Microsoft urges IE users to install security tool

[Reality]

Microsoft urges customers to install security tool

Microsoft urged Windows users on Monday to install a free piece of security software to protect PCs from a newly discovered bug in the Internet Explorer browser.

The security flaw, which researchers say could allow hackers to take remote control of an infected PC, affects Internet Explorer browsers used by hundreds of millions of consumers and workers. Microsoft said it will advise customers on its website to install the security software as an interim measure, buying it time to fix the bug and release a new, more secure version of Internet Explorer.

The free security tool, which is known as the Enhanced Mitigation Experience Toolkit, or EMET, is available from Microsoft.

Read: Full Article

-----

I know most users use FireFox, Chrome or Safari, but based on web server reports, there are still a lot of Internet Explorer users here so ...

#reality

 

[YosemiteSam]

Why people refuse to switch away from IE I have no idea. It's just plain crazy.

This is what this is all about. New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7

You have to be straight crazy to use IE by choice. You are just begging to have your PC exploited. I have banned IE from use in our office. There are only two people that are allowed to use it and they can only use it when connecting to the CME backend website. It doesn't function very well if you're not using IE. (they should be beaten and stabbed for that)

 

[Reality]

Not to defend Microsoft, but their operating system and browser are so popular in many countries, not just here, that it makes them a target. Apple used to boast about Mac's being virus-free until they got popular and a few viruses popped up for them.

The people who create or rewrite computer viruses will always spend their time on targets that offer the greatest return. Personally, I hope FireFox, IE and Chrome continue to split the market as history has shown that when one company leads the pack, they get complacent and lazy. Google is no exception to this rule either.

I love Chrome and have used it for several years now, but I know that if Chrome hit 70% of the market share, there would be zero-day exploits for it released just like IE. No software is completely secure and each time they add new features or rewrite existing code, they increase the chances of exploits being added.

As a developer, I have long believed the best structure for development is to use a single release system where once a version of software is released, no new features are added to that version. Only security and bug fixes are made after that point. Software companies need to get out of this "one version" mindset if we really want to improve software security and reliability.

I can understand not maintaining several versions of each software, but a two-version layered approach using the "once released, no new features to that version, only bug fixes" system would help improve and maintain a secure and reliable version while allowing users who opt-in to use the next release (alpha or beta as it were) that would continue to receive new features while the final release of that version is still being developed.

#reality

 

[YosemiteSam]

In the late 90s, I used to work for one of the top Anti-Virus companies. Microsoft was notoriously stupid security wise when they developed products. They felt integration and features were most important and sometimes did absolutely nothing to ensure security of those features.

Integrating Explorer into Windows was a horrible idea. They wanted it to control the browser world, but all they did is create a direct exploitable link to their operating system. Then they went a step further by creating active X which basically created an API for an attacker to not only have access to the operating system, but other applications and components that were installed on the system.

Microsoft and even IE has definitely gotten better security wise, but IE is still the worst option of the major browsers.

 

[Reality]

In the late 90s, I used to work for one of the top Anti-Virus companies. Microsoft was notoriously stupid security wise when they developed products. They felt integration and features were most important and sometimes did absolutely nothing to ensure security of those features.

Integrating Explorer into Windows was a horrible idea. They wanted it to control the browser world, but all they did is create a direct exploitable link to their operating system. Then they went a step further by creating active X which basically created an API for an attacker to not only have access to the operating system, but other applications and components that were installed on the system.

Microsoft and even IE has definitely gotten better security wise, but IE is still the worst option of the major browsers.

I am well aware of the history of Microsoft and their stupidity when it came to their vision of integration between the internet and their operating system. They even openly admitted they underestimated the impact of the internet.

Basically they envisioned users using their computers as devices inside protected networks where the networks were connected to the internet rather than nodes (computers) themselves directly on the internet. The problem was they had designed the entire operating system around their vision which made quick fixes almost impossible to implement. With Windows 7, they improved their security considerably, but they still have a lot of room for more improvement.

The problem is that most users are spoiled by the openness of the internet and are annoyed (I am too really) when you have to deal with security blocking streams, apps, etc. from working even if it's just annoying popups asking if you want to allow something. Most end-users will click through any popup alert/warning box without even reading it after the first time. Most end-users assume if they are on a site they trust, they can trust them completely and any alert/warning boxes that popup are just a formality.

You and I (and others of course) know how the internet works. The internet is built around the "web" concept and a single web page can deliver content to an end-user from an infinite number of other nodes throughout the internet and world. Users just want an easy-to-use interface without any annoying distractions or interruptions so the operating systems have to find a way to make that happen. Microsoft's "trusted networks" feature was great intention-wise, but is not really realistic when it comes to the internet. At least not the way the internet is structured now.

#reality

 

[BrAinPaiNt]

Even if you take the security issues completely away...let's say that all the major browsers were equally secure...it shocks me that people would still use IE over the other main ones.

IE is so slow compared to other browsers that it is very noticeable however I have been told that the Windows 7 IE version has made strides.

I know for years I have had to deal with people who used IE and it was ALWAYS slower than Firefox, Chrome or Opera.

I understand that some people just started out using IE and many people are just not good with change...even if you can show them all the benefits of the change. If they are not forced to change they just won't.

In any PC I set up for my work I always add Chrome (at least) and sometimes Firefox on them.

I encourage users to use one of those two browsers and for those that do start using it they notice the difference at once and if for some reason use IE for something later really notice the difference.

For those that refuse to use them and stick with IE...when they do something stupid and I have to go online to download or look for things...I can use the other browsers and this can come in hand when they do get certain viruses or malware as some will not let you download certain things or reach certain web sites if you are using IE.

If IE was not integrated into windows...IE would have fallen by the side and the other browsers would have taken over as the dominant browser(s). It has been years and years since it seemed like MS cared about IE and they just not seem to be making some strides.

I finally got my mother to quit using IE and start using Chrome this past year (after years of her continuing to use IE).
I went so far as to remove the shortcut/icons of IE on her desktop. :laugh1:

It is AMAZING how the number of calls to fix her computer have dropped. It was every few months that I used to get calls about how it was taking forever for her to get the web to load and pages to load on various sites...only to go there and see all kind of stuff wrong with the computer due to IE related issues.

Now...rarely ever does she call about her internet being slow. To be fair I also taught her not to add any toolbars and to actually read the popups that might ask her if she wanted to install toolbars and so on. :laugh1: