Computer Newbies forum

General discussion

***READ THIS if you use Internet Explorer***

by LarryD / January 5, 2004 7:54 PM PST

I don't understand this, and I'll bet you don't either http://www.safecenter.net/UMBRELLAWEBV4/ie_unpatched/index.html , but this is why you should consider NOT using Internet Explorer.

Currently there are 23 UNPATCHED vulnerabilities.

This list is available to anyone with a computer.

This list serves as a road map for any trojan, worm or virus writers and hackers.

Simply put, the bad guys know where the vulnerabilities are so they can easily tailor a virus, worm or trojan.

Did you hear about the BLASTER WORM last summer?

Alternative?? http://mozilla.org

Discussion is locked
You are posting a reply to: ***READ THIS if you use Internet Explorer***
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: ***READ THIS if you use Internet Explorer***
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re:***READ THIS if you use Internet Explorer***
by ozos / January 10, 2004 2:10 PM PST

yeah, internet exploerer does have some vulnerablities, but any computer on the internet IS AT RISK it doesn't matter what you use, simply put IF YOU ARE CONNECTED TO THE INTERNET, YOU CAN BE HACKED so i dont know why you are freaking out over such knowledge, also a firewall may be a consideration, at least it helps and if you dont want to have the chance to get hacked or get a virus,
you have 2 options
1. dont use the internet

2. dont buy a computer and type all your stuff on a word processor and get e-mail on a mail station

also, most hackers wont just hack any old computer, they usually have some sort of purpose, to change grades to steal files of value (like $4,000 operating systems, basic windows XP costs about $200) or they want to mess something up, like health records, insurance or stop light control as in the movie The Italian Job (good movie)so i would suggest that there is no way to have a 100% safe guarantee that you cant get hacked, unless you spend about $5000 on firewalls (the actual device ones, not the programs) and other saftey utilitys otherwise just realize that the web is a risk, you just have to be smart about it.

Collapse -
I think you are missing (part of) the point
by LarryD / January 10, 2004 6:48 PM PST

Using any computer online (like driving) is a risk.

Switching browsers to a more secure browser would be the equivalent of switching to a safer car.

As long as these vulnerabilities exist, any browser that doesn't have these vulnerabilities would be consider safer.

I posted here to educate computer users that there are risks with IE and that they have a choice. Many do not know that choices exist.

Obviously this post was not intended for someone like yourself.

Collapse -
Re:I think you are missing (part of) the point
by ozos / January 11, 2004 8:18 AM PST

"Using any computer online (like driving) is a risk."


NO DUH!!!!

but, I am not sure why this is such a great shock to you, you don't need to be stating all of the vulnerabilities just because you don't understand them. Also, since this is a newbies page...I really wonder what effect you just made in lives of these people, oh yeah I thought this page clearly states no advertisement. Your article seems to be trying to get people to move from IE 6.x to something like Mozilla 1.4 or Netscape 7.2 (they are basicly twins)
but just because IE isn't the safest program in the world, not everyone wants to drive a volvo, I dont know why you want everyone to download Mozilla...

Collapse -
Re:Re:I think you are missing (part of) the point
by gearup / January 11, 2004 10:50 PM PST

The truth of the matter is IE is a poor imitation of Netscape which exists only because some Judge thought that if a different language was used to write it it wasnt an infringement on the Netscape copywrite.

As to other browsers one good reason to use them is that they are not interwoven with Windows but are free standing (more or less) programs. Which means that a browser glitch is just a browser glitch and does not mean an OS crash will follow. Plus the other browsers which are available are faster,take up less space and o yes...they are more secure!

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by Acaykath / April 22, 2004 11:03 PM PDT

"The truth of the matter is IE is a poor imitation of Netscape"

Of course you are missing the fact that IE actually loads web pages correctly and supports things like HTML 4.0 and CSS which NO version of netscape or mozilla does. Obviously there must be some code difference.

Personally I like some of netscapes functions like the add blocker and tabs so I use avant browser (IE's compatibility and netscape's additional features) which is an addon to IE. It also offers Additional security that can protect you system from many of these security threats. There are other options too but I wont go through an entire list of applications.

Use whatever browser you want based on what features you want in your web browsing experience. All of them have vulnerabilities. Most people only need a good virus shield and a little common sense to protect themselves. If you are afraid of hackers then get a decent firewall, changing browsers is not going to protect you.

Collapse -
Re:Re:Re:Re:I think you are missing (part of) the point
by josir / April 22, 2004 11:42 PM PDT

Hi Acaykath,

could you suply just ONE example of HTML 4.0 and CSS that Mozilla does not support ?

Thanks in advance,
Josir

Collapse -
Re:Re:Re:Re:Re:I think you are missing (part of) the point
by Acaykath / April 22, 2004 11:51 PM PDT

www.geocities.com/acaykath

Look and compare...
-Scrollbar color
-Table Attributes
-etc...

There are many differences, some are barely noticible while others ruin the look of the site.

Collapse -
Re:Re:Re:Re:Re:I think you are missing (part of) the point
by Peter Reaper / November 25, 2004 4:46 PM PST

>> could you suply just ONE example of HTML 4.0
>> and CSS that Mozilla does not support ?

> www.geocities.com/acaykath

LOL. That page has 104(!) HTML errors and numerous CSS errors:

http://validator.w3.org/check?uri=www.geocities.com%2Facaykath
http://jigsaw.w3.org/css-validator/validator?uri=www.geocities.com%2Facaykath&usermedium=all

The reason it may work in IE is that it was aparently programmed using MS's proprietary code. It's like saying "Hey, Mercedes sucks because my Yugo seats don't fit in it." :-P

To those who say "nothing is absolutely safe, therefore everything is equally unsafe", I say: do you use contraception during sex? Do you not look before crossing the road? There's "unsafety" involved no matter what you do, so why bother?

The point is that Firefox is SIGNIFICANTLY safer than IE.

It's your choice. Mine is Firefox.

http://www.GetFirefox.com

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by droy99 / November 26, 2004 12:48 AM PST

The security thing is only 1 aspect for choosing a browser. The security problems can be kept in check by, using a firewall, virus scanner, spyware scanner and keeping them all updated. Since I am blind, I need to use speech to run my computer. At this time, IE works much better for me than the other alternatives.

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by eavery / April 23, 2004 2:08 AM PDT

The biggest problem we have is that IE was created by Microsoft. Not just that it most likely stole the technology from Netscape to make a shoddy copy of Netscape, but because Microsoft does not fully document its Windows api component capabilities. That and the fact that all Windows api components appear capable of sending and receiving "messages" without any way for the user to know what is going on. The possibility exists that the folks at Microsoft may decide to just bore into any computer connected to the Internet to view or change things for any reason.

This happened to me when XP was initially--released: within a week, my Windows 98 computer started behaving like 2000/XP. My previous wallpaper setting began to appear during the boot process (a markedly Windows 2000/XP behavior). This is because any non-XP computer that a Windows XP server encountered was altered by the XP server. This activity was documented on some websites at the time with the excuse that XP needed to be able to interface with previous versions of Windows. But I was not warned about what Windows was doing, nor given the option to decline the alterations an XP server made to my system. XP changed my operating system, and to what ends I still do not know. But it made the change unbeknownst to me--and more importantly--without my permission.

Those of you techs afraid to speak against Microsoft lest you lose your certification are the only ones I ever see who publically miminize this problem--and are usually the only ones who heatedly support Microsoft's claims against its detractors. But if you cannot see the danger to yourselves and your companies with this predilection of Microsoft to up and alter non-Microsoft computer systems at will and with no regard for asking the end-user's permission, then you have no place in any reasonable discussion on Microsoft products--at least in my mind. It would be different, of course, if Microsoft wasn't so draconian in its certification policies, nor embroiled in so many technology theft disputes (lawsuits), and if it was more interested in compatibility as a means to better computing environments and as a means to greater company profits. Sadly, there are certain realities to consider here.

The real danger of using IE is that it could be the point of centralization for Windows (api) messaging (at least, related to api component messaging to and from other Windows systems connected to the Internet). After all, IE components are not fully documented--Microsoft never actually complied with the judges order to completely document Windows api functions, so who really knows whether or not IE doesn't fulfill this role?

Which means that Microsoft, or any other company that knows how to exploit even some of the undocumented api functions of IE could use IE to obtain information from your computer without your ever knowing about it. Do you really want your competitors to see the new software you are engineering, or read your corporate network security plans--do you rally want to support a product that may be the main reason your computers are sabotaged by internet viruses? Stand-alone browsers such as Netscape offer an additional and important level of protection, because they are stand-alone products which are not designed to be specially integrated with Windows. But also because non-Microsoft products are often better, more stable and secure products anyway.

But even if it is not a likelihood, it would be safer to use a stand-alone browser and not IE because IE is vulnerable to attack from without (no sane person can argue against this point): remember, its api components are NOT fully documented or made available by Microsoft. This may be a good reason for the PC industry to shift to Linux operating systems, since Linux-based programs' sourcecode are usually readily available (the benefit of being based on an "Open Source" theory of development which Microsoft will most likely never really embrace).

Failing that, there is a company that removes or separates middlewear like IE from the different versions of Windows (LitePC.com). This may offer some protection against the problems of IE, but not all of them. IE is a shoddy product, and its api components were developed by Microsoft to be integrated closely (too closely?) with Windows. It is probably best to separate IE from Windows and use another browser instead. This is what I did with Windows 98 (which immediately became faster and more stable) and I will do it again someday with Windows XP.

Collapse -
Re:Re:Re:Re:I think you are missing (part of) the point
by risingstaruk / April 23, 2004 4:01 AM PDT

your suggesting everyone use linux? have you actually used it before? hardware support is poor, drivers that do exist usually have less features than their windows cousins and are somewhat buggy, the software available for it just plain sucks. there is a reason most people use windows and thats because at the moment, it is the best... the only people linux actually suits are people who want to make modifications to how the operating system they use works. considering less than <1% of the population can actually make said changes, linux is pretty much useless to the general population. also a properlly configured win2k or win nt set up is more stable than linux, the only advantage linux has it that it is free...

Collapse -
Re:Re:Re:Re:I think you are missing (part of) the point
by johnnophillip / June 20, 2004 10:38 AM PDT

Ok points
a) There is no "win xp server", windows 2000 server perhaps and ive never heard of anything like that happening, perhaps the network administrator upgraded the computer you were using from windows 98 to windows 2000 or windows XP?
b) this sounds like a typical comment from a linux fanboy still harping on about problems that were solved with the release of windows 2000 / A computer phobic luddite who relies on tinfoil hats to protect him or herself from "mind warping radiation released by computer monitors as part of a microsoft / US government mind control plot"......i am being sarcastic
c)if you are using DSL/cable use a router (masks your computer from the rest of the internet), install a software firewall (zonealarm etc) and use antivirus (avast!, norton, macafee) and install a spyware checker (ad-aware etc)

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by thepan123 / April 23, 2004 7:52 AM PDT

I agree. IE is good and has it's use. Frankly, I don't like IE and will only use it in a business setting or when a web page doesn't support the browser of my choice. Have several thousands of $$ invested in Mircosoft Training manuals and having learned what I have and all the Hot Fix Patches that Bill comes out with....I don't touch IE with a stick unless I have too. I very seldom get a worm and if I suspect, I scan or send the file to yahoo and let them scan it. I use a router and a hub plus a firewall. Sure, I have problems with Netscape...but I can control them.

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by TerryT / April 23, 2004 9:27 AM PDT

Beta is a better video tape format than VHS in picture quality and tape longevity. But there is a time when we must "go with the flow" and adhere with defacto industry standards.

Netscape was once my preference as well, but the AOL and Time-Warner mergers fed Netscape suicide pills.

Netscape still has a place in the Linux world, but the war is over in the Windows world where most of us live. This is espescially true when all of my business clients are running Windows, MS-Office, and IE. They demand compatible file interchange.

Collapse -
Re:Re:I KNOW you are missing the WHOLE point ;oD
by funkfeend / April 23, 2004 4:15 AM PDT

Dude, you'd think that someone had insulted your mother! IE is a security risk. That is the plain and simple truth. There is no reason to tear into this guy; he's just trying to give a word to the wise. I happen to agree totally with his point of view, but you can take or leave his advice - it's up to you. I DO understand many of the vulnerabilities and if you think a firewall is going to save you think again. Also, the threat is not hackers [crackers] trying to break into your system, its hackers trying to exploit millions of systems to make some easy money. A nice lady that I work with recently purchased a new computer from Circuit City. After about a month, she had to pay me to go out to her house and figure out why her computer had stopped working. Within a month, with cable broadband and IE, her computer had been completely taken over by malware. I tried all kinds of remedies but I ended up re-imaging the sucker. A screaming fast computer was reduced to a paper weight within 30 days. As far as I know, IE is the only browser that is cabable of being hijacked, and with its tight integration with the OS, the efects of a hijacking can extend system wide. That's what happened to her. I don't know why this is such an emotional issue. The guy is suggesting the we try a FREE piece of software and you accuse him of advertising? What are you talking about? Well, I am using the Opera browser and I love it. Guess that's an advertisement too... heck, all of these forums where people express opinions about software and hardware must be ads. This is software, not religion people! Sure the Internet is risky; if you value your data or your customers' data, you learn to mitigate these risks. Some very reputable security professionals have come out and said the same thing as this guy is saying: using IE and/or OE, even Outlook is increasing your exposure to threats. Microsoft itself states that there are critical security risks associated with just having IE on your system. Don't you use Windows Update?

Collapse -
Re:Re:I think you are missing (part of) the point
by SuperPimp / April 23, 2004 7:09 AM PDT

It's not a personal attack on you dude. IE is a spyware/trojan magnet. He probably used Mozilla as an example because it is easy to use and is FAR more secure than Explorer. I used to have to root out dozens of spyware programs every time I used IE. I have not had one since changing to Mozilla. If you are really attached to IE, however, by all means keep using it. But I would certainly run Spybot or Adaware every day then.

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by risingstaruk / April 24, 2004 11:41 AM PDT

nearly every computer that has a trojan on it, or spyware, has picked it up from a program like kazaa, limewire, morpheus, etc etc etc or some other free internet program AND not from IE, i personally don't mind people saying *hey try this out* as long as they know what they are talking about! *it's smaller and takes up less memory* maybe a valid comment about mozilla, *it's more stable* isn't!

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by MichaelF / November 25, 2004 5:32 PM PST

Sorry mate but you have no idea what you are talking about.

Yes free programs install malware, but a lot of spyware/adware/malware comes from IE and that is a fact. IE allows installation without your consent through its active x capabilities. Mozillas Firefox is a 4.8 MB download, is fast, secure, adheres to all current standards (IE is old bloatware) and more stable than IE. Try it out and get the facts, I am virtually spyware free since using it.

Michael

Collapse -
Re:Re:Re:I think you are missing (part of) the point
by boma23 / November 25, 2004 7:00 PM PST

Can someone explain why the default options in IE (i.e. those used by 99% of the population) are to enable "install on demand"?

How can anyone suggest that a piece of software that by default allows websites to install software is safe?

Try visiting a crack/serial type site using firstly Mozilla Firefox, then IE, and run spybot & adaware after each visit. Whilst these sites may be extreme examples the techniques they emply are open to any webmaster. Which browser is successfully attacked?

Collapse -
I like mozilla
by frankzxcv / January 20, 2004 8:06 AM PST

I was thrilled to discover mozilla via this thread- it doesn't allow those *^%$# annoying popups. thanks for the tip.

I am a great believer in using non-microsoft products as much as possible. is it not true that, the less consistency in computer software on the net, the harder it is for any one virus to make a major impact? =fj

Collapse -
Re: I like mozilla
by ereedks / June 23, 2004 4:53 PM PDT
In reply to: I like mozilla

Not at all. It's just you don't hear it publicized. Why do you hear so much about vulnerabilities in Microsoft products? Because Microsoft has "Partner" companies which are constantly testing and watching for problem areas. When something is discovered, it is then reported to the public. Does that mean others like Mozilla have no flaws? Nope, just less publicized. But the important part is the HACKERS know. In college (I majored in computer science) our instructor used Mozilla as an example of how easy it is to exploit vulnerabilities. If he knows, I can guarantee you the hackers know as well. Just like, did you hear about the flaws in the Linux kernel that was just discovered last week? No, but that doesn't mean it doesn't exist. Should that concern you? Only if you are using Linux. Now, relate that to Mozilla.

Collapse -
Re: I like mozilla
by boma23 / November 25, 2004 7:11 PM PST
In reply to: Re: I like mozilla

But how many hackers actually want to attack Mozilla? As opposed to attacking Microsoft, a company who's ethics and business practices have p1$$

Collapse -
Re: I like mozilla
by Grizzly / November 25, 2004 9:08 PM PST
In reply to: Re: I like mozilla

I have tried mozilla's Firefox, I cannot get sound on any of my Web Sites. I'm using XP but not SP2. Have tried everything, nothing works. When I use IE all is fine.
As long as a person uses a good Firewall like ZoneAlarm and a good Anti-virus IE is great

Collapse -
Re:Re:***READ THIS if you use Internet Explorer***
by Brandon Eng / January 23, 2004 3:00 PM PST

ozos, this *is* the Newbies forum, and Larry was simply pointing out something to the many newbies out there that they may not have been aware. He pointed out 1 alternative. Others mentioned other browsers. You apparantly aren't a newbie, but to suggest that crackers/hackers do what the do for the reasons you suggest is a bit naive. Personally, I find most anything Windows based is inherently unsecure, and IE is widely known to those that keep up with these things as probably THE most unsecure thing on your system- putting Outlook Expess in preview pane aside, opening up attachements, and on and on...lol. I have both Mozilla and Opera installed, but still use IE 99% of the time. At least I know the risk I'm taking, and making an informed choice (I like living dangerously, lol). Others may not have known there were choices. I consider Larry's post a "public service announcement" and think it should be taken as such. As newbies will hopefully learn, there are steps they can take- as you pointed out, nothing is fail-safe. Larry simply pointed out an alternative.

Collapse -
Re: using Internet Explorer or Opera Browser
by PUTERDUDE / April 22, 2004 11:14 PM PDT

Hi, I noticed that the Opera Browser was mentioned. I really like it. I have used the free version for quite a while and it is easily several times faster than Microsoft Internet Explorer. I find that the only reason I have to go back to Internet Explorer is for banking because Opera doesn't handle the high level encryption. Maybe someone knows if the full (purchased version) of Opera does that. Also, from what I read here, and other places, Opera Browser must be more secure than Microsoft Internet Explorer. Of course, I don't have much problem with that, as I have a frequently updated Norton Antivirus Program, Zone Alarm (Free) Firewall, PopUp Stopper, Spyware Zapper and Mailwasher Utility.
It's nice to have a choice.

Collapse -
Opera Rulez
by funkfeend / April 23, 2004 4:51 AM PDT

I am also happy Opera user. I have been using it for a long time (free version). I can get it to work with my bank's site if I change the browser identification to IE 6 in the Quick Preferences menu. You can get there through the file menu or by pressing F12. There are also hotkeys: ctrl-alt-I for IE and ctrl-alt-o for Opera. You could just leave it on IE, but I have had problems with 1 or 2 websites that use heavy scripting. They work fine when I identify as Opera. I don't think that the bank problem is related to encryption level; I think that the reason why banks don't like Opera is because it caches encrypted pages and lets you go back to 'expired' pages with the back button. This could be a bad thing if you were on a public or work computer. Opera is for people who own their own computer and know enough to clear the cache if they are worried about someone looking at their account balance. Opera can be configured to clear the cache every time it is shut down. It sure is nice to be able to go back and not get that "this page has expired" message. And when I say go back, I mean right away. By the time you take you finger off of the button you are looking at the previous page WITH any form data you may have entered. BTW, what is IE _doing_ when you hit 'back' to see a page that you were just looking at? Not an encypted page, just a regular old page. Your dual Pentium4 powerhouse will just give you a blank stare for as much as a few seconds; what's up with that?!

Mouse gestures, tabbed browing, accept only requested pop-ups, highly configurable integrated searching, personal bar... If you don't know what any of this stuff is, you don't don't know what you are missing.

...puterdude knows, funkfeend knows...

Collapse -
Re:Re:***READ THIS if you use Internet Explorer***
by skidhmor / April 22, 2004 2:50 PM PDT

Picking nits I know, but this phrase isn't quite accurate:

"also, most hackers wont just hack any old computer, they usually have some sort of purpose, to change grades to steal files of value (like $4,000 operating systems, basic windows XP costs about $200) or they want to mess something up, like health records, insurance or stop light control as in the movie"

On the contrary, many crackers WILL try to crack any old computer, for a variety of reasons.
Reason one, many people may have sensitive financial info on somwhere on their HD.
Reason two, the computer can be used as a "zombie" for DDoS(Distributed Denial of Service) attacks.
Reason three, just for the heck of it. Yes, there are PLENTY of so-called "script-kiddies" who will crack a system just for vandalism purposes, as well as bragging rights to their friends. There are also those who just enjoy the challenge.

Collapse -
Re:***READ THIS if you use Internet Explorer***
by Sue Geek / August 11, 2004 2:22 PM PDT

I agree totally with you about EVERYTHING in Windows being vulnerable. Could it be because everyone loves Bill Gates so much? lol.

If you REALLY want to be freaked out or just really informed about security problems with Windows and other software beforehand (depending on your point of view) I would suggest Secunda Security Updates. We [IT people] get them almost every day at work. The alerts are also free.

Collapse -
Re:***READ THIS if you use Internet Explorer***
by Headly / November 26, 2004 4:00 AM PST

I believe you are wrong about what motivates the vast majority of hackers.

To them it's a game. It's the digital equivalent of spray-painting a tag on the side of a building. In other words, there's no purpose behind it. It is merely vandalism for vandalism's sake.

I am also a firm believer in using as much non-Microsoft software as possible. Why? Because, for the most part, Microsoft software is the hacker's favourite target. Not to mention all the security holes that have still not been addressed by Microsoft.

Whenever I am online with the Tech Department of my ISP, no matter what has brought me there, I give them an earful and ask them to kick my comments upstairs. What get's me so outraged? The only email client on which my ISP will provide support is Outlook Express, the least secure software going and the chief target of hackers.

For the record, I use Eudora.

Headly Westerfield

Collapse -
Thanks for the update. The number of IE PIVX exploits was over 30 at one time.
by R. Proffitt Forum moderator / January 11, 2004 11:15 PM PST

But at 23, it's still too many. I want to note that not all bugs need to be fixed, but EXPLOITABLE bugs are such things that are a danger to all.

These exploits are why you read so many posts about browser hijackings or worse. And why our posts about Anti-Parasite Suites and tools seem to live on.

Keep it up LarryD!

Bob

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.