Warning about MS Browsers

Hi all

I hope this is ok posting here!!

A warning from Germany about Microsoft Browsers; see link;

http://news.bbc.co.uk/1/hi/technology/8463516.stm



MARSEROBERT

 

I've seen that BBC page. There are other reports like this & this.

I haven't used IE for such a long time I think I've forgotten how it works. Honestly, there are far better safer freeware alternatives. The real irony about the Google hacking story is that they have their own (Webkit based) browser Chrome.

So why use IE at planet Google?

 

do people still use IE6 in win2000 or XP? I think I switched from IE6 to IE7 about 5 years ago.

IMO IE8 is easily the safest browser, its less popular than Firefox these days, the smartscreen filter & protected mode are nice features, also I've seen IE8 perform very well compared to FF in some security tests.

 

It's not just IE6, it's all of them.

http://news.cnet.com/8301-27080_3-10435232-245.html?tag=contentMain;contentBody

 

Yep this exploit can potentially affect *all* (post IE5) versions of IE on all versions of Windows. However, the exploit is only being used in the wild right now to attack IE6 on XP.

That said, running IE in protected mode on Vista/7 with DEP/ASLR enabled appears to protect from this attack.

 

I think Opera 10.10 came out as the most secure. Of course, it all depends on which tests you have seen. I just don't have much faith in IE or in its security really. I never really use it though.

I use Opera & together with K-Meleon covered with SpywareBlaster & employing KM's Privacy Bar I can very easily toggle Javascript/block Java applets/Images/block cookies/Kill flash/adblock so I have a lot of control with it.

 

DEP and protected mode are enabled by default and have to be disabled for this to work in IE8. In reality this attack affects those who run way outdated version of windows with IE6, or those who have updated windows but disabled default security features like protected mode/DEP.

I just get kinda frustrated when people state IE8 isn't secure because old versions have vulnerabilities. Old version of Opera, FF, etc have vulnerabilities too.

 

The advisory was updated today.

 

Even more...

 

The IE naysayers wont stop until a full patch is released. It is strongly rumored that it will be out-of-cycle, or out-of-band, as used in some circles.

 

The question of whether to stop using Internet Explorer is one that many businesses and consumers are likely asking this week. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. Currently the flaw exists in Internet Explorer versions 6, 7 and 8 but exploit code is only available for Internet Explorer 6. The reason IE 7 and 8 are both unaffected for now is due to the increased security of the software. Internet Explorer 7 introduced a phishing filter, protected mode to run the browser in a sandbox at low level security rights (vista only) and improved management of ActiveX controls. Microsoft improved security in IE8 by running the browser frame and tabs in separate processes and per-site ActiveX controls. Both IE 7 and 8 also include support for Data Execution Prevention (DEP) that prevents buffer overflow attacks.

So do these attacks mean you should stop using Internet Explorer? Simply put, no. Although it’s true that a vulnerability exists, Microsoft is currently working on a patch to resolve this as soon as possible. If you're still running Internet Explorer 6 then it's definitely time to upgrade. ~ Neowin.net


I still can't figure why Google were still using IE 6 when they could upgrade or use Chrome. I know a few businesses & colleges still run IE 6 on XP. I just don't know why.

 

The advisory was updated only yesterday!

Opinion:
It does not influence or impact me personally how my Government thinks on what software I should be surfing the Internet. I think you are mixing Politics with Software Security.
Microsoft will be issue a patch for this shortly. I do not know when as it is unknown at this time.

As said partly, by Microsoft in the above Advisory:

The advisory is going to be issued out-of-band.