Several New Critical IE Flaws Disclosed Today.

Yikes! High severity, yet Microsoft will wait a month to patch it??? Firefox and Thunderbird are looking better every day.

"Several flaws have been uncovered by security firm eEye in Microsoft's Internet Explorer. The flaws allow remote compromise of computers running Windows Operating Systems and affect IE, Outlook and possibly other MS software. With the next MS Windows security bulletin release scheduled for June 14, 2005 news sources are reporting that in comparison with the Mozilla Foundation's prompt fix for the recently reported Mozilla 1.0.3 vulnerabilities MS appear to be leaving a large window for the possible malicious exploitation of these flaws."

http://it.slashdot.org/it/05/05/15/139208....tid=113&tid=218

Description:
A vulnerability in default installations of the affected software allows malicious code to be executed, contingent upon minimal user interaction.

Severity:
High (Remote Code Execution)

Software Affected:
Internet Explorer
Outlook
Additional miscellaneous titles

http://www.eeye.com/html/research/upcoming...g/20050505.html

Using your OS to surf the net is as dumb as placing the driver seat and steering wheel in front of the car bumper!

http://www.mozilla.org/

 

Ahhh. Update fatigue.

But don’t worry Wolfy . . . Microsoft’s next scheduled update is still almost a month away. :roll:

If you are using Internet Explorer and/or Outlook (or other so far undisclosed “Additional miscellaneous titles†by Microsoft (think Office and MSN Messenger)) and running any version of Windows XP, NT 4.0, 2000, or as of yet undetermined versions of Windows 2003 . . . then you have no reason to fret having to do an update anytime soon due to this vulnerability . . .

BUT . . . in the meantime, worry about what evil will come to your computer while waiting for Microsoft to do something. :x

This flaw is so severe that little user interaction is needed. It’s not like you have to download some evil program, or reply to a spam link . . . it’s transparent!

I don’t think my computer even knows Outlook is even an option, and you wouldn’t believe how hobbled I made Internet Explorer . . . it has to ask for permission several times just to start and I have three security programs watching its nice person . . .

Avast Antivirus. Free and highly rated. It also does frequent incremental automatic updates.
C/Net Ratings
http://www.avast.com/

Zone Alarm. Free Firewall . . . need I say more?
http://www.zonealarm.com/

SurfinGuard Pro by Finjan Software. “Sandbox†security utility. Monitors executable programs for malicious behavior. It cost $30 . . . but saved my butt several times!
http://www.finjan.com/Products/HomeUsersSu...Pro/default.asp

Using these programs, doing updates regularly, and NOT using IE, Outlook, or Office - I have not even had as much as a cookie that I didn't ask for make it onto my hard drive.

 

<div class='quotetop'>QUOTE(IsrAmeriPrius\";p=\"90740)</div>

If that is the case, you REALLY need to do a better job at keeping up with Microsoft updates when they are first released. The last time security updates were available was back on April 12.

Run Windows Update again, then click on “View instillation history.â€

The most recent item you will see is:

Wednesday, May 18, 2005
Microsoft Windows Installer 3.1

Click on that and you will then see:

The Microsoft Windows Installer 3.1 is the application installation and configuration service for Windows. The additional features in version 3.1 help make creating, distributing, and managing updates to applications easier and more efficient.

That is hardly what I would consider a security update for repairing a severe security flaw in multiple Microsoft programs. :roll:

Microsoft has a well earned bad reputation regarding not patching security flaws in a timely manner. As you will notice, their expiation of this update to Windows Installer 3.1 says “easier and more efficient†and NOT “Updates in a more timely manner.â€

http://www.whitedust.net/newsview.php?NewsID=498

If you still get a warm fuzzy feeling using Internet Explorer . . . then I guess the only warning I can give is:

“Caution, ignorance can produce warm fuzzy feelings!!!â€

 

No, you didn’t write “ . . . †.
You wrote:
<div class='quotetop'>QUOTE(IsrAmeriPrius\";p=\"90740)</div>

Apparently my reading comprehension skills are vastly superior to IsrAmeriPrius’ reading comprehension AND computer skills.

His first post leaves readers with the impression that Microsoft has patched this critical flaw in their software code, when in fact the update was only “additional features†added to Windows Installer 3.1.

If that can be considered a security update for fixing this flaw, then Toyota can boast that they had improved the Prius last night because janitors cleaned the showroom floors! (Minor flaw in my analogy: Prii are normally not found sitting around on showroom floors, so maybe "Hummer" would have been a better choice. :lol: )

I would love to see IsrAmeriPrius’ ignore list if there is anyone besides myself on it. It would probably be chock full of conservatives and moderates he despises for having an opinion different than his own - because a differing opinion is upsetting to someone who lives in a Pollyanna state of mind.

I personally do not ignore any posters. I read all posts and consider the source and their agenda. I then form my own opinion. To ignore someone just because they have a different opinion than you is perpetuating one’s own ignorance!

My agenda on informing readers about the evils of Internet Explorer: To help keep PriusChatters safe while online if they choose to continue to use IE, and to inform them that a better and vastly safer alternative exists . . . Firefox.

If that is upsetting enough to cause IsrAmeriPrius to place me on his Ignore List, then so be it. We have a contentious history here in FHOP, so I don’t think I was being unduly harsh on him in my response . . . I just considered the source, its agenda, and the fact that it was spreading misinformation . . . again.

He couldn't just say, "oops, I was wrong, thanks for the heads-up."


.

 

Sorry tag!
As a moderator you have the thankless and unfortunate duty to read our drivel along with the good stuff . . . and you can’t put anyone on your ignore list. :x

Sure, we can move on . . .
IsrAmeriPrius can continue to ignore my useful IE warnings and replies, and I therefor will not feel the need to be so rancorous when responding to his righteous misinformation rebuttals to my posts. Sounds like a win-win-win situation for everyone! :wink:

 

Well?

It has now been over a month since this critical vulnerability was reported, and yet no fix from Microsoft.

Trust Microsoft to watch out for your security! . . . when they are good and ready . . . because really, they have no liability in their lethergy . . . because they are a monopoly . . . and their EULA says so.

(EULA - End User License Agreement)

 

Hi jdfoster,
Apparently you didn’t read the sign on the entrance to FHOP.

Fred's House of Pancakes
Anything unrelated to the Prius. Come chat. First Amendment is your friend in here.

Don’t worry, that is a common mistake. Just to show there are no hard feelings, I will double your PriusChat Points. I only have 17 at the moment, but after I post this message I will have the 18th.

Many PriusChatters are smart enough not to use Internet Explorer and on that count there is a Camaraderie here in FHOP.

You are correct in that with this Microsoft bashing there is no “tie in to my prius car.†THAT IS A GOOD THING!!! Could you imagine the problems we would have running PriusWindows!

Unfortunately there is a commonality between DaveinOlyWA’s Tiger Powerbook and the Prius . . . They both have a rare, unexplained, strange shutdown problem. I wish I had a Powerbook.
http://www.ehmac.ca/showthread.php?t=26651
I would gladly take the rare shutdown than have to put up with Windows BS. But unfortunately my job requires Windows. Can you say “monopoly?†That is the geneses of my hatred of M$$$.

 

THE PATCHES ARE IN for the latest round of Fix the Windows/IE Bloatware. 10 patches in all . . . I feel sorry for those on dial-up.

These patches fix THESE vulnerabilities, but the basic OS problems still exist . . . and it should be just days or weeks till someone “reverse-engineer the patches and the code being patched to see where the flaw is and how to exploit it.â€
http://www.eweek.com/article2/0,1759,1828161,00.asp

With the future release of the new Internet Explorer 7.0, Microsoft will be improving the security of its browser drastically . . . by lowering IE’s rights to a basic minimal of privileges! :lol: :lol: :lol: :roll:
http://www.eweek.com/article2/0,1759,1824867,00.asp

In other words they are hobbling their own browser to increase security! Funny, I hobbled IE6 months ago by restricting its use of scripts and ActiveX. I have ZoneAlarm treating IE as the unwanted stepchild that it is, and I have two other security guards watching the bastard child’s every move. But the best security measure of all is to not let the problem child play on the internet unless absolutely necessary.

GO PATCH YOUR WINDOWS COMPUTER! YOU ARE VULNERABLE AND CAN BE ASSIMILATED . . . and while you are in a download fest mode, download Firefox and truly increase your online security.
http://www.mozilla.org/

And if you are not at least using the free version of ZoneAlarm firewall, you are a silly silly person . . .
http://www.zonealarm.com/

Anti-virus???
Cost is not an excuse!
Avast! 4 Home is free and does automatic incremental updates.
http://www.avast.com/

 

Only 988 more posts to go to catch up to Free Word Association. :wink:
Longevity wise - I get your meaning - let’s just hope it ain’t so. :x

One good severe outbreak of an internet virus or worms could wipe out hundreds of billions of dollars worth of worldwide economic productivity because of one monopolistic software company’s wish to rule the software world. (All eggs in one basket syndrome)