Microsoft offers workarounds for IE bug
Microsoft has detailed a method users of Internet Explorer can use to secure their computers from the recently discovered exploit allowing malicious code to run on a PC. Microsoft has admitted to the bug, which it says hurts Internet Explorer versions 6 through 9, but leaves IE 10 alone. The flaw is described as follows: A …
This topic is closed for new posts.
Everything is an Experience at Microsoft
"Enhanced Mitigation Experience Toolkit (EMET)." AKA "EMETic"
At Microsoft, you do not use the toilet, you have a "Metabolic Experience." If you have dysentery, you have a "Enhanced Metabolic Experience."
When you and your spouse get that special spark of an evening, you have a "Conjugal Experience." If it's extra-marital and stolen in the back seat of the car, it's an "Enhanced Interoperability Experience."
When you're being retained as CEO after a dismal job performance, you're having an "Enhanced Retention Experience."
Re: Everything is an Experience at Microsoft
Doubleplusgood!
User Security Enhancement Link Extension Safety System
So instead of relying on the user to decide wether a website is safe when they click on a link, they're reliying on the user to decide whether a website is safe when they click on a security prompt.
Well done Microsoft.
Re: User Security Enhancement Link Extension Safety System
Indeed, I like those Windows security prompts that occasionally pop up on some sites - especially when you're running Linux.
Re: User Security Enhancement Link Extension Safety System
"Are you sure that you're sure"? Definitely? Really want to do this?
Workaround?
Bahahaha.
That's not a workaround. That's a p1ss take.
Surely installing another browser would be ever-so-slightly quicker.
Re: Workaround?
I totally agree. The simplest solution to the problem is this:
install a different browser
Re: Workaround?
Do let me know when you find an alternative that never has an exploitable vuln.
You want a secure browser?
Debian Iceweasel, from the "stable" suite.
It's based on Firefox, but has enough Debian-specific patches to have lost the right to wear Mozilla branding. It might be a few versions behind Mozilla Firefox, but you can be sure it will have had all known security patches applied.
IE is a shit browser, any version is the same.
IE10 is no exception.
Current user context
So assuming you've not done anything dumb like turn UAC off this is far less serious than it would've been pre-Vista/w7. I've just finished beating in to the user base that the answer to a UAC prompt is no unless you were expecting it because you're installing something new.
Hmmm
Malicious code often runs on PCs - it's called Windows...
Re: Hmmm
I'd never heard that one before. You're a comedy genius.
Will you be here all week?
Microsoft offers workarounds for IE bug
....and installs chrome.
Anyone got the time to...
Compare the length of time it takes to download, install and view a web page in Chrome, as opposed to applying the IE workaround?
Re: Anyone got the time to...
Unfortunately Chrome will be quicker.
Seriously, just go to https://www.google.com/intl/en/chrome/browser/ (preferebly in IE) and watch how scarily fast Chrome installs itself, and how few prompts you get.
Then try and work out how they did it.
Re: Anyone got the time to...
It installs as a blob entirely into the user context, i.e. anyone can install Chrome on their computer with or without admin rights - and as such it requires no consent to install...that's why it's fast and there are few prompts.
Installing it for all users is a bit more tricky - finding the correct installer on their site can take a while..
Re: Anyone got the time to...
"watch how scarily fast Chrome installs itself, and how few prompts you get."
Chome is not exceptional when compared to other similar malware out there ;)
Try SRWare Iron instead. Less 'mal' more 'ware'.
Microsucks needs to properly correct the problem
This patch is not the correct solution to this security issue and Microsucks needs to get their arse in gear and fix the issue properly, now.
Re: Microsucks needs to properly correct the problem
I believe that you lost the ability post any meaningful contribution the very moment you typed the word 'Microsucks'.
I don't get it...
How is this even done? Per-page MMU protection bits have been around for 20-odd years. Doesn't Windows load data sections into pages with the don't-execute bit set? If not, why not? How does a user even get access to a code page, or persuade the CPU to execute a data page?
I don't like the work around
The poor handling of transitions between trusted and untrusted sites is the major reason I don't use IE more often.
I personally prefer the alternate model, where when you turn things off, they just don't work, rather than giving you pop-up prompts.
I mostly use FF and No-script, because that just-doesn't-work, (no pop-ups), but it goes further than that: I prefer XP in guest mode to Win7 with UAC, because UAC generates twice as many pop-up messages before not doing something unauthorized.
This topic is closed for new posts.
