Print
Once again, Internet Explorer (aka "Internet Exploder") has been attacked through a "zero-day" remote code execution vulnerability. That might not seem like MaximumPC.com-worthy news, except for two factors: the flaw is affecting thousands of websites, and this time, it isn't just Firefox fans who are saying "time to switch browsers, already!" - security experts at Trend Micro, the Spamhaus Project, and the UK's PC Pro magazine are all recommending making a switch, according to the BBC. And here's why:
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Attacks against IE7 have been verified, but all versions of IE (including IE 8 Beta 2) have the same underlying vulnerability; a vulnerability not present in IE's competitors (Firefox, Opera, Chrome, and Safari). Switching browsers makes sense for most web surfing, but, alas, some websites and (of course) Windows Update and Microsoft Update for Windows XP won't work with anything but IE.
Since the vulnerability was detected on December 10th, Microsoft code jockeys have been working hard to patch the flaw (Redmond doesn't want you to switch, naturally, and given the way that IE and Windows work together, a broken IE isn't good for anybody), and a patch will be available tomorrow (December 17th) for all versions of IE from 5.01 up, applying to all versions of Windows and Windows Server from Windows 2000 on up. It's rare for Microsoft to perform a security update between Patch Tuesdays, but when a "Critical" vulnerability (the most dangerous category of vulnerability) is discovered, there's no time to waste.
(Updated 12-16-08 with a hat tip to Number Six) If you must use IE in the meantime, Microsoft recommends the following workarounds in its security bulletin (follow link for details):
Note that these workarounds have various effects on your ability to browse certain websites, and some are designed for certain Windows/IE combinations only.
you can use the following workarounds to protect yourself (see the BBC dot.life blog for more information):
What are the long-term implications of this latest security flaw? A BBC technology blogger suggests "[t]his could be the moment when the minnows in the browser wars finally score a significant victory." What do you think? Hit Comment and tell us.
Comments are closed on this article
Germ
December 16, 2008 at 10:30pm
Idunno... I've never had a problem with IE. It looks and works fine for me, and I see it as too much of a pain in the ass to maintain a second browser. Should I check in my "geek" card now???
Keith E. Whisman
December 17, 2008 at 12:24am
actually you could install either Google Chrome or FireFox 3 and when they ask what browser you want set as default just select the one you prefer. I still use IE but only when I absolutely have to like visiting MS Office Update website and stuff like that.
It's easy to switch and there really is no maintaining necessary. If you want to get rid of your history and cache I just use CCleaner. It clears the crap out of everything.
savage4naves
December 17, 2008 at 7:27am
firefox has always worked well for me and the amount of add-ons are too many to count
when installing firefox it's easy to make the switch from IE because firefox can important everything
from your old browser (favorites, homepage, passwords, etc)
A day without laughter is a day wasted...
Number Six
December 16, 2008 at 8:08pm
The suggested workarounds are stupid. You only need to unregister the vulnerable .dll until patched. Instructions are here: http://www.microsoft.com/technet/security/advisory/961051.mspx
-Six
Marcus_Soperus
December 16, 2008 at 7:20pm
Versions 5.01, 6, 7, and 8 of IE are all affected (see paragraph 3) on all currently supported versions of Windows (2000, XP, Vista, server editions, etc.). It's a long-standing problem, although it was first exploited on IE7.
----------------------------------------------------------------------------------------------------
It's amazing how illogical a business built on binary logic can be.
Keith E. Whisman
December 16, 2008 at 9:48pm
What internet explorer has a security flaw? Man that's a new one for me.
gamesfrager
December 16, 2008 at 7:11pm
YES for gods sake..make the switch. Save your browsing experience and save us web developers from applying too many hacks just to get the stupid Internet Explorer to work.
And I think it is up to web developers to start developing for complient web browsers and stop applying hacks to get the site looking consistant on IE.
I as an example started that on my portfolio site. www.sinanghareb.com
SWITCH....JUMP OVER...EXIT THE TUNNEL
atomaweapon
December 16, 2008 at 7:07pm
I hate firefox. I don't care how many people think it's the second coming, or how "cool" it is. It sucks.
I am a web developer and I can't tell you how many times I get a site looking just how I want it, only to discover something is broken in Firefox.
IE 7 for me is also quicker to boot up and quicker to shut down. On Vista AND on XP. Firefox also looks like it was made by programmers programming on linux. Dull grey tool bar, boring windows, uninspired icons.
Then there is the whole "it's more secure than IE". I've been using the interwebs since the beginning and have only gotten infected about twice waaaay back before firefox was even out. That's really because I was deep in the bowels of the internet, clicking on whatever came my way. It's the same principle with Mac users touting "MACS DON'T GET VIRUSES" - because you only have 10% of the market share. There was just a link on Neowin how Firefox was the most vulnerable app on windows - WTF?
So yeah, I'll stick with evil vista and IE7.
winmaster
December 28, 2008 at 7:51pm
If a website looks good in firefox, opera, chrome, or safari, the website is fine. Websites that only look right in IE are broken because IE is broken.
--------------------------------------------------------------------------------------------------
The quick brown fox jumps over the lazy dog.
gamesfrager
December 16, 2008 at 7:15pm
" I am a web developer and I can't tell you how many times I get
a site looking just how I want it, only to discover something is broken
in Firefox. "
Are you for real ! If its not ALWAYS its at least 99.99% the other way. Internet Explorer is BROKEN !
This is not my opinion only. Every where you read articles about CSS and XHTML its how to apply a hack or fix a bug to make it work with IE.
And if you are a web developer and never used the great webdeveloper tool bar, then sorry to tell you; you are missing A LOT.
QUINTIX256
December 16, 2008 at 7:29pm
The CSS positioning scheme is broken, period; especially for procedually generated content, where it isn't wise to specify exact dimensions. I think Microsoft made an excelent judgement by deciding that the whole "display:..." scheme needs to be avoided, among other things. This is the reason behind the whole WYSIWTF jokes surronding IE.
I personally use and like Firefox, but the whole THIS BROWSER IS BROKEN; THAT BROWSER IS BROKEN argument is a mute point at best. Until we have a scheme where dynamic/relatively postioned (font dimension/percentage rather than pixel based, especially for background images/textures) content works properly, all browsers will be "broken", and we will continue to have web pages with vast unused "margins" on widescreen display, or incredibly frustrating eyeball horizontal retrace for text on same said displays.
