RIP, IE

Linux Today ^ | 25 June 2004 | Brian Proffitt

[ShadowAce]

Before you start reading, fire up the printer, and get the scissors. You may want to clip this one out and give it to your friends and colleagues who are still in Windows land.

There are times in life when you actually hear words coming out of your mouth and even as they're coming out, you realize how stupid they sound. I realize that in my own personal and professional life, this sort of thing happens a bit more than the statistical average, but this morning I uttered words that sounded so completely insane, I had to share them.

After getting up early and scoping out the Net for new and interesting stories to post, I ran across several articles detailing a new form of malware that supposedly hides in Web site graphics, and will download a package to a computer running IE, without the user even knowing it. No one is sure what this package will do; it could be spyware doing keystroke logging, or could be a way to turn an infected computer into an unwitting spam generator. Time, unfortunately, will tell.

Now, after reading this, I was not terribly concerned, since the one Windows machine in the house runs Netscape, and this lovely new piece of malware affacts only those unfortunate running Internet Explorer. But, when my wife came in to say goodbye before she went to work, I said this to her:

"If you surf at work today, you may want to rethink it. There's a new virus hiding out in images out on the Web."

"On which sites?," my intelligent spouse asked.

"They don't know yet, or they're not saying," her not-so-intelligent husband replied.

And as we were having this exchange, I realized that this tiny little conversation had to be the most insane thing I said or will say today. It boiled down to: there's a virus out there that will hit your IE-running computers and you won't know where or when it hits.

Now, to be fair, later today I learned that this immediate threat had been thwarted, because they managed to shut down the Russian server all this malware was sending information to. The malware is still out there, still infecting IE-running PCs, except now it's effectively rendered toothless. Not by a patch or a fix from Microsoft, understand.

And, after all of this, that's when it dawned on me: Internet Explorer must die.

Not be fixed. Not be patched. Be dead, as in no one in their right mind should use it anymore.

This is a piece of software--a closed source, and therefore supposedly (ha!) more secure piece of software, mind you--that is constantly having innumerable flaws exposed and taken advantage of. In the recent past, it was download this, and you're doomed. Open this, and you're in trouble.

Now, it's: open any page on a Web site running a Microsoft Internet Information Server, and you potentially could be infected.

Read this again: By opening a page. With pictures.

I say that this sort of irreponsibility must be stopped and stopped now. The public must be made aware that while Microsoft is certainly not responsible for the behavior of crackers behaving the way they do, they are certainly responsible for creating such a fertile field for them to play in.

So, to that end, I want you to give this article to a friend or colleague and have them read this passage:

"The receiver of this article will be granted the services by the giver of this article to install a non-IE based browser on their computer, free of charge, for the receiver to try. The person providing this service will install the browser on any operating system you have, and promises not to ease you if you are using Windows. The receiver of this service will agree to give the new browser an honest try as their default browser and see what they think."

Now, if you give this article to someone, then you should be prepared to follow up on this clause. Install Mozilla or Firefox for your friend. Install Netscape. Heck, install Opera if they really hate the whole idea of open source. Just get then to try something else, besides IE. Be nice about it, and helpful. Make sure their bookmarks and home pages are set just so. And don't hassle them if they're still using Windows. It all has to be done one step at a time.

If they ask, indicate that while Mozilla and other browsers have flaws too, there are no where near as many critical issues, because Mozilla and the rest, unlike IE, are not intrically tied to the operating system and therefore flaws are not as likely to bring about the complete ownership of their systems by some mook.

I think this will be an excellent way to demonstrate that (1) open source software is not primitive, cobbled-together code and (2) IE is not the be-all end-all of browser technology.

After they try it, and like it, you can use a similar technique for other cross-platform OSS, such as OpenOffice.org. Once they're comfortable with that, then you can waddle out the penguin.

This is my ultimate migration plan. Nothing fancy-schmancy. No usability studies. Just kill off IE first to save us all from zombified computers and massive worm traffic, then work on the other stuff.

Because we can all talk a good argument up for open source, but a lot of folks still need to take it for a spin to really understand. So let's rev up the test drives.

[SeeRushToldU_So]

I have been test driving FireFox on my machine. I haven't put it on my other two machines yet.

[ShadowAce]

In Firefox, I highlight the desired text and right-click, click on "View Partial Source."

[RiVer19]

Firefox. For a long time now. The last version was an easy upgrade. The only reason I have to use IE is to read MSNBC's web page. ....figures....they do some weird crap that only their weird IE browser can deal with. ...sometimes it works...sometimes it doesn't there. Jerks (LOL)

[Fiddlstix]

BTTT

[KneelBeforeZod]

yeah, because if windows and IE went away, no one would ever ever ever ever write malware, virus, or anything else to mess with the current operating system.

[VOA]

bump

[I got the rope]

I did too.

[ScuzzyTerminator]

In Firefox, I highlight the desired text and right-click, click on "View Partial Source."

Just tried - that is waaaay cool!

[Musket]

"Microsoft recommends clicking on Tools/Internet Options and selecting the security tab, then setting the Internet zone security level to high."

Ha-ha-ha! That's the best they can do? That's some fix. Well then they shouldn't be surprized when they wake up tomorrow to find that a large portion of their user base has switched to Firefox. A-holes.

[blanknoone]

There are several layers of security issues, some permanent, some that may change in the future.

1) IE is intertwined with the OS. This is a problem because it magnifies any flaw in the browser by giving access to OS stuff. MS could fix this, but lets face it, anti-trust couldn't get MS to seperate them, nothing as minor as the security of their customers will.

2) Prevalence: MS and IE are king of the hill. Anyone who is writing malware has to target the vast majority of people using it. There just aren't enough users of other systems for it to be worthwhile for them to target it, there just isn't critical mass.

3) Open/Closed source: I use mozilla/firefox, but if it really cought on and became much more popular (say somewhere around 20% market share), I would switch to something CS. The fact that it is open source means that hackers can look through the code for weakness. That is a downside for OS, but it only matters once it is common enough to be worth targeting.

[EireCane]

For anyone new to Firefox (or those thinking about upgrading to 0.9) i would recommend waiting until 0.91 comes out, which is supposed to fix a number of rather nasty bugs. Last i heard it should be coming within a few days. For those that can't wait, be careful when installing extensions for 0.9. I suggest reading through the user comments section that accompanies each extension on the download page before you install an extension so that you'll know if other users have experienced any trouble with it. Also when upgrading an extension with 0.9 you should uninstall the old extension before you install the newer one.

Hope none of this scares anyone away from trying it. I absolutely love Firefox and Thunderbird (especially extensions like All-in-One Gestures, DictionarySearch, and Adblock) but they are still in the testing stages and so problems can occasionally crop up.

[Ernest_at_the_Beach]

U.S. Planes Bomb Suspected Militants in Zarqawi Hunt Fri Jun 25, 2004 07:19 PM ET By Alistair Lyon BAGHDAD (Reuters) - U.S. warplanes bombed a suspected guerrilla safe house in Iraq on Friday, stepping up a hunt for Jordanian militant Abu Musab Zarqawi who has been blamed by Washington for a series of deadly attacks. "Somewhere between 20 and 25 people were killed in today's strike," said a U.S.-led coalition official, who declined to be named. No details on who was killed were immediately available. The U.S. military said the house in the restive town of Falluja, some 30 miles west of Baghdad, was a "known Zarqawi network safe house" and was destroyed in the daylight strike, the third on suspected Falluja safe houses this week. "This operation employed precision weapons to target and destroy the safe house and underscores the coalition's continuing resolve...to completely destroy terrorist networks," Brigadier General Mark Kimmitt said in a statement. Falluja residents said the house, in the southeast of the town, was reduced to rubble. Washington, due to hand over to an interim Iraqi government on June 30, accuses Zarqawi of links to al Qaeda and says he has masterminded a number of major attacks, as well as being responsible for the beheading of an American and a South Korean. Militants in Falluja issued a statement on Friday denying Zarqawi was holed up in the town. THREE IRAQI POLICEMEN KILLED Guerrillas killed three Iraqi policemen in an attack with rocket-propelled grenades on a police station near the town of Baquba, north of Baghdad. Some of the black-clad gunmen, who also attacked government buildings, proclaimed loyalty to Zarqawi and wore yellow headbands linking them to his militant group. Zarqawi threatened in a message on an Islamist Internet site on Wednesday to assassinate Iraqi Prime Minister Iyad Allawi. The prime minister and other top members of the interim government warned guerrillas on Friday that Iraq's fledgling security forces, backed by the U.S.-led coalition, were determined to crush them. Allawi blamed foreign fighters and Saddam Hussein supporters for killing more than 100 people in suicide bombings and other attacks on Thursday. "We are going to defeat them... We have been expecting this escalation and we are expecting more escalation in the days ahead," Allawi told reporters. "SHOWDOWN TIME" Defense Minister Hazim al-Shalaan said: "Today is the day for the Iraqi people to say to these traitors that the time has come for a showdown, and God willing that showdown will be big and victory will be for us, the people." A multinational force of 160,000 mostly U.S. troops will stay to support Iraqi forces after June 30. In a blow for President Bush as he campaigns for re-election in November with Iraq high on the agenda, a USA Today/CNN/Gallup opinion poll showed most Americans now say the U.S.-led invasion was a mistake. Fifty-four percent thought the invasion had been a mistake, compared with 41 percent three weeks ago. EU OFFICIAL DELIVERS WARNING Bush arrived in Ireland on Friday to a warning from a top European Union official that violence could break Iraq apart within months and that an EU role in reconstruction and election planning would be limited if security did not improve. EU External Relations Commissioner Chris Patten had little to offer but moral support as Bush launched his second European mission this month seeking international help with Iraq, before traveling to a NATO summit in Istanbul on Monday and Tuesday. "All of us are worried that violence could lead to Iraq flying apart in the next few months," Patten told reporters. NATO countries struck a tentative deal on an agreement to help the interim government train its security forces after hours of wrangling over the wording, diplomats said. "We've agreed it, we've agreed on it tentatively," one diplomat said in Brussels at a meeting of ambassadors from the 26 member states prompted by a request from Allawi. He said member states would have until 6 a.m. EDT on Saturday to raise objections, after which the wording of a statement to be released at the NATO summit in Istanbul would be deemed to have been adopted. NATO's role in Iraq will be a far cry from the deployment of troops originally sought by Washington that was shot down by opposition from France and Germany, fierce opponents of last year's invasion.

[Sloth]

FWIW, I recommend Firefox and Thunderbird as separate programs -- not the Mozilla suite.

[TexasTransplant]

MS can write malicious code as well, FireFox is not immune, just a thought.

[pops88]

Here's some trivia- I noticed my version, 0.8, is called "Royal Oak" and 0.9 is "One Tree Hill." Both are names of suburbs of Auckland, NZ. Interesting.

[Ernest_at_the_Beach]

ALRIGHT!!!

That worked.

Got to work on some other issues but that was a big one for me.

Some of the extensions sound interesting.

Any suggestions there?

[ScuzzyTerminator]

...nothing as minor as the security of their customers will.

Oh, you must have that wrong. Security is now the top priority at Redmond. Bill said so.

[Positive]

Bump for later.

[KevinDavis]

I have just downloaded Mozilla Firefox, I'm going to give this browser a chance to see what it is like.

[Musket]

Oh yeah, let them get caught doing that. That would be great PR. LOL!