RIP, IE

Linux Today ^ | 25 June 2004 | Brian Proffitt

[ShadowAce]

Before you start reading, fire up the printer, and get the scissors. You may want to clip this one out and give it to your friends and colleagues who are still in Windows land.

There are times in life when you actually hear words coming out of your mouth and even as they're coming out, you realize how stupid they sound. I realize that in my own personal and professional life, this sort of thing happens a bit more than the statistical average, but this morning I uttered words that sounded so completely insane, I had to share them.

After getting up early and scoping out the Net for new and interesting stories to post, I ran across several articles detailing a new form of malware that supposedly hides in Web site graphics, and will download a package to a computer running IE, without the user even knowing it. No one is sure what this package will do; it could be spyware doing keystroke logging, or could be a way to turn an infected computer into an unwitting spam generator. Time, unfortunately, will tell.

Now, after reading this, I was not terribly concerned, since the one Windows machine in the house runs Netscape, and this lovely new piece of malware affacts only those unfortunate running Internet Explorer. But, when my wife came in to say goodbye before she went to work, I said this to her:

"If you surf at work today, you may want to rethink it. There's a new virus hiding out in images out on the Web."

"On which sites?," my intelligent spouse asked.

"They don't know yet, or they're not saying," her not-so-intelligent husband replied.

And as we were having this exchange, I realized that this tiny little conversation had to be the most insane thing I said or will say today. It boiled down to: there's a virus out there that will hit your IE-running computers and you won't know where or when it hits.

Now, to be fair, later today I learned that this immediate threat had been thwarted, because they managed to shut down the Russian server all this malware was sending information to. The malware is still out there, still infecting IE-running PCs, except now it's effectively rendered toothless. Not by a patch or a fix from Microsoft, understand.

And, after all of this, that's when it dawned on me: Internet Explorer must die.

Not be fixed. Not be patched. Be dead, as in no one in their right mind should use it anymore.

This is a piece of software--a closed source, and therefore supposedly (ha!) more secure piece of software, mind you--that is constantly having innumerable flaws exposed and taken advantage of. In the recent past, it was download this, and you're doomed. Open this, and you're in trouble.

Now, it's: open any page on a Web site running a Microsoft Internet Information Server, and you potentially could be infected.

Read this again: By opening a page. With pictures.

I say that this sort of irreponsibility must be stopped and stopped now. The public must be made aware that while Microsoft is certainly not responsible for the behavior of crackers behaving the way they do, they are certainly responsible for creating such a fertile field for them to play in.

So, to that end, I want you to give this article to a friend or colleague and have them read this passage:

"The receiver of this article will be granted the services by the giver of this article to install a non-IE based browser on their computer, free of charge, for the receiver to try. The person providing this service will install the browser on any operating system you have, and promises not to ease you if you are using Windows. The receiver of this service will agree to give the new browser an honest try as their default browser and see what they think."

Now, if you give this article to someone, then you should be prepared to follow up on this clause. Install Mozilla or Firefox for your friend. Install Netscape. Heck, install Opera if they really hate the whole idea of open source. Just get then to try something else, besides IE. Be nice about it, and helpful. Make sure their bookmarks and home pages are set just so. And don't hassle them if they're still using Windows. It all has to be done one step at a time.

If they ask, indicate that while Mozilla and other browsers have flaws too, there are no where near as many critical issues, because Mozilla and the rest, unlike IE, are not intrically tied to the operating system and therefore flaws are not as likely to bring about the complete ownership of their systems by some mook.

I think this will be an excellent way to demonstrate that (1) open source software is not primitive, cobbled-together code and (2) IE is not the be-all end-all of browser technology.

After they try it, and like it, you can use a similar technique for other cross-platform OSS, such as OpenOffice.org. Once they're comfortable with that, then you can waddle out the penguin.

This is my ultimate migration plan. Nothing fancy-schmancy. No usability studies. Just kill off IE first to save us all from zombified computers and massive worm traffic, then work on the other stuff.

Because we can all talk a good argument up for open source, but a lot of folks still need to take it for a spin to really understand. So let's rev up the test drives.

[Drango]

view partial source

Rocks! It's a must have for FR.

[BigSkyFreeper]

This one don't need no images. Just a page - perhaps the one you visited safely yesterday.

If IE or any other browser can render HTML, execute code, then by dumping IE for an alternative brower is a exercise in futility.

[Flyer]

Okay, I'm trying Firefox.

My normal way to browse FR is to use the Slave option.

Marked links will be opened in a single "slave" browser window. This allows one to leave open a list of articles in the master window, while reading the articles in a slave window.

Is there a way to have a "slave tab"?

[Ernest_at_the_Beach]

On firefox the right click actually says "view selection source" .

And another question answered:

_____________________________________________________________________

Posted: Jun Tue 22nd 2004 8:32pm     

---

If you want to know what encryption is being used with a specific site, right click and select "page info", or double-click the security icon that appears in the lower-left hand corner.

And, yes. IE supports only up to 128 bit (RC4, I believe). Firefox supports that as well as up to 256-AES (Advanced Encryption Standard - as defined by the United States Government)

[Ernest_at_the_Beach]

The bottom portion of my post just above was from the Firefox forum.

[D-fendr]

dumping IE for an alternative brower is a exercise in futility.

first 'splain to me why it's not futile for this vulnerability.

[D-fendr]

It's true no browser is perfect, the URL spoof for example also worked in some other browsers; it's just that the IE/Windows combination is way way under the bar.

All the new holes are variations of flaws discovered in the last two years, and play on known weaknesses in Internet Explorer's design, said Larholm.

In particular, Microsoft's implementation of "security zones" into which Web pages can be grouped is deeply flawed, as is code in IE for assessing what level of security to apply to a particular Web page URL. Fixing such problems will demand a wholesale reengineering of the often-used Web browser, something Microsoft plans to do in the next major release of Windows, code named "Longhorn," Larholm said.

New IE Holes Defy Latest Patches

I don't think I'd wait for Longhorn to switch browsers.

[Dont Mention the War]

Add me to the Browser Tech ping list, please. Heck, add me to all your tech lists. :)

[Truth666]

"Windows Update" - but that's what ensures the cycle continues ...

[Musket]

IE supports only up to 128 bit (RC4, I believe). Firefox supports that as well as up to 256-AES (Advanced Encryption Standard - as defined by the United States Government)

Thanks. I was looking around the Mozilla site yesterday for info on this but didn't see anything. That kicks major boo-tay.

[Bush2000]

Oh, yeah. What a quality product: /SARCASM

946 Mozilla Critical New Bugs

[Musket]

Gee that's a lot of bugs. I've been using Firefox for a day and a half on XP with zero problems. And I've had Mozilla on my Linux box forever with zero problems. Are you trying to scare people? I think you're too late. There has been a mass exodus from IE in the past 36 hours.

[KevinDavis]

So far it runs faster than IE. It doesn't take as much system resources...

[dyed_in_the_wool]

Boy, you're a rude jerk, who needs to understand the technology a little better before spouting off and insulting people you don't know.

Sounding like you know what you're talking about when you don't is insulting, dude.

[MizSterious]

Thank you!! I'm (obviously) not much of a techie, sorry about using the wrong term.

[ShadowAce]

Done. Welcome to the trenches. It can get pretty rough here, but as long as you don't tie your self-esteem your your tech you should be OK. :)

[ShadowAce]

Now, THAT'S an interesting bit of FUD. I recommend Firefox and you post a bug list to Mozilla, claiming the browser has that many bugs.

Different product, dude. Read for comprehension.

[ShadowAce]

My normal way to browse FR is to use the Slave option.

What I usually do is open up FR's News/Activism page to read the headlines. When I see an article I want to read, I'll right-click it to open into a new tab.

Firefox can be set to open all links into new tabs, but it may require the TabBrowser extension. I'm not really sure to be honest, because that is one of the first extensions I load up when I change from one version to another. Since I always have it running, I'm not sure if that funcationality is on the base browser ar part of the extension.

[Biblebelter]

After reading this thread, I installed firefox on my desktop PC which I had for the most part stopped using on the internet. I primarily use my ibook for the internet because its wireless and I like Safari. I have set up the browser with Java and put in some of my favorite bookmarks. It is like a new computer, no pop-ups and no you have performed an illegal operation boxes. I tried to remove IE 6, but I could not get the job done. Can you remove IE 6 if you have Windows 98 SE?

[ShadowAce]

Can you remove IE 6 if you have Windows 98 SE?

I don't think so. I'm pretty sure that MS has made that darn nigh impossible. Just remove the icon(s) for it, and never use it. You should be fine doing that.