Harden your browser
Install Chrome......
Microsoft has decided not to rush out a fix for an IE 8 zero-day first identified seven months ago, instead telling users to harden up their browsers. The vulnerability allowed attackers to execute arbitrary code on computers running the older Internet Explorer version 8 through drive-by and phishing attacks. Details were …
Linux isn't proof against "any" attack, Grikath, but it is proof against most of the attacks "in the wild". If you are paying attention, that is. Which most Cupertino/Redmond users aren't.
User ignorance is by far the largest problem. Linux users included.
That said, I use BSD on Internet facing kit. Seems cleaner, somehow.
"Linux isn't proof against "any" attack, Grikath, but it is proof against most of the attacks "in the wild". If you are paying attention, that is. Which most Cupertino/Redmond users aren't."
Really? - better tell LAMP website owners or Android users that then - it will sure be a surprise to them!
"Linux isn't proof against "any" attack, Grikath, but it is proof against most of the attacks "in the wild". If you are paying attention, that is. Which most Cupertino/Redmond users aren't."
So, what you're saying is that because Unix-clones are still inscrutable to non-technical users, the only people who can actually use them day-to-day are technically-literate systems admins, who are well versed in how to stop security issues, and so those platforms are inherently more secure because they exhibit fewer malware incidents, because by being inscrutable to non-technical users, the only people who can actually used them are... et cetera. Get off when you feel dizzy.
"inscrutable to non-technical users"
Read: "Computer illiterates".
The World needs to understand that there is a difference between "interface users" and "computer users" ... Unfortunately, the likes of !GooMyFaceYouMSiTwit! have convinced TheGreatUnwashed[tm] that they are computer users, as opposed to interface users with absolutely zero concept of the underlying code that holds it all together.
Enjoy your cats and porn. It's not what we built this thing for, but I'm sure it works for you.
it was built to transmit jake's wisdom to the great unwashed.
May his tecknowledge shine on us all.
Of course I don't need his knowledge, it's like I told Archimedes when he was having a bath (different times, told him a few things about displaced fluids too, very excitable those ancient Greeks), "Archy", I said, "It's like jake always says, everything that isn't a ranch owned by jake is suspect. You have to install a hardware firewall on your datastore."
Daft bugger set fire to Alexandria.
Still you can't help everyone.
"It was built as a research network to research networking."
So Number 9, if you're so down on how this thing you... heh.. 'helped' 'build' has been so terribly corrupted by all those people using it to watch cat vids and porn, why are you on the Reg forums all the time flame baiting? Shouldn't you be doing some networking research? Or some of the three hundred-odd other things you make unverifiable claims of expertise in?
Thereby to use a smartphone you should be an expert in wireless communications? How much do you know about it? To use a camera you should be an expert in optics, CCD/CMOS technology and image processing? How much do you know about them? Or are you just an "interface user", as it happens also with many more devices you use everyday? Could you design a refrigerator, an AC system, a washing machine, a TV, a satellite receiver of even your router/wifi? Could you design and build your wristwatch? Face it - most users are just "users". For them the computer is just a tool to perform a task - like everything else. It's not something to worship, take care of every day, and go to sleep with.
Users are often very "literate" in their field - I worked for a computer system for an ancient textiles museum, and the people working there although knowing very little about computers had a very deep knowledge of textiles, designs, colors, materials that went far beyond what I could ever think of about such a world. They just needed software to handle all those informations, all they cared of was the interface to get data in and out - they couldn't care less about it was handled inside the machines. That was my task, and I wasn't there to transform them in "computer gurus". and force upont them my vision of what a "computer guru" is. Good SW designers and developers are those who understand that. Bad ones are those who believe that any human on the planet shoud be "assimilated" and become a worshipper of his tools and OS.
"Enjoy your cats and porn."
Hmm, last I checked, cats and porn *were* the reason "we" built "this thing". Oh, I'm sure somewhere an academic is crying because his beautiful data compression algorithm is being used in impure ways, but that's beside the point.
How do you get around California without a car, Jake..? It's not like you know about every single system inside it, is it?
You don't know me, but you still assume that your knowledge of everything is superior to mine... There's a name for someone who reasons without facts... Several names, in fact, but you've already been called them all by now, and maybe you still think it's just jealousy from us "stupid" people.
"How do you get around California without a car, Jake..? It's not like you know about every single system inside it, is it?"
Actually, my daily drivers ('59 Pan, '70 Mercury Cougar convertible and '75 Ford F-250) are frame-up restorations. I did all the work myself, with the exception of paint, chrome, and powder coating.
"There's a name for someone who reasons without facts... "
Yep. Look up "projection". Seriously.
Sarah Bee used to accuse me of tilting at windmills. She was probably right.
"User ignorance is by far the largest problem. Linux users included."
Correct, but it doesn't matter anyway. There are idiot users everywhere.
Coverage doesn't matter either - if Linux had the coverage that windows does now, we would be saying it's safer if everyone moves to windows, ditto for MacOS.
Most scammers try to get the widest coverage by picking the OS that has the widest coverage - whoever that may be. So you're not actually helping by saying your choice of OS is proof against most of the attacks. It might be technically correct, but it doesn't actually help.
You may be able to help yourself, but you have control over your own equipment, it doesn't fix anything by whining that OS brand Whatever is terrible, if your employer uses it, or any of the shops you visit, or any of the public services use it, or your bank, or whoever.
"Install Chrome......"
Install SRWare Iron.
There, fixed.
And this is easier than simply installing the MS hardening kit how?
You can keep chrome. I have to use Chrome for fiddling with my BeagleBone Black and every time I do it wants to know about my gmail settings and where I keep my contacts and ... (don't you just love when browser evangelists saddle you with nagware AND spyware in the name of political correctness).
If Redmond did this you'd crucify them, and rightly so.
Every time I look at Windows "latest and greatest" I find further flaws. It's still very open to abuse.
There are many of the old, quite trivial attack vectors still available. MS seem either unwilling or unable to fix the many problems. They've been given plentiful details of the attacks, but ignore the reports and concentrate in putting ever more shiny stuff in place.
They seem to hope that the look of their OS will divert attention away from the fundamental flaws.
Polish that turd, guys!
"Every time I look at Windows "latest and greatest" I find further flaws. It's still very open to abuse."
A quick check of the 'latest and greatest' on Secunia - being Windows 8 and 8.1 shows ZERO unpatched vulnerabilities. And the vulnerability count is significantly lower over time than say an Enterprise Linux distribution or OS-X.
A quick check of the article reveals a real ZERO day vulnerability in IE 8 that MS aren't patching.
So to try and avoid this degenerating into bickering, is it that this is effectively an XP bug or does windows 7 run IE 8? If it's the latter then surely there's a real problem here, legitimate Windows 7 users running a legitimate copy of IE 8 are vulnerable. Update to windows 8 isn't a suitable fix for this....
According to an answer from Microsoft, IE8 on Vista SP2 is supported until April 2017, so they really should be fixing this, at least on Vista. http://answers.microsoft.com/en-us/ie/forum/ie8-windows_xp/lifecycle-internet-explorer-8/2d64f20f-7801-4636-82be-456302181b37
On the other hand, Vista users do have the option of upgrading to IE9. If I were Microsoft I'd be telling people to upgrade to newer versions of IE, rather than turning off important features.
"A quick check of the 'latest and greatest' on Secunia - being Windows 8 and 8.1 shows ZERO unpatched vulnerabilities. And the vulnerability count is significantly lower over time than say an Enterprise Linux distribution or OS-X."
TheVogon, given the way you trot this garbage out without fail on every single Windows-related thread, I think you actually have some kind of behavioural disorder. Would you like me to go over the reasons why you are so comprehensively full of shit, one more time? There are an army of Eadons out there who'll bash Windows on ideological grounds, but you are simply the flipside of the coin, coming out with the same old mince thread, after thread, after thread.
I'm interested in products that serve a purpose, the right tool for the right job and there's room for that to be Windows, room for that to be Linux and other FOSS or proprietary solutions; you and the hardcore Linux fanbois are interested in products that serve a worldview. If you're really a Windows advocate, do the platform a favour and cut the crap.
One of my customers is a large company and IE 8 is still the standard IE version because of the legacy support for internal browser-based apps written for IE 6 back in the day. Rewrites are either prohibitively expensive or not even possible so I think Browsium is the only solution.
Makes you wonder why companies stick with Microsoft but there are still too few alternatives for desktop machines. As long as Microsoft can continue to collect licences for this kind of shoddy product management then they're unlikely to change their practices.
>>"As long as Microsoft can continue to collect licences for this kind of shoddy product management then they're unlikely to change their practices."
No-one wants to get companies upgrading to newer versions of Windows than Microsoft. They would far rather people were using IE9+ on Windows 7+ than legacy old stuff which they are contractually obliged to support.
Could this be called supporting IE8 though? It's just a workaround to mitigate the attack, it doesn't fix the problem.
Unless MS unlink IE from the OS and make IEs9-11 available for Server 2003 and Vista, they should be supporting IE8 until Server 2003's end of line date. They've made their bed, now they should lie in it.
1) You can manage Windows servers without ever running a "shell" on them (remote desktop or whatever). Most Windows server operations can be performed via MMC plug-ins from a remote administration machine. Other software is usually maintanable via some web application or the like. If it has none of them, it's probably some *nix port and you should look for something better :-P
2) If I have to access contents via the web, I never do it on the server directly, but I do it from the machine I'm connected from, and the transfer to the server only what really needs to be transferred. Servers are servers, should be dedicated to their tasks, and should never be used as "general purpose" machines. Access to what they don't need should be restricted.
3) Servers should never have installed software that shouldn't be run on servers. Mail clients, whatever, should not allowed on servers, unless there are very good reasons to allow them. Sysadmin lazyness is not usually a good reason.
4) If bad practices "happens", you have a problem no software solution will ever solve. No matter what OS you're using, no matter how much you spend in hw and sw to protect you, bugs and vulnerabilities will "happen" also, and compromission as well, because bad practices will make them much easier.
"Are you browsing the web for any site from a server? 8-O"
We don't know. Just because one is using Server 2003, doesn't mean the machine is an important "server". Indeed, anyone who still thinks there is a difference between a server OS and a client OS, apart from the application software workload, needs to stop drinking the cool-aid. Using the word "server" to mean "valuable" or "powerful" is like using the word "proprietary" to mean "better". It's what the marketeers want you to believe, but surely everyone reading this site knows better?
Why should you run something that costs five-ten times the cost of a client OS for something 'not important'? Sure, I've test machines running server OSes (and licenses like MSDN allows for that kind of use only...), but they are still managed as servers to ensure applications work in a proper configured environment. And there are differences, since server OS has many features client one has not, from large multiprocessor support to services like AD and so on.
Then if you're one of those who believe running an invalid license of a server OS on his PC makes him cool, well, you need to grow up...
No-one wants to get companies upgrading to newer versions of Windows than Microsoft. They would far rather people were using IE9+ on Windows 7+ than legacy old stuff which they are contractually obliged to support
Most corporates are on Windows 7 but they still have to use IE 8 because of its "legacy" support. But Microsoft is happy because it usually means Office 2010 and relevant server kit.
Oh PLEASE can we stop this whole "Don't use that, it's buggy, use this" ranting. It feels like I'm standing in a primary school play ground.
All software, whether open source, closed source, old or new has bugs.
Where's the Moderatrix when you need her?
</rant>
It's been enough time that those corporations should have moved off of any platform that required IE6 to work. Not doing so in this day and age is a complete dereliction of their responsibility and I believe they should be sued into oblivion.
IE6 was released 13 YEARS AGO. It's time to move on. And I don't mean that they should move up to IE7 or even IE8. I mean they should have their desktops configured to go straight to whatever the most current version of the browser is: IE11. If they are still running XP (god forbid) then those Network Admins have a responsibility to push Chrome, Firefox or one of the other contenders across the desktop and disable the older IE for any type of browsing.
The fact that several such corporations don't means that they are more than happy having their computers taken over AND/OR their administrators need to be fired. And, no, having McAfee, Norton (or whatever they are called this week) isn't good enough. Those things are complete horseshit and generally cause as many problems as they supposedly fix.
If you upgrade to IE11, you can use "Document modes" to have site rendered as if opened with older versions. You just need to add a "X-UA-Compatible" HTTP header. And you can do it with any version of IIS, Apache, or other web server.
Thereby if your clients run a supported version of Windows, you have very little reasons to keep on using old, slow, and buggy version of IE. On servers you may still have IE8, but you're not browsing the web on a production server (and even from test/development ones), aren't you?
http://msdn.microsoft.com/en-us/library/jj676915(v=vs.85).aspx
http://msdn.microsoft.com/en-us/library/jj676913(v=vs.85).aspx
Microsoft in its infinite wisdom decided LONG ago to do the embrace-extend model where they locked people into their products. Now that they have done "updates" and have better products, this comes back as users that can't upgrade since they are locked into the products that Microsoft designed to be locked into.
Users that took the bait (locking into a Microsoft product) and now find they are unable to change have no one to blame but themselves (and the Microsoft marketing droids).
What comes around, goes around.