Posted on 06/25/2004 7:05:03 PM PDT by ShadowAce
Before you start reading, fire up the printer, and get the scissors. You may want to clip this one out and give it to your friends and colleagues who are still in Windows land.
There are times in life when you actually hear words coming out of your mouth and even as they're coming out, you realize how stupid they sound. I realize that in my own personal and professional life, this sort of thing happens a bit more than the statistical average, but this morning I uttered words that sounded so completely insane, I had to share them.
After getting up early and scoping out the Net for new and interesting stories to post, I ran across several articles detailing a new form of malware that supposedly hides in Web site graphics, and will download a package to a computer running IE, without the user even knowing it. No one is sure what this package will do; it could be spyware doing keystroke logging, or could be a way to turn an infected computer into an unwitting spam generator. Time, unfortunately, will tell.
Now, after reading this, I was not terribly concerned, since the one Windows machine in the house runs Netscape, and this lovely new piece of malware affacts only those unfortunate running Internet Explorer. But, when my wife came in to say goodbye before she went to work, I said this to her:
"If you surf at work today, you may want to rethink it. There's a new virus hiding out in images out on the Web."
"On which sites?," my intelligent spouse asked.
"They don't know yet, or they're not saying," her not-so-intelligent husband replied.
And as we were having this exchange, I realized that this tiny little conversation had to be the most insane thing I said or will say today. It boiled down to: there's a virus out there that will hit your IE-running computers and you won't know where or when it hits.
Now, to be fair, later today I learned that this immediate threat had been thwarted, because they managed to shut down the Russian server all this malware was sending information to. The malware is still out there, still infecting IE-running PCs, except now it's effectively rendered toothless. Not by a patch or a fix from Microsoft, understand.
And, after all of this, that's when it dawned on me: Internet Explorer must die.
Not be fixed. Not be patched. Be dead, as in no one in their right mind should use it anymore.
This is a piece of software--a closed source, and therefore supposedly (ha!) more secure piece of software, mind you--that is constantly having innumerable flaws exposed and taken advantage of. In the recent past, it was download this, and you're doomed. Open this, and you're in trouble.
Now, it's: open any page on a Web site running a Microsoft Internet Information Server, and you potentially could be infected.
Read this again: By opening a page. With pictures.
I say that this sort of irreponsibility must be stopped and stopped now. The public must be made aware that while Microsoft is certainly not responsible for the behavior of crackers behaving the way they do, they are certainly responsible for creating such a fertile field for them to play in.
So, to that end, I want you to give this article to a friend or colleague and have them read this passage:
"The receiver of this article will be granted the services by the giver of this article to install a non-IE based browser on their computer, free of charge, for the receiver to try. The person providing this service will install the browser on any operating system you have, and promises not to ease you if you are using Windows. The receiver of this service will agree to give the new browser an honest try as their default browser and see what they think."
Now, if you give this article to someone, then you should be prepared to follow up on this clause. Install Mozilla or Firefox for your friend. Install Netscape. Heck, install Opera if they really hate the whole idea of open source. Just get then to try something else, besides IE. Be nice about it, and helpful. Make sure their bookmarks and home pages are set just so. And don't hassle them if they're still using Windows. It all has to be done one step at a time.
If they ask, indicate that while Mozilla and other browsers have flaws too, there are no where near as many critical issues, because Mozilla and the rest, unlike IE, are not intrically tied to the operating system and therefore flaws are not as likely to bring about the complete ownership of their systems by some mook.
I think this will be an excellent way to demonstrate that (1) open source software is not primitive, cobbled-together code and (2) IE is not the be-all end-all of browser technology.
After they try it, and like it, you can use a similar technique for other cross-platform OSS, such as OpenOffice.org. Once they're comfortable with that, then you can waddle out the penguin.
This is my ultimate migration plan. Nothing fancy-schmancy. No usability studies. Just kill off IE first to save us all from zombified computers and massive worm traffic, then work on the other stuff.
Because we can all talk a good argument up for open source, but a lot of folks still need to take it for a spin to really understand. So let's rev up the test drives.
Thank you I will
If wishes were fishes.
Yup. Firefox is the way to go. I still have IE on one of my machines because Firefox still has a few minor problems with some applets. Maybe I need to download the latest JRE (Java Runtime Environment)
I love Firefox. When I first got on the internet in '95, I started with Netscape, eschewing IE, then used Opera for a bit until switching to Mozilla, and ultimately Firefox. I've never liked IE. Firefox has been my all time favorite.
No software is immune as I understand it, and it really is a losing battle. But one that will always be fought.
Still, a bump for further consideration.
At least in the open source community, problems are found and fixed quickly.
That is correct, but some software is written better than other software. IE is just about the worst (off the top of my head) software ever written when it comes to security. IT's not all that great as a browser, either, when you consider the fact that MS doesn't even bother to try to adhere to the standards put forth by the W3C.
That's why I recommend Firefox. Not only does it adhere to the accepted and publihised standards, it's written better than others, and is quite fast as well.
> There is no virus hiding in web pictures,
> and any technical writer who says there is,
> isn't worth listening to.
Here's authoritative site isc.incidents.org:
"No warning will be displayed. The user does
not have to click on any links. Just visiting
an infected site will trigger the exploit."
Now I haven't seen a full technical description
of the base exploit, but I wouldn't necessarily
rule out an image-based hack.
Suppose the run-length or dictionary-size encoding
in an image file doesn't match the actual data
provided. Has MSIE been checked against all
possible malformed variants of all supported
graphics file types?
Microsoft appears to be using Russian mobsters
to check their code for vulnerabilities. There
has to be a way of performing QA that isn't so
hard on the internet and MS customers :-)
Thanks for the ping, but I'm a little too conservative to try open source software browsers. What other choices would I have?
Actually, I happen to be testing it now.
Yes, it is faster. I don't know why, but it is.
I have a Yahoo/netscape type browser that I have to retain to stay on top of mail and storage and I use IE occassionally to keep it lubricated, so to speak.
My biggest problem in the past has been worms, but a change to AVAST AV took care of that.
I guess I am happy until another new threat emerges.
LOL!! Try Opera. It's closed source.
Thanks. That's what some of my buddies use.
The answer is yes.
I have opera, and I have Firefox and I have MYIE and I have tried many other things but I am using mostly MYIE particularly with FreeRepublic because of a nifty little piece of software( not a normal piece of IE but available for IE 5 , however works with IE 6 ) , view partial source.
Just highlight some portion of text and pictures , rightclick and chose "view partial soft" and voila go to the awakened clipboard and copy what you want , paste into the freerepublic reply window and preview and post.
Could not do without it.
How do you replicate that nifty function in these other browsers?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.