The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  Internet Explorer Is Too Dangerous to Keep Using
Time: 13:51 EST/18:51 GMT | News Source: eWeek | Posted By: Robert Stein

Opinion: Although Linux & Open Source Editor Steven J. Vaughan-Nichols once used IE on his Windows machines, he now finds Microsoft's browser seriously insecure and endorses open-source ones instead. RELATED LINKS Web Virus 'Scob' Recorded, Reported Keystrokes Web Virus May Be Stealing Financial Data Updated : Malicious Code Planted Via IIS Flaw Mozilla Browser Suite Branches to 1.7 Mozilla Firefox Takes Last Step to Full Release OK, I confess it: I've used Internet Explorer a lot. After being a die-hard Netscape user, I finally got fed up with the sheer bulk of that browser and started using Internet Explorer on my Windows machines.

Write Comment
Return to News

  Displaying 1 through 25 of 333
Last | Next
  The time now is 8:22:43 AM ET.
Any comment problems? E-mail us
#1 By 20505 (216.102.144.11) at 7/1/2004 1:58:32 PM
dangerous smangerous. firefox is just a better browser. why not use the better free program.

#2 By 6859 (206.156.242.36) at 7/1/2004 2:07:29 PM
So, a few issues to be ironed out means that the product is to be abandoned....

Ok, then all Linux, Windows, and Mac OSes are to be abandoned. So is Sendmail, BIND, and all Cisco products.

Oh, wait...

How about helping FIX the problem without being a dork? MS04-011 fixed vulnerabilities, yet hardly anyone applied it on their servers out of stupidity, ignorance, and sloth (SIS). Had MS04-011 been applied, the server side exploit would have been blocked entirely. Then all you'd need to do is educate the user on how to secure IE.... But no, let's just throw in the freaking towel becuase we're lame.

Give me a break, people. Nice way to sidestep the issue until someone figures out how to effectively do the same exploit on Firefox and Mozilla. Then what? Shall you claim that they too should be abandoned? No, not to your precious open-source....what will you do?

Get a clue, you're either a part of the solution or you are a part of the problem. People not applying MS04-011 and those who moan about IEs problems are part of the latter group. Time fo you to realize that Firefox is *just a browser*-- and not a really great one at that. I find it only marginally faster than my IE 6 and has less functionality. Vulnerabilities and exploits? Every test I've done on this box that is supposed to be an exploit has never produced the results that are being touted. Either I alone in the world have the correctly configured IE, or there are tons of people out there that are doing something insanely wrong.

A correctly configured and maintained Windows system is just as secure, if not more so, than any solution available currently. As evidenced by the security ratings Windows receives compared to Linux--perfromed by a party that can't be bought off in this case: the DoD.

This post was edited by Cthulhu on Thursday, July 01, 2004 at 14:09.

#3 By 2459 (69.22.124.228) at 7/1/2004 2:16:09 PM
"Either I alone in the world have the correctly configured IE, or there are tons of people out there that are doing something insanely wrong."

:-) I'd have to say it's the latter. Very little of my time is devoted to Windows-related security (IE or otherwise). It's not hard to be secure.

#4 By 2332 (207.31.248.12) at 7/1/2004 2:22:29 PM
The fact of the matter is that Internet Explorer is completely riddled with security holes. Microsoft patches a few, and a dozen more pop up.,

It is the single most effective attack vector against home users. Nearly everybody uses it, and it's trivial to get somebody to visit a site that takes advantage of one of its many exploits.

It seems pretty clear to me that Internet Explorer is a nearly hopeless mess of holes. Microsoft realized this with IIS 5.x, and rewrote it for version 6.0. The result? Version 6.0 is rock solid and secure. They need to do the same thing with IE. No more features. No more patches. Just dump the damn thing and begin a rewrite.

#3 - Nice way to sidestep the issue until someone figures out how to effectively do the same exploit on Firefox and Mozilla.

Sure, that's a possibility... but there is little interest in doing that. So few people use those browsers, it's not worth the trouble. It's the same reason why, until recently, Macs have been fairly free of viruses. Why spend many hours writing a virus that could affect 100k people when you can write one that affects 100 million?

Time fo you to realize that Firefox is *just a browser*-- and not a really great one at that.

What about it do you not like? What functionality does it lack? Seems to me that it does everything that IE does, but better in nearly every way. If it doesn't do something, there are about 5,000 plugins that you can download that will almost certainly do what you want. And lets not forget the built in (and perfect) popup blocker and tabbed browsing. Sure, you can get these things with IE, but why bother? Get the security improvements and the cool features by switching to Firefox.

Either I alone in the world have the correctly configured IE, or there are tons of people out there that are doing something insanely wrong.

Why should somebody have to configure a browser to not let people take over their machine? Sorry, that's just not going to cut it. The VAST majority of people couldn't secure IE if you held a gun to their head. People expect software to work and be secure out of the box... or, rather, they expect to be able to be completely ignorant of security issues. And they are.

A correctly configured and maintained Windows system is just as secure, if not more so, than any solution available currently

Good for you, but that's completely besides the point. I've never been hacked either. I keep up on my patches. I lock down my machine. I'm on the security mailing list. And I use Firefox. It's a better, more secure browser. I've switched everybody I know over to it, and they've been safer because of it.

This post was edited by RMD on Thursday, July 01, 2004 at 14:24.

#5 By 7797 (63.76.44.82) at 7/1/2004 3:58:32 PM
"MS04-011 fixed vulnerabilities, yet hardly anyone applied it on their servers out of stupidity, ignorance, and sloth (SIS)."

Oh really? Hardly anyone applied it? Can you point to a link to prove this allegation? I dont want a link that shows someone didnt apply it. I want to see a link that has authority and that states "hardly anyone applied it".

#6 By 7797 (63.76.44.82) at 7/1/2004 4:00:25 PM
"A correctly configured and maintained Windows system is just as secure"

How many of your non-computer-literate friends and family know how to correctly configure and maintain their windows systems? Do you do it for all of them? Should they have to pay someone to do it for them?

#7 By 7797 (63.76.44.82) at 7/1/2004 4:03:04 PM
"Get a clue, you're either a part of the solution or you are a part of the problem."

People who continue to fail to admit that IE is a big security hole, blaming all problems on admins who are late at patching their servers, are part of the latter group.

#8 By 7797 (63.76.44.82) at 7/1/2004 4:04:54 PM
"Time fo you to realize that Firefox is *just a browser*-- and not a really great one at that. I find it only marginally faster than my IE 6 and has less functionality."

You're right. Its JUST a browser. Thats EXACTLY all they wanted it to be. Can you point out some of the supposedly missing features over IE? Can you point out why you think its not really a great browser?

#9 By 7797 (63.76.44.82) at 7/1/2004 4:08:21 PM
" Nice way to sidestep the issue until someone figures out how to effectively do the same exploit on Firefox and Mozilla. Then what?"

Then it probably won't take the Mozilla team months and months to fix it.

#10 By 7797 (63.76.44.82) at 7/1/2004 4:10:24 PM
"Shall you claim that they too should be abandoned?"

Not unless Firefox browser turns out to be as riddled with security bugs as IE. Just one vulnerability isnt what is causing people to call for IE abandonment. ONE TOO MANY is what is causing it. ONE TOO MANY that hasn't been fixed for MONTHS.

#11 By 7797 (63.76.44.82) at 7/1/2004 4:13:07 PM
"How about helping FIX the problem without being a dork?"

I helped Microsoft enough by paying for windows and office. I expect to pay for a product that doesnt have to be fixed every other week because it was shipped with endless defects. And yes, i help mozilla too by way of donations and bug reports.

#12 By 7797 (63.76.44.82) at 7/1/2004 4:34:22 PM
" Well, finally someone said it!"

Actually the people are coming out of the woodworks to say it.

http://news.google.com/news?num=30&hl=en&edition=us&q=cluster:www%2efcw%2ecom%2ffcw%2farticles%2f2004%2f0628%2fweb%2dnetattax%2d06%2d28%2d04%2easp

#13 By 7797 (63.76.44.82) at 7/1/2004 5:00:28 PM
"Oh well I guess they wouldn't even know what "spyware" was unless you explained it to them, too. I think this is also a big part of the problem."

I dont think its part of the problem. Thats how people are. The OS and the browser etc should be secure enough to not have to know how to keep this stuff out of your system. The shitty security has already spawned the whole anti-virus and anti-spyware industries. We can live without them. What if windows was built secure enough so that these things could be a minor annoyance rather than a major headache in the first place. My grandma who wants to browse the net shouldnt have to know what spyware is, shouldnt have to know how to keep her system secure, shouldnt have to know what patch to run or what IE settings to change in order for her computer not to become a zombie because she's not careful on what things she clicks.

#14 By 17605 (24.18.158.181) at 7/1/2004 6:25:48 PM
>>>You're right. Its JUST a browser. Thats EXACTLY all they wanted it to be. Can you point out some of the supposedly missing features over IE?<<<

I agree that Firefox works just fine but I think if I put it on mmost average and below average computer users computers they would have difficulty figuring out how to simply install a macromedia plug-in. The safety and security of Firefox appears to stem from adding a number of user intervention steps to downloads and plug-ins. IE also becomes more difficult to use with it's security settings on high. Even a pop-up blocker confuses the average user as they don't readily associate a blocked pop-up with why they can't see the checkbook page they click on thier bank site or a number of other similar and legitimate uses of pop-ups. The dillema of convenience and ease of use versus safety is the real issue in all of this.

#15 By 116 (24.173.215.234) at 7/1/2004 7:47:14 PM
Its a given now that IE is starting to show its age. I think everyone is screaming at MS to update their browser. They are no longer the cutting edge that they have been in the past. Microsoft reminds me a lot of America. Usually we are complacent and don't really care about anything until we get punched in the jaw. Then the gloves come off and we wake up. I think MS is starting to get the picture that they are losing mindshare because of IE and working to improve it. Unfortunately this will be a long process and won't be fixed tomorrow. They need a clear strategy for where they are going with it. THey might be stagnating their browser development to move everyone on to Internet 2/XAML/Longhorn which will blend the lines between webpage and client application.

And you know what? I say great! It sucks developing webapps with javascript and all of the other hacks. People much prefer the rich client to web applications. It would be much better if I had a rich programming model that I could do all of the whizbang features that I wanted and didn't have to rely on so much cruft.

For MS its tough because they want the web to be more than what it is right now and have all of their development efforts into this new stuff. Why improve the old stuff when the new stuff is going to be so much better?

For me I don't use Mozilla based browsers because of the clunky interface (see XUL). If someone made the browser widgets just like IE (native windows controls) I would probably be more apt to use it. Also my favorite browser plugin (RoboForm) doesn't function correctly in Firefox. Thats really whats keeping me from jumping ship from avantbrowser.

This post was edited by RedAvenger on Thursday, July 01, 2004 at 19:49.

#16 By 2332 (65.221.182.2) at 7/2/2004 12:20:23 AM
Parkker, I'm not claiming Firefox isn't as riddled with holes as IE. What I'm claiming is that it's simply safer to use. Since so few people use it, hardly anybody is going to target it. It's as simple as that.

The same might be true for Windows vs Macs. The Mac probably has just as many (if not more) security holes than Windows, but because so few people use Macs, they are inherently safer to use in general.

In the case of the Mac, the barrier to switching from a Windows machine to a Mac is far too high to justify the increase in security. You paying more for a slower machine. You have a dramatically smaller software selection. The Mac as a development platform is horrible. Etc.

This is not the case for switching from IE to Firefox. There is no barrier there at all. It takes maybe 5 minutes to download, another 5 or 10 to configure it to your liking, and off you go. You'll rarely, if ever, look back again.

So because Firefox is a great browser, because there is no barrier to switching to it, and because IE is targeted for exploits (and is riddled with holes) so much, it makes a lot of sense to move to Firefox.

I just don't see how you can argue otherwise for anything other than ideological reasons. Anybody who reads this board often knows that I'm a big Microsoft fan. I'm able to make my living because of Microsoft, and I think the majority of their products are the best available. Regardless, I know when I see a dud. Just like IIS 5.x, IE is hopless. Dump it and move on until Longhorn hits.

#17 By 135 (208.186.90.168) at 7/2/2004 12:32:11 AM
Using Firefox because it has features you want is a rationale decision.

Using Firefox because you think it's safer, is not.

Steve Vaughn Nichols should have pursued a career in french fry manufacturing, something he would have clearly exceled at in the New "Bush" Economy.

#18 By 2332 (65.221.182.2) at 7/2/2004 1:03:17 AM
#32 - Using Firefox because you think it's safer, is not.

Why do you say that? It is less target than IE, therefore it is safer. How is that logic flawed?

#33 - Firefox doesn't have as many ties into Windows so there isn't as much of a risk of breaching security levels.

Can you name me a single instance in which IE's ties to Windows were the cause of the damage done by an exploit? What are "security levels"? Are you talking about the "zones" in IE?

IE's ties to Windows have nothing to do with its lack of security aside from making it a better target because its guarunteed to be on 95% of all machines on the web.

#19 By 2332 (65.221.182.2) at 7/2/2004 2:19:24 AM
#35 - IE is more capable of executing arbitrary code because IE is Explorer.

Huh? That is incorrect. Anything in IE that lets somebody execute arbitary code is a bug. Plain and simple. It has nothing to do with the IE/Explorer integration. Firefox has exactly the same capability to execute arbitary code as IE. (But, as far as I know, there are no bugs that allow people to do that yet.)

There were viruses that changed the default application for folders, EXEs, many more things can mess up because IE is Explorer, and you contract these from IE...

I'm not sure that sentence makes any sense. Most of the current set of exploits involve the use of IE-specific extensions to HTML and javascript. Sometimes there are bugs in how IE determines what zone the code is running in, and since code that runs in the local computer zone is fully trusted it may be able to do bad things.

Again, this has absolutely nothing to do with IE's integration with Windows. "Zones" are a 100% IE paradigm, and has no corrisponding Windows equivalent. (With the exception of some of the CAS stuff in .NET., but they're just reusing the paradigm not the implementation.)

#20 By 9589 (68.17.52.2) at 7/2/2004 2:33:12 AM
Linux & Open Source Editor Steven J. Vaughan-Nichols is too dangerous to keep reading!

In a recent report it was proved, by a realiable source, that Vaughan-Nichols is such a blowhard as to be completley unbelievalbe. He is reported to be so prejudice against anything Microsoft that even his fellow "reporters" ne open source propagandists think that he is over the top. eWeek was recently so taken back by his ridiculous diatribes that they have canned him.

Since Vaughan-Nichols recent departure from eWeek you can reach him at vaughannichols@opensourcesucks.com

Now back to our regularly scheduled posts . . .


#21 By 2332 (65.221.182.2) at 7/2/2004 2:33:49 AM
#36 - I think browsing is unsafe. I think I've demonstrated that other browsers are as buggy or buggier than IE and as unsafe or even worse than IE.

How have you demonstrated this? By declaring it as so?

First of all, I've been talking about Firefox. I know of no vulnerabilties for Firefox v.9+, which is the latest version.

Second, even if there were vulnerabilities, which I'm sure there probably are, Firefox is STILL SAFER THAT IE. Nobody uses Firefox (in comparison to IE users), so the chances of somebody targeting Firefox is FAR less than IE. There are dozens of IE exploits in the wild, but few or no Firefox exploits. This alone would seem to demonstrate the opposite of what you've stated.

Lastly, the only example you've given of a Firefox exploit is for and old version and is rated "Less Critical" by the very site you quote! Hardly convincing evidence of Firefox being "as unsafe or even worse than IE".

Are you living in a dream world, man? It seems to me that you having nothing to back up your claims, and yet you continue to ignore all evidence to the contrary. People like you give people like me a bad name. I like Microsoft for good reasons, you seem to like them for some kind of strange anti-anti-MS zealotry reason.

#22 By 7797 (63.76.44.86) at 7/2/2004 7:58:47 AM
Cthulhu:

So far you STILL have not:

1) Posted any links in support to your claim that "hardly anyone" has applied MS04-011
2) Pointed out ANY features Firefox is missing over Internet Explorer.
3) Answered how many of your non-computer literate friends and family know how to keep their system secure, whether you do it for ALL of them, or if they should have to PAY someone to do it for them.

So, lots of hot air out of you.. nothing to back it up.

Parkker: Did you read this at your site:

The following browsers are not affected:
* Mozilla Firefox 0.9 for Windows
* Mozilla Firefox 0.9.1 for Windows

http://secunia.com/advisories/11978/

This post was edited by tgnb on Friday, July 02, 2004 at 08:04.

#23 By 7797 (63.76.44.86) at 7/2/2004 8:37:17 AM
Microsoft owned website recommends Firefox

http://slate.msn.com/id/2103152/

#24 By 20418 (64.228.39.144) at 7/2/2004 11:23:40 AM
#28 Lets take a closer look at the "results" Parkker posted about Opera:

http://secunia.com/search/?search=opera

121 vulnerabilities ...

Parkker listed the first 25 matches. Lets examine the next 25...

---------------------------------------------------------------------------------------------
Found: 121 Secunia Security Advisories, displaying 26-50

Sort by: Match, Title, Date

Title Date
Zero width GIFs may cause exploitable heap corruption in numerous browsers 2002-09-07 (OPERA 7.x NOT AFFECTED)

Cross Site Scripting in multiple browsers 2002-09-03 (OPERA 7.X NOT AFFECTED)

HP OpenView Operations Authentication Bypass Vulnerability 2004-04-13 (NOT OPERA RELATED)

HP OpenView Operations Bypass of Administrative Restrictions 2003-10-13 (NOT OPERA RELATED)

Sun Java Security Model Violation 2003-06-06 (OPERA 5.X - 7.X WITH JAVA ONLY)

Macromedia Flash Player Potential Vulnerabilities 2003-03-04 (OPERA 5.X - 7.X)

HP-UX / OpenView DCE Denial of Service Vulnerability 2003-08-15 (NOT OPERA RELATED)

Gentoo update for opera 2004-05-26 (RECOMMEND UPDATE TO OPERA 7.5)

BEA WebLogic Admins and Operators May be Able to Stop the Service 2004-05-12 (NOT OPERA RELATED)

ignitionServer Operator Privilege Escalation Vulnerability 2004-03-02 (NOT OPERA RELATED)

BEA WebLogic Exposure of Password to Operators 2004-01-27 (NOT OPERA RELATED)

SIRCD Operator Privilege Escalation Vulnerability 2003-11-24 (NOT OPERA RELATED)

Gentoo update for Opera 2003-11-20 (UPDATE TO OPERA 7.5)

Cisco Unity default restrictions allow calls to international operator 2002-10-04 (NOT OPERA RELATED)

Billion BIPAC-640 AE Administrative Web Interface User Authentication Bypass 2004-06-10 (Fixed in version 3.35)

FreeBSD "msync()" MS_INVALIDATE Implementation Security Issue 2004-05-26 (NOT OPERA RELATED)

Xine Playlists can Overwrite Arbitrary Files 2004-04-22 (NOT OPERA RELATED)

Symantec Client Firewall Products Denial of Service Vulnerability 2004-04-22 (NOT OPERA RELATED)

Cisco IOS SNMP Request Processing Vulnerability 2004-04-21 (NOT OPERA RELATED)

BEA WebLogic Exposure of Administrative Credentials 2004-04-14 (NOT OPERA RELATED)

Microsoft Windows 14 Vulnerabilities 2004-04-13 (NOT OPERA RELATED)

Blue Coat Products update for OpenSSL 2004-03-23 (NOT OPERA RELATED)

Tarantella Enterprise OpenSSL Vulnerability 2004-03-22 (NOT OPERA RELATED)

Tarantella Enterprise CGI Utilities Cross-Site Scripting Vulnerabilities 2004-03-20 (NOT OPERA RELATED)

Mac OS X Security Update Fixes Multiple Vulnerabilities 2004-02-24 (NOT OPERA RELATED)


<< Prev 25 matches | Next 25 matches >>
-------------------------------------------------------------------------

For a more accurate representation of the Opera browser:
http://secunia.com/product/761/

Secunia currently has 25 Secunia advisories affecting Opera 7.x.
-----------------------------------------------------------------------------------------------------------
For IE6:
http://secunia.com/product/11/

Secunia currently has 54 Secunia advisories affecting Microsoft Internet Explorer 6.
------------------------------------------------------------------------------------------------------------



#25 By 2332 (207.31.248.12) at 7/2/2004 12:02:10 PM
#50 - Again, you succeed in missing the point and ignorning your own data. Even with that vulnerability, is is FAR SAFER TO USE FIREFOX THAN IE, if only because nobody targets Firefox.

And even if they did, I'd much rather have a spoofing vulnerability than a whole host of vulnerabilities that give attackers free access to my machine.

Get a grip, man.

Write Comment
Return to News
  Displaying 1 through 25 of 333
Last | Next
  The time now is 8:22:43 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *