I've used something OTHER than Microsoft Internet Explorer since Microsoft Windows 95 hit the streets. Thankfully, I've been on the "other end" of this issue for far longer than most, and even when the browser I was using wasn't compatible with other websites, I still stuck to it.

I make my bread and butter from servicing Microsoft products, and though I've done my best to educate folks about this issue (security and bad overall code design) and it never does end up mattering until a client literally does have to face the ugly security truths. I'll never use it, though.

Firefox and Chrome are fine for me - sometimes Konqueror, but mostly Firefox and Chrome. They've always done what I wanted, and at least I have a knowledge that they're safe, and can't compromise my system.

Sorry to interrupt the bashing/name calling so this may be off topic.
I'd LOVE nothing more than to use FF exclusively! But certain sites like NFL.com and many others simply won't let you view some of their content unless you (atleast) open the page up in an IE tab, which really pisses me off. I hate being forced to use a browser I cannot stand, but it looks like I have no choice. (just ranting)

Try Coral IE Tab. It allows you to use the IE engine in Firefox, while still being able to use AdBlocker.

Thanks for the heads up. I guess my main gripe is that I have to switch out using 3rd party addons to use many sites.
Another question I'm hoping someone can answer is regarding Yahoo Mail, RoboForm is the only option for saving passwords that I've seen so far as FF won't save PWs to Yahoo mail, are there any other free PW managers that work with Yahoo? I only use the basic Roboform and am looking for a free alternative that does the same. If anyone can point me in the right direction it would be much appreciated.

Maybe Keepass?

If only I could dump Safari off my iPod Touch and iPhone. Where's my freedom of choice of a browser to install???

If they're forcing Microsoft to perform this action, why not on Apple products?

Dude? IE6? If your still using IE6, well, shame on you, IE6 was released the same disasterous year Bush got into office.

Regardless of the browser you use, there will always be issues. It is a preference call on which to use. Want to avoid most of the problems, then run your brower as a non admin account.

Forget about security. As just a browser, its one of the worse. No functions at all. Try any newer browser and it has tons of features. IE is a joke.

I use Firefox at home and IE at work. However, I am not on some kind of anti-Microsoft vendetta. I am a software developer, and sometimes I need to work with and support IE.

The last time some unknown virus came through my browser and tried to take over my computer was when I was using Firefox at a site that is known for being hacked from time to time. So, simply using Firefox along is not insurance against attacks. Now, if I need to visit that website, I do so from within VirtualBox. When not using VirtualBox, I restrict my surfing to a handful of trusted sites.

While I agree that IE performance speed-wise and it's lack of compliance to standards make un-usable, I can't help but feel that people are hard on it for security NSS Malware and Phishing tests showed that IE blew the competition away and was by far the most secure browser
http://www.pcmag.com/art...2/0,2817,2351669,00.asp

I'm no security expert, I like to think people at NSS are. Can someone explain what's wrong with NSS's assessment?

Joe, I would love for you to weight in on this. Do you think MS and Opera should work together? Opera is based off a web-kit and is poised for a huge come-back, however even at it's best it's struggled for market share. MS needs to bring something to the table and Opera 10.5 seems to have all the right stuff.

Would love to hear your take on this

P.s. I stuck with Opera 9 till Chrome came out (really my usable was 50-50 between Opera and IE7), FF was too slow to load with all my plugins so I didn't load it till absolutely necessary. Speed of loading time for the browser was my main criteria. However as a web developer I'm painfully aware of IE's shortfalls.

I use FF and hate IE.

I actually like Opera better, but it doesn't support some stuff I need to use sometimes.

Maybe MS needs to get their law team on joe wilcox.

How sweet would that be!

LOL. That would be hilarious.

There's a lot of fanboys here! You know, I hope IE 9 fixes all of IE's wicked ways (and it might). I really don't like bashing things, but IE is the most terrible piece of software on any platform I've ever used. Bring it out of 1999 already, damn!

People with no budget to speak of at all have designed better browsers and engines than the largest software company on the planet, like KDE's Konqueror/KHTML which anyone using Safari or Chrome uses now. :)

Oh there is much much worse. You might think IE is the worst application on any platform until you try I-deas NX 12 on Solaris as I was forced too at UCF. Not to mention basically no information or help exists for I-deas.

many companies collaborate with each other before the news makes the public press.

when mcafee discovered the exploit, it was highly likely that they spoke and advised microsoft well in advanced before making the problem publicly known.

it is also highly likely that microsoft didn't confirm or deny the problem to the public news because the less information known about the issue, the less information will spread to the copycats exploiters.

the problem i think that may occur with other browsers is that they may be easier to hack than ie or are similarly vulnerable to exploitation as ie.

however, ie is the most popular browser for business's and the feds and government contractors, so it will always be a high target for the communist.

reminds me of the klingons always wanting their crown of glory by capturing the enterprise.

Fire fox on Linux

Everyone should be aware by now that Internet Explorer gives you about as much security as walking into a yard full of angry rabid rottweilers while wearing a meat suit.

I personally have IE turned off, the security sliders in the Internet control panel set to HIGH (for stuff that embeds it), and I'm using Firefox 3.6 with a lot of privacy extensions such as Better Privacy, Adblock Plus, NoScript, TACO, BugMeNot, and Web of Trust. And I have EasyPrivacy filter in ABP.

I really don't like being annoyed, spied on, or having the possibility that something malicious can jsut install itself without my interaction. IE is too dangerous to use.

DaemonFC, no mention made of the obligatory tin foil hat ? See you are using Firefox 3.6, did you get the fix they put out yesterday for it ?

"Snow Leopard is the most advanced and secure OS on the planet."

Actually, no. I'm an Apple fan, but Snow Leopard is a horrible piece of junk. Thousands of people are reporting the terrible "beach ball" bug. Several times a day the "beach ball" will spin for nearly 1 minute. Some say it's due to incompatible extensions, but I've experienced it even with clean installs. It's still a terribly flawed OS that was rushed to the market. I'm going back to Leopard for now. So, no, Apple is not all that perfect either.

I personally would love to see Microsoft take some form of legal action against Germany over this one.

First they (Germany, as part of the EU) raised an anti-trust charge against Microsoft etc. and now they come out with an official statement like this.

Surely this is 'the shoe on the other foot' territory?!

I for one still use IE not cos' of being a fairly Microsoft friendly person but because, like so many others, I simply can't be bothered with another browser.

Sure that does mean I might be more open to exploits but most security concerns have mitigating circumstances (user intervention needed, firewall left open, 'must be run with elevated privileges and so) that they aren't actually that big a deal.

I'd rather have an exploit found and have it fixed by the manufacturer of the OS it was running on (in this case Microsoft Internet Explorer running on Microsoft Windows) than leave it up to some other company to patch their app.

As an example I would site Adobe's recent refusal to quickly fix the flaws in Acrobat and Flash\Shockwave that left everyone open to security vulnerabilities by not providing a fix for 6 months or more.

At least Microsoft is responsible enough to report on vulnerabilities and fix them as soon as they can rather than leave the fixes to be included with 'the next version' or just not acknowledge they existed until after they are fixed, sadly both of which are examples of how so many software companies operate.

You have picked the right name there, get with the times man, Australia is talking about banning all infected windows computers off the internet. it's not just IE that's causing the problems All versions of windows are the problem read these reports. you stay with ms that your choice. Don't expect the rest of us to be as dizzy as you
Do you think for one minute MS would take legal action against governments, read these reports and think again
http://boycottnovell.com...s-attacks-and-microsoft/
http://boycottnovell.com...03/military-zombie-army/
http://boycottnovell.com...nger-in-dhs-vista7-awol/

So does this count too?

http://ubuntuforums.org/showthread.php?t=1349678

http://digitizor.com/200...ck-found-in-screensaver/

"A malware has been found in a .deb file claiming to be a screensaver from Gnome-Look. The malware appears to be an agent for a DDoS attack. This affects Ubuntu and other Debian based OS as well. The .deb file in question is supposedly a screensaver of a waterfall. When installed, the “screensaver” installs some scripts with elavated privileges rather than the screensaver that is expected. The script is designed to auto-update itself and potentially to make the infected system take part in a DDoS attack."

...or post your opinions on the article in the open forum below!

Here's a thought: If you don't want to read them, you are more then welcome to....

....wait for it....

....wait for it....

...wait for it...

....not read them.

*gasp* Amazing, isn't it?

What do you think this public forum is for, "Professor"? Just as you have the privilege to praise this particular article, others have an equal privilege to rebuke it.

It's not that I necessarily hate stupid people... I'm simply a believer in letting the problem resolve itself by removing all safety labels.

Wow you're like the super-star poster on this site aren't you? I see your name everywhere. I think you should drop the PC_ from your name dude ;-)

Oooh...clever.

"you should drop the PC_ from your name"

I've never heard that one before...

Got any more gems of 3rd-grade caliber insults for me? Want to try calling me a doo-doo-head? I bet you can do it! I wouldn't hurt yourself trying to get too far beyond that, though...unless you have plenty of paper-towels to clean all the drool off your keyboard.

Seriously...that was your best effort at an insult? Do give your parents my deepest condolences for me, will you? I am sure they did their best.

It's funny...I can't help but thinking what an emotionally stunted, irrelevant twit you must be. What with your only posts on this site today being, ya know...childish insults.

So...did you just stop by here to chat with me, try your hand at being a prick (and fail miserably), and get my life-history, or did you actually have something relevant to the topic or article you'd like to share?

Not that I mind being the center of attention and all, but I am sure you simply *must* have at least some interest in the article...or is it just me you can't get enough of?

As for my bio, most of it is posted here somewhere already. I'll run by the highlights: 36, married, self-employed, three kids (speaks to the "no life" bit), and if you think I am a fanboy, you've obviously only been skimming. Try actually reading the comments that aren't replies to people as stunningly "bright" as yourself. There's a whole world out there that isn't quite so black and white as you'd like to paint it.

I liked the last bit you wrote, very poetic! And thanks for telling me I failed miserably at being a prick. I rather fail at that than failing at confronting pricks ;) Aah come on that was funnny!!!

It was indeed.

I'm impressed. Most folks take things on the intarwebz way too seriously.

But what, no comment on the article itself other than that those of us who think it's BS should "go away and die already!"??

*shrug*

FWIW: IE6 is already dead to us all (here, on this site) for the most-part, so that's moot. The biggest issue is that the article specifically omits relevant information such as:

"The BSI recommended against using versions 6, 7 and 8 of Internet Explorer on operating systems XP, Vista and Windows 7 until the programming faults had been corrected."

*emphasis mine (Source: http://www.dw-world.de/d...icle/0,,5132998,00.html)

The article by Wilcox claims that IE (any version) is less secure than other browsers based on this one exploit, in this one instance, that wasn't even factually reported on. If one is to make such a claim, one might be courteous enough to provide more than just fluff and FUD. Comparing actual exploits, number, time taken to fix, and severity might help?

Claiming it's bad because "Germany says so"...when in fact they were merely advising caution until the vulnerability is fixed is just...well, BS.

...and I really don't think those of us pointing that out need to "go off and die" for doing so. :p

So there.

Taking stuff seriously on the web, nah I leave that for other people. I'm cool with that and I hate everyone equally, hehe.

As for the article, I didn't read the whole thing. It was just way too long :p

lmao

"It was just way too long"

Ahhh...the ADD generation. :)

No seriously I did read it and also read that link you posted above.

My opinion? I have no opinion on this BS. I switched platform and browser a long time ago ;)

Hahahahaa ok!

@iTard7: See? Now *that* was original. Was it so hard to do?

@brunul: You could learn a lot from that one. Sure, he's a complete and total MacTard, but at least he's got some originality. (Though it wouldn't surprise me to learn he'd come up with that one while looking in the mirror...)

wow, iw7 actually posted something that didn't profess his undying love and devotion for Apple? And here I was beginning to think he was just a bot sanctioned by Apple.

As long as IE has code to run things like ActiveX controls, its going to be exploited. There are reasons things like these weren't accepted as Web Standards. For maximum safety run a Web Standards compliant browser like Chrome or Firefox without any add-ins. All the problems in IE that I know about are from when Microsoft "extends" Web Standards or ignores theme entirely. I think dumping IE is a good idea and everyone should do it.

what are web 'standards' really? with set, strict standards set in the past, the web wouldn't be what it is today, 'standards' come and go with innovative ideas, as they should, with that said, quiet unless you know what you're talking about

Web 'standards' are a myth. There are plenty of 'suggestions' and 'recommendations' though.

Typical Microsoft FUD. Web Standards do exist and everyone except Microsoft has no trouble following them and innovating within the standards process.

"everyone except Microsoft has no trouble following them and innovating within the standards process."

*laughing*

Thanks, man. That was awesome. Please tell me you typed that with a straight face. All the good jokes are best delivered that way.

"Tool" by name and "tool" by nature by the look of it. I know this is a public forum but why not keep your comments relative to the subject of the original post.

Peter

""Tool" by name and "tool" by nature by the look of it."

Huh... Just as clever the second time in one day? No, even more so. You must be far and above the most original person I have ever encountered. Hats off to you, Sir!

"why not keep your comments relative to the subject of the original post."

Oh, you mean instead of being relevant to the post ...right above mine....that *I QUOTED*???

*sigh*

Of course, *your* post was *so* eminently relevant, right? Oh, wait...just another insult...it was totally unrelated to the article or the topic in the thread to which you posted.

So let's have a go at it, shall we?

Tell me: Do you honestly think "everyone except Microsoft has no trouble following them and innovating within the standards process."?? Really?

Ya know, do you want to have a go at being "relevant to the topic", or did you just pop in here to give us all a good laugh?

PC-Tool said:
"Ya know, do you want to have a go at being "relevant to the topic", or did you just pop in here to give us all a good laugh?"

The second option! Seems to have worked well on you! :-)

You seem to believe that you can be as rude as you like to others but then get all "hurt" and defensive if somebody bites back. I know this is an open forum but these discussions would be much better if folks like you refrained from commenting.

This is false. A signed java applet has unlimited control over your PC as well and works on all browsers, if you choose to trust the publisher. It's just rare to find java applets these days...

Peter,

Me? Taking it personally? Online? From complete strangers? Sorry...not gonna happen.

brunul and I had some fun tossing around some good-natured insults. Sorry you decided to be the forum police, but that's your problem....not mine. As for getting defensive, you totally misunderstood the entire scenario...again, probably based on this "taking things online personally" thing you seem to have going. We were having fun in an otherwise pointless article.

I don't mind being insulted. Abuse=love...right....right? The more creative and original the better.

"Abuse=love...right....right?"

I somehow knew it... you were beaten as a child, right?

Perhaps as an adult as well. Let me guess... your wife picked up where mom left off. ;)

Amazingly enough, I had an almost idyllic childhood. Big house, plenty of freedom to get myself into all kinds of trouble (and almost burn it down once or twice)... Hey, no-one told me plastic was *that* flammable. I got grounded a lot, but then, can you really blame 'em?

I know... that would have explained everything, right? Sorry, man.

Hey, if you can't argue with and berate those you love without mercy (and get the same in return) then how can you honestly know that they truly love you? I know for a fact that since my wife has been able to put up with me (and me with her) for this long (14 years married, 17 years together)... there ain't a thing in the world that could tear us apart. Same with friends.

Those folks who can't take it? Yeah...those are the one's you know you can't count on.

So very true.

14 years? Good deal... congrats!

Oh, I should mention, though I hinted at it:

Circa 1985 plastic under-desk garbage cans are extremely flammable and produce inordinate amounts of thick black smoke that can be seen pouring from the window of the room for miles.

Also note: The average response time to what must have appeared to be a warehouse of burning tires for the Burnsville, MN FD was about 4 1/2 minutes.

...don't ask.

No elaboration necessary.

I feel it safe to say that had we known each other growing up, we most likely would have been cell mates in juvenile detention... at least once. ;)

EDIT: Burnsville, eh? Someone took that a little too literally.

lmao...

Funny that...the year after I got out of high-school, our school decided they needed to change the "team" name from Braves to something else... then someone started a fire (it wasn't me, honest) in the school causing several hundred thousand dollars in damage to the school.

The new name? The Burnsville Blaze. (My wife was a senior when this happened and had to sit through 3 classes at the Elementary school in those tiny little kindergarten chairs.)

So yeah...literally. :p

What dump it?? Really? It's free it works better then most.
I find it pretty crazy people use anything under IE 8 anyways.

Are you using Chrome v1, Firefox v2, Safari v2 or other outdated browsers? (You might get a virus)

For google as a SaaS company to blame the core of there existance on a flaw on a web browser that is more of the problem. Google has options. They can not allow there system to run on unpatched browsers, They can be selective about it also.

So for all you IT people embrace SAAS and letting your IT out of your control might end up causing you alot of problems. Not just outsourcing your neighbor job to someone in another country. But more IT professionals are only in a job for less then 5 years.

I think the prompts are to SHOW people they are doing something. I also feel like Symantec went this route too. MS can now say, you see we're taking security serious, cause your prompted all the time :(

No reason to abandon IE though. "Should now move to IE8 if you have to use IE, or look elsewhere" would have been a better "neutral" title.

Once FF or Chrome take any significant lead, you'll hear much more about exploits in them. There's already been quite a few exploits for FF, why don't you have an article on them? Fair and balanced, you might learn something.

Totally off-topic, but may be of some use to some (and since there's no "general forum" here....)

http://support.microsoft.com/kb/977346

Windows 7 hotfix for "solid color" background causing "welcome screen" to hang for up to 30 seconds.

(alternate fix is apparently to save the solid-background as a bmp in MSPaint and use that)

More info: Here.

Thanks Joe.

Needed a laugh on a Monday morning. You came through and then some.

Hey, it could be worse... It could be pure fantasy *and* have totally non-amusing comments. Here, we get the best of both worlds:

An article littered with misquotes, misinterpretations, and farcical delusions, followed up by the comments of the ignorant, the uninformed, and the just plain stupid, playfully ripped to shreds by the few folks here who actually take this stuff seriously (or are just having fun with the "gawd21"-types)

It's even better than a soap opera...which I suppose must be a good thing....right?

But... but... it has over 100 comments! That means it was a good article. ;)

Now did you posted that with a straight face? :)

Ohhh... Good... Joe's back. Now, insted of having a dozen "news items" with 5 or 6 comments, we now get one item, with 100 comments. Not that it has any bearing on "news", much less "reality", but there are certainly more comments being made.

Or having a dozen news regarding about how Good Apples doing and How Bad Microsoft doing. Same post as last week but worded differently :)

It's agreed then, everyone switches over to Opera ? Are you with me lads ? I can't hear you ? Opera rocks dude, and IE8 on a Windows 7 machine also rocks, but not quite as much as Opera rocks, so let's also hear it for IE8.

I have followed this IE discussion as an interested retiree with a slight uandicap who spencs much time on the Internet, including purchasing a lot online. Also, as a German by descent, I must disregard the implications in earlier comments in the German action against Microsoft. They did NOT imply to dump IE versions horever. In fact, the news said:The German government recommends using browsers other than Internet Explorer until Microsoft Corp. (MSFT) provides a patch to fix a critical security flaw that allowed a cyber attack against Google Inc. (GOOG).

Misinformation is a dangerous hobby.

Johnnyt39 said:
"recommends using browsers other than Internet Explorer until Microsoft Corp. (MSFT) provides a patch to fix a critical security flaw... Misinformation is a dangerous hobby."

Here! Here! Well said!

Hey, welcome to the real world -- better late than never. I've been running Opera as my browser of choice for a dozen years. No need for anything else, although I occasionally use Firefox mainly to support the open source concept and community. Cheers from New Zealand.

If the tards running this site knew what they were doing they'd harvest the user agent strings when we post/browse and graph those data on the site somewhere.

Then again that would require they have a clue about what they're doing.

Not a bad idea, only I would assume a lot of us post from work, so that would steer the results somewhat.

Still would be an interesting thing to look at.

I am surprised to find such hostility against Mr. Wilcox. It is unwarranted. His article is accurate and informative.

Claiming that Mr. Wilcox is "anti-Microsoft" does not make his comments wrong. He may well be "anti-Microsoft" because of the glaring security holes in Microsoft products. The motivation is irrelevant anyway. What is relevant is whether what Mr. Wilcox says is true.

It is a comforting fiction that Microsoft products aren't really insecure, but are simply targeted more often because they are the most commonly-used products. This isn't accurate. While it is true that Microsoft products get more attention from attackers, they are nevertheless inherently less secure than some other products. There are several reasons for this:

1. Microsoft products were originally designed for microcomputers, single-user, single-tasking, non-networked systems where security was a non-issue.

2. Microsoft products seek to be "backwards-compatible", so that older software will run on newer systems. This enormously complicates Microsoft's products, and perpetuates the security flaws that existed.

3. Microsoft continues to focus on the user experience, with security a secondary consideration. People want features and ease of use, and don't want to be bothered with security issues. Microsoft has chosen to give people what they want - always a wise decision with a corporation - and that means less security. It's a business decision, and a valid one. The price for convenience is a decrease in security.

As for the browser issue, IE has been insecure for over a decade. Some years ago, CERT issued a recommendation that users avoid IE because of severe, uncorrected security holes. While those particular holes were eventually patched, there has been an unending stream of other exploits to take their place.

I'm perfectly fine with anyone using IE, or any other product they choose. If I'm wrong about the security flaws, then great - you've sustained no harm. If I'm right, then great - *I've* sustained no harm.

Mr. Wilcox has performed a service by offering his opinion as to the safety of IE. Those who choose to ignore it may never encounter a problem. If they do have problems, then perhaps they'll be more receptive to what Mr. Wilcox says in the future. These users may find themselves feeling a bit "anti-Microsoft" themselves.

"His article is accurate and informative."

But that is the point, no it is not...

The next pullquote is where you show you have no clue what you are talking about:

" Microsoft products were originally designed for microcomputers, single-user, single-tasking, non-networked systems where security was a non-issue."

All software was, but that has nothing to do with modern software. Even most of the early *nix software assumed one user, one system, and no need for network security. (See the original NFS as an example)

(Holes in the basic fragmentation and bandaids of the *nix technologies are still the easiest way to hack a *nix OS. Heck just get an App to run that pops its way into the XWindows area - which runs at root for an example.)

NT was created in 1990-1993, and it still is one of the most advanced kernel technologies/architecuters.

It was designed to be a Network Application Server OS, with multi-user (not initially implemented), multi-tasking, multi-processor, etc technology. The team that designed it could have built it around MACH and used a *nix model, but they decided they did not want the generic nature of the *nix communication system or the inherent flaws and security problems with the *nix model at the time. NT was created because *nix was NOT GOOD enough. (Go look this up, Inside NT 1993 is a good book to start with.)

What you are refering to is the DOS/Win3.x/Win9X line of OSes that did not have security and later added networking, and never did have true multi-user abilities.

However, all Microsoft OSes based on NT are NOT FREAKING Win9X or older OS technologies. Win2k,XP,Vista,Win7 have NOTHING TO DO WITH the Win9X and older OSes.

All software that has come from Microsoft since 1996 has been designed to run on NT, and as a side effect to run on Win9X. From Office to any named application, all Microsoft software since around 1996 has been designed for NT's Win32 model first and ported to work on Win9X secondly. (This is where the applications moved from x86 to portable C, just like NT is designed as well.)

NT has more security features than any *nix, it is the upper layers of Win32 that XP relaxed the security model was laxed to allow users to run everything at administrator.

This never meant NT was not secure. NT technically is far more advanced and secure than *nix, from inhernet ACLs to even the token object security system, that even kernel level processes have to obtain permission from the security manager to run. (On Linux and BSD, these processes get to run without a security check.) -These security token check levels are also a part of the protected processes in Vista/Win7 that allows for rigid locks for Blu-Ray DRM and better features like using these protected processes to provide a realtime multimedia model, that is like BeOS, and was the holy grail of BeOS, yet was something easy for NT to implement.

It is ignorance of platforms and ignorance of NT that people like Joe and you recite that us OS engineers shake are freaking heads at the lack of 'understanding'.

Even the most hardcore MS-Haters respect the NT kernel and many of the technology NT created and implemented. Even NTFS is something the *nix world has yet to catch up to(ZFS being the closest so far), let alone breaking away from the standard *nix generic textual pipe communication system and becoming a real Object Oriented OS like NT. Go look up Powershell, it is the first Object based CLI and the reason it works this way, is that communications using the native Object Model of NT, which is something NO *nix can do, as by definition, taking away the textual pipe communication would mean the OS is no longer a *nix.

Just give it up, you are out of your league, and just because you and Joe 'think' you have a clue, doesn't change the facts that either elude you and Joe or are out of your grasp of understanding.

@AnthonySPT: I've read this site off and on for years but I felt compelled to create an account just to say that your post here contained so much win I got that nice, warm, fuzzy feeling I haven't had since pseudo-techies like Wilcox flooded the market and turned IT from the department of saviors into a perpetual target for mistrust. Thank you, sir.

You've done well shredding the article and its defenders, but I have a couple more for you.

-- Judging by how often our phones ring here in the IT department, end-users typically don't mindlessly click through security dialog boxes. It's only the wannabes techs like Wilcox that think they know what they're doing that practice mindless click-through. They just assume everyone else does it too.
-- IE (and Firefox, and Chrome, and Safari, and Opera, and...) are *web browsers*, not *security applications*. Their writers definitely owe the end-users some due diligence, but if you're relying on your *browser* to keep you safe on the Internet, you're not thinking it through. End-users understand this too. For the few that don't, you say, "You might have a state-of-the-art bulletproof weatherproof front door, but you still installed a lock, right?" or "You might have the world's safest cars with every safety gadget and gizmo known to man, but you still put on your seatbelt, right?" The same principle applies to web surfing. If your browser gets you to your destination page and displays it correctly, it doesn't really owe you anything else.
-Thanks to people like Wilcox, Firefox and Chrome lead to a false sense of security, while IE most certainly does not. Wilcox and his fellow not-techs have end-users so frightened that any time anything happens, they assume IE did it. I don't know how many times I've gone to an end-user's desk to clean up a malware infection and they protest, "But but but I use Firefox (Chrome, Safari, Opera), not IE!"
-I don't know how the article got onto mobile browsing, but maybe MS hasn't released a good mobile browser because they can't afford any more EU lawsuits at present. I do know that despite the proclamations of "pundits" like Wilcox, those of us out here in the real world doing real work are quite certain that the desktop OS and heavy client paradigm will not be leaving us any time soon. The possibilities afforded in the mobile market have expanded our capabilities without meaningfully diminishing what we do on the desktop.
-We have about 100 desktops here running all sorts of web browsers, and this exploit has not affected us. We also have some of the dumbest (but sweetest) end-users you could possibly imagine (as in, "My Microsoft popped up a box that says my printer is out of paper, and I know you told me what to do to fix that yesterday but I forgot" users). We've had to deal with just about every moderate-to-major problem floating around on the Internet, and this one hasn't even been on our radar. Wilcox is dramatically overstating its reach and threat level.

Wilcox's press-pass may say BetaNews, but it appears his paycheck says Google. BetaNews: please fire Wilcox and hire AnthonySPT.

I am only going to quote this remark of yours, that should hit the nail on the head
NT was created in 1990-1993, and it still is one of the most advanced kernel technologies/architectures.

NT = New Technology, FS = File System so NTFS was. is. and always has been full of security holes from day one. Go back and read the security reports from 2000/2001/2/3/4. Windows ME was supposed to be the next Windows Generation, but fell flat on it's face. XP was a upgrade from NT 2000 and it's still insecure after 3 service packs 9 years later, Vista was a upgrade from XP, again another flop, windows 7 is a upgrade from XP, Microsoft have admitted that to be a fact, It was still released with the same security flaws NT had way back in 2000,
read these reports
http://boycottnovell.com...-control-of-windows-pcs/
http://www.theregister.c...ft_windows_security_bug/

You maintain it's still is one of the most advanced kernel, Yes it is compared to windows for work groups. When it comes to any other operating system kernel it's the dumps, known as the worlds worst operating system, you don't grasp of understanding.of how bad windows really is

Amid all the anger I do see an interesting statement:
"If your browser gets you to your destination page and displays it correctly, it doesn't really owe you anything else."

You do have a point there, it goes back to the age old argument about whether the government should protect people from themselves by enacting all sorts of "laws" to protect people from themselves such as making wearing seat-belts the law. It seems a similar onus is being placed upon companies making browsers. However it may just be a case of product differentiation and if you lean towards one that will do a better job of protecting you from exploits, that's your call the "demand" to make browsers safer does seem unreasonable if they do exactly what they are designed to do.

as a web-developer I'm not a fan of MS, but I do feel that the points as to why MS is less secure are a bit dated... #1, that's just a dated point, #2 I don't why backward compatibility and security cannot be mutually exclusive unless you're saying that backward compatibility is just a copy paste of the code. #3 again, they can be mutually exclusive.

Also, security isn't just about how many exploits are there and how bad they are, 10 exploits that is patch in a week are not as bad as 1 that takes a month to patch.

Factually as well, MS is not as bad as people think, take a read here http://www.pcmag.com/art...2/0,2817,2351669,00.asp

"His article is accurate and informative."

Excuse me, sorry. I accidently spit my coffee all over screen and keyboard.

While I don't necessarily agree with the tone of this article, I do share the belief that it is in the consumers best interest to shake up some of the default applications of a system. For businesses this might be harder to do than just a regular PC user like myself. I personally removed IE8 from my copy of Windows 7 and have been using Opera as my main browser with no problems. This really had little to do with security although I enjoy the security features Opera carries, but more to do with the extra features. Tab restore, Opera Link (synchronizing bookmarks) and even Opera Unite is a nifty feature for sharing files.

I understand a lot of people like IE8 and by all means keep it. For all my friends and family I do recommend they explore alternatives to see what meets their needs best. 5 times out of 5 they are using something different from Internet Explorer.

Joe, your anti-Microsoft diatribes have become stale and boring.

I do not think that the entire known world is going mobile. To the contrary, recent news (see Google) would have my data behind a very closed firewall. Certainly NOT in the cloud.

But then, I'm not a crowd chaser. I tend to do proven technology. Saves my company money, and me a job.

Perhaps Bill G or some other MS luminary violated your kitten?

So we should give up using firefox because it got a "explorer exploit"? Every browser has a bug and exploits, albeit IE has more-Only because of its huge market share. This article is a blunt bias against IE. I prefer Firefox but this article is ridiculous. Most of the points you have against IE can be applied to other browser as well, especially if applied with different wording and its browser specific weak points.

> it's too bad some users will create security
> risk by flipping the switch that allows
> remote images and scripts to load.

Especially when they can be shown on a message-by-message basis using the header/warning bar (just like popups and downloads in IE), or by using View->Show Blocked Images.

Still, I was under the impression the vector this exploit was riding came from adobe reader, which by default opens PDFs in the default browser instead of the standalone reader.

Why not b**** at adobe to change THAT behavior?

Another article from a Microsoft hatemonger with an agenda. Sure there are vulnerabilities but check the other browsers. They have just as many if not more bulletins each week. In fact the biggest threat these days is with PDF documents.

Joe your posts are now becoming the good laugh at the office and other tech blogs.

DUMP IE? Really?

Dump the MOST SECURE BROWSER currently? Really?

Move to Firefox the MOST INSECURE BROWSER for the last two years? Really?

IE7 or IE8 on Vista or Win7 is significantly more secure than any other solution now, with Chrome being a close second that is still fairly new.

So ya, listen to Joe everyone, put your computer at risk because HE SAYS SO, and he is the smartest man in his own mind.

You want an independent report, you got it, see for yourself:

IE malware block rate (page 3):

http://nsslabs.com/test-...Malware%20Q3%202009.pdf

ie block rate for phishing (page3):

http://nsslabs.com/test-...hishing%20Q3%202009.pdf

about nsslabs:

http://nsslabs.com/about-nss/index.php

"Background:NSS Labs is the leading independent security product testing and certification organization, and operates the largest security & performance lab in the world. NSS Labs is independent, and does not have a parent company that competes with product vendors or sells advertising. Our certifications and reports are highly regarded by information security professionals for their rigor, depth and integrity, and are used to validate purchasing decisions in global enterprises. NSS Labs is a participating organization in the PCI Security Standards Council and a member of AMTSO. "

Again, these are facts. Issue largely remains on end user, no matter what OS or browser you use, if you live dangerously, etc.

I don't know if you refer to ie6, but ie7/ie8 on Vista/Windows 7 and running in protected mode is secure because of how it interacts with the host OS (think as a sort of sandbox for IE):

http://netsecurity.about...owspc/a/ieprotected.htm

"Protected Mode is a security measure which relies on Windows Vista's new WIC (Windows Integrity Control) security to control how objects interact with each other. By default, when Protected Mode is enabled, every process and file associated with Internet Explorer is assigned a Low integrity level."

"What is Protected Mode?
Protected Mode essentially places all code that runs from IE into the Low IL. When IE7 runs in protected mode, it and programs it runs cannot "gain write access to files and registry keys in a user's profile or system locations." (source: MSDN)"/articles/818.aspx#ixzz0cvKwnGmv
"
From a security standpoint, yes IE is more secure by design, but still won't stop fact that Firefox is still my, and many others, favorite browser due to extensions.

I suspect Firefox will be even better once they support Vista/win7 protected modes. You will see more Win7/Firefox integration and cooperation in the future.

"IE is the most insecure browser on the freaking planet! Stop spamming crap!

I, sadly, agree with Joe!"

Sadly the facts show Firefox to be the most insecure in number of vulnerbilities, and the most attacked browser the past two years.

It is iditots that buy into the Myth that Firefox is secure and will make everyone ok that keeps many IT people in business when they are cleaning viruses off your systems.

Ironically you will catch spyware and viruses via Firefox and then go on to b**** about Windows being insecure, when it is your own action of running Firefox that let the malicious code on your computer in the first place.

IE has protected mode, Firefox does not. What this means, is that EVEN IF there 100 exploits for IE and 10 exploits for Firefox, the 10 Firefox exploits have access to and will get to modify the User's files and the System. The 100 IE exploits are sandboxed and can do no more harm than modifying files in the Cache or the user's favorits folder - they can't do anything to the system or the user's file to install itself or cause any harm to the system.

Get it? Probably not, this is probably a belief system for you by now.

Seriously, go google any of the security sites, Firefox is trash when it comes to any numbers tracked, and this is with it still be used less than IE.

http://en.wikipedia.org/wiki/Phishing

"Phishing is typically carried out by e-mail or instant messaging,[1] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
EVEN WHEN USING SERVER AUTHENTICATION, IT MAY REQUIRE TREMENDOUS SKILL TO DETECT THAT THE WEBSITE IS FAKE"

Phishing is a serious crime, and can, fool anyone, even those working in IT.

@ gawd21 Exactly

I was going to post that same thing... kudos!

So i must dump IE8. Even though none of the other browers i like. I sort of like Firefox, and use it sometimes. But most time i use IE8. It's much like my choice of anything else. I use what i decide i like the best. As it so happens i dont travel to the underworld of the internet where scary people try to infect my computer with evil programs. My friends on the other hand use all kinds of browers. And they always call me to help them out of some virus hell. I got a friend that only users firefox. And he has had 2 earth shattering attacks this year. Sure these people know very little about computers. But really isn't basic self defense more important then anything else. Another friend of mine thinks he knows alot and uses only Chrome. Guess what he got a virus last week. He lost his entire hard drive from it. The virus just wiped him clean. I was able to recover his lost data. Cause i know a thing or two. But most people could have devine godlike protection and still get screwed. My PC is protected and i dont just click open emails. i scan my pc weekly for various forms of crap. Most times i find nothing. Fact is most people who have issue with viruses and stuff cant be helped. Cause they just click away and worry later. They rely apon me to save there a** when s*** happens. Cause while i offer to train them they dont want to learn.

So stop bashing IE, the problem exists cause morons who cant get laid write programs to try and hurt the rest of the world who does get laid. While they sit in there mommys basement creating the next big virus. I'm not gonna bow to them and stop useing that which i want to use. A virus is just a symbol of how some people dont have a life. The idea that we should change our way to give there actions notice is just stupid. We should work together to find and lock up these fools. Cause like so many other crazy people in this world, they just wont stop.

"The scary underworld"? You don't need to visit that to get your computer infected. Any website, no matter how good their security measures, can get injected with code that can serve malware to your computer. It's not about surfing only known clean sites, nor is it about anyone being stupid. Everyone is at risk these days, regardless of which websites they visit or which browsers they use.

Stop ranting, look up the relevant info, and think it over, since the article's POV is a little off - it's not strictly a matter of which browser is the safest anymore, it's that no browser is safe enough until more is done to "harden them off", so to speak, to all the risks.

If you run IE8 with DEP in Protected Mode then your computer shouldn't be at much more risk than if you were using another web browser. I'm a huge, huge Firefox fan, but that's the truth, regardless.

The only things, IMO, that can make Firefox truly safer than IE are add-ons which you can use to turn off scripting, third-party ads, and other cross-domain vulnerabilities, and add-ons like WOT (which is also available for IE) that let you see the safety rating of websites *before* you visit them.

Actually, even better is to run as LUA. Add in SRP if you have XP Pro or, better yet again, AppLocker if you run Win7 Ultimate.

FF is patched as quickly as IE. Firefox also doesn't delay patches, just so it can be released on the second Tuesday of the month. This is no help if the patch is done on the third Tuesday, and Microsoft delays the patch for three weeks (Are you listening, Adobe??)

When the FF patch is ready, it gets released.

Microsoft does Out-of-Band patches for exploits such as these, they still have to test it the patch, they kind of have ALOT of configurations they don't want to break

Yet Still Firefox has several KNOWN and unpatched exploits.

Yet Firefox doesn't use the security mechanisms of the OS to help protect the users. (Like Protected Mode on Vista and Win7, that MS designed for IE and even encouraged the Firefox developers to use.)

Firefox is statistically the most insecure Browser. It has the greatest potential for exploit, and has been exploited more in the last two years than any other browser.

I don't care what their update cycle is, the code is trash, and now that it is being targeted, the exploits will continue to grow.

Bugzilla. There, now it's proven. *sigh*

You can get a sort of sandbox for firefox (and IE6?) using sandboxie and running firefox/ie6 from inside of that.

http://www.sandboxie.com...WebBrowserSettings1.png

YMMV

gawd21: PSST! https://bugzilla.mozilla.org

"gawd21: PSST! https://bugzilla.mozilla.org";

I guess he's too busy watching gay anime porn to figure that out for himself.

Apparently I severely overestimated his abilities... ;)

Would you kindly provide some support for your claims? Links to authoritative sources would be great.

Actually, it's not. Bugzilla is a public venue in which bugs of all kinds are openly and freely discussed. There is no equivalent system for Microsoft, which jealously guards its bugs and often simply ignores them. There is no way to compare the public information found in Bugzilla, against the flaws that Microsoft products encounter.

To my understanding (and I could be wrong, obviously), Firefox is more secure than IE. The number of known bugs *may* be higher in Firefox, but there could be many reasons for that. One could certainly be that Firefox simply has more bugs than IE. However, there are other possibilities.

It may well be that more bugs are *discovered* in FF, simply because FF source code is publicly available. IE's source code is not available, so discovering bugs is more difficult.

Another reason may simply be that bugs in FF are published widely, without any efforts to hide them, suppress them, or deny their existence. The same is not true of IE's bugs.

So even if the number of *known* bugs really is higher in FF, that doesn't mean that FF is less secure or buggier. It may only mean that we know a lot more about FF than we do about IE.

"There is no equivalent system for Microsoft, which jealously guards its bugs and often simply ignores them."

You are confusing Microsoft with Apple.

Hit up any MSDN or Technet forum, and even some of the more technical public MS forums. They are unmoderated and have TONS of discussions on bugs all the time.

Do people really never use the MS community resources or do they just assume they don't exist?

"Do people really never use the MS community resources or do they just assume they don't exist?"

If they ignore them, they don't exist. It makes it far easier for them to make the asinine claims they make, as demonstrated above.

side note:

For you techies, some interesting articles, "how to run firefox in protected mode"

http://superuser.com/que...-at-low-integrity-level

How to run an application with lower user rights user using "drop my rights"

http://cybercoyote.org/security/drop.shtml

As always YMMV, and again dropping IE entirely is not a realistic option for many companies. There are certain websites that will only work/view properly using IE only.

"Actually, it's not. Bugzilla is a public venue in which bugs of all kinds are openly and freely discussed. There is no equivalent system for Microsoft, which jealously guards its bugs and often simply ignores them. There is no way to compare the public information found in Bugzilla, against the flaws that Microsoft products encounter."

Any of the MSFT forums/channels will provide you with all reported bugs. As MSFT is not open-source, they do not need to provide bug reports as Mozilla does.

"So even if the number of *known* bugs really is higher in FF, that doesn't mean that FF is less secure or buggier. It may only mean that we know a lot more about FF than we do about IE."

Actually, NSS labs (and other security firms) have asserted for quite awhile that FF is less secure than IE. http://nsslabs.com/browser-security/

Knew about Bugzilla. Any IT person worth their salt knows about Bugzilla. Knew about the Microsoft forums and even though it may not be as organized as bugzilla, the information is there if you know how to look for it. Didn't know about nsslabs, thanks for the link.

For those that want more information, you can find the Microsoft Technet Security Center here:
http://technet.microsoft...s/security/default.aspx
National Vulnerability Database from NIST/DHS is here:
http://web.nvd.nist.gov/.../search-advanced?cid=10

IE is a disaster. Always has been, and probably always will be. Microsoft has made some bad mistakes in the design of IE, and apparently doesn't want to fix them. And since IE is slow tightly integrated into the OS, an IE exploit is far more dangerous than an exploit on any other browser.

Firefox, Opera, Safari, Chrome, and SeaMonkey are all good alternatives.

I would much rather use IE8 from a company like Microsoft who has the resources and track record to fix security holes as they are identified. IE is attacked more because there are simply more copies out there... Chrome and FF would likely have the same issues if they were as popular -- they question is can and will they be patched as fast?

well, recent IE exploit is 0day, but i would expect an OOB patch very soon, honestly i wouldn't expect any less from Microsoft, as you said

as for other browsers? we know Mozillas track record is ok (deminishing recently, but vuln far outnumber IE), Safaris record? bad, esp with Windows (again Vuln outnumber IE), Chrome? i'm not sure about, i know they had a wild exploit recently, unsure of how quick it was patched...
Chrome is alright, just personally i refuse to support Google any longer

Mozilla has an excellent track record of updating Firefox promptly to address security issues. Opera and Chrome I cannot comment on.

Microsoft's track record for dealing with security issues in IE and Windows has received widespread and well-deserved criticism over the years, despite having more resources to address such issues than all of its browser competitors combined!

Right now, any browser except IE is a safer bet from the security standpoint...

"well, recent IE exploit is 0day"

There is a reason there is not a massive rush to fix this.

1) IE6 on WinXP ONLY.
2) Both are outdated, IE6 is 8 years old.
3) There are newer versions of IE that people can easily upgrade to.
4) There are even newer OSes people can move to, Win7 will run on almost any XP hardware at XP performance levels. (512mb RAM is only requirement that differs from XP.)

How many more years should Microsoft support IE6, when they have released several new replacement versions?

Do people expect Firefox to maintain and path versions from 2002? No they don't, they require people to upgrade to the new versions where the exploit no longer exists.

IE7 and IE8 on Vista and Win7 are not only immune, but have been immune to various Flash and Java exploits that affected other browsers and OSes in the past couple of years because of the dual sandbox concept IE protected mode offers, so even if an unknown exploit surfaces, it doesn't get access to the system or even the user's files.

"Right now, any browser except IE is a safer bet from the security standpoint..."

I'm sure you believe this, but the statistics and math show just the opposite. Even in 'used' exploits, Firefox is the most insecure browser the last two years.

"There is a reason there is not a massive rush to fix this.

1) IE6 on WinXP ONLY."

Minor correction: It's on Win2k as well. Win2k is still under extended support from Microsoft until July.

"How many more years should Microsoft support IE6, when they have released several new replacement versions?"

As they will support Windows XP through 2014 (extended support), and XP came with IE6 installed, they will have to support it that long, unfortunately. Yeah, it sucks.

"Do people expect Firefox to maintain and path versions from 2002? No they don't, they require people to upgrade to the new versions where the exploit no longer exists."

Right: so MS provides support for their products longer than Mozilla does, ensuring that people who still use IE6 will still be secure in four years. FireFox 1.x users and 2.x users? Not so much.

I don't know about Chrome, but FF is patched more quickly than IE. Microsoft generally waits until the second Tuesday of the month before releasing patches. That means there could be a delay of up to a month in getting a patch out. That is not a good track record. In fact, Microsoft's "track record" on security and patches is dismal.

"That means there could be a delay of up to a month in getting a patch out"

Unless it is severe, and then it hits when testing is signed off. The monthly only update myth is just that.

The only reason Microsoft moved to a monthly 'planned' update cycle was because people complained they updated too often, and in the business world, they had a point. So they moved to a planned monthly cycles so administrators could test any updates long before they are deployed and only have a once a month planned update cycle to schedule IT people around.

The whole FF updates more often is actually a headache for most IT departments, as there is no easy/automated way to allow FF to update itself on end user clients, as it requires a user sitting at the machine with admin level security or an admin typing in the authenication. (Yes there are ways around this for IT people that have a clue, but in most business environments, they don't, and instead users are left running outdated versions of FF until an IT person can personally update FF on the system.)

IMHO Wilcox tends to be too much of a Google fanboy. Read his other articles.

All browsers under Mac and Windows OS's have security problems.

"the German government told its citizens to switch from Internet Explorer. This is good advice for you, too."
Come on Joe, look what happened last time people blindly followed a German government.

What is the hell is an 'anarchism'? Maybe you should drop IE and pick up a dictionary.

@Datalord Yeah, I was rushing out the door and let the spell checker do its thing. It should have been anachronism; corrected now.

Firefox's security record the last couple of years is way worse than IE7 or IE8. In addition, "protected mode" is not a security trick. It's a feature that makes IE (given the habit that most windwos users have to use an Administrative account for everything), the most secure browser running on Windows.In addition, I rarely if ever, have gotten a prompt from protected mode.

stop spreading bulls***:

http://blog.washingtonpo...lorer_unsafe_for_2.html

Let's call you a distinguished microsoft troll and fanboy.

ummm...am I missing something? that article is 3 years old - without doing the research and just trying to recall what I've read (which gets harder the closer I get to 75), Firefox is no choirboy either - ALL browsers are vulnerable.

It's worth adding to this that if the attack is a high-value targeted attack, as in Aurora, then it's no problem to use an unpatched vulnerability in Firefox, which are not unheard of. And this was a 0-day, after all.

That link you just gave was made January 4, 2007, more than 3 years old.
Even using a combo of Linux and Firefox doesn't prevent social engineered attacks:

http://www.omgubuntu.co....ensaver-for-ubuntu.html
http://www.downloadsquad...ss-biggest-vulnerabilit/

At the end of the day, main issue is between KB and chair no matter what OS you use.

Scroll to page 12 of this report:

http://www.cenzic.com/do...ecTrends_Q1-Q2-2009.pdf

Q1-Q2 2009 security report:

web browser vulnerabilities by type:
firefox 44%
safari 35%
IE 15%
Opera 6%

It's pretty clear any large market share app is going to be a big target. Does not mean I won't stop using Firefox or IE. It is what it is and does get fixed regardless.

Next time use a site that actually tests the browsers, and not just list their opinions!

Not quite. While any security can be defeated by a dedicated fool who has root password, it takes more effort using an OS like Linux, Unix, or some others (possibly MacOS, but I don't know for sure).

A "social engineered" attack can hit anyone, true. But that's only one of many attacks. The logic here seems to be that it doesn't matter if you lock your door, because someone might break your windows to get in (no pun intended).

No functional system is 100% secure. They best you can do is to offer enough obstacles to an attacker to discourage the attack. If they want to get in badly enough - and know what they're doing - they'll eventually find a way.

Look at the facts and the stats. what I say is 100% true..

The facts are there and what I said is 100% factual. I quit drugs when I was 15...

"ALL browsers are vulnerable."

Has to be the best comment of the article yet...

Offtopic: could you try "anachronism" instead of "anarchism"? :)

@hansm I was rushing out the door before posting and let spellchecker do its thing. Bad idea, obviously. It's corrected now. Thanks.

Can you say BIASED? Do some real research before making such a recommendation. According to application security firm Cenzic, IE is second only to Opera (who uses Opera?) as having the LEAST vulnerabilities! It makes the news while the rest don't only because it is the most used browser. For more detail, see http://www.gcn.com/Artic...r-Browser-Security.aspx

Joe Wilcox, research? seems an Oxymoron to me

The number of vulnerabilities is IRRELEVANT if you are unsecured.

and IE holds the absolute record in number of days it's been insecure.

full dot

NUMBER of vulnerabilities is a pointless measure, useful only to PR firms: Just ONE major, easy-to-encounter vulnerability is far more serious than a hundred minor, easily-stopped vulnerabilities.

You're being unrealistic about the mitigating factors. As a practical matter, today the only people who are vulnerable are Windows 2000 and XP users on IE6. The Aurora exploit is IE6-only and HD Moore says that IE7 should be just as vulnerable, but they just haven't built an POC for it yet; I'm sure he's right, but even then it only matters if DEP is not enabled. DEP blocks the vulnerability and when they say Protected Mode "limits" the exploit it means that any exploit code that gets through the likely other barriers it will not be able to do anything worthwhile.

So the bottom line is as Ed Bott says: IE6 users are vulnerable and everyone else is either protected automatically or protected through measures they should be taking anyway (DEP).

Even before this it was easy to say that nobody should be running IE6 anymore.

I totally agree, the prebundlement (if there is a word :-P) of IE with XP disks just makes the whole thing much worse when it comes to the expoitability potential of IE6. With so many people reinstalling xp due to bad partitions and no being bothered or not putting in the time to reupgrade to IE8 (or people who have cracked versions of xp who can not upgrade to IE8 due to Windows Genuine Advantage software), there will be no shortage of people who would like to take full advantage of that.

IE6, stop using? sure, if one can, stop already.
IE7/8, they are fine for general public use. my primary is Firefox and will be for awhile.
as for IE8? nothin wrong with it whatsoever, for the majority its seemingly as speedy as Chrome.
http://j.mp/8X72j5 [short vid]

and just to be clear XP and IE6 are exploitable, IE7/8 on Vista and Windows 7 are protected via protected mode along with DEP, the exploit may cause a crash, nothing more, correct me if i'm not up to date on this.

Joe, stop your fear tactics and please, do us all a favor, leave the real reporting/journalism to folks like Ed Bott and the like

you do realise Microsofts Internet Explorer 7/8 have been the least exploitable browser out of the bunch for awhile now? that includes Firefox, Safari etc

IE is the most targeted browser and for good reason
saying its not safe, is just stupid.
one would think you know better Joe, but you never cease to amaze everyone

FUD.

Microsoft also recommends users of Windows XP, upgrade to newer versions of Windows, this time i'd have to completely agree with Microsoft, XP users are putting themselves at greater risk, we've had Vista (which is a perfectly secure OS) and now Windows 7, leaving little excuse, its time to upgrade the 9 year old OS that lack secure features of Vista and Windows 7

or hey, they could move to OS X for all i care, but if friends of yours were running OS 9? everybody would be calling them morons now as well

Given the upgrade cycle with Apple, OS X, you're actually comparing it to Windows 98. OS X first came out in 1999 as a server version. Cheeta came out when Windows XP first came out in 2001. I agree that anyone running Windows 98 or ME is a moron. But basically, you're calling everyone running OS X a moron for using an OS version that's 9 years old, right? Also, would you say that the Windows XP that came out in 2001 is the same OS as XP SP 3?

Windows XP is still being used by the majority of computer users globally. Microsoft's pricing schemes and upgrade paths create roadblocks to a simple upgrade to the newer versions. Data loss, loss of functionality, hardware requirements and a higher price tag in order to upgrade all conspire against the consumer to keep them running their computers until they die, rather than spending $500+/computer (The average cost of the OS and the equipment to upgrade, including RAM, processor, motherboard and video card on the low end.)

I have a saying I tell my customers: Never listen to the advice of anyone who has a financial interest in what they are telling you to do. Microsoft, like any other company, is in the business of making money, so any advice they give regarding their products is to be taken with, at the very least, a grain of salt.

The only time it's necessary to upgrade is when what you have will not do what you need it to do. What you have can be made safer. Using something other than IE for your usual browsing is the first thing to do on that path toward greater computing safety.

Switch to Linux (Ubuntu) It's free secure and Chrome or Firefox run great!!! Stop spending your money on Microsoft, Gates is wealthy enough.... No need for McAffee either!!!!

PS: You don't need new hardware or new computers, Linux runs fast on the old stuff!!!!!!

OS X 10.4, morons, happy?

i don't use OS X, ask someone who does

"MS free for 186 days 6 hrs. 32 minutes and loving it. My wallet is also fatter.!!!!!!!!!!!!!!"

Riiight, because you really sound like someone who would have been paying for Windows in the first place.

Gotta love freetards...

Agreed. I've got a fully-functional system on a laptop with only 128 Meg, 9G hard drive. Works fine, but a bit slow. Has everything I want - browser, word processor, e-mail, news client, etc., etc. No viruses, though. Can't have everything, I guess.

You mean, "free" as in "stolen"? This isn't a good thing, IMNSHO.

Yeah sure. Just as Firefox was thought to be free of vulnerabilites, until it surpassed the 10% market share, making it a worthwhile target for hackers. Then vulnerabilites exploded. If Ubuntu ever passes the 10% market share(doubt it), will see then how secure it is...

so in corporations, you recommend stop using IE and use WHAT?
FF blows and crashes like crazy, and Chrome just isn't there yet. I'm using Maxthon (IE based), FF, and Chrome all at work, and frankly speaking, Maxthon is way better than FF and Chrome right now still.
In a work environment, speed isn't high up there on the list of priorities. It's compatibility and reliablity.

not sure what to tell you about Firefox crashing alot, as of build 3.5.6/7 ... i've had zero problems, admittedly, i believe 3.5.4/5? maybe 3.5 itself, had MANY issues, mostly taken care of now, i'd give it another shot.

not using alot of addons helps as well.

i've tried every version up to 3.6 RC. Still not as good as maxthon. FF is great for personal use, but in a work environment...still not so great.

Agree & Disagree:

Agree: Sure all need to drop IE; any version; for all the good reasons mentioned. WebKit based browsers are the way to go.

Disagree: Chrome shouldn't be your only recommendation... Safari should have been included if not mentioned on top... After all, WebKit was designed and developed by Apple.

My advise: Microsoft isn't playing it straight or fair for that matter... Apple has its share of that too... but Apple clealy has a better PC! Switch to Mac ;-)

2 reasons why IE is so targeted. Its already there on the computer, those too lazy to explore options are going to use this. 2nd its the most popular browser so naturally its going to be targeted to hit as many computers as possible.

I wouldnt go on the way of safari seeing it was cracked in mere seconds at pwn2own (http://gizmodo.com/51752...own-hacking-competition). As far has having the better PC, i have to disagree there too. you just spend more money on your hardware

Yeah... try and get all those enterprises using SharePoint to switch to FireFox, Chrome or Safari, lol.

I would have to agree and disagree with you on WebKit browsers being the way to go. It's like arguing with someone over who's religion is "correct." Of course you, assuming you are an avid Apple user, are going to say Safari is the greatest because that's what comes with a Mac. You might be one of those people talked about above who is just too lazy to go find something else or an Apple fanatic who would rather swallow their MacBook than put non-Apple software on it. Point being, Safari, in all its glory, hasn't been able to touch FF's (a non-WebKit browser) market share. Chrome, which is WebKit based, has over taken Safari's market share in less than a year. So, obviously Safari isn't doing something that browser users want. Yes, there are better alternatives to Mac.

(I like your nice, calm, reasoned reply, there, @chrisdrobison. Thanks.)

We should remember, the Germans also warned against using Firefox: http://bit.ly/8CB8Om and Chrome: http://bit.ly/4EC4uZ

So, perhaps the fellow on webmasterworld.com is right: "So whatever you do guys: DO NOT SURF THE INTERNET. And if you really must. DO NOT USE A BROWSER."

i'm not surprised by my original post being voted down by all the IE haters and/or other browsers' fanboys, but saying to ditch IE totally for other browers is a reasonable way to go just shows how many ppl dont work in a huge corporate company or understand how big corporations work. At worst case, IE will co-exist with other browsers for a long time to come. SharePoint is a big reason. Backwards compatibility is another huge one. Go ask any network admins from one of the big coporations about ditching IE. He'll laugh his head off, because he knows that it doesn't matter if he is the biggest fan of FF or not, IE support won't go away for a long long time.

The company that I work for will not/does not use IE. If you use IE you are not allowed to use their computers. IE is and has been crap. Get a grip!

Some of the stats referenced in earlier comments are new to me, however, I *do* know what OS/Browser combo provides the most billable time for me: Windows with MSIE. Hands down, without a doubt. I've done more reformat and reinstall jobs than I can remember cleaning up behind malware on Windows and MSIE.

I'd imagine firefox has many more known vulnerabilities, because of the simple fact it is open source. With anyone being able to pick apart the interior, it's much more likely that exploits will be documented. It's also much more likely they will be fixed.

With internet explorer, it's kind of a, wait until a nice whitehat reports an exploit, or someone much more nefarious discovers it and starts a s***-storm. You know, something like google getting hacked.

I've used FF 3.0.17 without any crashes whatsoever. Of course, I use it on Linux not Windows. some of that crashing may be complications with the OS, and not inherent to FF. Another possibility is that some of the add-ons may be wonky.

I used FF exclusively at work, without any problems. This was under XP, but without any add-ons, so maybe it's not the OS but the add-ons. I don't know.

I don't know anything about tech stuff, but I do know a lot about civility. gawd21, I don't know what your problem is, but you have the need to sneer and snipe and be incredibly rude, when a simple "I disagree and here is why". If you would try that, people might actually listen to you, and it seems you desperately want people to do that.