back to article Microsoft offers workarounds for IE bug

Microsoft has detailed a method users of Internet Explorer can use to secure their computers from the recently discovered exploit allowing malicious code to run on a PC. Microsoft has admitted to the bug, which it says hurts Internet Explorer versions 6 through 9, but leaves IE 10 alone. The flaw is described as follows: A …

COMMENTS

This topic is closed for new posts.
  1. Doug Bostrom

    Everything is an Experience at Microsoft

    "Enhanced Mitigation Experience Toolkit (EMET)." AKA "EMETic"

    At Microsoft, you do not use the toilet, you have a "Metabolic Experience." If you have dysentery, you have a "Enhanced Metabolic Experience."

    When you and your spouse get that special spark of an evening, you have a "Conjugal Experience." If it's extra-marital and stolen in the back seat of the car, it's an "Enhanced Interoperability Experience."

    When you're being retained as CEO after a dismal job performance, you're having an "Enhanced Retention Experience."

    1. Anonymous Coward 15
      Big Brother

      Re: Everything is an Experience at Microsoft

      Doubleplusgood!

  2. Esskay
    Meh

    User Security Enhancement Link Extension Safety System

    So instead of relying on the user to decide wether a website is safe when they click on a link, they're reliying on the user to decide whether a website is safe when they click on a security prompt.

    Well done Microsoft.

    1. Ole Juul

      Re: User Security Enhancement Link Extension Safety System

      Indeed, I like those Windows security prompts that occasionally pop up on some sites - especially when you're running Linux.

    2. Phil O'Sophical Silver badge

      Re: User Security Enhancement Link Extension Safety System

      "Are you sure that you're sure"? Definitely? Really want to do this?

  3. nuked
    Facepalm

    Workaround?

    Bahahaha.

    That's not a workaround. That's a p1ss take.

    Surely installing another browser would be ever-so-slightly quicker.

    1. Shagbag

      Re: Workaround?

      I totally agree. The simplest solution to the problem is this:

      install a different browser

      1. TeeCee Gold badge
        Facepalm

        Re: Workaround?

        Do let me know when you find an alternative that never has an exploitable vuln.

        1. A J Stiles

          You want a secure browser?

          Debian Iceweasel, from the "stable" suite.

          It's based on Firefox, but has enough Debian-specific patches to have lost the right to wear Mozilla branding. It might be a few versions behind Mozilla Firefox, but you can be sure it will have had all known security patches applied.

  4. Anonymous Coward
    Anonymous Coward

    Firefox

    That's my workaround.

  5. Anonymous Coward
    Anonymous Coward

    IE is a shit browser, any version is the same.

    IE10 is no exception.

  6. Joeykins

    Current user context

    So assuming you've not done anything dumb like turn UAC off this is far less serious than it would've been pre-Vista/w7. I've just finished beating in to the user base that the answer to a UAC prompt is no unless you were expecting it because you're installing something new.

  7. Anonymous Coward
    Anonymous Coward

    Hmmm

    Malicious code often runs on PCs - it's called Windows...

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm

      I'd never heard that one before. You're a comedy genius.

      Will you be here all week?

  8. Anonymous Coward
    Thumb Up

    Microsoft offers workarounds for IE bug

    ....and installs chrome.

  9. Anonymous Coward
    Anonymous Coward

    Anyone got the time to...

    Compare the length of time it takes to download, install and view a web page in Chrome, as opposed to applying the IE workaround?

    1. Anonymous Coward
      Anonymous Coward

      Re: Anyone got the time to...

      Unfortunately Chrome will be quicker.

      Seriously, just go to https://www.google.com/intl/en/chrome/browser/ (preferebly in IE) and watch how scarily fast Chrome installs itself, and how few prompts you get.

      Then try and work out how they did it.

      1. EddieD

        Re: Anyone got the time to...

        It installs as a blob entirely into the user context, i.e. anyone can install Chrome on their computer with or without admin rights - and as such it requires no consent to install...that's why it's fast and there are few prompts.

        Installing it for all users is a bit more tricky - finding the correct installer on their site can take a while..

      2. Anonymous Coward
        Anonymous Coward

        Re: Anyone got the time to...

        "watch how scarily fast Chrome installs itself, and how few prompts you get."

        Chome is not exceptional when compared to other similar malware out there ;)

        Try SRWare Iron instead. Less 'mal' more 'ware'.

  10. Anonymous Coward
    Anonymous Coward

    Microsucks needs to properly correct the problem

    This patch is not the correct solution to this security issue and Microsucks needs to get their arse in gear and fix the issue properly, now.

    1. Anonymous Coward
      Anonymous Coward

      Re: Microsucks needs to properly correct the problem

      I believe that you lost the ability post any meaningful contribution the very moment you typed the word 'Microsucks'.

  11. Displacement Activity

    I don't get it...

    How is this even done? Per-page MMU protection bits have been around for 20-odd years. Doesn't Windows load data sections into pages with the don't-execute bit set? If not, why not? How does a user even get access to a code page, or persuade the CPU to execute a data page?

  12. david 12 Silver badge

    I don't like the work around

    The poor handling of transitions between trusted and untrusted sites is the major reason I don't use IE more often.

    I personally prefer the alternate model, where when you turn things off, they just don't work, rather than giving you pop-up prompts.

    I mostly use FF and No-script, because that just-doesn't-work, (no pop-ups), but it goes further than that: I prefer XP in guest mode to Win7 with UAC, because UAC generates twice as many pop-up messages before not doing something unauthorized.

This topic is closed for new posts.

Other stories you might like