Print 92 comment(s) - last by mostyle.. on Feb 3 at 7:43 AM

  (Source: Sydney Morning Herald)

Chinese hackers used a memory flaw in Internet Explorer to carry out a series of highly sophisticated attacks, which stole info from Google, Adobe, and others.  (Source: Tech Freep)
Microsoft is apologetic about the incident and is working to help affected companies

While making a browser can pave the way to lucrative advertising revenue contracts, it can also be a headache in terms of providing the user with security, as users will typically interact with a broad variety of websites, some of which may be compromised or insecure.  When you're the top player in the browser market, like Microsoft, this problem becomes especially serious.

Microsoft typically has a pretty good security track record, but under the enormous pressure of safeguarding millions of business users, cracks in its armor can appear.  Thus was the case with a new flaw in Microsoft Internet Explorer, which the company posted an advisory (97352) about yesterday.

The advisory describes, "The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."

McAfee's George Kurtz was the first to post on the flaw, with a security blog yesterday afternoon.  He offered more details about the DOM memory corruption vulnerability and revealed that it had been used by attackers in China to steal info from Google.  This was somewhat unusual, as often flaws get published with nary a "in the wild" attack, or at worst mild attacks on individual users.

In this case the flaw wasn't overly severe, but the attackers were unusually sophisticated and struck out at businesses, looking to steal their data.  Writes Dmitri Alperovitch, a vice president of research with McAfee, "We have never seen attacks of this sophistication in the commercial space. We have previously only seen them in the government space."

Despite the fact that Google makes its own browser (Chrome), apparently many of Google's corporate computers instead use rival Microsoft's Internet Explorer, the standard in the business world.  As Internet Explorer 8's Data Execution Prevention (DEP) is enabled by default, and would have to be turned off for the flaw to work, it seems likely that Google uses IE 6 or IE 7.  This is actually quite typical -- IE 8 adoption in the business world has been a slow process -- many businesses still use IE 6, even.  The DEP protections are optional in IE 7.

In total, Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

Once the attackers execute the memory attack, they use it to download and run an executable -- a malicious trojan that allows remote access to corporate machines.  The entire set of attacks has become known as "Operation Aurora".  Aside from Google, other high profile targets lost potentially sensitive information, including design software maker Adobe Systems Inc. (though Adobe insists that it lost no IP).  Google and Adobe are both reportedly trying to help Microsoft investigate the attacks.

Microsoft CEO Steve Ballmer apologized for the security mishap, stating, "We need to take all cyber attacks, not just this one, seriously. We have a whole team of people that responds in very real time to any report that it may have something to do with our software, which we don't know yet."

One bothersome detail, though, is that Microsoft apparently has known about the flaw and existence of attacks in the wild for some time, but did not publish a security advisor until after McAfee aired the flaw.  This meant that while high profile business users likely knew about the flaw, most private users were left unaware of the danger (albeit, fewer private users run IE 6 or IE 7 than business users).

The attack on Google occurred in mid-December, so the attacks have been live for almost a month now, at least.  Reportedly 20 other major companies have since been compromised.  Currently, the only complete solution that offers complete protection against the attack is to adopt IE 8 or turn on DEP in IE 7.  McAfee has aired security software updates that provide partial protection against the malware associated with the attack, but it warns that current coverage is complete

If there's one moral of this story, it's not so much anything to do with Microsoft or Google, but more an observation of the state of internet security in general.  As many observers have noted, attackers in recent years are becoming bolder, more organized, and in it for the money. 

Unlike hackers of yore that largely hacked for respect or fame, this new breed of attacker, largely based out of Eastern Europe, Russia, Africa, and China, hacks for profit.  That presents a unique challenge to firms like Microsoft.  A kid hacking into Google would be a bad enough, but a savvy professional who knows how to leverage the stolen information -- that's a security nightmare.  And it's one that's quickly becoming reality, as evidenced by this most recent round of attacks.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By damianrobertjones on 1/15/2010 10:27:43 AM , Rating: 1
"As Internet Explorer 8's Data Execution Prevention (DEP) is enabled by default, and would have to be turned off for the flaw to work, it seems likely that Google uses IE 6 or IE 7. "

Ummm? If you don't update, then you're not covered. Then again there's business arguments for and against that we've all heard before. A company like Google should have it's 'base' computers all running with the latest updates and damn well use vm's for testing. I'm sure they have the cash!

Either way, I'm sitting here with all network pc's on XP (Going to Win7 eventually) and updated by a WSUS server.


RE: Ummm.....
By FITCamaro on 1/15/2010 10:43:40 AM , Rating: 4
It sounds like you're an IT guy so you should know a companies ability to upgrade is often limited by the other software they use. If a tool you use isn't supported in IE8 then you're stuck with IE7 until the company who makes the software updates their tool. Assuming there's still even support.

RE: Ummm.....
By Motoman on 1/15/2010 11:00:42 AM , Rating: 5
In my experience, the "compatibility view" thing in IE 8 works pretty well.

...then again, I wonder what the likelihood of a company like Google using any particular product tied to IE would be in the first place...

RE: Ummm.....
By reader1 on 1/15/10, Rating: -1
RE: Ummm.....
By lightfoot on 1/15/2010 12:45:55 PM , Rating: 5
No, Google uses Internet Explorer because Google its self is an Internet Software Company. They are forced to use every browser on the market to test compatibility with their software. If Google, Google Apps, or Gmail did not work on Internet Explorer (or Firefox, Safari, or Opera) that would directly impact their core business.

Google has to use Internet Explorer due to the fact that some of their customers use Internet Explorer - this has nothing to do with a Microsoft monopoly.

RE: Ummm.....
By ClownPuncher on 1/15/2010 1:09:05 PM , Rating: 5
Don't even bother explaining to that guy. Your logic and reason are wasted.

RE: Ummm.....
By reader1 on 1/15/10, Rating: -1
RE: Ummm.....
By ClownPuncher on 1/15/2010 1:30:44 PM , Rating: 5
There are many browsers people can use, Microsoft does nothing to stop you from using those.

RE: Ummm.....
By reader1 on 1/15/10, Rating: -1
RE: Ummm.....
By ClownPuncher on 1/15/2010 1:50:38 PM , Rating: 5
Your face is made out of penis.

RE: Ummm.....
By reader1 on 1/15/10, Rating: -1
RE: Ummm.....
By GaryJohnson on 1/15/2010 2:13:57 PM , Rating: 3
Your logic has a hole in it.

If Mozilla or Google made a better browser than IE, then they could still charge for it.

Similarly, we are giving you free advice on how not to be a loon, but you should definitely still seek professional (paid) psychiatric consul.

There are most certainly people around who would pay for FF or Chrome in their current incarnations. Google has chosen market share over sales revenue, and Mozilla is into being a "public benefit organization".

RE: Ummm.....
By bupkus on 1/15/2010 3:50:28 PM , Rating: 4
I'm like 10 posts down and still laughing.

RE: Ummm.....
By arazok on 1/15/2010 6:44:29 PM , Rating: 5
RE: Ummm.....
By messyunkempt on 1/16/2010 1:42:27 AM , Rating: 4
You owe me a muffin. And something to wipe my screen with.

RE: Ummm.....
By NesuD on 1/15/2010 2:37:46 PM , Rating: 3
Giving away IE for free is illegal undercutting and a clear abuse of Microsoft's monopoly.

Where did you get that. Microsoft charges a healthy price for IE. The only thing that makes it worth paying is that they bundle a pretty decent free operating system with it.


RE: Ummm.....
By bupkus on 1/15/2010 3:46:44 PM , Rating: 2
That is funny!

RE: Ummm.....
By Marlonsm on 1/15/2010 3:33:34 PM , Rating: 2
Right, they should force people to pay for their browsers, just like they pay for Firefox, Chrome, Opera...

Wait a min...

RE: Ummm.....
By themaster08 on 1/15/2010 7:17:21 PM , Rating: 3
Giving away IE for free is illegal undercutting and a clear abuse of Microsoft's monopoly.

It's clear that yellow tinted screen has blurred your perception of reality.

Giving away IE for free is illegal

Would you care to provide proof of this? Is giving away Safari for free also illegal?

RE: Ummm.....
By damianrobertjones on 1/15/2010 7:26:16 PM , Rating: 2
What century was that again?

These are new times.

RE: Ummm.....
By Camikazi on 1/15/2010 2:23:16 PM , Rating: 2
Yes you are right, MS FORCED me to use IE :( o wait, I'm on Windows and using Firefox!
MS customers are not forced to use IE, they choose too or do not know of other choices (doubtful since most sites have Firefox or Chrome icons all over). IE is just the default and most people just stick with the default for fear of breaking things or having no knowledge of others.

RE: Ummm.....
By mindless1 on 1/15/2010 9:06:43 PM , Rating: 1
Yes people are too lazy and uninformed to switch from the default installed browser in most cases, but that does lead back to the original statement by reader1 that it's due to their monopoly.

For example, if Linux had been the majority OS and had Firefox installed by default, and of course not having IE installed, wouldn't it be Firefox we'd assume to be the majority browser too?

Let's think on this a minute, who would've stuck it through IE 4, 5, and 6? They're be few and far between users who went on to use 7 and 8 even though they are decidedly better than 4, 5, and 6.

RE: Ummm.....
By drycrust3 on 1/15/2010 4:44:58 PM , Rating: 2
I disagree. Yes, there probably are people in the company who HAVE to have IE 6 or 7, but the majority of the people should be using Chrome because that is one of their major products. That is one of the easiest ways for the "Chrome" department to know if there are problems or improvements to be made. If a person finds an incompatibility and changes to IE does the problem get fixed? No, it remains unfixed. Conversely, a phone call to the Chrome department may be all that is needed to fix the problem.
Indeed, it is disconcerting to realise that while on the one hand Google is planning to release it's own operating system, which is based upon Linux, they actually prefer their main competitor's software. It is hard for us to know for certain, but surely that must affect some of their business decisions.
My guess is the majority of the work they do could be done using Ubuntu and Openoffice and Chrome. After all, the system they will be selling will be based upon Ubuntu, Chrome, and Google Docs.

RE: Ummm.....
By mostyle on 2/3/2010 7:43:58 AM , Rating: 1
Google is forced to use Microsoft's products

Yea, sure.. Forced if they want to insure compatibility between themselves and third party vendors which inevitably addresses their productivity and bottom line.. I guess in that logic Mozilla and others force them as well. Forced? Bah, semantics..

RE: Ummm.....
By nafhan on 1/15/2010 1:18:06 PM , Rating: 2
It's been fine in my experience, too. However, first time I had to call the corporate help desk after installing IE8 they were all "Whoa, whoa, no wonder you are having trouble! We don't support IE8." This is regardless of the fact that it was not a browser/web problem. So, I had to revert to IE7 and show them the problem was still there before they'd even help me.
I'd be willing to bet that's fairly typical of other large corporations as well.

RE: Ummm.....
By AstroCreep on 1/15/2010 4:32:00 PM , Rating: 2
Compatibility View is fine & dandy if the sites display properly in IE7, but as is the case with my business, there are still quite a few web-based resources that were written with older versions of FrontPage and/or Office that don't work properly in anything higher than IE6.

Unfortunately we're at a bit of a stand-still on updating IE because one of the sites our core business utilizes is still in the "Process" of updating their the site, but until then the forms (data entry system) don't even appear.

RE: Ummm.....
By sxr7171 on 1/16/2010 6:36:40 AM , Rating: 2
Yeah pretty darn surprising.

RE: Ummm.....
By MarcLeFou on 1/15/2010 12:20:14 PM , Rating: 2
The only reason I see for not upgrading to IE8 is a company is using old, unsupported OS'es (and hardware) or custom plugins not compatible with the new versions.

IE7 caused us quite a few headaches with our customer systems so an overall switch to 7 was never rolled out but IE8's compatibility view has solved all of those issues for us.

Since some websites only work with IE and IE6 is really problematic from a security standpoint, we've moved all our Windows boxes to IE8 in the last few months and its been going extremely well after people got used to the change in UI (and even then, that part was much easier than some other transitions we've been through).

RE: Ummm.....
By MarcLeFou on 1/15/2010 12:23:42 PM , Rating: 2
Sheesh. I even proofread this to make sure there were no errors. I seem to have both eyes in the same socket today.

... upgrading to IE8 is if a comapny ...

... a few headaches with our custom systems ...

RE: Ummm.....
By jonmcc33 on 1/15/2010 12:29:30 PM , Rating: 1
It's okay. You are safe from the anal retentive grammar troll.

RE: Ummm.....
By jonmcc33 on 1/15/2010 12:28:41 PM , Rating: 2
I agree. We're just moving everyone to IE7 now. Can't move to IE8 because our lame BMC Service Desk Express doesn't work properly with IE8. People running Windows 7 are forced to use XP Mode to use SDE.

RE: Ummm.....
By damianrobertjones on 1/15/2010 7:25:14 PM , Rating: 2
"Then again there's business arguments for and against that we've all heard before."

Yeah, I know, but I'd honestly say that a lot of it is due to being .... Lazy.

RE: Ummm.....
By mindless1 on 1/15/2010 9:19:42 PM , Rating: 2
... but that's a pretty self-serving assessment.

Is everyone "lazy" for not being as "secure" as possible by studying martial arts and self defense so they can be as secure as possible in their daily lives?

Is everyone "lazy" for not religiously waxing their car?

Is everyone lazy for not eating only the most healthy of foods?

Not really, they take what steps they consider adequate at the time, there is not an infinite amount of time, money or resources to suit everyone's idea of the ideal (everything, everywhere, every time).

... or to put it another way, those who were security savvy long ago took steps to implement a security plan that worked for their company, they were not longing for IE8 and cursing each day, because they found a solution that worked for them.

Google's fault? It's not which IE version, it's any and all software that is not assessed and secured. The same goes for IE8, you can't just do "anything at all" you want to do just because you're running IE8, and the same will be true for IE9, and certainly Firefox et al too.

RE: Ummm.....
By Motoman on 1/15/2010 10:45:28 AM , Rating: 2
I don't think you need WSUS - I think if you just used automatic updates, this would have been taken care of a long time ago.

While it's embarrassing for MS, I feel like it's more embarrassing for Google. Firstly, that their own employees use their hated rival's browser instead of their own, and secondly that they apparently aren't capable of enforcing a reasonable update program on their PCs.

RE: Ummm.....
By FITCamaro on 1/15/2010 10:57:36 AM , Rating: 2
I doubt there's very many large corporations who've already upgraded to IE8.

Still on 7 here.

RE: Ummm.....
By Motoman on 1/15/2010 11:01:54 AM , Rating: 2
Yeah, I hear you.

Since I don't have any IE6/7 boxes laying around, was this DEP feature available there...and just not turned on?

RE: Ummm.....
By InsaneScientist on 1/15/2010 2:09:50 PM , Rating: 2
It was there for IE7, but not IE6.

I thought XPSP2 and up had system wide DEP running, though...

RE: Ummm.....
By GaryJohnson on 1/15/2010 2:22:07 PM , Rating: 2
It has DEP on for "essential windows programs and services" which apparently doesn't include IE7; it has it's own DEP in the form of a "enable memory protection to help mitigate online attacks" checkbox under the advanced tab in internet options.

RE: Ummm.....
By piroroadkill on 1/18/2010 10:32:07 AM , Rating: 1
By default, DEP is set to OPT-IN, whereby apps (the majority of the time, Windows system components) opt to have DEP enabled for their component. Yeah, which is fucking shit. Same behaviour by default in Windows 7 iirc; however, you can change this to OPT-OUT, whereby all processes get DEP enabled, and you only set processes which have issues with DEP in the exclusion list, which should be the default mode, really

RE: Ummm.....
By bupkus on 1/15/2010 3:57:59 PM , Rating: 2
Ok, but aren't these older versions of IE just used for intranets? Can't they also have IE8 for those for who need to venture outside to the internet?
I'm thinking that couldn't their IT program a router or firewall test that won't allow unprotected versions of IE to pass outside...
Perhaps I just don't get it. The servers exposed to the internet are vulnerable because they allow a misbehaving browser to make requests... shouldn't this be a browser issue?
Help me understand wtf and wheretf this vulnerability happens.

RE: Ummm.....
By bupkus on 1/15/2010 4:00:10 PM , Rating: 2
Correction: ... shouldn't this be a server issue?

RE: Ummm.....
By reader1 on 1/15/10, Rating: -1
RE: Ummm.....
By FITCamaro on 1/15/2010 11:53:12 AM , Rating: 4
Yeah pushing out a windows update is real f*cking hard. I mean do you try to be this stupid?

And if you don't want to do that there are software products out there that streamline pushing updates to large numbers of PCs.

RE: Ummm.....
By reader1 on 1/15/10, Rating: -1
RE: Ummm.....
By Motoman on 1/15/2010 12:11:45 PM , Rating: 3

This asshat's rating is at 0.09! That's got to be a record, right? Is anyone keeping score - so we can determine who the stupidest person on the planet is? Because this clown has got to be right up there.

0.09 - now THAT is an impressive achievement. Seems like it would take an entire village of idiots to rack up a score like that.

RE: Ummm.....
By StevoLincolnite on 1/15/2010 12:16:52 PM , Rating: 2
Seems like it would take an entire village of idiots to rack up a score like that.

Don't insult the village idiots! Sheesh.. They would be like Einstein compared to him!

RE: Ummm.....
By geddarkstorm on 1/15/2010 12:30:50 PM , Rating: 2
He's 0.10 now. I think his skills are slipping.

RE: Ummm.....
By weskurtz0081 on 1/15/2010 2:42:23 PM , Rating: 2
No, he is down to .08 now, he's doing just fine!

RE: Ummm.....
By chagrinnin on 1/15/2010 4:43:19 PM , Rating: 2
Seems like it would take an entire village of idiots to rack up a score like that.

Their IBurst tower has been turned off. :P

RE: Ummm.....
By themaster08 on 1/15/10, Rating: 0
RE: Ummm.....
By reader1 on 1/15/10, Rating: -1
RE: Ummm.....
By themaster08 on 1/16/2010 5:33:12 AM , Rating: 3
Sure, only a moron would support a platform with an excess of over half a billion users.

Only a moron would dedicate his life supporting Apple and their communist, closed platform and arrogant, self-righteous business practices.

Apple zealots are the Jehovas Whitnesses of the computer world. Preaching self-righteousness, mocking others, pumping ludicrous amounts of money into your church. Everything fits.

RE: Ummm.....
By damianrobertjones on 1/15/10, Rating: 0
RE: Ummm.....
By mindless1 on 1/15/2010 9:28:49 PM , Rating: 1
While I don't go along with a lot of the stretches reader1 makes, the initial idea that a lot of companies do not want these automatic updates is true.

Absolutely NO NO NO! It would be really dumb to let client systems update before the update is tested and reports of problems in the wild are sought.

Yes roll out the updates but above all else it is more important to not introduce any problems rather than having downtime from some bug that wasn't found until millions of people started applying it to the myriad number of system configs possible.

Now I'd like a show of hands, how many of the DT readers were routinely infected from using IE7, letalone 6? If they were insecure, and yet at the time of their release the DT (I mean Anandtech readers at that time) population was saying the same thing "oh use this new version it is secure you simply must or the world will implode", and yet now history shows they were wrong.

What was the solution? It was not just jumping onto the latest IE and patching it, absolutely not because as we all see no matter how many patches you apply, there's still another several coming, there was always not only many many possible exploits, but it was the primary target browser all along.

No, updates are not a solution and it is a waste of time to talk about them. Training users, blocking malicious 'sites, disabling inherently insecure features, locking down user access to domain resources, these are the start to security.

Now fast forward to the next IE version, everyone will claim oh it's great and IE8 should be abandoned, nevermind if you are more or less secure then than now.

The ironic part is we might actually be more secure running IE4 right now, who is developing new exploits for THAT?

RE: Ummm.....
By damianrobertjones on 1/15/2010 7:31:44 PM , Rating: 2
Hold on a minute... using Automatic updates on more than 10 computers, or 20, 30, 40... it literally zaps your bandwidth dry.

Imagine on update Thursday ALL 500+ computers started downloading updates etc. Even staggered, it's NOT the way to do it, even in a company with 30 pc's. WSUS all the way. it's so silly easy to setup that it hurts.

There are a lot of techs out there that don't even KNOW that WSUS exists! (Starts to cry)

RE: Ummm.....
By danostrowski on 1/15/10, Rating: -1
By jameskatt on 1/15/2010 11:11:40 AM , Rating: 1
With security holes like this - and there are more to come even on Windows 7 - why would anyone want to store their medical data in the cloud with Google or Microsoft?

Even a single security hole - out of the hundreds that are sure to exist - allows sophisticated hackers to steal your medical data.

By kmmatney on 1/15/2010 12:51:42 PM , Rating: 2
I could care less about medical records - its credit card data I'm worried about.

By Camikazi on 1/15/2010 2:30:10 PM , Rating: 2
Guess you must be for no computers for any data then? Cause all software has bugs and exploits, some just take more time to find. No software is 100% secure ever, even those not connected to the internet cause then you just need physical access to it.

By Gary Oak on 1/15/2010 4:23:51 PM , Rating: 2
Furhtering that, if it's even written down somewhere and someone wants it bad enough, they can probably get it. Why don't we just destroy all data?

Microsoft apologetic?
By rdhood on 1/15/2010 12:18:52 PM , Rating: 2
Microsoft is apologetic about the incident and is working to help affected companies

They have had 12 YEARS to patch the holes in their browser. They really couldn't care less.

RE: Microsoft apologetic?
By eddieroolz on 1/15/2010 1:06:40 PM , Rating: 2
This problem exists in IE6/IE7/IE8, not IE1, my friend. So I'm not sure where you're getting that 12 years figure from.

By 306maxi on 1/15/10, Rating: 0
RE: Sure
By KingofL337 on 1/15/10, Rating: 0
RE: Sure
By namechamps on 1/15/2010 11:41:48 AM , Rating: 1

What do you call IE 8 or TURNING ON DEP in IE7?

Microsoft provided options that would secure the network.

If anything Google & Adobe should sue themselves for being stupidly insecure.

RE: Sure
By CZroe on 1/15/2010 2:15:02 PM , Rating: 2
You know, turning it on doesn't do anything with a CPU that doesn't support it. There are many such systems still in use (didn't read the other argument... this just looekd to be a relevant place for this insight).

I hate Adobe, they are thieves
By KingofL337 on 1/15/2010 10:48:12 AM , Rating: 1
It's ironic that a company like Adobe, which practically robs it's development customers. Would be stolen from...

By VenomSymbiote on 1/15/2010 2:27:27 PM , Rating: 2
This kind of sounds like a weird haiku...

Irony cat...
By redbone75 on 1/15/2010 10:27:40 AM , Rating: 2
is ironic.

IE6 and 7 in the buisness world
By cal4701 on 1/15/2010 12:49:47 PM , Rating: 2
What a lot of people do not understand is that businesses, for this reason, do not adopt newer software as there is always something some one forgot and needs to be fixed. So they usually use a software until it is not longer supported for two resons.
1. It is safe for thier network in the fact it is not going to crash something else as it has not done so as of yet.
2. It is cheaper as they don't lose productivity in emaployees having to be trained as often.

When a large company makes a change in thier software as major as Internet Explorer it has to be extensively tested in as many scenarios as possible before they will roll it out to an entire company. I personally rolled my IE back from 8 to 7 30 minues after I installed it. There was a problem with the way it displayed a favorite page of mine. I would put my mouse on a link and that link would drop 4 inches. Move the mouse down and it would jump back up. It is the same for companies. Imagine they rolled out IE8 to 500,000 employees and this is a small number. The next day they have 500,000 tech support calls due to an issue with the new software. I would hate to be the person who gave the go ahead to roll it out. That is the reason companies are still using older versions. After this most may upgrade to 7 so they can use the DEP but then again who knows. :) Hopefully this gets read and understood by those who do not.

Hackers are losing their morals!
By KIAman on 1/15/2010 1:36:33 PM , Rating: 2
Unlike hackers of yore that largely hacked for respect or fame...

What is this world coming to when even Hackers have lost their sense of ethics and morals!

Hackers of yore also largely hacked to fight against would-be hackers and script kiddies.

By sapiens74 on 1/15/2010 2:06:06 PM , Rating: 2
Any hacker can attack your MAC!

As long as you are logged in and they have physical access to your machine they can have their WAY!!!

By nofumble62 on 1/16/2010 1:55:56 PM , Rating: 2
Still have to use IE6. Yeh, right IE6. This is the browser that is officially supported by my company IT department who is supposed to be a top notch in the IT industry.

By 3minence on 1/15/2010 10:49:37 AM , Rating: 1
IE6 came out how long ago? It security and function problems are the reason Firefox and friends got market share. Nobody should be running IE6 anymore. Having said that, I know a lot of commercial software that still requires IE6 and doesn't work right on IE7. It's inexcusable but an unfortunate fact of life.

MS has really done well with IE8, I've used it and like it, but IE6 is the reason I went with Firefox.

By Spookster on 1/15/2010 1:04:54 PM , Rating: 1
Microsoft typically has a pretty good security track record,

Put your hands in the air and step away from the crack pipe sir. Don't make us tase you.

Are you serious?
By Candide08 on 1/15/10, Rating: -1
RE: Are you serious?
By JasonMick on 1/15/2010 10:46:37 AM , Rating: 4
Actually they do. Despite what Apple would have you believe, considering Micrsoft's volume of users (over a billion PCs, hundreds of millions of Internet Explorer users) their security track record is pretty good.

Let me know if you find someone with comparable marketshare who you can hold up as having superior security and I'll give you a cookie.

Hint: Adobe and Mozilla software gets exploited all the time. ;)

RE: Are you serious?
By reader1 on 1/15/10, Rating: -1
RE: Are you serious?
By ertomas on 1/15/2010 1:28:29 PM , Rating: 2
I can't believe this guy...

He's like venezuelans Chavez's supporters.

The SOB has even led us to an electric crisis and people still stand up to him!

RE: Are you serious?
By themaster08 on 1/15/2010 7:26:19 PM , Rating: 2
Of course they do, they're Windows programs.

So I guess that this is a Windows program too, huh?

RE: Are you serious?
By themaster08 on 1/15/2010 7:37:13 PM , Rating: 2
I notice that you seem to remain quiet when Apple has yellow screen issues, arrogantly repairing them for them to return to their customers with further problems. I guess that's Microsoft's fault too, huh?

However, as soon as Microsoft has an issue with old software, which it apologises for, and endeavours to fix, you can't wait to regurgitate the same old BS we've heard a thousand times before.

If you have nothing new to say, please, say nothing at all.

RE: Are you serious?
By Motoman on 1/15/2010 11:33:46 AM , Rating: 2
Another hint:

Apple's "security" is a result of their failure to capture a significant portion of the market. Hence, it's not worth a malware-writer's time to make attacks on it. Success by failure - very few companies can pull that off (other than Apple, maybe Bose and Monster Cable).

RE: Are you serious?
By danostrowski on 1/15/10, Rating: -1
RE: Are you serious?
By Motoman on 1/15/2010 12:00:01 PM , Rating: 2
Using that logic, one would have to cite the existence of police forces as a detriment to the track record of democracies.

And while I love your advertising of your ignorance with your opening statement, the better way to look at it is that it's quite commendable that MS does as much as it does to keep billions of PCs worldwide secure.

As for the monopoly - yes, Windows is a monopoly, because it's not viable for the vast majority of consumers in the world to use Apples or Linux. The fact of the matter is that now, Apple has somewhere around 4% of the market according to recent internet log reporting as shown here on DT recently. It would really be nice if we could stop pretending that 4% of the market has any significance.

RE: Are you serious?
By StevoLincolnite on 1/15/2010 12:22:46 PM , Rating: 2
While that's partially true, security has been a complete after thought for MicroSoft until very recently. Also, if you're going to credit Apple's small market share (aka MicroSoft's monopoly gained by proprietary lock-in) with the lack of viruses it experiences, you must also mention the entire microcosm of software that has evolved specifically for securing windows as a detriment for MS' track record.

Wait... are you complaining that Microsoft is to propriety? Have you looked at Apple? I mean seriously? They wont even give consumers easy access to replace batteries for crying out loud!

RE: Are you serious?
By jak3676 on 1/15/2010 12:21:25 PM , Rating: 3
I don't think my Monster Cable powers Bose system has ever been exploited.

RE: Are you serious?
By lightfoot on 1/15/2010 1:01:56 PM , Rating: 2
But both Monster Cable and Bose sell sub-par products at premium prices... The example of success through failure.

I would argue, however, that despite their products failure, their marketing success is nearly unrivaled.

RE: Are you serious?
By eddieroolz on 1/15/2010 1:08:12 PM , Rating: 2
Hell, if we can make a coat hanger disguised as Monster Cable we'll be rich in no time!

RE: Are you serious?
By mindless1 on 1/15/2010 10:19:42 PM , Rating: 2
You have it backwards. You suggest that somehow considering their marketshare we should consider them more secure, when it is quite the opposite.

Considering their marketshare they have far more opportunities to uncover the bugs, far more income to fix them, and far more people reporting the bugs so they don't even have to find many themselves.

I won't even go into the base fact that security is about vulnerability, that merely having that marketshare makes them less secure even if they had the exact same # and type of bugs as a competitor.

Further, the article you linked to as some kind of proof was quite frequently opposed in the comments, was nothing more than a misguided study turned into a fluff piece.

Hint: The vast majority using Mozilla Firefox are far more secure than IE users. ;) ;)

Make any excuse you like, it's plainly obvious. We could argue about whether it's due to add-ons, but in the end we are talking about security not twisted stats that ignore the real uses of either browser.

To put it another way, even though IE still has majority marketshare, Firefox has a large number of users as well. How many viri have you seen circulating due to Firefox exploits? We'll wait while you dig up some cold hard facts on that.

A marketing concept != reality. The proof is in the news year after year.

RE: Are you serious?
By FITCamaro on 1/15/2010 10:47:33 AM , Rating: 2
Lets see you create the most used software in the world, and thus the most attacked, and there not be any security holes.

For what it does, Microsoft does a pretty good job with security.

RE: Are you serious?
By rudolphna on 1/15/2010 10:46:28 AM , Rating: 2
When you have an OS on as many systems as Windows is, it becomes impossible to protect against every threat. Hackers are a very resourceful and smart bunch, who cold find microscopic cracks in a rock from space. Microsoft generally seems to do fairly well keeping bugs and security holes patched. It is impossible to be 100% secure, even for a lesser used system like linux, but windows is massive and catering to a wide variety of uses, therefore this kind of thing will happen.

RE: Are you serious?
By damianrobertjones on 1/15/2010 7:40:56 PM , Rating: 2
Plus, if WIndows was 100% secure, the EU would fine them as the AV makers would go out of business.

"So if you want to save the planet, feel free to drive your Hummer. Just avoid the drive thru line at McDonalds." -- Michael Asher

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki