and admit Opera is more secure :-) I don't expect you will as you show all signs of typical OSS fanboy. This post was edited by gonzo on Friday, March 31, 2006 at 18:14. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 325 Last | Next |
The time now is
7:45:56 AM
ET.
Any comment problems? E-mail us |
