mods and internet explorer

Tonglebeak · 01-09-2005, 02:34 PM

Just wondering for you mods, why don't you suggest (after the solution you give to fix a person's problem) to switch to another browser? If you really wanted to help people, you'd point them to a more secure browser, such as Firefox . Fixing the problem should be followed up with prevention, and switching from IE is an excellent way to prevent more problems like spyware andIE's 21 unpatched security holes.

01-09-2005, 03:17 PM

Hi,

I think that you have an excellent point, but I would like to tell you my personal feelings (not speaking for this forum, but as a moderator) about that issue.

First of all, i don't want to diminish the comments you have made because they are fiarly accurate and what you have stated is a pretty obvious solution to the problem.....FOR NOW.

Just so that you will know, I use Internet Explorer the most, but also presently use Firefox and Opera and like all three of them. I have also explored and used Netscape for periods (at one time used it only for about two years) of time, but am not presently using it. Each browser has it's own strengths and own weaknesses if you use them on a regular basis.

The reason in my mind that the other programs aren't having the same holes explored by hackers is that they are not used a great deal as of this time and that is why I made the comment above "FOR NOW." As more users begin to use those browsers, then they too will experience the vulnurabilities that Internet Explorer is having. When you are the big dog, everyone wants to pick on you and they can get the most bang for their buck if they explore and find a hole in what the majority of computer users have accepted as their standard in browsers.

There have been times in my experience when a user of this forum has asked about a recommendation for a browser and I give (and state it is a personal opinion) an opinion on that issue. I think most of us do this from time to time. We are usually asked to solve a problem that might or might not involve IE and we do our best to correct the issue.

Quite frankly, for the popularity and widespread usage that IE has, I really think Microsoft does a pretty decent job of fixing holes when they are found. You must know that the other browsers have many holes, but they have not all been explored and found by the bad guys out there. Just recently you are beginning to see security updates on the other browsers also as the focus of the bad guys turns toward the new guy on the block as the browser becomes more popular and is used more often. For hackers, the most bang for the buck is where the action is...and, that is IE.

On a side note and comparision, I drive and love GM cars and trucks. I have owned several domestic (Ford, Mercury, Chrysler) and foreign brands (Toyota, Honda, Renault, VW), but always go back to GM. If you have ever read the reviews, you will note that quality of the GM product is said to be not as good as that built elsewhere. If my GM car needed fixed and a mechanic told me to switch to a Toyota because it didn't have as many problems, I would not pay any attention to that, because I love the GM road feel and overall driving qualities. I suspect one might have the same reaction if (considering that many users who have problems are just kind of like me with cars) one would try to switch users (without being asked) to something they are not familiar with.

Hey Tonglebeak, was kind of fun kicking this around. Hope to see you on the forum this year. Have a wonderful time and nice talking to you.

Tonglebeak · 01-10-2005, 02:30 PM

Well, if it's alright to do it for now, then why not? >_>

**Fox** · 01-10-2005, 03:40 PM

If I had the ability like some do on this site to scour through HJT logs, I would most certainly recommend FF or basically any other browser as a permanent replacement to Internet Explorer. Most of the people that come here with logs are what I would call "high risk" users...that is to say, if they're here in the first place, they probably don't know enough about how spyware works in order to protect themselves from future infection.

As to the "for now"...I won't say that it can't happen, but something tells me that any major flaw found in FF would be fixed in a matter of hours, a day at the most, in comparison with microsoft, which doesn't see to care very much either way (other than throwing money at a situation, as in the case of hiring a third party to produce Microsoft AntiSpyware- which doesn't even run on anything lower than Win2k). Not only that, Mozilla is just not made with the same kind of architecture that makes Internet Explorer so weak: ActiveX. The very absence of this I'm sure accounts for the majority of prevented spyware infections when running a non-IE browser.

Also, and I think I've mentioned this before. It's my own little idea, and I don't have any statistics to back it up with, so just take this one with a grain of salt: The basic hacker culture I've seen dictates that "you don't crap where you eat". In less crude words, if hackers themselves like a program or operating system, they will probably post a fix for any exploit they might find, rather than develop a piece of spyware to take advantage of it. Maybe not so much spyware even (because in my humble opinion, the writers of spyware have no souls), but the development of virii for linux is pretty much nonexistant. That, I think, says something about hacker affinity.

Volt-Schwibe · 01-10-2005, 07:12 PM

i have firefox on my machine, and i still use IE sometimes.

i basically use firefox for any site i don't trust.

that said, i think the suggestions to switch have been made 1000's of times, and less than a few dozen have listened.

some people just can't be saved. so we learn to let it go and not preach.

CTSNKY · 01-10-2005, 07:23 PM

Just for Devil's Advocate's sake........

I am an IE devotee. Have been using it since version 3.0 came out many moons ago. I have always kept my machines up-to-date with all the latest patches /protection and have NEVER had problem one with IE.

I have used Firefox a few times and I guess it's OK, but you won't catch me touting it over IE.

**Horse** · 01-11-2005, 02:34 AM

Another IE devotee here. Except for the period where I knew nothing of security risks/spyware and adware, I have never experienced any kind of problems with it. Like CT, my browser is always up to date and my system has the best protection around. I can say this with 100% confidence because I am an Analyst too, so I am able to keep a check.

Tonglebeak · 01-11-2005, 05:54 AM

The thing is, no matter how "up-to-date" you keep IE (I can't even consider it updated, since all it is is security being updated, and really nothing else, like maybe the rendering engine so it can actually support css), there will always be harsh vulnerabilities with it, simply because Microsoft could care less.

Secunia should show you a few things, especially the one where any command can be ran by a web site, through IE.

greyknight17 · 01-12-2005, 09:58 AM

I have used IE for a while but switched ever since Firefox came out. I personally find it better to use than IE. I'm only using IE here in the workplace since they don't allow us to install any other programs on it.

But regarding your question on asking users to switch over to Firefox, we do ask them, but not directly. For all the cleaned machines, the analysts will most likely asked the user to go to the prevention page like:

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools/programs provided.

Besides listing other tools/programs to help prevent this from happening again, Firefox is also listed as one of the downloads.

But like the others said earlier, once Firefox becomes very popular that most users have it, more and more exploits will be found for it also. So I guess Firefox is good for now.

01-09-2005, 02:34 PM	#1 (permalink)
Tonglebeak Member Join Date: Nov 2004 Posts: 22 OS: XP	mods and internet explorer Just wondering for you mods, why don't you suggest (after the solution you give to fix a person's problem) to switch to another browser? If you really wanted to help people, you'd point them to a more secure browser, such as Firefox . Fixing the problem should be followed up with prevention, and switching from IE is an excellent way to prevent more problems like spyware andIE's 21 unpatched security holes.

01-10-2005, 07:12 PM	#5 (permalink)
Volt-Schwibe Asst. Manager, Automotive Forums; HJT Trainee Join Date: Jan 2003 Location: Behind you, watching you as you type. Posts: 7,372 OS: Click "My System" to view details My System	i have firefox on my machine, and i still use IE sometimes. i basically use firefox for any site i don't trust. that said, i think the suggestions to switch have been made 1000's of times, and less than a few dozen have listened. some people just can't be saved. so we learn to let it go and not preach. __________________ <signature> TSF is funded by our Admin's pocket, care to help? Power Tip: Subscribe to your thread (Thread Tools) to receive an instant email notification when you get a reply. New Members: Creating a single new thread in the correct section is the best way to assure your thread will receive a reply. </signature>

01-10-2005, 07:23 PM	#6 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Just for Devil's Advocate's sake........ I am an IE devotee. Have been using it since version 3.0 came out many moons ago. I have always kept my machines up-to-date with all the latest patches /protection and have NEVER had problem one with IE. I have used Firefox a few times and I guess it's OK, but you won't catch me touting it over IE. __________________ GO BIG BLUE!!

01-11-2005, 02:34 AM	#7 (permalink)
Horse General Manager (Administrator) Join Date: Oct 2003 Location: Durban South Africa Posts: 4,297 OS: WIN XP PRO My System Blog Entries: 1	Another IE devotee here. Except for the period where I knew nothing of security risks/spyware and adware, I have never experienced any kind of problems with it. Like CT, my browser is always up to date and my system has the best protection around. I can say this with 100% confidence because I am an Analyst too, so I am able to keep a check. __________________ Know where you're going in life. You may already be there Last edited by Horse; 01-11-2005 at 02:35 AM.

01-12-2005, 09:58 AM	#9 (permalink)
greyknight17 Analyst, Security Team Join Date: Jul 2004 Location: New York Posts: 14,331 OS: Windows 98 & Windows XP Home/Pro My System	I have used IE for a while but switched ever since Firefox came out. I personally find it better to use than IE. I'm only using IE here in the workplace since they don't allow us to install any other programs on it. But regarding your question on asking users to switch over to Firefox, we do ask them, but not directly. For all the cleaned machines, the analysts will most likely asked the user to go to the prevention page like: To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools/programs provided. Besides listing other tools/programs to help prevent this from happening again, Firefox is also listed as one of the downloads. But like the others said earlier, once Firefox becomes very popular that most users have it, more and more exploits will be found for it also. So I guess Firefox is good for now. __________________ Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. Adaware :: CWShredder :: HijackThis :: Panda ActiveScan :: Spybot S&D Anti-Spyware Tutorial :: Spyware Prevention Tools

01-09-2005, 03:17 PM	#2 (permalink)
mark3567 Guest Posts: n/a OS:	Hi, I think that you have an excellent point, but I would like to tell you my personal feelings (not speaking for this forum, but as a moderator) about that issue. First of all, i don't want to diminish the comments you have made because they are fiarly accurate and what you have stated is a pretty obvious solution to the problem.....FOR NOW. Just so that you will know, I use Internet Explorer the most, but also presently use Firefox and Opera and like all three of them. I have also explored and used Netscape for periods (at one time used it only for about two years) of time, but am not presently using it. Each browser has it's own strengths and own weaknesses if you use them on a regular basis. The reason in my mind that the other programs aren't having the same holes explored by hackers is that they are not used a great deal as of this time and that is why I made the comment above "FOR NOW." As more users begin to use those browsers, then they too will experience the vulnurabilities that Internet Explorer is having. When you are the big dog, everyone wants to pick on you and they can get the most bang for their buck if they explore and find a hole in what the majority of computer users have accepted as their standard in browsers. There have been times in my experience when a user of this forum has asked about a recommendation for a browser and I give (and state it is a personal opinion) an opinion on that issue. I think most of us do this from time to time. We are usually asked to solve a problem that might or might not involve IE and we do our best to correct the issue. Quite frankly, for the popularity and widespread usage that IE has, I really think Microsoft does a pretty decent job of fixing holes when they are found. You must know that the other browsers have many holes, but they have not all been explored and found by the bad guys out there. Just recently you are beginning to see security updates on the other browsers also as the focus of the bad guys turns toward the new guy on the block as the browser becomes more popular and is used more often. For hackers, the most bang for the buck is where the action is...and, that is IE. On a side note and comparision, I drive and love GM cars and trucks. I have owned several domestic (Ford, Mercury, Chrysler) and foreign brands (Toyota, Honda, Renault, VW), but always go back to GM. If you have ever read the reviews, you will note that quality of the GM product is said to be not as good as that built elsewhere. If my GM car needed fixed and a mechanic told me to switch to a Toyota because it didn't have as many problems, I would not pay any attention to that, because I love the GM road feel and overall driving qualities. I suspect one might have the same reaction if (considering that many users who have problems are just kind of like me with cars) one would try to switch users (without being asked) to something they are not familiar with. Hey Tonglebeak, was kind of fun kicking this around. Hope to see you on the forum this year. Have a wonderful time and nice talking to you.

01-10-2005, 02:30 PM	#3 (permalink)
Tonglebeak Member Join Date: Nov 2004 Posts: 22 OS: XP	Well, if it's alright to do it for now, then why not? >_>

01-10-2005, 03:40 PM	#4 (permalink)
Fox TSF Enthusiast Join Date: Sep 2002 Location: NJ Posts: 7,752 OS: XP Pro, CentOS My System	If I had the ability like some do on this site to scour through HJT logs, I would most certainly recommend FF or basically any other browser as a permanent replacement to Internet Explorer. Most of the people that come here with logs are what I would call "high risk" users...that is to say, if they're here in the first place, they probably don't know enough about how spyware works in order to protect themselves from future infection. As to the "for now"...I won't say that it can't happen, but something tells me that any major flaw found in FF would be fixed in a matter of hours, a day at the most, in comparison with microsoft, which doesn't see to care very much either way (other than throwing money at a situation, as in the case of hiring a third party to produce Microsoft AntiSpyware- which doesn't even run on anything lower than Win2k). Not only that, Mozilla is just not made with the same kind of architecture that makes Internet Explorer so weak: ActiveX. The very absence of this I'm sure accounts for the majority of prevented spyware infections when running a non-IE browser. Also, and I think I've mentioned this before. It's my own little idea, and I don't have any statistics to back it up with, so just take this one with a grain of salt: The basic hacker culture I've seen dictates that "you don't crap where you eat". In less crude words, if hackers themselves like a program or operating system, they will probably post a fix for any exploit they might find, rather than develop a piece of spyware to take advantage of it. Maybe not so much spyware even (because in my humble opinion, the writers of spyware have no souls), but the development of virii for linux is pretty much nonexistant. That, I think, says something about hacker affinity.

01-11-2005, 05:54 AM	#8 (permalink)
Tonglebeak Member Join Date: Nov 2004 Posts: 22 OS: XP	The thing is, no matter how "up-to-date" you keep IE (I can't even consider it updated, since all it is is security being updated, and really nothing else, like maybe the rendering engine so it can actually support css), there will always be harsh vulnerabilities with it, simply because Microsoft could care less. Secunia should show you a few things, especially the one where any command can be ran by a web site, through IE.