Home > Internet Explorer > Microsoft to fix ‘download warning’ flaw Microsoft to fix ‘download warning’ flaw Eugenia Loli 2004-11-23 Internet Explorer 18 Comments Microsoft has said it will take “appropriate action” to fix a problem in Internet Explorer and Windows XP SP2 that allows a malicious Web site to bypass the browser’s warnings when downloading potentially harmful content. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 18 Comments 2004-11-23 8:39 am Anonymous They say… “Open Source vulns take longer to fix” It’s mass media from Microsoft spreading dis-truth to cover their ass when an exploit rears it’s head. OVER AND OVER AGAIN. If customers and security REALLY mattered, things would be different for Microsoft. But, all we hear is “The next gen of Windows will include these features and these enhancements”. How long will intelligent customers put up with this? The bottom line for MS is $! They DO NOT care about you. They have poor devs writing poor code on a platform that was never designed for security! THIS CANNOT BE CHANGED! Would you buy a car with mechanical problems to drive across the country? Would you trust that car to get your children from point A to point B? What about the brakes? Engine? Tires? Would this worry you? Windows is a product just like anything else. When danger comes into play, why can’t we see the need with technology to take the same precautions we would take with other products in our lives? How can this be? It’s only your computer, personal information, credit cards, bank accounts and privacy right? Is this not enough to educate yourself? To learn what you can do to protect yourself? IT IS TIME! 2004-11-23 8:41 am Anonymous That CNET article is fluff and someone’s worthless opinion, they don’t even link the technical details of the article they are discussing so that their technical reader base by decide on their own just how big of a problem they believe it is. I don’t need someone doing my thinking for me, they could at lease give a reference like any other writer. 2004-11-23 8:43 am Anonymous They just keep coming don’t they… I like the comments at the end of the article about removing the liability shield; personally I think it’s pretty off that Microsoft (and other companies, they all do it) can sell you software at huge prices and deny any responsibility for what it may break. And they do deny responsibility – it’s in the EULA. Basically says if it breaks itself, any other piece of software, the computer or the immediate neighbourhood it’s absolutely not their problem. Although I’d like to see them be careful with that sort of thing; you could totally kill software development dead if you insisted everyone stood behind their software that way. 2004-11-23 8:44 am Anonymous You have a pretty strong opinion on this vuln, could you fill me in on the technical details since you seem to be so informed? thx 2004-11-23 9:53 am Anonymous “Open Source vulns take longer to fix” Haha what kind of neoconservative rhetoric is that? I mean, Microsoft also announced they’re gonna publish patches only 1 time every 6 months. Imagine your webbrowser being unpatched for 6 months just because a vulnerability got known right after Halloween Day. Anyway, Jim, for people like you there’s these cool websites which proof Microsoft doesn’t give a rat wether you’re using an insecure browser or not. Here’s a fine way to find them: 1) Start up your browser, and fill in ‘www.google.com’ 2) Fill in either of the following: a) Secunia b) Liu die yu c) Georgi guninski 3) Check out how long it took Microsoft to fix known vulnerabilities in MSIE. Now compare that with e.g. Opera or Firefox. Read, learn and shiver. The truth is out there. 2004-11-23 10:08 am Anonymous “The bottom line for MS is $! They DO NOT care about you. They have poor devs writing poor code on a platform that was never designed for security! THIS CANNOT BE CHANGED! ” If they didnt care, they wouldnt be doing ANY updates! Sorry, but most companies care only about the cash. “Windows is a product just like anything else. When danger comes into play, why can’t we see the need with technology to take the same precautions we would take with other products in our lives?” And I hold the same expectations with Linux as well. After several attempts with Linux, if my car behaved like Linux on my system (as well as many others I know who have tried it), it would never leave the garage. I have never had a problem with security with Windows, and it just plain old works! Its as reliable as my Toyota. I wont worry about anything else in your post since it looks to be typical anti Microsoft (sorry, forgot the $ instead of s) dribble. 2004-11-23 12:18 pm Anonymous The bottom line for MS is $! You must have single quoted the string. The error message wasn’t expanded. 2004-11-23 2:33 pm Anonymous i find it interesting that the stereotype of computer geeks as socially underdeveloped is constantly confirmed. perhaps this could be the basis of an interesting article looking at the relationship between those who seek solace and meaning and interaction amongst computers and OSes, and their inability to intereact maturely and appropriately with the rest of human society. what are the chauses and characteristics? are there any cures? surely its more complex than “woman i don’t understand or control, computer i can understand and control, with bugs and features providing social drama”. come on people, you’re privilieged to be working with the most cutting edge technologies that thousands of years of humanity has evolved and honed. you work with nano-silicon and giga-hertz, you think about life-saving convenience and philosohise about the nature of computability. so please, rise to fill these shoes. not those of underdeveloped “geeks” as described above. 2004-11-23 3:46 pm Anonymous “The bottom line for MS is $! They DO NOT care about you.” I hate to tell you but the bottom line for ANY company is money. Do you think Apple, IBM, Novel, or Red Hat cares for you any more then Microsoft (I know you didn’t imply that but this needs to be stated anyways)? Nope sorry but their only concern is also profit. When ever you deal with a large company your dealing with heartless people who could care less about you. Their primary goal is to keep stock holders happy. If you want to have an operating system that isn’t driven soley by profit you have to go with something open source that isn’t being sold by a company. 2004-11-23 3:51 pm Anonymous why would anyone want to keep using IE? 2004-11-23 7:11 pm Anonymous I hate to tell you but the bottom line for ANY company is money. Do you think Apple, IBM, Novel, or Red Hat cares for you any more then Microsoft (I know you didn’t imply that but this needs to be stated anyways)? Nope sorry but their only concern is also profit. Oh please, what kind of pseudo-economic baffling is this? Not that i’m so good at economics, but i’ll try to add some nuance to your standpoint. Commercial entities goals are not only profit though profit is one of their main goals because without profit (or actually, without playing quite) the corporation will cease to exist. Second, corporations can have ethics, and organisations can have no ethics. Point is, that both have a goal: a function. Without doing anything useful to society, then why would people start buying from you in the first place? Now, and how a corporation persues that goal differs per corporation, but you obviously need to have customers. Now, and if you don’t care for your customers and your actions show that, guess what those customers will do sooner or later? Right on, later, i’ll go the competitor. Not that money doesn’t have an influence on that (price of competitor cheaper?) but if you read any ‘consumer test’ about for example a digicam you quickly get aware price is not the only value to be compared. Quality (and i use that lousely) is also one of these. If money was the sole reason then why wouldn’t everyone buy 2nd hand 80286 PCs. Obviously, those are ‘dead cheap computers’. When ever you deal with a large company your dealing with heartless people who could care less about you. Their primary goal is to keep stock holders happy. I think thats quite accurate, but not definitive. Every human has a heart. Every human has feelings. They might look futher than their nose long is. But stockholders mostly serve as a ‘hirer’ who cares less about the goals or ethics of one or another because their primary goal is quite clear: profit. Depends wether those who own stock have a saying in the corpration’s course though. I don’t know, and perhaps its just me, but it seems big corporations who have a bigger userbase have more ‘room’ to act as a bully. 2004-11-23 7:50 pm Anonymous MS is not perfect however that’s the case with most of the software companies out there! 90% of the OS market share out there is monopolized by MS and it’s just normal that they are the target of most of the attacks too! The more u drive a car the more u’d know about it’s strength and weaknesses. MS’s position as a software giant should not close our eyes to the sad reality that they are where they are because others are not any better. I’m pretty sure neither apple nor Linux could do a better job had they been in the same position as MS. The problem is that software engineers are not real engineers!! No offense, but engineers go to jail for messing up. Not the so called software engineers! They’re more computer scientists with little or no liability towards their customers! 2004-11-23 10:28 pm Anonymous “why would anyone want to keep using IE?” Because many consider it the best browser available. 2004-11-23 10:46 pm Anonymous “After several attempts with Linux, if my car behaved like Linux on my system (as well as many others I know who have tried it), it would never leave the garage. I have never had a problem with security with Windows, and it just plain old works.” Which translates to: “Linux is too hard for me. I don’t want to learn anything new. I’d rather not admit that Windows has problems because I’m stuck with it.” If my car behaved like Windows, it would have been stolen long ago or crashed on it’s own. 2004-11-23 11:16 pm Anonymous Which translates to: “Linux is too hard for me. I don’t want to learn anything new. I’d rather not admit that Windows has problems because I’m stuck with it.” I’m not against learning anything new. However, when I spend more time tinkering with it than doing work, what purpose does it serve for me to run Linux? Maybe I am a minority, but I have a level of expectation that the OS I am going to use will work right out of the box. I’ll keep switching until I find one that will allow me to get my work done more efficiently. It just so happens that Windows is the one that works for me. I would much appreciate it if you dont put your own words into my mouth. Yes, Windows does have its problems. So does every other OS available! The ting is that the problems I face with Windows arent nearly as bad as what I face when I run Linux. 2004-11-23 11:39 pm Anonymous No. No, Microsoft are where they are because of proven illegal monopolistic conduct. There was quite a big trial about it a few years ago. Remember that? 2004-11-24 12:58 am Anonymous >>Which translates to: “Linux is too hard for me. I don’t want to learn anything new. I’d rather not admit that Windows has problems because I’m stuck with it.” << Well I might as well takea swing at this as well. Just because somebody prefers Windows over Linux doesn’t mean they don’t want to learn anything new or that Linux is too hard for them. In many cases what it amounts to is that particular person (or persons) just plain doesn’t like how Linux runs. Myself I like both systems (I haven’t really been able to spend a lot of time with a Mac so the verdict is still out on that). Linux has several major merits over Windows such as security and the nice fact that it doesn’t cost me one red cent. I also like having a very modular system. It’s nice to know that if my GUI has a major problem it doesn’t mean the whole system is dead, it simply means I have to drop out of the X server and fix the problem via command line. On the other hand Windows has several things going for it as well. The biggest thing is that it actually works on my laptop (yes I know it’s because my laptop was made to run Windows but alas it works). Where Linux can’t utilize the modem, wide screen (well there is a patch but its a pain to get going), power management (it’s a Sony, and using the sonypi drivers stops me from being able to suspend it properly), and various other things. I could get most of the stuff on my laptop to soft of work with Linux but I’d prefer not spending most of my week tinkering with a computer that is meant for work (and hence getting things done in a timely manner). Windows also has the ease of use factor down. Although this is arguable I personally find it easier to click a few buttons to change something then to go into the command line and edit several lines in a text file. And finally I can control the file system far better then I can with Linux. I’m a neat freak and everything has to be organized, I don’t like having programs put themselves where ever they well please, I like putting Development tools in a development dirctory, networking tools in a network directory, ect. With Linux most packages just install into their default location and can’t be changed easily. This is just my take on things but as you can see I see advantages in using Windows and advantages in using Linux. Many other people don’t feel there are any strong advantages to using Linux, that doesn’t mean they are lazy or that Linux is too hard for them, it simply means they don’t have a problem with Windows and that it server its purpose well. So just because you don’t like Windows doesn’t mean its crap and that anybody who uses it is just to lazy. It simply means you don’t like Windows and thats your personal opinion on the matter. 2004-11-24 4:39 am Anonymous The subject of the trial was minor compared to MS’s real dominance (IE and WMP). No. they are where they are because unlike Linux I didn’t have to upgrade 10 times till I get to make my Video card work properly. I think Linux is a great OS however it requires a certain level of computer knowledge that cannot be expected from the majority of PC users these days. MS Windows on the other hand is good out of the box and fortunately or unfortunately is getting more and more secure, reliable and stable.;( Apple on the other hand is just way too expensive when considering the fact that OS X got to be installed on an overpriced apple. and BTW how many times did they have to upgrade OS X till it becomes stable and reliable? 3 or 4 times. So Linux is our best bet in the future against Windows… MS’s image as a commercial giant should not make us ignore the fact that they DO make some of the best software out there.