Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Security United Kingdom United States

US and UK Governments Advise Avoiding Internet Explorer Until Bug Fixed 153

martiniturbide (1203660) writes "Reuters is reporting that 'The U.S. and UK governments on Monday advised computer users to consider using alternatives to Microsoft Corp's Internet Explorer browser until the company fixes a security flaw that hackers used to launch attacks.' The article states that 'The Department of Homeland Security's U.S. Computer Emergency Readiness Team said in an advisory released on Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system.'"
This discussion has been archived. No new comments can be posted.

US and UK Governments Advise Avoiding Internet Explorer Until Bug Fixed

Comments Filter:
  • Oh Noes! (Score:5, Funny)

    by Ol Olsoc ( 1175323 ) on Monday April 28, 2014 @04:35PM (#46863279)
    How are people going to download Firefox?
    • Re:Oh Noes! (Score:5, Funny)

      by Anonymous Coward on Monday April 28, 2014 @04:42PM (#46863355)
      I telnet to getfirefox.org, you insensitive clod!
      • by Anonymous Coward

        I telnet to getfirefox.org, you insensitive clod!

        Why telnet if you can use butterflies to communicate with the server.

        • by jonyen ( 2633919 )

          I telnet to getfirefox.org, you insensitive clod!

          Why telnet if you can use butterflies to communicate with the server.

          Using butterflies would cause too many latency issues, whether you're using the butterflies for direct transmission or generating cosmic rays via the butterfly effect.

      • Wuss: real men just use wget.

      • by SeaFox ( 739806 )

        The telnet client is not installed by default on Windows anymore. You'd have to teach people how to add it from the control panels.

    • Use your Android device to download the Firefox for Windows installer, then connect the device to your PC through USB. Or use a computer at a public library to download Firefox to a USB flash drive.
      • by mlts ( 1038732 )

        Don't forget to check the Authenticode signature on the Firefox package (and check the key and CA as well...) Before anything gets installed on Windows, I check the signatures. I've been surprised, and quite glad that I've done so, as some download places "repackage" the installers for other programs and re-sign the executables... and usually there are unwanted (well, more accurately, potentially unwanted) additions.

    • Crap - *now* they tell me. I had to use IE (v.$latest in Windows 7) to get an .iso from MSDN, because the damned site screams and complains if you use anything else.

    • by SeaFox ( 739806 )

      How are people going to download Firefox?

      You can open a Windows Explorer window and use it to access FTP servers.

    • How are people going to download Firefox?

      Open the command terminal* : [Towel Key + R]
      "cmd" [Enter]

      In the resultant terminal:

      ftp
      open ftp.mozilla.org

      The username and password are both "anonymous" (sans quotes).

      cd pub/mozilla.org/firefox/releases/latest/win32/en-US
      ls
      binary
      get "Firefox Setup [version].exe"
      bye

      Firefox Setup [version].exe

      Replace [version] above with the version number you wish to download. You may also "lcd [directory]" to change the local directory the download will appear in. Selecting a 64 bit version of Firefox or downloadi

    • There really should be some effort to distribute Firefox on SD card or other non-download media, or at least a placeholder that contacts mozzila.org without needing Internet Explorer. We've been reading about this kind of thing on Slashdot for years now.

  • by American AC in Paris ( 230456 ) on Monday April 28, 2014 @04:36PM (#46863297) Homepage
    Downloading Mosaic as we speak!
  • by Anonymous Coward

    How many government employees have no choice but to use IE themselves?

    • Re: Government (Score:5, Informative)

      by Anonymous Coward on Monday April 28, 2014 @04:42PM (#46863361)

      Numerous NYS web pages whos use is MANDATED for local government REQUIRES IE 8. For the Win7 machines (dictated by HIPPA as securable) we have to disable ActiveX security, add it to trusted sites, AND fire up the developer tools to get it into IE 7 compatability. The page I am specifically thinking of is the Department of Health... you know where all your medical records are.

      Security is poorly spun illusion at this point. If the feds wanted the Internet to be secure then they should have reigned in the spooks in the beginning.

    • All of them. Numerous embedded systems are built around IE for UK government - I know this for a fact as I'm working for them at the moment.
  • you could have stopped after "explorer" and had just as valid a recommendation...

  • by Anonymous Coward
    ... Internet Explorer 8 is the only authorized browser that my workplace (a government agency) lets us use.
  • About three words too many.

  • by nurb432 ( 527695 ) on Monday April 28, 2014 @04:42PM (#46863357) Homepage Journal

    Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched, in effect. I expect only the latest version of IE to be patched, which will NOT run on XP even if you wanted to.

    • IE6, 7 and 8 will be patched for Windows Server 2003, which uses the same IE binaries.

    • yeah and as no other browser works on XP, people have no choice but to ugrade :-O

    • Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched...

      A rational observer would view that as borderline suicidal on Microsoft's part. I'm guessing that Satya will go the suicide route and I applaud.

      • Just in time for XP to go out of support for most people, now you get this 'well publicized' bug that wont get patched...

        A rational observer would view that as borderline suicidal on Microsoft's part. I'm guessing that Satya will go the suicide route and I applaud.

        I'll bring the orange slices.

    • This will also affect vanilla Windows 7 installs and Vista as well. As those are still under support I would expect Microsoft to issue an IE patch for version 7-11, but just not make a specific patch for IE7/8 on Windows XP. Kind of like how IE6 patches for Windows 2000 stopped happening after 2010.
  • I can't remember the last time I used IE(some version), seriously...I can't...must be like 8-10 years ago, or the numerous times I used a Windows computer...tried to follow an e-mail link that wanted me to use IE....when I denied it...just wanted to fire up my FireFox, so many times MS tried to force me to use IE, and I always ignored it because it never gave me what I want in the first place. Good riddance. RIP IE.
    • I can't remember the last time I used IE(some version), seriously...I can't...must be like 8-10 years ago, or the numerous times I used a Windows computer...tried to follow an e-mail link that wanted me to use IE....when I denied it...just wanted to fire up my FireFox, so many times MS tried to force me to use IE, and I always ignored it because it never gave me what I want in the first place. Good riddance. RIP IE.

      The only PC I saw lately where somebody habitually clicks the E instead of the Fox is completely malware ridden to the point of unusability. I figure, leave it that way, there's no point cleaning it up, it will be that way again in a day or two. Eventually I will stick in a new hard disk with Ubuntu on it and there will be no need to explain why it's better.

  • A 0-day for Adobe Flash was also patched today [krebsonsecurity.com].

    For some reason I had three different and separate updates I had to do to fix this:

    1) Chrome automatically updated something and was running the latest version when I checked

    2) The plugin that Firefox uses only seems to look for updates when I reboot. I found this guide [karlhorky.com] to trigger the update manually, which basically then resulted in it just opening a browser window & making me download an update .exe.

    3) Even after that, IE still reported running the older

    • IE uses an ActiveX plugin for Flash, Firefox uses an nsplugin, Chrome has it built in. So yes, three different flash plugins, and three ways to update.
      • IE uses an ActiveX plugin for Flash, Firefox uses an nsplugin, Chrome has it built in. So yes, three different flash plugins, and three ways to update.

        I've always seen the ActiveX as not installed

        Flash Driver:
        ActiveX Version: Not Installed
        Plug-in Version : latest version

        I show no default ActiveX running on my Win system other than
        HHCtrl Object - hhctrl.ocx
        Microsoft RPD Client Control - mstscax.dll ( Remote Desktop ActiveX control - go figure)
        Which I've disabled.

        And thanks for the word on the flash update, one of the requirements anymore, like it or not; I can't even access my router with out flash.

  • by Anonymous Coward

    AC because my boss reads /.

    My boss, in all his good business instincts and mostly great technical attributes, insists on installing java and downgrading all computers to ie9 instead of going with 11. Now I know 11 had issues with compatibility from time to time, but I am hard pressed to believe that running ie9 with Java is a great way to stay virus free.

    Then again we are in the small business and home user repair market maybe he is just trying to go for reoccurring client repairs

    • by ruir ( 2709173 )
      I couldnt decide if I would mod you up funny or insightful. PHBs, I also had some in the past, from the jerk to the jerk who doesnt know anything which, or worse the jerk that knows a little, which is the most dangerous type of jerk, like you have it know. ;)
    • by edman007 ( 1097925 ) on Monday April 28, 2014 @05:14PM (#46863601)

      Don't worry, I work in a government agency, IE8 is the only authorized browser (with java of course), and if you gained access to that computer you would have plenty of access to sensitive (but not classified) stuff.

      • Warning to IE8 fans... it goes away with Windows Vista, which is the next Windows OS to cross the "no longer supported" line like Windows XP did this month.

    • AC because my boss reads /.

      My boss, in all his good business instincts and mostly great technical attributes, insists on installing java and downgrading all computers to ie9 instead of going with 11. Now I know 11 had issues with compatibility from time to time, but I am hard pressed to believe that running ie9 with Java is a great way to stay virus free.

      Then again we are in the small business and home user repair market maybe he is just trying to go for reoccurring client repairs

      I wonder if there is any kind of liability resulting from the gross incompetence of installing old, known to be insecure, software on customers' machines instead of the latest release with the latest security fixes...

      (Also, doesn't Windows auto-update to IE 11 anyway? Or are you turning of auto-updates too?!)

      • Building a Windows 7 workstation at the moment. IE10 and IE11 are recommended updates, not installed by default. Only "Important" (E.g. Fix compatibility issues) and critical updates are installed automatically.
  • could lead to "the complete compromise" of an affected system

    = any browser that isn't Firefox+NoScript.

  • Couldn't they have just said "Don't use Internet Explorer, anytime, anywhere, ever?" That's so much easier.
  • "US-CERT [us-cert.gov] recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds."
    But don't confuse that with recommending not to use the browser.
    • "US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds."

      But don't confuse that with recommending not to use the browser.

      Don't confuse a partial reading of the page with the full text, which goes on to say:

      Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.

      • by Anonymous Coward

        What's your point? If you are still using XP today, then you absolutely DESERVE each and EVERY millisecond of strife, frustration, aggravation and angst that's coming your way. It's already been deprecated for SEVEN years you luddite fucktard, if you couldn't or wouldn't find a measly $100 in SEVEN, FUCKING, YEARS, then please refer again to my second sentence above.

        -AC

        • I so, so, wish it was a mere matter of $100

          The sheer amount of money that has been pissed away on upgrading from XP to Windows 7 is thoroughly, utterly, disgusting.

          For a slightly more server-based example (because we're getting a jump ahead of the Win2k3 Server retirement) ; my infrastructure support team have spent 2 weeks trying (and alas, failing) to replace the Windows Indexing Service, which is no longer supported, for an web app that of course, requires search. The replacement is "Windows Search Serve

      • Don't confuse what's offered as a last-ditch possibility with the actual recommendation.

  • What is the recommended free browser to install on an old XP machine, preferably along with an IE-like skin for the older generation?

    • by SeaFox ( 739806 )

      I'd say Firefox with Adblock Plus, so they wont get fooled by malicious ads on sites.

    • What is the recommended free browser to install on an old XP machine, preferably along with an IE-like skin for the older generation?

      Go here:

      http://www.linuxmint.com/downl... [linuxmint.com] Download, burn an .iso disk, boot from it, and follow the instructions.

      Free browser, a modern and free OS, and it just works.

      Life is good.

      • You, sir (Ol Olseoc), are what makes forums suck, as not only did you not answer the question, but you inserted you own perverted solution. That said, on an XP system you should install EMET 4.1 (http://www.microsoft.com/en-us/download/details.aspx?id=41138) for Windows XP. It will mitigate this and many other issues. You should not be running Windows XP without it, now that XP is EOL. Also, use a third party Antivirus solution like Kaspersky or NO32. And for the love of Dog, do not use Java, flash, or
        • That said, on an XP system you should install EMET 4.1 (http://www.microsoft.com/en-us/download/details.aspx?id=41138) for Windows XP. It will mitigate this and many other issues. You should not be running Windows XP without it, now that XP is EOL. Also, use a third party Antivirus solution like Kaspersky or NO32. And for the love of Dog, do not use Java, flash, or Adobe %products%.

          You are forgetting the simple fact that no matter how good emet gets at doing the job of stopping remote exploits the problem is the person behind the keyboard. Do you really think that the majority of people who use XP are capable of understanding what heap execution prevention is? Or understanding what a freaking .dll is? Considering the fact that any OS that can arbitrarily run executable binary code directly off the internet is broken by design. It was ridiculous for Microsoft to release a remote contro

        • You, sir (Ol Olseoc), are what makes forums suck, as not only did you not answer the question, but you inserted you own perverted solution.

          How odd. I gave a perfectly good answer, for those who might take a little telling.

          XP users are in a hard place right now. They are probably using older computers that won't ever be able to handle Windows 7 or 8.

          Buy a new computer? Probably not. When these folks should have upgraded was when Microsoft introduced us to Vista. Which was when they found out they not only needed new computers, but new peripherals, because of lack of drivers. And Vista stunk. So they lost trust and waited. Now it is Windows

  • playing my heart bleeds for you.
  • I don't allow Internet explorer to run, nor have I since Win 3.x. To do so is an equivalent of Russian roulette, it may be good today, but tomorrow it's in the news for a hack out a week ago.

    My first use of IE was to log on to Microsoft. I went to the downloads, found a game that sounded good and downloaded it. Only it didn't download, it started installing itself; I unplugged the computer.

    It went against everything I saw as safe hex. I know now it was due to ActiveX another bad news MS creation.

    I went to

  • Just avoid Internet Explorer all the time.

  • I noticed that US-CERT changed it site. It said "the complete compromise", but now the web site says "could allow unauthorized remote code execution."

    It said "US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available. ", now it says "US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Mic

Real programmers don't comment their code. It was hard to write, it should be hard to understand.

Working...