Reply
Sun 17 Jan, 2010 07:59 pm
This news item has just been posted online by an Oz newspaper. I'm wondering if the "experts" advice (apparently to ditch IE) is alarmist or should be taken seriously.
I'd be interested in what our computer "experts" here at A2K make of this.:
Calls to ditch Internet Explorer after China hacks
January 18, 2010 - 12:30PM/Sydney Morning Herald
Internet users are being warned off Internet Explorer after it was revealed that recent sophisticated cyber attacks on Google and other businesses exploited a previously unknown flaw in Microsoft's web browser.
Germany's Federal Office for Information Security, or BSI, told Germans to avoid use of all versions of Explorer after the security hole led to hacks against Google and others.
Quote:Microsoft confirmed the weakness after Google announced that hackers in China had pried into email accounts of human rights activists. However, the company said that the hole could be closed by setting the browser's internet security zone to "high".
But the BSI insisted that such measures were not sufficient.
"Using Internet Explorer in 'secure mode', as well as turning off Active Scripting, makes attacks more difficult but can not fully prevent them," BSI said in a statement.
Google said last week that in mid-December, it detected an attack on its corporate infrastructure originating from China that resulted in the theft of its intellectual property. It eventually found that more than 20 other companies had been infiltrated.
Security firm McAfee said on Thursday that those who engineered the attacks tricked employees of the companies into clicking on a link to a website that secretly downloaded sophisticated malicious software onto their PCs through a campaign that the hackers apparently dubbed "Operation Aurora".
"We have never seen attacks of this sophistication in the commercial space. We have previously only seen them in the government space," said Dmitri Alperovitch, a vice-president of research with McAfee.
The programs allowed the hackers to take control of the PCs without the knowledge of their users, said McAfee, which has been researching the matter on behalf of several companies involved in the attacks since late last week.
Alperovitch declined to say which companies had hired McAfee, saying they had signed confidentiality agreements.
So far the only other victim to come forward is design software maker Adobe Systems, which has said that it is still investigating the matter.
Some researchers have speculated that the attackers may have exploited flaws in Adobe's Acrobat software and its widely used Reader program for opening PDF documents.
McAfee's researchers said that they found no evidence that was the case.
Still, they said that the hackers might have used other types of malicious software to break into Google and the other companies.
Internet Explorer is vulnerable on all recent versions of the Windows operating system, including Windows 7, McAfee says. Microsoft said attacks had been limited to IE6, an older version of the application.
Agencies
http://www.smh.com.au/technology/security/calls-to-ditch-internet-explorer-after-china-hacks-20100118-mfef.html
@msolga,
I switched to firefox a year or two ago, and would never go back...
I help a friend out sometimes that still uses ie, and remember again why I dint care for it.
@Rockhead,
I use Firefox as well. But for some reason Facebook chat is horrible on Firefox. I use IE solely for Facebook.
@Seed,
I have the choice of Firefox & IE as well. I mostly use Firefox, too, but sometimes use IE.
@msolga,
i switched to firefox years ago, when i bought a mac a couple of years ago i started using safari, which is macs default, not bad, but soon went back to firefox, lately i've been using chrome (googles browser) and really liking it
I switched to Firefox the last time I got hit with some malicious spam, that was about a year ago.
If for no other reason, switch to Firefox for the increased performance, ease of use and ability to block ads. I'll never use IE again.
Interesting. So far a number of endorsements from Foxfire users.
I'm wondering how many folk are actually using IE.
@msolga,
There are still people not using Firefox?
@Eorl,
Who knows, Eorl?
But there seem to be a few of us who are using both.
But most of us (I'd assume) would be using Adobe Acrobat & it sounds like that might be a concern, too.
@msolga,
I use both IE and Firefox at work to be honest (but only because I have to).
Chrome is good as well. I think the reason why most people go away from IE is because of the problem with Pop ups. When Firefox first came out there was little to no pop up s at all. Now that Firefox has been around for many years, pop ups are coming back. With the induction of Chrome, and the fact that google is slowly taking over the internet, I will find more people taking to chrome sooner then later. As well as the fact that Firefox and Chrome are bother very adaptable with extensions and plug ins, where IE was not
I use Chrome almost exclusively, though twice I have had to go to IE in order to participate in a job interview survey. The survey software did not recognize Chrome and users of Firefox had to go to a separate web address in order to continue.
Joe(how far behind are those interviewers/)Nation
Every internet browser on the market had have security holes from time to time so going to another browser is not the answer to security concerns.
I run IE7 under XP in a sandbox with less then admi rights and with others security programs running such as the normal anti-virus suit and a nice program call Process Guard that will not allow other software code to run unless I ok it first.
That along with keeping my updates current and I feel very secure indeed surfing the web with IE7.
I gotta get me one of them browsers, apparently they are handy.
There are a number of reasons people advocate switching from IE to another browser and almost any time IE is in the news negatively anti-IE sentiment crops up. To be honest, the particular issue IE had in this case isn't much of a reason to ditch IE (other browsers have had and will have similar exploits) so you might as well look at the full picture and why you hear so much about not using IE. There are many different reasons you will see people argue for this, here are the main ones:
1) Politics. Netscape made the first mainstream browser, and said they were going to destroy Microsoft with it. Microsoft bundled IE into Windows and destroyed Netscape. The rest is legal history but this is one very big reason there is such hatred for IE and this is the genesis of the Firefox project and campaign.
Firefox is open-source and community-driven and IE is an arm of a large corporation's web strategy. This is a culture clash and many people support or object to a browser for ideological reasons about software.
Conclusion: This isn't a great reason to pick a browser, but if we go by software politics your browser of choice (based on what I know of your politics) is Firefox.
2) Security. IE has historically had significant security issues. This was especially bad back before the XP Service Pack 1 that marked Microsoft taking security very seriously and you could often have malware installed on your computer just by visiting a website.
These days this is much less of a differentiating factor, both because IE and Windows (after XP SP1, original XP was Swiss cheese) have made huge strides in security but also because now that Firefox has more market share it's now a commercially viable attack surface and you are seeing many more instances of Firefox adware now.
Conclusion: IE is usually the worst in this regard, but these days the gap is narrow enough that this is not a huge factor and Firefox is not that much safer. Right now I'd say the best security is found on Google's Chrome browser.
3) Standards compatibility: this one is one of the biggest reasons you hear people wish for IE's death. I know many geeks who really can't be brought to care about Microsoft bashing but dream of IE's death because of the nightmare it is to work with as a web developer.
Basically, browsers turn code into what you see. And there are supposed to be standards. So when I write X code X is supposed to happen. Well often the case has been that it would do so in all browsers other than IE, which would do something fundamentally different. So while this doesn't make a direct difference to you as an end user this is something that has held back innovation across the entire web (e.g. there are great standards that would be hugely useful but that webmasters can't deploy due to lacking IE support).
Conclusion: This is really the best reason to criticize IE, but it doesn't impact the end user in ways they will notice. However IE 6 is a nightmare to be avoided. IE 7 and beyond began to address this issue and as long as you are avoiding IE 6 and keeping your browser up to date this is not a huge issue but by choosing any browser other than IE you are making a small vote for faster progress on the web. Unfortunately, until old IE versions lose enough market share that web developers can ignore them we still have to code to somewhat of a lowest common denominator in order to keep things working for our IE brethren.
4) Performance. We spend a lot of time in a browser these days, for many people this is pretty much the only reason they use a computer (which is why Google's making an operating system that essentially just runs their Chrome browser and boots directly to the browser) and web pages are becoming more complex and heavy. Now you are watching video online (e.g. youtube) , you are using JavaScript heavy applications (e.g. Yahoo Mail, Gmail, Google Docs etc) and with tabs people are opening more and more at the same time.
What is happening is that their browsers are sometimes crashing and are generally just not responsive enough. Sometimes each new tab uses more an more memory and the browsers aren't good about letting it go once they don't need it so your browser starts slowing down your computer and you have to restart it to get your memory free. IE is sluggish, and if you want a nicer web experience browsers that do better at memory management and that work faster with JavaScript can make things a lot better.
Conclusion: Chrome is head and shoulders over the rest of the browsing world when it comes to performance. It will make the whole web feel a bit faster and lighter to you. Opera is a good second choice for this criteria and Firefox and IE are not too stellar in this regard.
5) Extensibility. If you want your browser to do extra things (think toolbars etc) then they need plugins or add ons. Due to the open nature of Firefox this browser has really shined with their plugin ecosystem and if you want extras like blocking ads (or just about anything really) Firefox is a great platform for plug ins.
However, Chrome just launched their plugin system and it's very easy to develop on, so they may eventually overtake Firefox. I made and published two (admittedly very simple) plugins in less than 10 minutes. In 60 minutes I'd learned how to make plugins on their browser, made two, published them and had a couple hundred users. The barrier to entry is so low here that I couldn't help but play (and my adventures in developing Firefox extensions were not nearly as easy).
But it's also important to note that most users don't really need plugins beyond the basics like Flash support (which Chrome doesn't really treat as an add-on at all) and these often slow down the browser significantly. You don't strike me as someone with significant plug in needs (e.g. as a web developer I need some of the tools to debug html, JavaScript, and CSS in Firefox that don't really exist on any other browser with the same quality) so this may not be a big factor for you.
Conclusion: Firefox is the best platform for extensions but IE has plenty, and Chrome is just ramping up. If you are a power user I'd go with Firefox until Chrome has the plugins you need.
And if you want my personal recommendation for you in a nutshell: Switching to a new browser can be more of a pain than it's worth if you don't have any current issues with your browser of choice. The security issues are honestly not as big of a deal as some make them out to be. I never once got exploited when I used IE (and I used it back in the days when it was most common) and doing things like keeping your operating system up to date and not running under admin privileges on Windows make a bigger difference.
However, if you do want to try something better I recommend Chrome for what I perceive to be your use cases. Firefox was a huge leap over IE when it first came out. But when IE added tabbed browsing and started playing catchup it narrowed the gap. Chrome is another such quantum leap in browser evolution and is head and shoulders over all other browsers from a core technology perspective (e.g. it's plugin ecosystem doesn't outshine Firefox's yet, but they are fundamentally better than Firefox in core browser technology).
@Joe Nation,
Joe Nation wrote:I use Chrome almost exclusively, though twice I have had to go to IE in order to participate in a job interview survey. The survey software did not recognize Chrome and users of Firefox had to go to a separate web address in order to continue.
Joe(how far behind are those interviewers/)Nation
This is a good example of why IE's bad standards support sucks. The reason this kind of thing happens is because of incompatible behavior by browsers, so web developers sometimes resort to just coding for specific browsers instead of coding for the standard. The biggest reason for this happening is IE not correctly following standards and this is a source of a lot of hatred by web developers.
The guys who did that survey certainly didn't do it the right way but IE being a total headache to work with is a big reason this kind of thing exists. It's a significant challenge to make a cross-browser application sometimes and the biggest reason it is so is when certain browsers don't implement the standards correctly. It can require custom code to fix workaround the browser limitations and it's just awful.
Whatever you do, if you are using IE 6 please upgrade, switch browsers, or get off the internet! When that market share is low enough the whole internet gets to take a step forward!
@msolga,
I was a great proselytizer of Firefox until several months ago when I finally became fed up with its relative sluggishness and it no longer started to keep me logged in or 'remembered' my passwords. I found out that sometimes Firefox's extensions and addons can be flawed and can foul up the program when they're updated with unknown glitches.
Moved over to Google Chrome. Fastest browser I've ever seen!
Oh... and IE is still the biggest and most sluggish of the browsers though the latest version has improved on its stability and speed. Sometimes I have to use IE because of a few federal job sites only work with IE and not Chrome.
Thank you, Robert, for your extremely well written explanation.
BTW I have IE8 waiting in the wings whenever Chrome can't be used.
(Who doesn't upgrade from IE6???)
Joe(I know nothing but I know how to do that.)Nation
@tsarstepan,
tsarstepan wrote:Sometimes I have to use IE because of a few federal job sites only work with IE and not Chrome.
You might find this extension handy then:
https://chrome.google.com/extensions/detail/hehijbfgiekmjfkfjpbkbammjbdenadd?hl=en-us
It gives you a button that will open a new tab in Chrome that uses the IE rendering engine. Basically it embeds IE within Chrome so that you don't have to go open it up and it can make that kind of scenario more convenient.