Feeds

back to article Microsoft offers workarounds for IE bug

Microsoft has detailed a method users of Internet Explorer can use to secure their computers from the recently discovered exploit allowing malicious code to run on a PC. Microsoft has admitted to the bug, which it says hurts Internet Explorer versions 6 through 9, but leaves IE 10 alone. The flaw is described as follows: A …

COMMENTS

This topic is closed for new posts.

Everything is an Experience at Microsoft

"Enhanced Mitigation Experience Toolkit (EMET)." AKA "EMETic"

At Microsoft, you do not use the toilet, you have a "Metabolic Experience." If you have dysentery, you have a "Enhanced Metabolic Experience."

When you and your spouse get that special spark of an evening, you have a "Conjugal Experience." If it's extra-marital and stolen in the back seat of the car, it's an "Enhanced Interoperability Experience."

When you're being retained as CEO after a dismal job performance, you're having an "Enhanced Retention Experience."

18
0
Big Brother

Re: Everything is an Experience at Microsoft

Doubleplusgood!

0
0
Meh

User Security Enhancement Link Extension Safety System

So instead of relying on the user to decide wether a website is safe when they click on a link, they're reliying on the user to decide whether a website is safe when they click on a security prompt.

Well done Microsoft.

9
0
Silver badge

Re: User Security Enhancement Link Extension Safety System

Indeed, I like those Windows security prompts that occasionally pop up on some sites - especially when you're running Linux.

11
0
Silver badge

Re: User Security Enhancement Link Extension Safety System

"Are you sure that you're sure"? Definitely? Really want to do this?

3
0
Facepalm

Workaround?

Bahahaha.

That's not a workaround. That's a p1ss take.

Surely installing another browser would be ever-so-slightly quicker.

9
0

Re: Workaround?

I totally agree. The simplest solution to the problem is this:

install a different browser

5
0
Gold badge
Facepalm

Re: Workaround?

Do let me know when you find an alternative that never has an exploitable vuln.

1
6
Silver badge

You want a secure browser?

Debian Iceweasel, from the "stable" suite.

It's based on Firefox, but has enough Debian-specific patches to have lost the right to wear Mozilla branding. It might be a few versions behind Mozilla Firefox, but you can be sure it will have had all known security patches applied.

2
0
Anonymous Coward

Firefox

That's my workaround.

4
0
Anonymous Coward

IE is a shit browser, any version is the same.

IE10 is no exception.

6
1

Current user context

So assuming you've not done anything dumb like turn UAC off this is far less serious than it would've been pre-Vista/w7. I've just finished beating in to the user base that the answer to a UAC prompt is no unless you were expecting it because you're installing something new.

1
4
Anonymous Coward

Hmmm

Malicious code often runs on PCs - it's called Windows...

3
1
Anonymous Coward

Re: Hmmm

I'd never heard that one before. You're a comedy genius.

Will you be here all week?

0
0
Thumb Up

Microsoft offers workarounds for IE bug

....and installs chrome.

2
1
Anonymous Coward

Anyone got the time to...

Compare the length of time it takes to download, install and view a web page in Chrome, as opposed to applying the IE workaround?

0
0
Anonymous Coward

Re: Anyone got the time to...

Unfortunately Chrome will be quicker.

Seriously, just go to https://www.google.com/intl/en/chrome/browser/ (preferebly in IE) and watch how scarily fast Chrome installs itself, and how few prompts you get.

Then try and work out how they did it.

0
0
Silver badge

Re: Anyone got the time to...

It installs as a blob entirely into the user context, i.e. anyone can install Chrome on their computer with or without admin rights - and as such it requires no consent to install...that's why it's fast and there are few prompts.

Installing it for all users is a bit more tricky - finding the correct installer on their site can take a while..

1
0
Anonymous Coward

Re: Anyone got the time to...

"watch how scarily fast Chrome installs itself, and how few prompts you get."

Chome is not exceptional when compared to other similar malware out there ;)

Try SRWare Iron instead. Less 'mal' more 'ware'.

1
1
Anonymous Coward

Microsucks needs to properly correct the problem

This patch is not the correct solution to this security issue and Microsucks needs to get their arse in gear and fix the issue properly, now.

1
1
Anonymous Coward

Re: Microsucks needs to properly correct the problem

I believe that you lost the ability post any meaningful contribution the very moment you typed the word 'Microsucks'.

0
0

I don't get it...

How is this even done? Per-page MMU protection bits have been around for 20-odd years. Doesn't Windows load data sections into pages with the don't-execute bit set? If not, why not? How does a user even get access to a code page, or persuade the CPU to execute a data page?

0
0
Bronze badge

I don't like the work around

The poor handling of transitions between trusted and untrusted sites is the major reason I don't use IE more often.

I personally prefer the alternate model, where when you turn things off, they just don't work, rather than giving you pop-up prompts.

I mostly use FF and No-script, because that just-doesn't-work, (no pop-ups), but it goes further than that: I prefer XP in guest mode to Win7 with UAC, because UAC generates twice as many pop-up messages before not doing something unauthorized.

0
0
This topic is closed for new posts.