Every single Internet Explorer at risk of drive-by hacks until Patch Tuesday
Microsoft has lined up a bumper Patch Tuesday this month to snap shut a backbreaking 57 security vulnerabilities in its products. Five of the 12 software updates addressing the gaping holes will tackle critical flaws that allow miscreants to execute code remotely on vulnerable systems. In all, the soon-to-be-patched …
This topic is closed for new posts.
Re: @AC
So you have to roll back everything and reboot - which sucks rather a lot. Versus with a more modern hybrid microkernel architecture like Windows where you can just load a new driver on the fly....
Re: @AC
So you have to roll back everything and reboot -
You just suggested me to rollback your entire system to some previous snapshot with everything on the fylesystem, now I hear some "hybrid kernel" faiy tales again. FYI, for modular architecture most of the drivers are loadable modules, that can be loaded and unloaded, as the term suggests. In that case you can always install a different driver against the headers of the current kernel if you wish so.
Tell me please, why does an awesome hybrid Windows kernel need a reboot when it installs a printer driver on Vista? (not sure about Win7/8) Why would need a reboot with pretty much any MS update/patch?
Re: Linux updates just work?
I know, plain text editing sounds very scary to every Windows admin. It's like "a million mouse-clicks" job for us, *nix people. So scaaarrry, I can't type anymore....
What a cluster
IMO, Microsucks O/Ss are so insecure that it's a crime, literally. Microsucks should be fined $10 million for every security issue in every version of Windoze. It's a disgrace and injustice to allow them to sell such crap and make consumers deal with the aftermath of such reckless behavior.
Re: What a cluster
Hmm, who is going to pay for issues in Linux? Torvalds?
Just FYI - For those who poo-poo IE again
Unfortunately with Microsoft's training, you *have* to use it. A lot of their crap still needs it, and hence you can't get away from it.
So as much as most of us reading this site switch to different browsers, in some cases we DO NOT HAVE A CHOICE.
Sorry.
Re: Just FYI - For those who poo-poo IE again
Poxy government and large corporates with their fuckwit IT contracts. The only way one can deliver software is using a browser and the tossers not only insist on internet exploder, but they lock the sodding thing down so it won't work. So the only tools one has is a useless piece of shit browser.
FTW
AC cos the feckers are watching me.
All browsers have vulnerabilities. We expect new features to be rolled out every 15 seconds, but bleat when they aren't bomb-tested prior to rollout.
Public sector monoliths are so jittery about security patches that they prefer to take the entire system offline for a whole weekend in order to soothe their nerves. Which is why it's not uncommon to see ancient versions of SQL Server, Office, and IE in wide usage in their workplace. The impact on workforce morale and productivity is purely negative. The implications for mission critical application upgrades that rely on latest versions are routinely catastrophic.
Two Statements
1. IE kinda sucks. Probably true.
2. Other browsers are flawlessly programmed, totally secure, and not in need of the same intensive testing and patching. Probably false.
Re: Two Statements
1. IE kinda sucks. Obviously true.
2. Other browsers are better programmed, more secure, and not in need of the same intensive testing and patching. Probably true.
Re: Two Statements
Security vulnerability statistics say not true....
Re: Two Statements
....only the "security vulnerability statistics" bought by Microsoft though. Funny that.
Re: Two Statements
Nope, the actual lists of vulnerabilities from the vendors and as verified by CERT, Secunia and others show that IE9 and IE10 have consistently lower vulnerability counts than most other major browsers...
Just like Microsoft current OSs also have had lower vulnerability accounts than commercial rivals like Redhat, Suse and Mac-OS every year since 2004.
It's not that they don't care ... they're just bloody incompetent!
There's little room for caring in a corporation that has defined the concept of "arrogant monopoly." Which means that the wailing and gnashing of teeth from the user base has as much effect as the complaints of the peasantry had upon the nobility of 18th Century France.
What causes me pause is the notion that of the 57 patches, 50 are serious or critical. For Windows XP?? And IE ver. 6?? And these patches are to fill holes and fix vulnerabilities that have been exposed for how long? Years and years? Sure, it's nice that they finally get around to fixing them ... but one begins to wonder: how many more holes are there in that leaky sponge?
The world is gearing up for cyber warfare. Somehow the demonstrably incompetent performance of the world's leading software house leaves me less than confident. Now that the entire retired population of the U.S. is drawing their social security via direct deposit electronic transfer, elders can lay awake at night and ponder the fact that the government and the banks are running M$ product.
@Gray
Take a program like OpenSSL on Debian. Pretty high end in my opinion because it's basically the de-facto tool for SSL certificate maintenance and administration on a Linux environment (also runs fine on Windows btw).
And some day a or some Debian package maintainer(s) got it into his head that he knew better than the OpenSSL author and applied changes to the program to make it more, I dunno, Debian like? Only problem was that this patching of his inserted a major exploitable security flaw on each and every key made by this release of OpenSSL. To make matters worse: Debian knows a lot of forks, including an at that time highly popular distribution called Ubuntu.
Well; as a result all keys between January 2006 and May 2008 were affected.
That's 2 years of misery on a program which is heavily used, and not only that; also specifically used for security purposes.
You were saying ?
Re: @Gray
I read it as he was implying that Microsoft had fucked up an already shite browser during a subsequent 'improvement'/update.
My problem is that IE6 on XP hasn't had an 'improvement', well, since SP3.
Quite frankly it's a dreadful state of affairs.
Re: It's not that they don't care ... they're just bloody incompetent!
If XP is a 'leaky sponge' on ~ 450 vulnerabilities, how do you class Mac-OS (over 1,800 known vulnerabiities!) or SUSE10 (over 3,700 known vulnerabilities!) ?
Ya think?
When was any Microsucks browser secure? Maybe befoe it was ever used or launched, but not 1 second afterwards. Microsucks is a company who has duped the world and become multi-billionaires many times over by selling defective software, which IMO is a crime that they should be punished for with treble damages of the annual income for the past 26 years and mandatory prison sentences for Bill Gates and all executive staff at Microsucks from 1985 to date.
Re: Ya think?
RICHTO? That you? Trying your hand at a spot of "reverse psychology"?
Re: Ya think?
"Microsucks" is so noughties - possibly even nineties
Anyone who looks at the phone and tablet market should know that it's now "Me-Too-Soft"
@Shell_user: So what we have here is a suckiness contest ... ?!
A Debian package maintainer screwed up (you say) and we've got insecure keys. Not good, obviously. I bet nobody turns him loose with the keys to the car again, anytime soon.
But, yer point? A Debian maintainer screws the pooch, and that lets MS off the hook? All is sweetness and goodness cuz the FS/OSS side is suckier? Is that yer point, Bucky? Cuz I ain't buyin' it. All that does is make me even less confident that our systems are secured against the cyber onslaught. Where's yer reassurance that an endless barrage of patches to fix eternal MS screw-ups will keep our electronic glory-hole from imploding in on itself in one glorious sucking event?
I gotta tell ya, Bucky ... 57 patches goin' all the way back to XP and IE 6 ain't the way to make me sleep better at night.
Impressive code reuse
This security flaw affects all versions of IE from 1 to 99, running on Windows 3 to 8, on X86 and ARM
That points to some very good software architecture and framework design!
Re: Impressive code reuse
"This security flaw affects all versions of IE from 1 to 99, running on Windows 3 to 8, on X86 and ARM
That points to some very good software architecture and framework design!"
True.
But some desperately s**t testing practices.
Reality eventually catches up
There is no doubt that Microsoft products are the greatest security risk in PC history not because of their sales volume but due to the volume of security holes that result from badly written code with no priority given to security from the beginning. Trying to fix horrible code after it has been distributed with patch after patch after patch is futile. If consumers knew prior to purchase just how many known security issues exists, it's highly unlikely they'd eever buy or use Microsoft products. It's criminal to defraud consumers in this manner and reap fortunes for doing so.
What's the big deal?
It's only 57 more security holes. Another day, another ten security holes reported. This isn't something new, just a never ending saga.
Yes, but that's not a problem...
Because Internet Explorer 10 recently got the seal "tested Software" from the TÜV, the German institution checking cars for road safety. (the TÜV is a descendent of regional organisations called Dampfkessel-Überwachungs-und Revisions-Vereine which checked steam boilers, it's also the testing institution you saw in TopGear with that mobile car test stand, with its own lobby)
So there's nothing to worry about. It's tested. :)
They need to either fix all the holes or get rid of MSIE
Every week, every month we get patches for MSIE. By now you would think Redmond would have gotten the message that MSIE is far from what we need and is very buggy and wide open to hackers. They need to either make a mass fix of all the problems or get rid of it. While Firefox has its problems, they are nowhere as paramount or serious as MSIE. And Google Chrome may beat them both.
Re: They need to either fix all the holes or get rid of MSIE
Actually, if you look, both Chrome and Firefox and both more bugs and more critical bugs than the current versions of IE...
Re: They need to either fix all the holes or get rid of MSIE
Bearing in mind that a few years ago, IBM did a study and found that on average, for every 1,000 lines of source code, there was at least 1 bug in every piece of software, what would you rather have?
a) A browser whose maintainer freely admits to bugs and fixes them regularly?
b) A browser whose maintainer rarely, if ever, fixes bugs?
The fact is that NO SOFTWARE IS BUG FREE. Whether that software happens to be a Browser, an OS, a complier, a Word processor, a Database or whatever software you care to name.
What matters is the severity of those bugs, how proactive the company behind the software is at finding them, and how quickly they can release tested fixes for those bugs.
I am no fan of any particular OS (although I do like Opera as a browser, followed by Safari), but I do believe that MS have been particularly good recently for both finding bugs in their software, and fixing them quickly.
Stud.
There's no chance of any of them working without telling me something I need.
This topic is closed for new posts.
