Microsoft Investigating New Internet Explorer Flaw

[guzz46]

Enough...Linux will NEVER come anywhere near Windows

It has surpassed it, i can do everything on linux twice as fast as i do on windows 7 and with out the need for antivirus and antispyware.
Most people that buy computers don't even know about any other OS's so use what it came with, which is why windows is so common.

It's not because linux or apple's market share is low that there aren't nearly as much exploits as windows it's because they aren't windows and don't run as root or use .exe files

No one cares about MacOS, and everything else I just mentioned, because it doesn't run anything important enough to want to exploit.

Google runs linux (and was recently hacked)

 

[Guest]

otacon72: First off, not everybody plays games, believe it or not. 2nd, it's not Linux's fault that they're not getting support from game makers.

Windows is complete shit anyway, if you don't believe me, try taking up:

C++/COM Interop programming for Windows(epic WTF of all-time, it's amazing that anybody ever did anything with it)

VBScript: Odd scripting language with some peculiar features missing, and a hideous syntax.

C#/VB .NET: It looks good at first, but once you get into it, you realize that there's no consistency in how the class libraries were thrown together, and generally it lacks many, many important features. It gets a B-minus for effort.


It's a complete hodge-podge of backward-compatible bad ideas, Linux is sooooooooo much better...... and has far more potential...

 

[danimal_the_animal]

Dont forget

MYTHTV!!!!!!!!

why cant microsoft include a program to cut out my commercials in windows media center 7 recorded shows!!!!!!

mythtv can do it and has been doing it for YEARS!

its SO HARD as i love the windows 7 interface yet like the commercial skipping method of mythtv

 

[pythy]

Don't you just love the irony in Microsoft's products? Press F1 for help and you get malware. But I think the best one is you need to press Start to shutdown your PC. Classic!!

 

[djackson_dba]

[citation][nom]warmon6[/nom]what world are you living in? All web browsers and os have issues. Although the amount of issues and the kind of issues varies between them.[/citation]
On my planet, we have a concept called sarcasm.

 

[randomizer]

[citation][nom]jescott418[/nom]If Linux was so great we it would have more then a few percentage of users.[/citation]
Incorrect. By this logic IE6 is almost as good as Firefox.

[citation][nom]otacon72[/nom]when I want to get anything accomplished or play games I run Windows.[/citation]
It sounds to me like you never looked at a package manager, or the "anything" that you want to accomplish is just playing games. After all, games is the only thing you've been specific about. The only things that I can't do on Linux that I do on Windows is game (of course) and use 3DS Max. I don't really like Blender, but it has some advantages over Max that I don't personally use.

[citation][nom]jescott418[/nom]Next, why do we never hear any exploits about MacOS or anything Apple makes? Apple = 8% market share that's why. No one cares about MacOS, and everything else I just mentioned, because it doesn't run anything important enough to want to exploit.[/citation]
Market share is passed off as the only determining factor in how much malware is made for an OS. This is certainly a factor, but not the only factor. In Windows you run, by default, with privileges far higher than necessary. UAC is a step in the right direction towards correcting this, but it's still too crude. In OSX I am not sure of the default privileges as I don't use it. In Linux, you run with only the privileges required at any given moment. The most that malware could do is mess up your Home directory. The system is quite safe unless you give root access to the malware (all OSs are inherently "insecure" due to social engineering attacks).

[citation][nom]disillusion_dot_net[/nom]C#/VB .NET: It looks good at first, but once you get into it, you realize that there's no consistency in how the class libraries were thrown together, and generally it lacks many, many important features. It gets a B-minus for effort.[/citation]

That's a shame. I quite like C# myself apart from the lack of proper cross-platform compatibility. Visual Studio and C# together make it easy to get an application up and running quick, at least for me.

 

[JOSHSKORN]

Another Word: Chrome

 

[padlius]

Firefox FTW

 

[neiroatopelcc]

[citation][nom]djackson_dba[/nom]Lord knows there have not been any issues with Firefox or Opera... and I get plenty of security updates on my linux system.[/citation]

I don't know about current numbers, but I read an article (probably here on toms) once that detailed security flaws and concluding there were more flaws found per unit of time in firefox than internet explorer. Obviously considering the longer lifetime of internet explorer the total amount of flaws is higher, but if time is taken into the equation ie wins with the lowest flaw count. Now I don't think that applied in the same ratio to fixed and unadressed flaws, so perhaps firefox are better at patching - after all the oen source community does less testing and more patching (read: faster patch time and higher quantity of patches).

ps. I use chrome where I can and ietab (like the one for ff) for chrome where I can't use it natively.

 

[daggs]

[citation][nom]randomizer[/nom]Incorrect. By this logic IE6 is almost as good as Firefox.It sounds to me like you never looked at a package manager, or the "anything" that you want to accomplish is just playing games. After all, games is the only thing you've been specific about. The only things that I can't do on Linux that I do on Windows is game (of course) and use 3DS Max. I don't really like Blender, but it has some advantages over Max that I don't personally use.Market share is passed off as the only determining factor in how much malware is made for an OS. This is certainly a factor, but not the only factor. In Windows you run, by default, with privileges far higher than necessary. UAC is a step in the right direction towards correcting this, but it's still too crude. In OSX I am not sure of the default privileges as I don't use it. In Linux, you run with only the privileges required at any given moment. The most that malware could do is mess up your Home directory. The system is quite safe unless you give root access to the malware (all OSs are inherently "insecure" due to social engineering attacks).That's a shame. I quite like C# myself apart from the lack of proper cross-platform compatibility. Visual Studio and C# together make it easy to get an application up and running quick, at least for me.[/citation]

just to add something, under linux, nothing is running by it self, the only way something will run is if at the beginning of the chain of files that run, the user ran the first file.
for example, a virus that is downloaded in windows starts to run by it self, similar virus under linux will not run unless the user executed it.

the uac is a good idea, problem is that over 80% of the windows users that I know hav disable it because it is annoying... so much for that defense...

 

[neiroatopelcc]

[citation][nom]Daggs[/nom]just to add something, under linux, nothing is running by it self, the only way something will run is if at the beginning of the chain of files that run, the user ran the first file.for example, a virus that is downloaded in windows starts to run by it self, similar virus under linux will not run unless the user executed it.the uac is a good idea, problem is that over 80% of the windows users that I know hav disable it because it is annoying... so much for that defense...[/citation]

That is not entirely true. It is in part true, as there are autorun.inf files and similar features, but for the vast majority of situations the user has to actually run a program to start it - also programs that have file associations set - like opening .hlp files with winhlp32.exe - and far as I know KDE has a feature to execute files in a similar manner. IE make sure that odt files are opening with openoffice writer (swriter.exe in windows, dunno what it's called in a linux distro). So essentially it's the same feature - it just isn't being used.

As for uac - yes that is a problem. By making it so restrictive and annoying in vista/2008 systems, people by default just click continue with no regard to the content. But that's the consequence of a slightly daft approach to security, not the feature itself. And I may want to add that the problem is the same in linux - people almost by default use sudo with most everything to make sure it actually works. su is a similar feature to uac (probably where microsoft got the idea for the 'run as' feature that preceeded uac). So it's pretty much the same situation on both platforms - people merely have more focus on the redmond product than on the hundreds of smaller os options.

 

[randomizer]

Whether malicious code runs by itself or not depends on the implementation. In the case of this exploit it required user intervention to execute. Not all malware does.

As for the sudo argument, that really only affects Ubuntu (not sure about Debian?). Most distros don't make use of sudo by default (initial user is not in sudoers list) and will simply chuck a fit telling you that the administrator has been warned about your hopeless attempt at abusing your privileges

But in any case, always running sudo or su - for every command is just plain stupid. You might as well log in as root. No system is secure as long as a human is sitting at the keyboard. Social engineering and plain human stupidity puts even the most locked down system at risk.

 

[randomizer]

I might add that I think it would be better for Windows to require password entry and not a simply click of a button to elevate privileges. The OS also needs a redesign, as does software, so that Administrator privileges are not required every time a user wants to run a simple program.

 

[mitch074]

Doing what it's told to do: that's pretty much the Linux world. Doing what the developer thinks is best for you: that's Microsoft in Windows.

The second sure looks more agreeable - if you're not a power user, your computer actually works 'by itself'. It is also very fine if the automated procedures are perfect, can't be hijacked, can't run out of their context...

Unfortunately, Windows was never made to be safe, and was never made to preent a program from running in a restricted context.

Vista's UAC tried to solve that. It should have worked well. However, there are so many programs that try to do stuff by hitting a system feature they don't really need, that UAC keeps popping up - software writer have gotten so used to Windows returning nothing on a bogus call, that they do so all the time. On another OS (say, Linux), these developers would get an error code from the system, so they'd have to tighten up their interfaces, do more coherence tests etc.

Yes, they'd actually have to develop better code. My goodness!

That was described in recent Wine releases (1.1.38/39), where developers decided that they should shut Wine's debugger up in error cases when Windows wouldn't return an error.

In 7, UAC is not as annoying - because it's actually gotten pretty much useless. It allows a recent piece of software (which was programmed more tightly) to run well, and doesn't pop up as much on older pieces of software. Which doesn't help: because some of the stuff 7's UAC allows could be used to hack into the system!

In Linux, due to the software being already developed, then packaged, by people who hold on to the tenet "a software should do what it's supposed to do the best it can, no more no less", ensuring a piece of software can't hack the system is rather easy: if i doesn't need to touch the system, it won't; if it tries to anyway, it'll throw an error (thus it was badly programmed, or was compromized), or ask for superuser rights (it is thus intentional, or if it was compromized, the user may just notice that previous uses didn't require superuser rights).

The programming tenet, "be permissive on what you accept, be strict on what you output" is not true when dealing with security - it should be "be restrictive on what you accept, be strict on what you output".

That's also where standards help: they tell you what you should be strict on, by defining what you should get or output.

 

[zak_mckraken]

Yawn, that old "thank god I use [whatever] instead". I've said it before and I'll say it again : every OS and web browser have flaws. The more people you have using your software, the more flaws you will uncover.

 

[techguy911]

This is not new its been around forever because microsoft is lazy malware writers have been exploiting this for ages.

 

[isamuelson]

An even better word: Chrome!

 

[daggs]

[citation][nom]neiroatopelcc[/nom]That is not entirely true. It is in part true, as there are autorun.inf files and similar features, but for the vast majority of situations the user has to actually run a program to start it - also programs that have file associations set - like opening .hlp files with winhlp32.exe - and far as I know KDE has a feature to execute files in a similar manner. IE make sure that odt files are opening with openoffice writer (swriter.exe in windows, dunno what it's called in a linux distro). So essentially it's the same feature - it just isn't being used. [/citation]this if you are referring to the .desktop dolphin issue, this feature was removed in the following version of dolphin because of user protesting.
ask for running, linux doesn't open files according to it's extension, but according to it's content.

 

[sliem]

What's the point M$, pack it all up (IE).

 

[crom]

I love all of these anti-linux or anti-mac posts when they know nothing about the platforms. Linux market share? They now dominate the back end server market. They have a higher install base than Unix or Windows. Apache dominates IIS. LAMP is in higher demand than .NET. The list goes on.

On the consumer side the smart phone market is linux/BSD dominated with Google's Android, the iPhone, and most Nokia smart phones leading the charge. Linux is the preferred choice by governments, defense departments, and other large scale organizations.

I'm not here to dis Windows, because I think it does some things very well. I just think those of you that post that "linux only has a slim market share" or "Apple is only 8%" need to do your research. Apple has over a 20% market share in the laptop market. It's bigger than Sony, Acer(Gateway), and Levino. Only HP and Dell are larger. Linux runs some of the most robust websites out there like Google, You Tube, Facebook, etc.