Stop Using Internet Explorer NOW!

[Imhotep]

And the safest way of not killing yourself in a shower, is not taking
a shower.

We are human beings and part of being human is living life taking
risks. A life lived without taking risks is pathetic, and smelly. ;-)


You mean you don't want to switch users.


The problem with IE is that when a hole is discovered, it potentially
effects 85% of the entire worlds PCs. That is just too attractive and
easy target to hit for malware writers. Yes, no software is perfect,
but it is IE's market share that makes it ten, twenty, maybe a
hundred-fold more vulnerable than any other browser.


An no sex is safer than safe sex, but safe sex is a hell of a lot more
fun!

--
Peace!
Kurt Kirsch
Self-anointed Moderator
http://microscum.com
"It'll soon shake your Windows
And rattle your walls
For the times they are a-changin'."

.....nice...

 

[genekster]

Please understand what is just plainly a fact. As the number of Firefox
users increases so will the number of attacks. Firefox and Opera and so
forth are safer than Internet Explorer only because their use is
limited NOT because the software design is better. I use both Firefox
and Internet Explorer and feel safe with either since I keep everything
updated and in use [speaking of Firewalls, Anti-Virus and Anti-Spyware
programs. What you really illustrate is computer user ignorance and
lack of attention NOT software failure.
If you really want them to be super safe [at least for now], just
switch them over to one of the Linux operating system versions. In
other words, have them avoid Windows and Microsoft all together.
Gene

 

[genekster]

Please understand what is just plainly a fact. As the number of Firefox
users increases so will the number of attacks. Firefox and Opera and so
forth are safer than Internet Explorer only because their use is
limited NOT because the software design is better. I use both Firefox
and Internet Explorer and feel safe with either since I keep everything
updated and in use [speaking of Firewalls, Anti-Virus and Anti-Spyware
programs. What you really illustrate is computer user ignorance and
lack of attention NOT software failure.
If you really want them to be super safe [at least for now], just
switch them over to one of the Linux operating system versions. In
other words, have them avoid Windows and Microsoft all together.
Gene

 

[John John]

Try this Gene:

Open Internet Explorer and Type this in the address bar:

C:\Windows\regedit.exe

Now try the same thing with Firefox and tell us what happens.

For NT/Windows 2000 try: C:\WINNT\regedit.exe

John

 

[Phillip Windell]

Try this Gene:
Open Internet Explorer and Type this in the address bar:
C:\Windows\regedit.exe

That is irrelavant. That isn't an Internet URL and has nothing to do with
internet security.

Open a command prompt window and type Del *.*
Ack!!! the Command prompt is totally insecure,..we all gotta switch to
Linux!!

Stand out in the middle of the road with your eyes closed. "splat!"
Ack!! Streets are insecure! We have to stop using roads! We need bridges &
tunnels across all roads! Call the tunnels VPN (Very Pedestrian Netork). Of
course some idiot will find a way to fall off the bridge into the street.

 

[John John]

I'm not saying it's a security risk, the example is just to show that
the software design is significantly different between Firefox and IE.

John

 

[Phillip Windell]

Ok, that is fine then. No problem. But I did have to have some fun with the
pedestrian falling off the bridge, though

 

[Patrick Dickey]

Although I agree with part of your statement (run uses with non-priv
accounts) I beg to differ on the Firefox comment. Firefox is a much better
product and has not had 10% of the security problems IE has. Face it, facts
are facts, regardless of personal feelings....


IM

While I agree with you about firefox being safer, someone else pointed
out that as Firefox, Opera, and the other 'alternative browsers' become
more popular, then people will start exploiting them too. It's just
like the MAC vs. Windows debate. MAC was always seen as more secure.
But, now the hackers are starting to target it as well.

The only real solution, IMHO, if you truly want to make sure you don't
infect YOUR computer with viruses or spyware is................

Use a public computer to access the Internet, and don't ever allow yours
online.

But, since that's not going to happen, it's our job (as posters in these
newsgroups) to give the people who are asking for help ALL possible
solutions. We shouldn't knock one product or solution, just because we
don't agree with (or like) it.

I use IE for my surfing 90% of the time. In fact, I run it on Medium
Security. But, I keep my antivirus, firewall, and antispyware updated
and functioning at all times. And, I'm careful about where I choose to
surf. Have I gotten spyware from IE? No. Have I gotten viruses from
IE? No. I have gotten them through my own momentary attack of stupidity
(opening files that I should have known better). Do I think that I'm
perfectly safe? NO, that's why I surf only the sites that I trust. If
there's a site where I'm questionable, I will open it in Firefox first.
Why? Because Firefox doesn't allow ActiveX controls, and also I have a
Javascript blocker that runs on Firefox.

I also use Linux at times. But, I am fully aware the Linux isn't
necessarily safer then Windows. It's the same principle as MAC OS.
When it becomes more popular, hackers will target it.

Patrick.

 

[Patrick Dickey]

..well, there are in the spyware business now! Think about it, if they fixed
their software they could not sell you anti-spyware for it!

Im

They are selling antispyware now? Since when? The last time I checked,
Microsoft Antispyware/Windows Defender is FREE. And according to their
own press releases and blogs, it will remain FREE.

One Care isn't going to remain free. However, One Care is MORE then an
antivirus and firewall. In some respects, it's the equivalent of System
Works, except that it incorporates all Microsoft programs (NTBackup,
ScanDisk, CheckDisk, Disk Cleanup, an antivirus, and Windows Firewall).

Yes, SystemWorks is a whole different product with different features.
However, SystemWorks has ScanDisk, Registry Checker, Antivirus, Cleanup,
and a Firewall (if you purchase the bundle with Internet Security).

I can tell you that Vista is a heck of a lot more secure then XP or any
other version of Windows. Is it totally secure? Probably not. But, I'm
almost willing to bet that most of you who are complaining right now
about how INSECURE Windows is will be the same ones complaining that you
can't do anything in Vista because of the extra security features.

Patrick.

 

[Gordon]

Patrick Dickey wrote:

I also use Linux at times. But, I am fully aware the Linux isn't
necessarily safer then Windows. It's the same principle as MAC OS.
When it becomes more popular, hackers will target it.

But the attacks won't work for the very simple reason: Linux has a
completely different structure to Windows! You cannot have root without a
password, and as 99.99999% of users do not run as root (unlike the large
proportion of Windows users who run as admin) then a remote attacker can't
run anything as root without the Users knowledge! Quite the reverse from
Windows......

Linux servers are about 2 to 1 compared to windows servers - if there was a
way to attack Linux, it would have been done.....

 

[kurttrail]

They are selling antispyware now? Since when? The last time I
checked, Microsoft Antispyware/Windows Defender is FREE. And
according to their own press releases and blogs, it will remain FREE.

One Care isn't going to remain free. However, One Care is MORE then
an antivirus and firewall. In some respects, it's the equivalent of
System Works, except that it incorporates all Microsoft programs
(NTBackup, ScanDisk, CheckDisk, Disk Cleanup, an antivirus, and
Windows Firewall).

Yes, SystemWorks is a whole different product with different features.
However, SystemWorks has ScanDisk, Registry Checker, Antivirus,
Cleanup, and a Firewall (if you purchase the bundle with Internet
Security).

I can tell you that Vista is a heck of a lot more secure then XP or
any other version of Windows. Is it totally secure? Probably not.
But, I'm almost willing to bet that most of you who are complaining
right now about how INSECURE Windows is will be the same ones
complaining that you can't do anything in Vista because of the extra
security features.

Patrick.

Anal Fistula isn't as secure as my pet rock!

Are you from MS Marketing? Every new Windows is the best ever, until
the next one comes along.

As long as Windows is the biggest, fattest target, it will keep getting
hit, and hit hard.


--
Peace!
Kurt Kirsch
Microsoft-enslaved Moderator
http://microscum.com
"It'll soon shake your Windows
And rattle your walls
For the times they are a-changin'."

 

[Alun Jones]

You know, I have always laughed at that too!

I'm not sure what you're talking about - the test version of Internet Explorer
isn't "at no charge", it's at the "full price for the final product".

Or maybe you're talking about OneCare, where the beta testers ... oh, no, that
can't be right, the beta testers get a discount when the pay-for-play version
comes out.

Perhaps you're talking about the original poster's idea that the beta test is
being touted as the one true solution to the createTextRange bug... oh, no,
that's not right either - the workarounds suggested have been to disable
scripting, or make IE prompt you before displaying scripts, so you can decide
for yourself whether to trust the site you're at. Downloading IE 7 beta just
to avoid this bug has specifically been advised against, because let's face
it, you don't want all the other ickiness that goes along with running a beta
program.

Sure, you can avoid _this_ bug by going to FireFox, Opera, Mozilla, or any of
a number of other browsers. But then you open yourself up to their bugs, and
you don't have the same experience in using the products, so the experience
becomes a little frustrating.

So, you have a range of workarounds proposed, and you pick one that you
disagree with, to complain about, and that hasn't actually been proposed, and
use that with which to play paranoid fantasy games with people in this
newsgroup? For shame.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

 

[Alun Jones]

what technically are the restrictions on limited users?
"sometimes they can't install programs"?
so, the can run an EXE, but not if the EXE puts files on the drive?
not if the EXE creates a directory?

It's more simple and obvious than that, at least in this context.

Restricted users cannot write to common (i.e. used by everyone) areas of the
system - the C:\ root, the C:\WINDOWS tree, C:\Program Files, C:\Documents and
Settings\All Users and so on.

Restricted users can run executables, and can put files on the drive, but only
in places where they have been given rights to do so - and that doesn't
generally include areas that other users are going to be running programs
from.

For those of you using one account on one machine, it's still worth separating
restricted user from administrator - when you download malware in your
restricted user account, you can usually blow it away by restarting the
machine into the administrator account and running a virus scanner.

The point of the separation of restricted user and administrator, to my mind,
is to define when you are running in a mode "allowed to change the system",
and when you are not.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

 

[Alun Jones]

We reduced service calls by 30% by switching users from IE to FireFox.

I'm intrigued - did you research to find out why the service calls were
reduced?

Did you increase overall user satisfaction with their browsing experience?

I hear wonderful statistics like that a lot from people trying to sell their
products, and I know that's not what you're trying to do here, but it's
painfully obvious that many of these statistics look at one number as
representative of their entire enterprise.

If you reduced service calls by 30%, and people are just as comfortable with
FireFox as they were with IE, then great.

On the other hand, if you reduced service calls by 30% because people are now
finding it easier to do their job without bothering to open a browser at all,
that's not so good.

Many users in my environment complain bitterly if we add one click to their
browsing experience, or change the location of a button, so perhaps my users
aren't as sophisticated as yours.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

 

[Alun Jones]

Please understand what is just plainly a fact. As the number of Firefox
users increases so will the number of attacks. Firefox and Opera and so
forth are safer than Internet Explorer only because their use is
limited NOT because the software design is better. I use both Firefox
and Internet Explorer and feel safe with either since I keep everything
updated and in use [speaking of Firewalls, Anti-Virus and Anti-Spyware
programs. What you really illustrate is computer user ignorance and
lack of attention NOT software failure.
If you really want them to be super safe [at least for now], just
switch them over to one of the Linux operating system versions. In
other words, have them avoid Windows and Microsoft all together.

The answer, clearly, is for each user to write their own operating system and
applications, then they'll all have bugs, but they'll all have different bugs,
and a virus won't be able to exploit more than a couple of systems before
fizzling out.

Okay, so I'm being sarcastic - just a little.

You can switch to whatever you want, but unless those operating systems or
applications have significantly improved processes (and please, don't spout
the "many eyeballs" drivel back as if it were either improved, or a process),
they too will become exploited, as they gain footing in the market.

So, the end result is that you are better off with an operating system and a
set of applications that you understand well enough to administer, to secure,
to patch, and to rate the risk of continuing to run with existing settings.

Changing horses mid-stream does you no good if the other horse is a bull that
you've never ridden before.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

 

[q_q_anonymous]

what technically are the restrictions on limited users?
"sometimes they can't install programs"?
so, the can run an EXE, but not if the EXE puts files on the drive?
not if the EXE creates a directory?

It's more simple and obvious than that, at least in this context.

Restricted users cannot write to common (i.e. used by everyone) areas of the
system - the C:\ root, the C:\WINDOWS tree, C:\Program Files, C:\Documents and
Settings\All Users and so on.

Restricted users can run executables, and can put files on the drive, but only
in places where they have been given rights to do so - and that doesn't
generally include areas that other users are going to be running programs
from.

For those of you using one account on one machine, it's still worth separating
restricted user from administrator - when you download malware in your
restricted user account, you can usually blow it away by restarting the
machine into the administrator account and running a virus scanner.

The point of the separation of restricted user and administrator, to my mind,
is to define when you are running in a mode "allowed to change the system",
and when you are not.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | (e-mail address removed).
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

fantastic info, thanks.

I am the techie and adminsitrator of my machine which has but one user.


Suppose I want to run in restricted user mode - for the sake of the
restrictions on what directories can be written to. But I still want
both accounts to have the same desktop. Is that possible?

I confirmed that a limited user cannot write to c:\windows and other
key directories. But, they coudl write to c:\crp - at least that's
the default.
Infact, a limited user can create a folder on c:\, but not a file! They
can create a folder there and put a file in it.

 

[Alun Jones]

Suppose I want to run in restricted user mode - for the sake of the
restrictions on what directories can be written to. But I still want
both accounts to have the same desktop. Is that possible?

I would suggest that you go looking for Aaron Margosis' "MakeMeAdmin"
script.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]

 

[Leythos]

I'm intrigued - did you research to find out why the service calls were
reduced?

Did you increase overall user satisfaction with their browsing experience?

Yes, we found the following:

1) Since we lock-down, restrict users security setting, many sites
appeared to be broken using IE, users had to "Learn" how to setup
Trusted Sites so that they would work.

2) FireFox didn't require any adjustments in order to allow access to
the same business sites.

3) Browsing of sites that were outside the "business" sites also worked
and provided LESS problems and "issues" than IE did.

4) For unmanaged systems, systems in the "wild", switching to FireFox
resulted in less calls to support related to "I just clicked on this
xxxx and I'm not sure what it did, is my computer infected".

5) Other small items as reported by users.

I hear wonderful statistics like that a lot from people trying to sell their
products, and I know that's not what you're trying to do here, but it's
painfully obvious that many of these statistics look at one number as
representative of their entire enterprise.

If users are still able to access sites, and support time is reduced by
xx percent, then it applies, and it works for the stats.

If you reduced service calls by 30%, and people are just as comfortable with
FireFox as they were with IE, then great.

Actually, most are "More" comfortable as they don't worry as much about
malware links and sites.

On the other hand, if you reduced service calls by 30% because people are now
finding it easier to do their job without bothering to open a browser at all,
that's not so good.

No, that's good too - it means they were screwing around when they
didn't need to be. If you can do your work without opening a browser,
then you didn't really need to open a browser to start with. I love the
"I need internet access at work because you own me" types.

Many users in my environment complain bitterly if we add one click to their
browsing experience, or change the location of a button, so perhaps my users
aren't as sophisticated as yours.

We have users at all levels, and the first days use was a little bit of
a change for them, but FireFox has been nothing short of a blessing for
most. We've even relaxed some of the blocking rules because of the
FireFox switch.

 

[Alun Jones]

1) Since we lock-down, restrict users security setting, many sites
appeared to be broken using IE, users had to "Learn" how to setup
Trusted Sites so that they would work.

2) FireFox didn't require any adjustments in order to allow access to
the same business sites.

That says a few things:
1. Your business sites require behaviours that are not considered "safe" by
IE. Yet Firefox considers them safe. Is this a sign that Firefox is allowing
too much?
2. You did not make your "business sites" a part of the local intranet, or you
lowered the local intranet settings extraordinarily low.
3. You did not research the sites that your users use in order to prepare them
ahead of time by deploying a list of trusted sites throughout your
organisation.

3) Browsing of sites that were outside the "business" sites also worked
and provided LESS problems and "issues" than IE did.

That's definitely a benefit.

4) For unmanaged systems, systems in the "wild", switching to FireFox
resulted in less calls to support related to "I just clicked on this
xxxx and I'm not sure what it did, is my computer infected".

Certainly, without ActiveX, there's one avenue of attack that is not available
- but this suggests that you didn't adequately restrict the use of ActiveX.
That, and your users are click-happy and need a good slapping every now and
again.

If users are still able to access sites, and support time is reduced by
xx percent, then it applies, and it works for the stats.

Correct - the goal is to allow the business to operate more smoothly and at a
reduced cost. I suspect you could have achieved the same results by centrally
administering aspects of IE, but you have to go with what you know.

Actually, most are "More" comfortable as they don't worry as much about
malware links and sites.

If they clicked on links and got infected, it seems to me that they didn't
worry enough.

No, that's good too - it means they were screwing around when they
didn't need to be. If you can do your work without opening a browser,
then you didn't really need to open a browser to start with. I love the
"I need internet access at work because you own me" types.

I meant that if you have driven users away from an efficient source of
information to a less efficient source (say, from online sites with searches
and hyperlinks, to paper manuals), because it's now easier to use the manuals,
then you've achieved a loss of utility. Security's important, but it has to
enable the business, rather than disabling it.

We have users at all levels, and the first days use was a little bit of
a change for them, but FireFox has been nothing short of a blessing for
most. We've even relaxed some of the blocking rules because of the
FireFox switch.

Well, good luck to you on that - but I would still remind you that there are
more ways to skin a cat than just liquefying the insides with a hand-blender.
What you've achieved, I believe, from my own experience, could have been
accomplished with IE, with less retraining of users, but perhaps a little more
training of the administrative task (on using the IEAK, for instance). Others
reading this may not be aware that there are several ways to more secure
browsing.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]