MICROSOFT has issued a critical security alert that affects 900 million people using its Internet Explorer web browser.

The computer giant warned of a newly-discovered flaw in Windows that could be exploited by hackers to steal personal details or take over computers.

The glitch is so severe it potentially affects every user of Internet Explorer.

Firefox, Google Chrome and Safari browsers are all unaffected by the threat because, unlike Internet Explorer, they don't support MHTML files, where the problem lies.

A Windows update to fix the bug has not yet been released.

In the meantime, Internet Explorer users are being urged to patch their browser with a Microsoft Fixit patch:

http://blogs.technet.com/b/srd/


FULL ARTICLE/SOURCE (http://www.news.com.au/technology/alert-as-900-million-ie-users-at-risk/story-e6frfro0-1225998038424)

I haven't used IE for years. No matter what they do, that program is Always garbage.

Firefox, Google Chrome and Safari browsers are all unaffected by the threat because, unlike Internet Explorer users, they have a modicum of sense and self preservation......

Fixed.:D

that program is Always garbage.
900 million people can't be wrong!
Wait...what? :DL
(for the record, Firefox user here).

So Microsoft have again put a door in their Windows :nope: 900 million users are lazy or uneducated.

Firefox has it nailed shut :yep: ~190 million users can't be wrong.

But not all 900 million occurrences of IE are used, I have it on all work and home computers but only ever use it for a site that needs it (MS online training, systemrequirements.com, very little else!)

As an aside - although I mainly use Google as my primary search engine, their behaviour regarding privacy (collecting Wi-Fi details 'accidently' whilst doing their StreetView program?, amongst others!) leaves little trust in their browser.

As another aside - my wife only ever uses IE as she finds FF too different and confusing (she's intelligent - studying for Masters :doh:) can't cope with tabbed browsing even though IE finally supports it! :nope:

I find it amazing how people are anti-microsoft - yet run the software anyway. Windows is a heck of a lot more complex a OS "program" (although its many of them working together) than something like Silent Hunter. The Millions of lines of code that go into an OS compared to those of a game - due to their purpose - are alot more apt to create bugs. Yet, companies like M$ are alot more responsive to problems than say, Ubisoft. *This is not slamming the devs, just that the business models operate very differently and thus the companies have different focuses.*

MS constantly develops patches, workarounds and combined service packs to resolve issues - for years after a product launches. Game companies? Normally a year if your lucky.

But if people get a chance to jump on MS - they do.

Chrome? Please - that thing was (and is)so full of security holes its unreal.
http://news.cnet.com/8301-30685_3-20014222-264.html

Firefox? Here is a list of things they have had to fix - so far....
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html

Safari? Its Apple - it must be secure, right? Think again.
http://support.apple.com/kb/HT4196

Any program of sufficient complexity is going to have problems. Thinking that just because its an M$ product means its evil, bad, or unsafe while under the assumption that other stuff is fine, means you truly do not understand the technology your dealing with. Want to complain, at least find a target that doesn't fix the problems in their software after they get your money.

Like some game companies.

Remember when Firefox users couldn't visit SubSim for a week? Must have felt very educated and sensible.

If anything could keep me using IE it's the arrogant attitudes I see in this thread. I don't mind honest comparisons, but this "You're an idiot if you use XXX" is as childish at the very least. I don't mind being instructed, but talked down to? Stuff it.

If you read the article it says the problem is with WINDOWS, and IE exploits the security hole.
Yea although:
presumably because they don't want users to migrate to other browsers.Also:

This workaround is an MSI package (Microsoft "FixIt") that uses the Windows application compatibility toolkit to make a small change to MSHTML.DLL every time it is loaded by Internet Explorer. This change causes Internet Explorer to refuse to import a CSS style sheet if it has the same URL as the CSS style sheet from which it is being loaded. Simply put, the workaround inserts a check to see if a style sheet is about to be loaded recursively, and if it so, it aborts the load of the style sheet.It would certainly seem that it is a Internet Explorer issue, since the patch/workaround addresses exactly that.

Remember when Firefox users couldn't visit SubSim for a week? Must have felt very educated and sensible.
Haha, very good.

I use Firefox, have done for years. I don't like IE too much, but it's not actively awful, at least in version 8+. I hate Chrome for the same reason I dislike Apple products - it feels like I'm using a toy. Firefox I can keep the way I likes it.

What the hell do I know though, I like Vista :D

Microsoft's the biggest kid on the block; of course people are going to take potshots. Some may be justified, some, not so much.

I used Firefox until it started getting v....e....r....y....s....l....o....w.... loading pages. Then I switched to Chrome; I'm satisfied with it, and with the Firewall and Security software I've loaded onto this thing. It's not a matter of which one's "more secure" or whatever. I just like what I use at the moment.

And consider: Microsoft is writing and maintaining how many zillion lines of code, on how many different types of platforms, across how many languages, across how many different iterations of not only OS, but also web browsers, Office software... frankly, I'm not surprised that there are errors and holes. What amazes me is that any of it works at all, let alone as well as it does.

Maddogk - I own no stocks in M$, nor am I a developer - for them or anyone else.


what choice do we have ?

For the majority of users, there are a lot of choices. What flavor gui would you like running Linux? Want something that looks and acts like windows, just with different logos and some minor differences? Its out there, in spades. Productivity software? Open Office works find on Linux or Mac. WINE even allows you to play windows based games, All for free.

The market hasn't moved to this because people don't like change. So complain to the people that don't like to change what they do, instead of about the company that makes it easy for them to just "keep doing".

Seriously - you shouldn't judge people based on one snippet and your own anti-whatever attitude. I know network and system security. I am not beholden to one entity. Not Cisco, not Bay Area, not HP or Dell, and not M$ or Sun either.

The OP tone was "anything is better than xxxx" - and I simply proved that the "anythings" mentioned had their share of problems. Hate it that it rubbed against your anti-M$ veiwpoint, but thats your problem, not mine.

You know what, Microsoft products seem unsafe because so many hackers are trying to find exploits in it
Number of vulnerabilities



Vendor Name Number of Products Number of Vulnerabilities #Vulnerabilities/#Products
1 Microsoft 307 2534 8
2 Apple 91 1393 15
3 SUN 200 1207 6
4 IBM 213 1133 5
5 Oracle 139 980 7
6 Cisco 566 855 2
7 Mozilla 14 790 56
8 Linux 12 763 64
source:http://cvedetails.com/top-50-vendors.php?year=0

Really, its not that bad considering how many Microsoft products there are out there, and the market share of those Microsoft products

TWO WORDS:

OPEN SOURCE!

Really, I'm not judging you or anyone else.
Why are you so defensive ?

BTW, I HATE GUI's, I could live in a text only world, but too many of games I play require (cough,cough) windows, directX, and drivers to support the GUI.

Really mate?
Text only?
sure its possible, and i can use windows command prompt and linux but suggesting that we stop using the gui is absurd

Really mate?
Text only?
sure its possible, and i can use windows command prompt and linux but suggesting that we stop using the gui is absurd

He's hardcore, all-the-way console. I had my dog days there a few years back - nothing really beats it. :yep:

Erm, except getting outside on a regular basis. :haha:

That was a shot at myself, not MaddogK. ;)

Really, I'm not judging you or anyone else.
Why are you so defensive ?
He wasn't being defensive. He was responding directly you this
I love these threads because it pulls the MS stockholders and devs out of the woodwork.
which sounds like an accusation that the only people who will support IE on a thread is and MS stockholder or dev. That deserves exactly the response it recieved.

Just use Opera, it's secure, looks nice and is very functional.

Just use Opera, it's secure,


http://www.vupen.com/english/advisories/2011/0189

I read about critical security holes in Opera at least every 2 months. That statistically mit scores relatively few security problems becoming relevant is for the same reason as why Macintosh browsers are much more unsecure than Windows 7, but still score lower hits on emerging problems: Macs have a market share of just 8% or so, and Opera of even less: I think 3% or less. It is not interesting for hackers to develope attack tools for opera, or Mac: too few targets out there. Give it 30%, and you will see it getting under fire.

Want to be secure? I'll do for you all what I did on a security consult one day years ago and I won't even charge you all for it! Realize, this was back before wireless really kicked on. A business owner had only a few employees, but was worried about getting "hacked". So he calls and asks for a security audit. I oblige, and offer him a number of options that would mitigate his risk and insure he was upholding his due diligence responsibility. When he heard "mitigate risk" he stopped me and said he wanted to be IMMUNE to being hacked over the internet. I chuckled silently and then told him I could to that for $250 dollars, and I could guarantee he could not be hacked via a "public" net connection.

He said "really?" and wrote me a check on the spot. I thanked him, walked into where his router was, and disconnected the cable from his CSU/DSU. Of course, no work outside the office could be done now. No email, no phone (VOIP was in use), etc. He started up with "That isn't what I want, I can't do business this way!". I plugged him back in, and then proceeded to explain that no network - if it touches the rest of the world, can ever be 100% guaranteed safe.

You want to be truly secure? Get of the net. Otherwise, use common sense, stay up to date with software patches, secure your networks (ESPECIALLY wireless) and use good strength or better passwords.

You want to be truly secure? Get of the net. Otherwise, use common sense, stay up to date with software patches, secure your networks (ESPECIALLY wireless) and use good strength or better passwords.

Which is why I hate the current trend of requiring internet connectivity to play video games. :damn::damn:

Just last weekend, I wanted to take a break from my dissertation. I was in the mood to play Fear 2. Great game.

I bought it. I have the disks, I even have the product code. I don't steal games. :nope:

Could I play it? Nope. Even though I had the disks, somehow I needed to connect to Steam. Why? Dunno. Well I connected with Steam but Steam would not accept my product code. Told me it had already been registered. Well that makes sense as I played the game before. But I could not install the game because it already had been installed. :damn:

Tried to contact the world famous Steam support. Been a week and still no reply (besides I needed to get back to my dissertation).

I want my game machine to be secure but the software companies require me to have internet connectivity for a standalone client based computer game.

I like your idea of being off the net, but the industry does not agree with you.

Sorry, just had to rant. Had one evening "free" to play some video games and I couldn't play a game I bought and had the disks for. :damn::damn::damn:

http://www.vupen.com/english/advisories/2011/0189

I read about critical security holes in Opera at least every 2 months. That statistically mit scores relatively few security problems becoming relevant is for the same reason as why Macintosh browsers are much more unsecure than Windows 7, but still score lower hits on emerging problems: Macs have a market share of just 8% or so, and Opera of even less: I think 3% or less. It is not interesting for hackers to develope attack tools for opera, or Mac: too few targets out there. Give it 30%, and you will see it getting under fire.

Every browser has vulnerabilities and im not surprised that you hear about opera ones every now and again. Still it is one of the more secure browsers out there.
also if you pay attention you will notice this little thing there
Changelog


2011-01-21 : Initial release
2011-01-27 : Updated Solution

So withing 6 days of the issue being reported it was patched.

Yet another nail in the IE coffin, glad I switched to Firefox when I did:smug:

There is only 100% way to be safe...Never ever go on the Internet. :D

There is only 100% way to be safe...Never ever go on the Internet. :D

And deprive yourself of the wonder that is Subsim?

"You can have safe, or you can have Subsim. Never count on having both at once."
-Robert A. Heinlein.


Well, actually his words were "peace" and "freedom", but that wouldn't make much sense in this context. I took some liberties. Sue me!

Well, actually his words were "peace" and "freedom", but that wouldn't make much sense in this context. I took some liberties. Sue me!

:rotfl2:

Believe it or not, you could be sued for that.



There is only 100% way to be safe...Never ever go on the Internet. :D

Says the guy who completely disappeared for several months and then showed up again. You're about as 100% safe as abstinence. :DL

"You can have safe, or you can have Subsim. Never count on having both at once."


You can, use someone else's computer. :DL

And never use yours on the net.

Meh. Bet that 99.9% of the affected users aren't and never will be aware of the issue, simply because they don't experience any issues.