Incase anyone missed it, IE has a significant security flaw, that should be patched with in the next 24 hours.

BBC News

MS Security Advisory

Aparently mainly being used by chinese to steal mmog passwords, but could be used to steal any web password aparently. Can be infected by going to normal non dodgy sites (the joys of cross site and "active"/scripted ads ).

Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

LOL @ only

Subject should just be Do not use IE

Yeah this is a pretty big deal. I hope they f***ing fix it soon...

Damn it ..
no porn surfing tonight.

http://www.realtamadwarek.org/friends-dont-let-friends-use-ie.jpg
http://firefoxy.de/firefox_download_post_pics/firefoxy-mozilla_firefox-vs_internet_explorer_firefox_download.jpg

Sorry but The Internet with Firefox is like Sex with a Condom.

Sex with a condom is still sex

The Internet with Firefox is like Sex with a Condom.

Please expand on your cute cliche.

last edited by infi at 18:38:19 17/Dec/08

I think he means that you don't have the added thrill of contracting a virus that will inevitably kill you like you do with IE (and unprotected sex).


Edit: Also, I think it's probably safer to just ignore people who capitalise every noun in a sentence?

Lucky I'm using IE8

But everyone knows sex with a condom sucks, so that is what I thought he was implying.

Yeah I'm pretty sure that's what he was trying to imply too... oh well.

Lucky I'm using IE8

You'd better re-read the above quote paying attention to the last 15% of the sentence :-P

^^ s*** I read it 3 times and still somehow managed to miss it. Oh well it was a lie anyway I use firefox on my main PC, IE8 is on my laptop which never gets used :)

I'm gonna live dangerously and use IE.

You devil you.

Please expand on your cute cliche.

thats as big as it gets.

also, i think hes implying that he finds IE much quicker.

Sif use IE

FireFox & Linux ftw :D

Vista + VMWare + openSuSE + WINE + IE7 ftw

Only joking, just being an idiot.

Sif use firefox, netcat ftw.

http://www.useless-site.com/images/posters/mozilla%20firefox.jpg

11 million is 'serious business'
http://www.viralblog.com/wp-content/uploads/2008/06/firefox.jpg


or Lynx...
http://en.wikipedia.org/wiki/Lynx_(browser)

http://lynx.isc.org/


Still Internet Craptaculor gets clicked jacked.

https://addons.mozilla.org/en-US/firefox/addon/10

https://addons.mozilla.org/en-US/firefox/addon/4042

https://addons.mozilla.org/en-US/firefox/addon/722


At least if your running IE FFS run
http://phoenixlabs.org/pg2/


If not GTFO.

Better yet de-install the thing.
http://www.litepc.com/xplite/mshtmlengine.htm

Why the hell do most of your links have <BR> on the end of the url (and thus don't work)?

Why the hell do most of your links have
on the end of the url (and thus don't work)?

Remove BR then. Most of it is just links to Adblock and NoScript which I am sure people already run.

People might also want to see this:
http://en.wikipedia.org/wiki/Clickjacking

Sorry but The Internet with Firefox is like Sex with a Condom.

thats true, but The Internet with IE is just plain old unprotected gay anal sex

If you still you IE your just a closet fag.

http://www.feelfirefox.net/wp-content/gallery/pictures/use-protection.jpg

last edited by eighty-eight at 04:28:20 18/Dec/08

so does KB960714 address this issue?

^ I think so yes. Thats the latest one out on technet.

my computer sat on the 'updating computer settings' for ages after that update O_o

eighty-eight, awesome pic!@#

For those that only want a stand alone patch package (i.e. not via Windows Update) you can get it here:

http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx

Cheers Opec, I was looking for that.

I trust WSUS will sort this out for me :)

does anyone here actually use IE still?

yup, i run ie8 on my work laptop

Is the patch out for ie8 yet ?

The claims that Firefox is a more secure browser are no longer true

anyone that thinks firefox is less prone to attack/comprimise is an idiot.

firefox in general is usually thought to be more secure because of the many many addons that people run to disable popups, ads, banners, scripts and execution of code. This is what makes these implimentations secure, not 'just being firefox'.

I know pretty good coders/security guys that can literally scan through code and show you where code can be exploited in most situations, open source has the same arguments against that close source has for it.

firefox in general is usually thought to be more secure because of the many many addons that people run to disable popups, ads, banners, scripts and execution of code. This is what makes these implimentations secure, not 'just being firefox'.

My understanding is that Firefox is generally thought safer because it is still a minority user-base browser, despite it's ever growing popularity. This makes it a less attractive target for trojan programmers.

However, I disagree with you on this:

open source has the same arguments against that close source has for it

OSS is potentially worse because a good trojan coder can read the code and find precise security holes. Transparency is still a better method of security than secrecy though, you just hope the good guys patch holes faster than the bad guys can find 'em.

I know pretty good coders/security guys that can literally scan through code and show you where code can be exploited in most situations, open source has the same arguments against that close source has for it.

No it doesn't, they're completely different arguments. Here's a half assed essay I wrote at uni on the differences.

anyone that thinks firefox is less prone to attack/comprimise is an idiot.

I disagree, if only because of its market share. Maybe in a year or so that'll change. As a general rule, I'd say you're going to be more secure running firefox than you are running IE.

i use ie. just cbf'd installing another browser when there's already one there.

yeh but you're a giant newb demon

blah blah blah fanboi, yur mum sez i got the experience where it counts :D

i gotta admit that the longer i use computers the less i wanna customise s*** n f*** around with boring operational progs. might be getting old or maybe that s*** is tedious. prolly both.

nah dude I am exactly the same, I don't have the patience to f*** around with s*** like that any more either. I just want stuff to WORK. I find Firefox is more reliable for me in general (+ I love its features) though so I have no probs installing it.

I disagree, if only because of its market share. Maybe in a year or so that'll change. As a general rule, I'd say you're going to be more secure running firefox than you are running IE.

That couldnt be more wrong. Studies done by very large research firms have confirmed it. If you want to talk about market share then sure lets talk about that... the number of 0day code execution vunrils THIS YEAR ALONE that firefox has PER PERCENT of market share FAR outweights the number of ie per % of market share. Those people that stand next to the ever growing % of firefox's market share and therefore think they are safer are very very wrong and haven't done their research correctly. The market share for the mac browser (sarafi?) / chrome (same engine) + firefox is growing rapidly and about the only thing small enough anymore to stand behind market share + protection wise is an linux / unix based operating system.

last edited by Scorp at 18:47:53 19/Dec/08

last edited by Scorp at 18:48:32 19/Dec/08

Some of what you say happens to be true, but not because of the reasons you claim. While the whole condom thing and the "I'm safe because I run firefox lol" mentality is completely useless, the truth is that the community behind firefox is far more concerned with fixing security holes than being a successful corporate entity. Also, firefox doesn't have activex which says a whole lot more than empty claims like:

That couldnt be more wrong. Studies done by very large research firms have confirmed it.

No jim, it's not an empty claim. Just because i didnt provide nice little links for you doesnt make it any less true. You can do the work yourself if you want to read them. I've done the work previously, ive read the lengthy papers and the facts presented within them. IE and Firefox and now Safari are all on the same boat with 0day code execution exploits released per month/year.

The fact that firefox dev's _may_ fix security issues faster then ie devs (which i dont beleive and probably could find some couter evidence on if i gave a s***) doesnt make 0day exploit any less of a threat and therefore your argument of 'firefox' being more secure then ie is mute. The most dangerous of all malware, spyware, greyware... whatever you call it is 0day and exploited in real time. Once again, this has been proved time and time again.

vista users actually downgrade their security to install firefox

/flamebait

Firefox suffers from vulnerabilities as much as IE does these days. You must also consider if the vulnerability is from Firefox or some extended addon like flash or acrobat (adobe makes shocking software but does release patches for it). IE's major issue is the fact its so embedded into the Microsoft operating system's it can be subject to OS flaws too. No one browser is superior to another in lack of bugs. They all have them, there are differences in the responses by the developer and the control of impact of the bug.

Firefox/Mozilla has had a good track record of fixing bugs very quickly. To give Microsoft some credit, their response times have improved considering the platform IE bugs could be found in(OS, IE's programming, activex, etc).

I use Firefox with NoScript and a decent antivirus product. I also don't surf to questionable sites without some preparation(sandboxed and snapshot based VM + wget FTW!).

demon and trog need to compare dentures and zimmer frames...

That couldnt be more wrong. Studies done by very large research firms have confirmed it. If you want to talk about market share then sure lets talk about that... the number of 0day code execution vunrils THIS YEAR ALONE that firefox has PER PERCENT of market share FAR outweights the number of ie per % of market share. Those people that stand next to the ever growing % of firefox's market share and therefore think they are safer are very very wrong and haven't done their research correctly. The market share for the mac browser (sarafi?) / chrome (same engine) + firefox is growing rapidly and about the only thing small enough anymore to stand behind market share + protection wise is an linux / unix based operating system.

No reference, no read. It's one thing to have an opinion, it's another to quote specific stats without any references and with language like 'studies done by very large research firms' - who?

Security focused research firms like Secunia.com , public disclosure sites like securityfocus.com. Those sites are two i can recall having collected the statistics of flaws in browsers and their impact and solutions.

secunia seems pretty crap.

Downloaded their PSI ... It incorrectly identified OpenOffice 3 as Open Office 2, Firefox 3.0.5 as 3.0.4 at which point I decided it was wasting my time.

Just don't go to dodgy sites. It is the same as not bonking dodgy chicks. You know when you shouldn't go there, with or without protection.

Just don't go to dodgy sites. It is the same as not bonking dodgy chicks. You know when you shouldn't go there, with or without protection.

Easier said than done. Especially after a few rums, amirite?

Oh so the patch is out? I've been waiting for my computer to tell me there's updates available, then I re-checked this thread and suddenly remembered I'd turned automatic updates off. :facepalm:

2004:
IE was vulnerable for 394 days
FF was vulnerable for 56 days

2006:
IE was vulnerable for 286 days
FF was vulnerable for 9 days


As of 10/12/08 IE had 7 unpatched vulnerabilities
As of 10/12/08 FF had 3 unpatched vulnerabilities
guess who was quickest to patch them, and individually. guess how many people don't set their system to automatically update cos they don't like auto reboots in the mornings, compared to simply updating the browser without a reboot or even losing your open pages



http://www.crn.com/it-channel/159906503
http://www.infoworld.com/article/06/03/07/76161_HNsymantecadjusts_1.html
http://secunia.com/advisories/product/19089/
http://secunia.com/advisories/product/12366/
http://secunia.com/advisories/product/11/
http://secunia.com/advisories/product/12434/
http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html

Firefox/Mozilla has had a good track record of fixing bugs very quickly

BS, firefox had a critical bug for well over a year where you could read just about any file on the OS

link or you made it up

I'm going to wager that Microsoft's QC process chain is bigger and longer - it's a bitch having 70% or so market share. So many system configs to be blessed before rollout...

I downloaded and installed Firefox because of this thread - I use it at uni and always intended to d/l on my pc but thought it would be too much effort. It wasn't, it is a very small d/l and easy to install so that's cool. I have a newb question tho: I have Norton installed and protects (apparently) IE like does authentication checks on websites etc. Would Norton automatically protect Firefox as it's just a new program installed on a covered computer or would it not because it needs to be configured?

Thanks

That couldnt be more wrong.

It could have been, Trog could have said "I think fish are mammals and therefore make more secure browsers".