Warning about MS Browsers

Discussion in 'other security issues & news' started by marse.robert, Jan 16, 2010.

Thread Status:
Not open for further replies.
  1. marse.robert

    marse.robert Registered Member

    Joined:
    Nov 3, 2004
    Posts:
    255
    Location:
    Langar: Nottinghamshire: UK
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Microsoft
     
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I've seen that BBC page. There are other reports like this & this.

    I haven't used IE for such a long time I think I've forgotten how it works. Honestly, there are far better safer freeware alternatives. The real irony about the Google hacking story is that they have their own (Webkit based) browser Chrome. :blink:

    So why use IE at planet Google? o_O
     
    Last edited: Jan 16, 2010
  4. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    do people still use IE6 in win2000 or XP? I think I switched from IE6 to IE7 about 5 years ago.

    IMO IE8 is easily the safest browser, its less popular than Firefox these days, the smartscreen filter & protected mode are nice features, also I've seen IE8 perform very well compared to FF in some security tests.
     
  5. JohnnyDollar

    JohnnyDollar Guest

    It's not just IE6, it's all of them.
    http://news.cnet.com/8301-27080_3-10435232-245.html?tag=contentMain;contentBody
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Yep this exploit can potentially affect *all* (post IE5) versions of IE on all versions of Windows. However, the exploit is only being used in the wild right now to attack IE6 on XP.

    That said, running IE in protected mode on Vista/7 with DEP/ASLR enabled appears to protect from this attack.
     
  7. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I think Opera 10.10 came out as the most secure. Of course, it all depends on which tests you have seen. I just don't have much faith in IE or in its security really. I never really use it though.

    I use Opera & together with K-Meleon covered with SpywareBlaster & employing KM's Privacy Bar I can very easily toggle Javascript/block Java applets/Images/block cookies/Kill flash/adblock so I have a lot of control with it. :thumb:
     
  8. captainron

    captainron Registered Member

    Joined:
    Oct 22, 2009
    Posts:
    77
    DEP and protected mode are enabled by default and have to be disabled for this to work in IE8. In reality this attack affects those who run way outdated version of windows with IE6, or those who have updated windows but disabled default security features like protected mode/DEP.

    I just get kinda frustrated when people state IE8 isn't secure because old versions have vulnerabilities. Old version of Opera, FF, etc have vulnerabilities too.
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  10. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The IE naysayers wont stop until a full patch is released. It is strongly rumored that it will be out-of-cycle, or out-of-band, as used in some circles.
     
  12. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    The question of whether to stop using Internet Explorer is one that many businesses and consumers are likely asking this week. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. Currently the flaw exists in Internet Explorer versions 6, 7 and 8 but exploit code is only available for Internet Explorer 6. The reason IE 7 and 8 are both unaffected for now is due to the increased security of the software. Internet Explorer 7 introduced a phishing filter, protected mode to run the browser in a sandbox at low level security rights (vista only) and improved management of ActiveX controls. Microsoft improved security in IE8 by running the browser frame and tabs in separate processes and per-site ActiveX controls. Both IE 7 and 8 also include support for Data Execution Prevention (DEP) that prevents buffer overflow attacks.

    So do these attacks mean you should stop using Internet Explorer? Simply put, no. Although it’s true that a vulnerability exists, Microsoft is currently working on a patch to resolve this as soon as possible. If you're still running Internet Explorer 6 then it's definitely time to upgrade. ~ Neowin.net



    I still can't figure why Google were still using IE 6 when they could upgrade or use Chrome. I know a few businesses & colleges still run IE 6 on XP. I just don't know why.
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    The advisory was updated only yesterday!

    Opinion:
    It does not influence or impact me personally how my Government thinks on what software I should be surfing the Internet. I think you are mixing Politics with Software Security.
    Microsoft will be issue a patch for this shortly. I do not know when as it is unknown at this time.


    As said partly, by Microsoft in the above Advisory:
    The advisory is going to be issued out-of-band.
     
    Last edited: Jan 19, 2010
Loading...
Thread Status:
Not open for further replies.