JackClark

http://siblog.mcafee.com/cto/operati...google-others/

Extract
"Our investigation has shown that Internet Explorer is vulnerable on all of Microsoft’s most recent operating system releases, including Windows 7. Microsoft has been working with us on this matter and we thank them for their collaboration."

Luther

iTrader: (13)

Firefox for me.... although I have strayed onto Chrome on the Win 7 desktop I have.

bioforger

iTrader: (1)

Do u use IE AND open links from sources you don't know more like

Coffin Dodger

Indeed, Firefox all the way.....

Yet more anti-windows drivel posted by the Apple fanboy. What a surprise

Simple fact of the matter is that if you value your on-line security then don't use IE because as it is the most widely distributed browser it is also the most targeted by hackers. If in some bizarre parallel universe Macs were mainstream and PCs/Windows were niche everyone would be trying to hack Safari and he'd be telling us not to use that

StickyMicky

Posting this from Firefox on Ubuntu 9.1

I like it
Makes this old 800mhz IBM Thinkpad laptop feel like a turbo

JackClark

Well done to you two for completely uninstalling Internet Explorer, I know it's not easy.

I'm going to stick my thumb in the air and say that 99.9% of Windows users have Internet Explorer installed - Including myself - and hence are either infected or vulnerable. Next time I'll wait until the whole 100% of the user base is affected before I open my big mouth.

bioforger

iTrader: (1)

Trout

iTrader: (1)

So what's your point?

The issue is that Windows IE is THE target for hackers.

boomer

I haven't read all of the links, but are you saying that simply having IE installed puts you at risk?

mb (Firefox plus NoScript and RefControl amongst other stuff)

JackClark

If you have a program installed on your PC then it's not only you that can use it. Simple malware could open IE and visit a webpage.

robimportwagon

only possible if you have got the "host user" settings wrong and or crappy free internet security.

bioforger

iTrader: (1)

And you have to download the malware i.e open a link from an untrusted source!

JackClark

Good to hear everyone's protected. The next Microsoft patch is due on February the 9th, should be fine till then, I mean nobody clicks random links.

More information here

bioforger

iTrader: (1)

It's not just clicking a random link though is it. You have to either tell it to run something if the malware tries to launch itself or you have to save a file and then execute it.

People who do either are morons imo. Talking of which your link is to program files on your PC

Tenby

iTrader: (1)

well that just waisted five minutes of my day

boomer

If "simple malware" can launch IE (especially as my default browser is Firefox) then i would be more concerned about the malware itself than any flaws in IE!

Does an installed (but not running) IE leave your PC at risk (any more than another installed but not running program)?

mb

JackClark

I have a Mac, I'm pretty sure you get the idea though. Getting someone/something to run IE is easy. Getting the amount of control that this exploit gives is difficult. The world is full of stupid people who just happen to run IE.

Boomer, yes it does.

JackClark

My apologies, for some geeks it's interesting reading. This exploit has remained hidden for seven years on all of our Windows machines, it was put to use attacking Google, the code is now out in the open and it's able to take advantage of 99.9% of Windows machines.

I've kept my mouth shut on Security Issues for a number of years as I don't directly work in the industry any more. This one was escalated to me by some trusted sources - a first in a number of years - to me that was enough to start informing people. If you're already protected, don't care or don't use Windows then fair enough.

hodgy0_2

the whole question over what browser is best/safest is mute imo

it is a bit like asking what is the best protective clothing to wear if you want to play football in a minefield

most attacks rely on the stupidity of the user not flaws in the technology per se

ultimately the more functionality in a browser the bigger the attack vector and people demand functionality

interestingly this exploit does not effect the older I.E browsers

a really nasty attack on iPhones is only a matter of time

JackClark

You're right Hodgy, it doesn't affect
Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4
Phew!

But if you're on this list, it's not so good.
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 in Windows 7 for 32-bit Systems
Internet Explorer 8 in Windows 7 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems

hodgy0_2

so not many then!!!

Trout

iTrader: (1)

Even the Federal Government in Germany has come out in support of Jack

JackClark

They owe me a quid as well.

Anyhow, the German people are no where near as savvy as the users of Scoobynet, Dummies.

Trout

iTrader: (1)

I have given your quid to the people of Haiti as they needed it more

JackClark

Perfect, thanks

JackClark

The BBC has picked up this story now. Will Microsoft take action I wonder. How many are infected?

ChristianR

iTrader: (1)

link?

Peanuts

iTrader: (15)

please Christian, don't encourage him.

Iain Young

Makes me laugh that people think Microsoft are alone in this. Mozilla are constantly finding and fixing holes in Firefox, and there have been a few nasty ones in chrome recently as well. They are all as bad as each other really.