Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Thread beginning with comment 404843
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: get a clue Thom
by cb_osn on Tue 19th Jan 2010 05:56 UTC in reply to "get a clue Thom"
cb_osn
Member since:
2006-02-26

The reason why people are STILL using IE 6 is because after IE 6 came out, Microsoft stopped developing the browser. Until Firefox came along and stole market share, Microsoft was content to sit on their asses. So for 5 years, the official browser was IE 6. Thats 5 yrs worth of apps that run on IE 6 but probably not anything else. Now after 9 yrs, they are still finding bugs in it. And Microsoft's answer is: throw out 5 years of development and switch to shiny new Win 7/IE 8? Umm how about fix you busted ass code already? jeez....

The naivete here is absolutely astonishing.

These companies were not compelled through legal mandate or threat of violence to build internal and external infrastructure on non-standard extensions to a proprietary piece of software. I have no sympathy for the technically incompetent CIOs who made development or purchasing decisions that led to dependence on obsolete and insecure technologies. They made the choice and now they suffer the consequences.

The mistake is in assuming that any large, well connected, and heavily financed organization such as Microsoft would ever hold your interests above their own. That goes for Apple, Red Hat, the FSF and many others. They all have agendas whether they be financial, social, or politically motivated, and they exist solely to further their own causes. As managers, developers, or users, our responsibility is to recognize this and to make the best decisions possible to serve our own interests or the interests of those we advise.

Does Microsoft deserve some criticism for its role in this mess? Sure. But the ultimate responsibility falls on those who chose to employ their solutions without any roadmap for the future.

Reply Parent Score: 4

RE[2]: get a clue Thom
by TechGeek on Tue 19th Jan 2010 17:24 in reply to "RE: get a clue Thom"
TechGeek Member since:
2006-01-14

How is it naive to expect Microsoft to support a product they are still selling? Microsoft made the choice for IE 7 and IE 8 to not be backwards compatible with IE 6. And while the CIO's may have made poor choices, Microsoft are the ones who control the technology. I am not saying that the companies involved aren't also to blame, but Microsoft deserves most of the criticism here. They aren't even fully disclosing the dangers of the bug from what I can see.

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

In the case of the browser, MS made the right choice to stop supporing old IE6 only crap. I don't agree with much MS does but moving the browser towards a secure and standards compliant program should be recognized.

The problem is squarely on the people who developed an IE6 only application without thinking "gee.. the browser is an easy program to change between versions and brands; I think I'll make my code only work with one specific brand/version."

The secondary layer of responsibility is on the buying authority that though "yeah, this looks good.. let's buy this expensive and hard to replace information product that only works wit one brand/version of browser even though that's an easily changed bit of software that will have new versions in the future"

It's bad enough that user's saved data from Office applications pretty much dictates the use of that same or newer Office version to continue accessing it. To willfully accept that condition from your application interfaces is madness. You put it on a server so it's easy to manage and update, so everybody can access it and so that the client side OS becomes less relevant. The only one of those that doesn't fail is "so everybody can access it" though that also includes people outside the organization too now.

Reply Parent Score: 3