Today, we released Security Advisory 2847140 (http://technet.microsoft.com/en-us/security/advisory/2847140) regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

If anyone still uses it...


SOURCE (http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx)

If anyone still uses it...

Feuer Frei! makes me laugh with his jokes... :har: :rotfl2:

Hey, I still use... oh, wait, I switched to Chrome.... :oops:

Hey, I still use... oh, wait, I switched to Chrome.... :oops:

Good choice...

Chrome is the superior browser... (Take THAT Raptor1) :D

hey, don't write IE8 off.

Its good that Microsoft supports browsers with security patches and bugfixes for a long time. My school still had computers on IE6, because years ago the school board spent big money hiring consultants to write an attendance management program. They just never spent any money getting the guys back to upgrade it. So there is still 2 computers in the office that runs IE6. (Though they never visit any internet websites)

Lots of people still use old versions of IE because of this. Consultants are expensive, and because Microsoft promises to support old browsers for an extremely long time (IE 6 is still being supported), they allow large organizations like companies and government institutions to get the most out of their consulting money.

hey, don't write IE8 off.

Its good that Microsoft supports browsers with security patches and bugfixes for a long time. My school still had computers on IE6, because years ago the school board spent big money hiring consultants to write an attendance management program. They just never spent any money getting the guys back to upgrade it. So there is still 2 computers in the office that runs IE6. (Though they never visit any internet websites)

Lots of people still use old versions of IE because of this. Consultants are expensive, and because Microsoft promises to support old browsers for an extremely long time (IE 6 is still being supported), they allow large organizations like companies and government institutions to get the most out of their consulting money.

I've told my computers teacher that they needed to get rid of internet explorer since the first day of school.

Our school has new Gateway Windows 7 Desktops. (We'll have these for another 15 years. My school is incredibly cheap. They still have NetScape installed...) They use IE8 I do believe...and they use Microsoft Security Essentials. The MSE on every computer says it needs to be updated...but the school doesn't want any changes at all on any of the computers. Yet they complain about viruses and try to blame it on a student. Usually me. :dead: I'm almost the 2nd teacher for computer class. I convinced my teacher to let me install google Chrome on all of the computers. Nobody uses IE8 in there anymore. IE8 will crash some of those computers. Problem #2 is MSE....

I used it for a while....but then I got AVG and found like 6 trojans and a couple worms. MSE obviously does not work well. Mine had updated definitions. The school's MSE hasn't been updated in months. I bet there's all kinds of crap on these computers but they don't want to pay for antivirus.... :dead: They call the tech support everytime something happens. (His name is Josh... The guy's just hilarious. :rotfl2: ) They aren't saving money this way. They have money but just don't want to spend it.


Don't blame me or any other student when the server crashes and everybody's info gets stolen. http://i247.photobucket.com/albums/gg149/autumn59/shrug2.gif

Microsoft Essentials are not any essential at all. They are a waste of resources and notoriously score worst in security suite comparisons.

Why somebody uses IE8 when there is IE9 and I think now IE10 (never tested the latter myself), is beyond me. IE9 already is a decent browser, and if tightening options a bit is not more or less secure insecure than Firefox or Chrome. It gets targetted often - making it overrepresented in security statistics - and has a bad historic reputation, that are the two problems with it.

Firefox has become more and more technically unreliable. It'S nimbus of being "superior" I never was able to confirm by own experience when using several versions of it - and getting rid of them quite soon, always. It was displeasure, always, from A to Z. It has no security advantage anymore over Explorer - if it ever had (different from the attack frequency), which I tend to doubt.

Chrome is the browser that gets updated more often than any other, making it pretty much the leader in the being-up-to-date category, it also seems to run in kind of an inbuilt sandbox architecture, if I understood it correctly. The problem I have with it is that it is Google and thus Chrome uses a lot of privacy reaches that you need to have background knowledge about and need to manually take care of - and need to tune again after every update. I I may trust two friends of mine who know this kind of stuff for professional reasons inside out, if you do not want to become naked before Google'S eyes, Chrome is the by far most maintenance-heavy browser of all. For some people, privacy breaches like being run by things like Facebook, Google etc do not count as "security issues", but to me they are - and on an even more serious level than just a trojan that I detect, kill, reinstall, and am done with it. That's why I do not use Chrome, and never will. Argument is the same why I do not use Google+, Twitter, Facebook, and stuff like that. Early versions of Chrome, when it was released, received security warnings by several European police and other computer security agencies. Some of the security issues should have been deleted since then, while practically all privacy issues still prevail. If you love to be a digital nudist, Chrome is for you. It will let Google know EVERYTHING about you.

My browser tip is Opera. Market share just below 2%, that makes it the by far least targetted victim of attacks, and it has some clever features. Credit for bringing it to my awareness goes to Penguin - that was some of the best computer tips I have ever gotten by somebody. There are some nice addons that can easily be installed and managed that make your privacy and security even tighter.

Why using IE8 instead of IE9?
Simple to answer, IE9 and newer versions don't run on XP :O:

XP is close to its end in MS-support, and has a significantly smaller market share now than W7. It was in third quarter 2011 already when W7 shares overtook those of XP. Although nowadays there are significantly fewer XP systems out there than W7 systems (Vista not even counted), XP systems mark 2.5 times - if I recall it correctly, or were it even 3.5? - as many security-related events than W7 systems, statistics for 1st quarter 2013 revealed.

There is no excuse for using XP anymore, security-wise. Still using XP is like a person having a flu and running into a crowd and coughing and spitting at all directions and never raising the hands before its mouth and nose, trying to bring infections to as many people as possible that way.

Everybody - do yourself a favour and do a favour to those whom you meet online: get rid of XP and buy into W7. Caring a bit about not infesting others carelessly imo is a form of essential netiquette, and politeness.

If your organization relies on consultant ware, like most large organizations, IE is the only way to go.

IE editions are supported for nearly 10 years, a new version comes out every few years. A new version of firefox comes out every 6 weeks, and the previous version is no longer supported (there are a few LTS versions though, but they have their own problems).

If I am going to spend millions on hiring people to write me software, the users will probably end up using IE instead of any other browser. An example would be the software we used at my school, it was designed for IE 6 and Netscape 4. Netscape 4 was abandoned years ago, while IE 6 is still supported.

PS: I'm pretty sure Opera is going to share a rendering and javascript engine with Chrome, thus, a lot of common vulnerabilities will be shared between both browsers. And really, just like what my security textbook says, security through obscurity is no security at all!

PS: I'm pretty sure Opera is going to share a rendering and javascript engine with Chrome, thus, a lot of common vulnerabilities will be shared between both browsers.

Yes, some weeks ago there was something I read about this in the near future, that some scripting engine or something like that is being replaced in Chrome and most likely will be shared by Opera as well. I did not like what I read back then. Not one bit. It seems to compromise all arguments I have in favour of Opera.

In the end they want you to be open, vulnerable and defenceless to spamware, advertising, spyware and profiling you from head to toe. Many people still underestimate in what ways such complete psychological profiles can - and will! - hurt them in some shiny bright new future . Its just paranoia. Like xenophobia, hate speech and islamophobia. Its all just mental defects. The healthy person buys, functions as demanded, does not ask question, considers consumerism a holy duty, and has several hundred friends on Facebook.

It's all going insane.

For those feeling interested: a review of IE10. I direct your attention to page 4 where they make remarks on phishing protection where Opera and IE10 score best in the field, and security in general being described as probably leading the pack currently.

http://www.pcmag.com/article2/0,2817,2416300,00.asp

If Opera gets compromised by copying those changed software items from Chrome, I switch back to IE10. I was a IE9 user before Opera.

Why using IE8 instead of IE9?
Simple to answer, IE9 and newer versions don't run on XP :O:

Our school had old XP's until last year.

We're so cheap... :timeout:

There are many devices running Windows XP and they will not easily be replaced.
You may find Windows XP in various equipment (embedded) like equipment used in hospitals.

What happens for equipment with Windows XP embedded is yet unclear.
For us ordinary poor people, XP with SP3 support will last until April 2014.

A good and usefull thread this one. Not being a computer tech I tend to follow or try what others recommend. I'm stuck with IE8 on this XP system and have tried firefox and found, while it works well when first installed it soon starts to slow.

Skybird made some good points about chrome, maybe I should look there. But I do try to keep away from google in truth.

Bots seem to be the biggest single issue for XP and IE8, I just installed Spybot Search and Destroy which unearthed three bots that Security Essentials failed to spot, I recon the bots came through firefox, one from a well known download centre.

My favourite apps right now: Spybot S&D, CCleaner, Revo uninstaller, Defragger, all freebee's but I am looking into subscribing with Spybot as they do a virus plugin which might replace Security Essentials.

I hope this thread keeps going and maybe expands into a kind of pros and cons type of thread. Things change so fast it's hard to find time to explore or discover new apps quick enough.

thanks all

Hey, Red - don't dis Netscape, for it is the daddy of all (or most) alternate Web browsers.

Hey, I still use... oh, wait, I switched to Chrome.... :oops:

I used Firefox, but my PC came with Chrome, so...:fff:

But I still prefer Firefox! :stare: More functionality, less pointless features! :stare:

A

Skybird made some good points about chrome, maybe I should look there. But I do try to keep away from google in truth.

Google is a data kraken, and their business model depends on users being as vulnerable as possible and not caring to data mining and data allowing to profile them. It is against Google's very business interest to make it too easy for users to have a privacy-protecting application. So to make sure you really understood me: I made no points in defence of Chrome, I do not trust it. The malware situation is such that the browsers gets attacked a lot, but also gets updates quite often, but still: it attracts much attention by hackers. And that is why I hate that Opera now shares software components with Chrome: it increases the vulnerability of Chrome which so far was by far the lowest of all them browser, both due to the software code itself and the the small market share of less than 2%, which helped to leave it off most hackers's radar. It also has vey good priovacy protection features - whereas Google never should be trusted in these regards even if they ecplcitly say they do not do somehting or a switch is set to preventing privacy breaches - it is known that in the past they had dummy switches, giving people the impression of having switched off an unwanted feature breaching privacy, but in reality it was cosmetic only and the feature still worked on.

Has anyone experience with this browser, Iron? It bases on Chrome, but lreaves out all that privacy breaching crap. I do not know it, so my question is no rhetoric at all. So, does anyone know Iron?

http://www.srware.net/en/software_srware_iron.php




From the FAQ:

I don't know what it's about here. What is Iron?

Iron is an Internet-Browser like "Internet Explorer", "Firefox" oder "Opera". It is based on the "Chromium" Sourcecode. You can get Iron for free here.


I read about tools, which try to anonymize Chrome. Why not use these?

Right, there are tools, which try to do the same than Iron. But these don't work with the sourcecode and so they only provide a limited control. E.g. they can't disbale functions like th URL-Tracker.


Can i really check that Iron doesn't submit any private data, how you say?

Yes, you can. There are tools like Wireshark, which scan the whole network-traffic. We could not recognize any obvious activity. But you can proof this by yourself.
PS: We also disabled the DNS-Precaching by default, because this could perhaps used by spammers (see this Link)


Can't i just use an precompiled unchanged Chromium-Build from the Google Server?

This is not useful because the original Chromium-Builds have nearly the same functions inside than the original Chrome. We can only provide Iron because we massively modified the source.

---


My favourite apps right now: Spybot S&D, CCleaner, Revo uninstaller, Defragger, all freebee's but I am looking into subscribing with Spybot as they do a virus plugin which might replace Security Essentials.

Have a payware security suite (antivirus, firewall), but check careful what you get, thewre is none that offers just psotives without demanding a price in negatives, may it be lower recognition rates, may it be software incompatabilities or system slowdowns. Also, I urge you to use a sandbox for b rowser and email. Sandboxie is free to use. Finally, to team up with the live AV scanner, use Malwarebyte'S Anti-Malware (payware offers live scanning, like your AV). Practically all dangerous sites blocked are not identified by my AV, but MBAM. Since summer I use a sandbox, and have not had any HD scanner results anymore. Not that I had many issues before, by far not.

It pays off to have your browser set to paranoid settings. The more comfortable and exciting your browsing experience is, I dare say the more unsafe your browsing is.

If the new Opera is released, currently it is a Beta, and security shows to be lowering, I will go back to IE, 10. Tightening it a bit and the microsoft browser is much better than its reputation. Many insiders indeed rate 9 and especially 10 as the safest browser out there, if considering the code only, not the frequency of attacks, which for Chrome, Explorer and Firefox all are quite high. Their market shares, some months ago, ranked each of them in the range from 25-40% or so. Opera is below 2%, and also said to be solid in its code. Guess which browser gets the smallest attention by hackers!

A lot of useful information Skybird, thanks.

I have already moved to Opera, it seems quite snappy and all I have to do now is work out how too use the favorites bar.

Google, Ebay and Amazon are the data krakens, (Iv'e never heard that expression before) but makes me laugh, maybe because it's true. When ever I visit one of these sites I get images all over the screen of what Iv'e been looking at for days afterwards. I use Ebay quite a lot, but boy do they keep track of what you doing, they'll be calling me by name soon, heh

On a plus, my latest version of Spybot S&D highlights and warns me of whats happening and will prevent the intrusion. Favorite home page search engine page right now is DuckDuckGo, an unobtrusive and uncluttered page.

happydays

Use Ghostery and A-d-b-l-o-c-k Plus as extensions in Opera, Ghostery I read is available for other browsers, too. Puts an end to opening windows and most adverts. The A -thing is one word, but I need to use the - - - else the forum software replaces the term with a string of *****

NotScripts also is recommendable, security-wise. But it lets your browsing feel a sting.

Use Sandboxie. -> In GT, I had a thread just weeks ago explaining it: http://www.subsim.com/radioroom/showthread.php?t=203802&highlight=Sandboxie

The more I read about this Chromium-based browser, Iron, the more I am tempted top try it once I need to abandon Opera 12. Quite some opinions and reviews label it as the "safest browser in the world". The list of critical "features" (breaches I would call some of them instead) that Chrome comes with and that are not part of Iron, is a strong argument.

It also is portable, and needs no installation - you can run it from an USB stick apparently, and this adds to the strong security standard. Google-typical snooping functions are left out, and due to lacking installation, no IDying of the user and the hardware takes place. It also has the in-build sandbox of Chrome, and features like an equivalent to the NoScripts Addon for other browsers. Javascript can be blocked easily as well, preventing websites to collect data that allow direct profiling and identifying of the user. The browser has an advanced cookie-management that also allows blocking/deleting of flash-cookies which can do much more harm to the system if abused for transporting malware, than normal cookies.

Since the browser has given the Google Update the boot, updating the browser must be done manually. This too is more secure.

Heck, i download this ting now and try to run it from stick. Let's see myself.

My interest is piqued. Looking into Iron right now. :up:

Still use XP, IE8 and never had a problem. Now with firefox, had some!:O:

I'm still testing Opera, no problems so far, other that it's slowed a little, but that might be my broadband connection, BT.

Personally I'm looking to remove IE8, not for any real reason other than re-install might improve things.

Quote:
Today, we released Security Advisory 2847140 (http://technet.microsoft.com/en-us/security/advisory/2847140) regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.
If anyone still uses it... /quote


I'm sooo glad that I still use IE 5... Just jokin'

I'd still say it's best to use an old rig for interweb only, don't keep personal data on it...

There's no safe internetz at all.