Linked by Thom Holwerda on Mon 18th Jan 2010 17:03 UTC
Internet Explorer France has echoed calls by the German government for web users to find an alternative to Microsoft's Internet Explorer to protect security. Certa, a government agency that oversees cyber threats, warned against using all versions of the web browser.
Thread beginning with comment 404717
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by Kroc
by Bryan on Mon 18th Jan 2010 20:00 UTC in reply to "Comment by Kroc"
Member since:

That manager certainly isn't very convincing--it's painfully clear he's a PR flack and not someone who's at all informed on the issue. (Microsoft's UK managers seem to have demonstrated an above average ability for putting there foot in their mouths. There was that thing about comparing Win7 to the Mac a few months ago, and I vaguely recall something else earlier last year that I can't quite place.)

Still I think it's overreaching to say Microsoft doesn't give a damn about security. The vulnerability does exist in all major versions, but DEP and Protected Mode do neutralize any attacks at this point, and it's going to be far harder to contruct an effective exploit against browsers in which those are enabled. That's not spin, but simply the defense in depth strategy doing what it's supposed to do: provide additional layers of protection when one fails.

Clearly this is a serious issue, and IE6 users (as well as IE7 users on XP) need to take immediate action, whether that's upgrading, switching, or implementing the suggesting mitigations (enable DEP, and/or disable Javascript). But a blanket statement from governments that all IE users need to switch just seems like needless fearmongering, akin to when the US government told everyone to go out and buy plastic tarp and duct tape. The BSI, in particular, seems to be prone to kneejerk reactions:

Reply Parent Score: 4

RE[2]: Comment by Kroc
by Nelson on Mon 18th Jan 2010 20:11 in reply to "RE: Comment by Kroc"
Nelson Member since:

I think a lot can be attributed to overall technological ignorance on behalf of the Governments (not an excuse, just some context behind their irresponsibility).

It's a bug, software has bugs, but it's Microsoft and IE, so it is instantly a sensationalist headline and used as a crutch for those who generally scream their heads off about alternative browsers to finally have something which resembling an audible whisper.

Reply Parent Score: 3

RE[3]: Comment by Kroc
by bert64 on Mon 18th Jan 2010 20:52 in reply to "RE[2]: Comment by Kroc"
bert64 Member since:

But it's a far more serious bug due to the prevalence of windows and ie.

Look at it from a hacker's point of view, you can guarantee that any large corporation or government you want to target will be running windows/ie/msoffice on all their desktops... This is very useful for a hacker, you need 1 exploit, 1 backdoor and 1 skillset.

By contrast, if you couldn't be sure wether your victims ran windows, linux, bsd, mac or whatever else and couldn't be sure if they ran firefox, chrome or opera your attacks become much more difficult. You have to discover what your targets run first, and then look for exploits knowing full well that any exploits you develop will only target a small percentage of your targets.

And from the targets standpoint, having no choice but to use windows/ie is a very bad state because even if unpatched 0day exploits are everywhere, there is very little you can do about it. If you have the freedom to choose your software then it becomes easy to switch if one vendor is failing to fix issues and you can choose the software which best suits you rather than having no choice...
Do you really think google would have been using IE if they had any choice? They make their own browser which is a lot better, there has to be some proprietary apps locking them to ie.

Reply Parent Score: 3