Microsoft confirms exploit in Internet Explorer 8

Feuer Frei! · 05-05-13, 06:26 PM

Quote:

Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.

If anyone still uses it...

SOURCE

Red October1984 · 05-05-13, 08:17 PM

Quote:

Originally Posted by Feuer Frei!

If anyone still uses it...

Feuer Frei! makes me laugh with his jokes...

Onkel Neal · 05-05-13, 10:35 PM

Hey, I still use... oh, wait, I switched to Chrome....

Red October1984 · 05-05-13, 10:48 PM

Quote:

Originally Posted by Neal Stevens

Hey, I still use... oh, wait, I switched to Chrome....

Good choice...

Chrome is the superior browser... (Take THAT Raptor1)

the_tyrant · 05-06-13, 01:38 AM

hey, don't write IE8 off.

Its good that Microsoft supports browsers with security patches and bugfixes for a long time. My school still had computers on IE6, because years ago the school board spent big money hiring consultants to write an attendance management program. They just never spent any money getting the guys back to upgrade it. So there is still 2 computers in the office that runs IE6. (Though they never visit any internet websites)

Lots of people still use old versions of IE because of this. Consultants are expensive, and because Microsoft promises to support old browsers for an extremely long time (IE 6 is still being supported), they allow large organizations like companies and government institutions to get the most out of their consulting money.

Red October1984 · 05-06-13, 07:42 AM

Quote:

Originally Posted by the_tyrant

hey, don't write IE8 off.

Its good that Microsoft supports browsers with security patches and bugfixes for a long time. My school still had computers on IE6, because years ago the school board spent big money hiring consultants to write an attendance management program. They just never spent any money getting the guys back to upgrade it. So there is still 2 computers in the office that runs IE6. (Though they never visit any internet websites)

Lots of people still use old versions of IE because of this. Consultants are expensive, and because Microsoft promises to support old browsers for an extremely long time (IE 6 is still being supported), they allow large organizations like companies and government institutions to get the most out of their consulting money.

I've told my computers teacher that they needed to get rid of internet explorer since the first day of school.

Our school has new Gateway Windows 7 Desktops. (We'll have these for another 15 years. My school is incredibly cheap. They still have NetScape installed...) They use IE8 I do believe...and they use Microsoft Security Essentials. The MSE on every computer says it needs to be updated...but the school doesn't want any changes at all on any of the computers. Yet they complain about viruses and try to blame it on a student. Usually me.

I'm almost the 2nd teacher for computer class. I convinced my teacher to let me install google Chrome on all of the computers. Nobody uses IE8 in there anymore. IE8 will crash some of those computers. Problem #2 is MSE....

I used it for a while....but then I got AVG and found like 6 trojans and a couple worms. MSE obviously does not work well. Mine had updated definitions. The school's MSE hasn't been updated in months. I bet there's all kinds of crap on these computers but they don't want to pay for antivirus....

They call the tech support everytime something happens. (His name is Josh... The guy's just hilarious.

) They aren't saving money this way. They have money but just don't want to spend it.

Don't blame me or any other student when the server crashes and everybody's info gets stolen.

Skybird · 05-06-13, 12:05 PM

Microsoft Essentials are not any essential at all. They are a waste of resources and notoriously score worst in security suite comparisons.

Why somebody uses IE8 when there is IE9 and I think now IE10 (never tested the latter myself), is beyond me. IE9 already is a decent browser, and if tightening options a bit is not more or less secure insecure than Firefox or Chrome. It gets targetted often - making it overrepresented in security statistics - and has a bad historic reputation, that are the two problems with it.

Firefox has become more and more technically unreliable. It'S nimbus of being "superior" I never was able to confirm by own experience when using several versions of it - and getting rid of them quite soon, always. It was displeasure, always, from A to Z. It has no security advantage anymore over Explorer - if it ever had (different from the attack frequency), which I tend to doubt.

Chrome is the browser that gets updated more often than any other, making it pretty much the leader in the being-up-to-date category, it also seems to run in kind of an inbuilt sandbox architecture, if I understood it correctly. The problem I have with it is that it is Google and thus Chrome uses a lot of privacy reaches that you need to have background knowledge about and need to manually take care of - and need to tune again after every update. I I may trust two friends of mine who know this kind of stuff for professional reasons inside out, if you do not want to become naked before Google'S eyes, Chrome is the by far most maintenance-heavy browser of all. For some people, privacy breaches like being run by things like Facebook, Google etc do not count as "security issues", but to me they are - and on an even more serious level than just a trojan that I detect, kill, reinstall, and am done with it. That's why I do not use Chrome, and never will. Argument is the same why I do not use Google+, Twitter, Facebook, and stuff like that. Early versions of Chrome, when it was released, received security warnings by several European police and other computer security agencies. Some of the security issues should have been deleted since then, while practically all privacy issues still prevail. If you love to be a digital nudist, Chrome is for you. It will let Google know EVERYTHING about you.

My browser tip is Opera. Market share just below 2%, that makes it the by far least targetted victim of attacks, and it has some clever features. Credit for bringing it to my awareness goes to Penguin - that was some of the best computer tips I have ever gotten by somebody. There are some nice addons that can easily be installed and managed that make your privacy and security even tighter.

The Enigma · 05-06-13, 03:02 PM

Why using IE8 instead of IE9?
Simple to answer, IE9 and newer versions don't run on XP

Skybird · 05-06-13, 03:46 PM

XP is close to its end in MS-support, and has a significantly smaller market share now than W7. It was in third quarter 2011 already when W7 shares overtook those of XP. Although nowadays there are significantly fewer XP systems out there than W7 systems (Vista not even counted), XP systems mark 2.5 times - if I recall it correctly, or were it even 3.5? - as many security-related events than W7 systems, statistics for 1st quarter 2013 revealed.

There is no excuse for using XP anymore, security-wise. Still using XP is like a person having a flu and running into a crowd and coughing and spitting at all directions and never raising the hands before its mouth and nose, trying to bring infections to as many people as possible that way.

Everybody - do yourself a favour and do a favour to those whom you meet online: get rid of XP and buy into W7. Caring a bit about not infesting others carelessly imo is a form of essential netiquette, and politeness.

the_tyrant · 05-06-13, 05:07 PM

If your organization relies on consultant ware, like most large organizations, IE is the only way to go.

IE editions are supported for nearly 10 years, a new version comes out every few years. A new version of firefox comes out every 6 weeks, and the previous version is no longer supported (there are a few LTS versions though, but they have their own problems).

If I am going to spend millions on hiring people to write me software, the users will probably end up using IE instead of any other browser. An example would be the software we used at my school, it was designed for IE 6 and Netscape 4. Netscape 4 was abandoned years ago, while IE 6 is still supported.

PS: I'm pretty sure Opera is going to share a rendering and javascript engine with Chrome, thus, a lot of common vulnerabilities will be shared between both browsers. And really, just like what my security textbook says, security through obscurity is no security at all!

Skybird · 05-06-13, 05:28 PM

Quote:

Originally Posted by the_tyrant

PS: I'm pretty sure Opera is going to share a rendering and javascript engine with Chrome, thus, a lot of common vulnerabilities will be shared between both browsers.

Yes, some weeks ago there was something I read about this in the near future, that some scripting engine or something like that is being replaced in Chrome and most likely will be shared by Opera as well. I did not like what I read back then. Not one bit. It seems to compromise all arguments I have in favour of Opera.

In the end they want you to be open, vulnerable and defenceless to spamware, advertising, spyware and profiling you from head to toe. Many people still underestimate in what ways such complete psychological profiles can - and will! - hurt them in some shiny bright new future . Its just paranoia. Like xenophobia, hate speech and islamophobia. Its all just mental defects. The healthy person buys, functions as demanded, does not ask question, considers consumerism a holy duty, and has several hundred friends on Facebook.

It's all going insane.

Skybird · 05-06-13, 05:43 PM

For those feeling interested: a review of IE10. I direct your attention to page 4 where they make remarks on phishing protection where Opera and IE10 score best in the field, and security in general being described as probably leading the pack currently.

http://www.pcmag.com/article2/0,2817,2416300,00.asp

If Opera gets compromised by copying those changed software items from Chrome, I switch back to IE10. I was a IE9 user before Opera.

Red October1984 · 05-06-13, 05:56 PM

Quote:

Originally Posted by The Enigma

Why using IE8 instead of IE9?
Simple to answer, IE9 and newer versions don't run on XP

Our school had old XP's until last year.

We're so cheap...

The Enigma · 05-07-13, 01:39 PM

There are many devices running Windows XP and they will not easily be replaced.
You may find Windows XP in various equipment (embedded) like equipment used in hospitals.

What happens for equipment with Windows XP embedded is yet unclear.
For us ordinary poor people, XP with SP3 support will last until April 2014.

05-30-13, 02:17 AM

A good and usefull thread this one. Not being a computer tech I tend to follow or try what others recommend. I'm stuck with IE8 on this XP system and have tried firefox and found, while it works well when first installed it soon starts to slow.

Skybird made some good points about chrome, maybe I should look there. But I do try to keep away from google in truth.

Bots seem to be the biggest single issue for XP and IE8, I just installed Spybot Search and Destroy which unearthed three bots that Security Essentials failed to spot, I recon the bots came through firefox, one from a well known download centre.

My favourite apps right now: Spybot S&D, CCleaner, Revo uninstaller, Defragger, all freebee's but I am looking into subscribing with Spybot as they do a virus plugin which might replace Security Essentials.

I hope this thread keeps going and maybe expands into a kind of pros and cons type of thread. Things change so fast it's hard to find time to explore or discover new apps quick enough.

thanks all

05-05-13, 10:35 PM	#3
Onkel Neal Born to Run Silent Join Date: Jan 1997 Location: Cougar Trap, Texas Posts: 21,284 Downloads: 534 Uploads: 224	Hey, I still use... oh, wait, I switched to Chrome.... __________________ SUBSIM - 26 Years on the Web

05-06-13, 01:38 AM	#5
the_tyrant Admiral Join Date: Jun 2010 Location: Canada Posts: 2,272 Downloads: 58 Uploads: 0	hey, don't write IE8 off. Its good that Microsoft supports browsers with security patches and bugfixes for a long time. My school still had computers on IE6, because years ago the school board spent big money hiring consultants to write an attendance management program. They just never spent any money getting the guys back to upgrade it. So there is still 2 computers in the office that runs IE6. (Though they never visit any internet websites) Lots of people still use old versions of IE because of this. Consultants are expensive, and because Microsoft promises to support old browsers for an extremely long time (IE 6 is still being supported), they allow large organizations like companies and government institutions to get the most out of their consulting money. __________________ My own open source project on Sourceforge OTP.net KGB grade encryption for the rest of us

05-06-13, 12:05 PM	#7
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 40,492 Downloads: 9 Uploads: 0	Microsoft Essentials are not any essential at all. They are a waste of resources and notoriously score worst in security suite comparisons. Why somebody uses IE8 when there is IE9 and I think now IE10 (never tested the latter myself), is beyond me. IE9 already is a decent browser, and if tightening options a bit is not more or less secure insecure than Firefox or Chrome. It gets targetted often - making it overrepresented in security statistics - and has a bad historic reputation, that are the two problems with it. Firefox has become more and more technically unreliable. It'S nimbus of being "superior" I never was able to confirm by own experience when using several versions of it - and getting rid of them quite soon, always. It was displeasure, always, from A to Z. It has no security advantage anymore over Explorer - if it ever had (different from the attack frequency), which I tend to doubt. Chrome is the browser that gets updated more often than any other, making it pretty much the leader in the being-up-to-date category, it also seems to run in kind of an inbuilt sandbox architecture, if I understood it correctly. The problem I have with it is that it is Google and thus Chrome uses a lot of privacy reaches that you need to have background knowledge about and need to manually take care of - and need to tune again after every update. I I may trust two friends of mine who know this kind of stuff for professional reasons inside out, if you do not want to become naked before Google'S eyes, Chrome is the by far most maintenance-heavy browser of all. For some people, privacy breaches like being run by things like Facebook, Google etc do not count as "security issues", but to me they are - and on an even more serious level than just a trojan that I detect, kill, reinstall, and am done with it. That's why I do not use Chrome, and never will. Argument is the same why I do not use Google+, Twitter, Facebook, and stuff like that. Early versions of Chrome, when it was released, received security warnings by several European police and other computer security agencies. Some of the security issues should have been deleted since then, while practically all privacy issues still prevail. If you love to be a digital nudist, Chrome is for you. It will let Google know EVERYTHING about you. My browser tip is Opera. Market share just below 2%, that makes it the by far least targetted victim of attacks, and it has some clever features. Credit for bringing it to my awareness goes to Penguin - that was some of the best computer tips I have ever gotten by somebody. There are some nice addons that can easily be installed and managed that make your privacy and security even tighter. __________________ If you feel nuts, consult an expert.

05-06-13, 03:02 PM	#8
The Enigma Seer of visions Join Date: Mar 2005 Location: Under the surface Posts: 2,315 Downloads: 31 Uploads: 0	Why using IE8 instead of IE9? Simple to answer, IE9 and newer versions don't run on XP __________________

05-06-13, 03:46 PM	#9
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 40,492 Downloads: 9 Uploads: 0	XP is close to its end in MS-support, and has a significantly smaller market share now than W7. It was in third quarter 2011 already when W7 shares overtook those of XP. Although nowadays there are significantly fewer XP systems out there than W7 systems (Vista not even counted), XP systems mark 2.5 times - if I recall it correctly, or were it even 3.5? - as many security-related events than W7 systems, statistics for 1st quarter 2013 revealed. There is no excuse for using XP anymore, security-wise. Still using XP is like a person having a flu and running into a crowd and coughing and spitting at all directions and never raising the hands before its mouth and nose, trying to bring infections to as many people as possible that way. Everybody - do yourself a favour and do a favour to those whom you meet online: get rid of XP and buy into W7. Caring a bit about not infesting others carelessly imo is a form of essential netiquette, and politeness. __________________ If you feel nuts, consult an expert.

05-06-13, 05:07 PM	#10
the_tyrant Admiral Join Date: Jun 2010 Location: Canada Posts: 2,272 Downloads: 58 Uploads: 0	If your organization relies on consultant ware, like most large organizations, IE is the only way to go. IE editions are supported for nearly 10 years, a new version comes out every few years. A new version of firefox comes out every 6 weeks, and the previous version is no longer supported (there are a few LTS versions though, but they have their own problems). If I am going to spend millions on hiring people to write me software, the users will probably end up using IE instead of any other browser. An example would be the software we used at my school, it was designed for IE 6 and Netscape 4. Netscape 4 was abandoned years ago, while IE 6 is still supported. PS: I'm pretty sure Opera is going to share a rendering and javascript engine with Chrome, thus, a lot of common vulnerabilities will be shared between both browsers. And really, just like what my security textbook says, security through obscurity is no security at all! __________________ My own open source project on Sourceforge OTP.net KGB grade encryption for the rest of us

05-06-13, 05:43 PM	#12
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 40,492 Downloads: 9 Uploads: 0	For those feeling interested: a review of IE10. I direct your attention to page 4 where they make remarks on phishing protection where Opera and IE10 score best in the field, and security in general being described as probably leading the pack currently. http://www.pcmag.com/article2/0,2817,2416300,00.asp If Opera gets compromised by copying those changed software items from Chrome, I switch back to IE10. I was a IE9 user before Opera. __________________ If you feel nuts, consult an expert.

05-07-13, 01:39 PM	#14
The Enigma Seer of visions Join Date: Mar 2005 Location: Under the surface Posts: 2,315 Downloads: 31 Uploads: 0	There are many devices running Windows XP and they will not easily be replaced. You may find Windows XP in various equipment (embedded) like equipment used in hospitals. What happens for equipment with Windows XP embedded is yet unclear. For us ordinary poor people, XP with SP3 support will last until April 2014. __________________

05-30-13, 02:17 AM	#15
sidslotm Stowaway Posts: n/a Downloads: Uploads:	A good and usefull thread this one. Not being a computer tech I tend to follow or try what others recommend. I'm stuck with IE8 on this XP system and have tried firefox and found, while it works well when first installed it soon starts to slow. Skybird made some good points about chrome, maybe I should look there. But I do try to keep away from google in truth. Bots seem to be the biggest single issue for XP and IE8, I just installed Spybot Search and Destroy which unearthed three bots that Security Essentials failed to spot, I recon the bots came through firefox, one from a well known download centre. My favourite apps right now: Spybot S&D, CCleaner, Revo uninstaller, Defragger, all freebee's but I am looking into subscribing with Spybot as they do a virus plugin which might replace Security Essentials. I hope this thread keeps going and maybe expands into a kind of pros and cons type of thread. Things change so fast it's hard to find time to explore or discover new apps quick enough. thanks all