1. Attachments are working again! Check out this thread for more details and to report any other bugs.

Read this if you use MS IE Explorer.

Discussion in 'Fred's House of Pancakes' started by daniel, Feb 14, 2012.

  1. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    You don't have to take any action other than viewing a malicious web site that exploits the security flaw, just one more in the endless stream of security flaws from the most incompetent software vendor in the world!

    Story here:

    Yet another reason to give Bill the boot.
     
    1 person likes this.
  2. a_gray_prius

    a_gray_prius Rare Non-Old-Blowhard Priuschat Member

    Joined:
    Jun 13, 2008
    2,927
    782
    0
    Location:
    IL
    Vehicle:
    2008 Prius
    Model:
    N/A
    Welcome to the Internet!
    [​IMG]

    Every browser has vulnerabilities that can be exploited to do remote code execution. I see you found one in Internet Explorer (one of hundreds). There are a huge number in Safari, Firefox, and Chrome (you can Google, right?). Hell, Apple is incompetent too because Safari for Windows has issues that allow remote code execution (http://technet.microsoft.com/en-us/security/advisory/953818).
     
    1 person likes this.
  3. Stev0

    Stev0 Honorary Hong Kong Cavalier

    Joined:
    Sep 23, 2006
    7,201
    1,073
    0
    Location:
    Northampton, MA
    Vehicle:
    2022 Prius Prime
    Model:
    Plug-in Base
    Is that why you never, ever use the Internet?
     
    1 person likes this.
  4. DavidA

    DavidA Prius owner since July 2009

    Joined:
    Jul 14, 2009
    2,325
    1,811
    18
    Location:
    Chicago western burbs
    Vehicle:
    2017 Prius Prime
    Model:
    Prime Advanced
    Wait..... Hold on. IE is flawed? :eek:

    Now you tell me. :mad:






    This post made from OSX
     
    1 person likes this.
  5. cproaudio

    cproaudio Speedlock Overrider

    Joined:
    Jul 7, 2010
    2,401
    758
    0
    Location:
    CA
    Vehicle:
    2010 Prius
    Model:
    V
    I run several virtualboxes each virtual machine serves its purpose. the host machine never gets infected with anything. I don't use any antivirus or anti spyware programs. It just slows down the computer. I'm still stuck on XP on the host machine. My machine runs 24/7 for the past 2 1/2 years. Last time I format and reinstall windows was about 15 months ago. If one of the virtual machine is infected with anything, it stays within that virtual machine and does not infect other VM. It takes about 5 minutes to copy a working virtual disk and replace the infected disk.
     
    1 person likes this.
  6. Southern Dad

    Southern Dad Active Member

    Joined:
    Jun 21, 2011
    350
    212
    58
    Location:
    Monroe, GA
    Vehicle:
    2011 Prius
    Model:
    Three
    I got tired of always dealing with virus and virus warnings. I switched to Mac and I'm never going back. Sure, there are a few viruses written for the Mac and the Safari browser but not anything like the number written for Windows and Internet Explorer.

    Come on over to the "dark side" try out OS-X Lion, you won't want to leave.
     
    2 people like this.
  7. Zythryn

    Zythryn Senior Member

    Joined:
    Apr 28, 2008
    6,154
    4,146
    1
    Location:
    Minnesota
    Vehicle:
    Other Electric Vehicle
    Model:
    N/A
    I hope you realize a large part of the reason for this is the smaller market size. As more people adopt macs (I have as well), macs will become more attractive to hackers.
     
    1 person likes this.
  8. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,073
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    Nothing new. This is often called a "drive by" infection, where the user's computer gets infected just by "driving by" a bad page.

    Anti-virus software only helps protect against known risks. A zero-day exploit is free to have its way with your computer, even with AV software, since the AV software doesn't recognize the new threat. The only way to protect against zero day attacks is to keep a low profile and run your browser in a sandbox:

    Low profile - Avoiding bad sites obviously helps. Other than this, Linux and Mac have lower profiles. With smaller user bases, they are less attractive targets. This will change as the popularity of these platforms increases.

    Sand box - Recognizing the impossibility of stopping all zero day exploits, the best defense is to run your browser in isolation. This way any infection of your browser will take down just the browser, not everything on your computer.

    For my Linux boxes, I run AppArmor, which is a kernel based security system that limits the reach of applications. My browser can browse, but it can't touch the sensitive parts of my computer. If the browser gets infected, I can reload it without having to reload the whole computer.

    For Windows based browsing, I run Windows in a virtual machine. If the system takes a virus hit, I just reload the VM from a backup copy. It only takes a couple of minutes.

    Tom
     
    1 person likes this.
  9. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    No. It's why I never, ever, allow anything from Microsoft on my computer. I run OS X 10.6.8. Snow Leopard. I've seen no particular reason to upgrade to Lion.

    We keep hearing this. Yet, among hackers, it would be immortal fame to create the first virus to infect Macs in the real world. I'm not saying it can't be done, but the small market size only explains why it's not a big target; it does not explain why nobody's ever done it.

    OTOH, every week there are several new exploit announcements like the one above for Windows systems. Microsoft has a different philosophy: Forget quality control, no need to check for stack overflows, just release quick and dirty code on a system designed to be open to hackers, and then release patches as the bad guys figure out the exploits. UNIX has a whole different philosophy: disallow overflows by default, design a system to be closed to hackers.

    Nothing's perfect, but Windows (and its browser and other programs) are like a house with the doors and windows open and a big sign saying "Nobody's Home." Unix is like a house with the doors locked and a security camera.
     
    1 person likes this.
  10. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,073
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    This was especially true on earlier versions of Windows. Microsoft has improved tremendously in the area of security, but they had to be dragged into it kicking and screaming. Most of the exploits target earlier versions of MS products, of which plenty are still in use.

    Tom
     
    1 person likes this.
  11. Stev0

    Stev0 Honorary Hong Kong Cavalier

    Joined:
    Sep 23, 2006
    7,201
    1,073
    0
    Location:
    Northampton, MA
    Vehicle:
    2022 Prius Prime
    Model:
    Plug-in Base
    I was talking to the response to your very good post (if we still had Thanks I would have Thanked yours). He had a point, yes, all browsers have their flaws. But his is the same logic that says "People are going to have car accidents anyway so I might as well text while I drive drunk."

    I work with a woman who LOVES IE. I keep telling her, "No! Stop doing that!" I installed Firefox on her machine, she still used IE. Anyway, she got a really nasty virus. I said "I told you so! NOW will you stop using IE?" She didn't. Two weeks later she got ANOTHER nasty virus. She's still using IE to this day. *sigh*

    As for me, it has nothing (well, very little) to do with Security. After living with the nightmare known as Vista, I have sworn off MS Windows machines for good.
     
    1 person likes this.
  12. cproaudio

    cproaudio Speedlock Overrider

    Joined:
    Jul 7, 2010
    2,401
    758
    0
    Location:
    CA
    Vehicle:
    2010 Prius
    Model:
    V
    The day that I can build a Mac piece by piece with components that I want that's capable of playing bluray and 3D without getting sued is the day I'll switch over to a Mac.
     
    2 people like this.
  13. ItsNotAboutTheMoney

    ItsNotAboutTheMoney EditProfOptInfoCustomUser Title

    Joined:
    Jul 18, 2009
    2,287
    460
    0
    Location:
    Maine
    Vehicle:
    2010 Prius
    Model:
    II
    He uses a hand-crafted set of Perl scripts that use telnet on port 80.
     
    1 person likes this.
  14. Stev0

    Stev0 Honorary Hong Kong Cavalier

    Joined:
    Sep 23, 2006
    7,201
    1,073
    0
    Location:
    Northampton, MA
    Vehicle:
    2022 Prius Prime
    Model:
    Plug-in Base
    I *did* build my Mac piece by piece with components that I want! Those components happened to be an Apple Monitor/CPU (ie an iMac), a third-party mouse, and a third party keyboard (specifically, this one). And being the customization-loving DIYer that I am, I also went crazy and got a USB hub.
     
    2 people like this.
  15. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    It's really not the hardware. It's the OS. You can run Linux on your home-built PC and have a similar level of security that OS X (UNIX) provides. For me, Linux just wasn't ready for prime time. I'd have kept my old computer and gone to Linux if I'd been able to find someone to install it for me. I attended a local Linux meeting, but nobody was willing to install it for me, even when I said I'd pay them to do it. A Mac was just the only way for me to switch to UNIX.

    Nobody's going to sue you for building a computer for your own non-commercial use at home.

    :D I'd have given this post a Thanks, if the Thanks button was still on the site.
     
    1 person likes this.
  16. cproaudio

    cproaudio Speedlock Overrider

    Joined:
    Jul 7, 2010
    2,401
    758
    0
    Location:
    CA
    Vehicle:
    2010 Prius
    Model:
    V
    Obviously you don't know how to build computers if you think an iMac is a component and changing keyboard and mouse means custom built. I can build a faster computer for half the current price of a Mac Pro quad core with more rams and storage and better GPU.
    I had Ubuntu as one of the guest OS. It's not that hard to install if you follow the directions.
     
    1 person likes this.
  17. Stev0

    Stev0 Honorary Hong Kong Cavalier

    Joined:
    Sep 23, 2006
    7,201
    1,073
    0
    Location:
    Northampton, MA
    Vehicle:
    2022 Prius Prime
    Model:
    Plug-in Base
    Like I said, I LOVE customizing things - on my Prius, for example, I put on a seat cover AND a license plate frame! I also modded it by putting in floor mats, but took those out when the Sudden Acceleration scare hit.
     
    1 person likes this.
  18. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    Installing was not hard. Getting everything to work on a specific machine was a bit more problematic. There are web sites with complicated graphs of which flavors of Linux work on which hardware.

    But the real problems were with finding a program that would manage my iPod, and codecs for streaming media. I tried all the programs that people claimed worked for the iPod, but none of them worked for me, and I kept reading about how you could find the codecs, but I could not. So my Linux installs would not drive my iPod and I could not listen to or watch streaming media.

    This was okay for my travel laptop, since I only needed to check email and do some light web browsing, and I had Linux on my laptop until I switched to the Nokia N800 as my travel computer, and later to the iPod Touch. But it was not satisfactory for my home computer. So when I could not get someone to do an install that could work for me, I gave up on Linux for the home computer, and got my Mac.

    There are people who claim that Apple hardware is twice as expensive as "just as good" PC hardware, and there are others who disagree. My general impression is that cheap PC hardware is not as good, and that to get the same quality you pay similar prices. Yes, you can save by doing a homebrew. But not all of us have those skills. And for me the bottom line was that a Mac was the way to have UNIX, in the form of OS X, without having to pay the exorbitant price of AT&T UNIX with its much less friendly user interface.

    I like the idea of Linux. I was just not able to make it work for me. Open Source means lack of support, and I needed the support.
     
    1 person likes this.
  19. qbee42

    qbee42 My other car is a boat

    Joined:
    Mar 2, 2006
    18,058
    3,073
    7
    Location:
    Northern Michigan
    Vehicle:
    2006 Prius
    Things are different now. Ubuntu installs effortlessly on almost all hardware, without the usual driver hassles of Windows. Codecs are as simple as checking the box that says to install third-party software and codecs.

    The iPod is a different story, and the problem here is Apple, not Linux. Apple remains one of the most proprietary companies on the planet. They go out of their way to be incompatible with the rest of the world. There are a number of Linux programs that support iPods, but none are as slick as iTunes. If you want smooth integration with Apple, you need to stay 100% Apple.

    Tom
     
    1 person likes this.
  20. daniel

    daniel Cat Lovers Against the Bomb

    Joined:
    Feb 25, 2004
    14,487
    1,518
    0
    Location:
    Spokane, WA
    Vehicle:
    2004 Prius
    I'm sure it's better now than it was 4 (?) years ago when I was desperately looking for an alternative to Windows. But I have no reason to get rid of my Mac now. When it becomes obsolete I'll re-visit the issue.
     
    1 person likes this.