What is a checked(debug) version of XP

"Internet Explorer is dangerous to use even....etc etc"

Not intending to throw confusion into the mix. And I realize which browser to use is entirely a matter of personal preference. But it gets a bit cumbersome hearing, when it seems very much not the case. And "Internet Explorer is dangerous to use even....etc etc" seems a bit harsh. Even to the point of libel, though mostly it is just a matter of personal opinion.

I have been using IE for about eight years or so. Almost exclusively. Other than a few bumps in the road, IE has never caused a serious problem. In fact, to the best of my knowledge, most of the bumps were my fault. Mishaps that could with all probability be caused with virtually any browser. Sure, browsers, like all things are not perfect. But the biggest cause of imperfection is the worlds masses. Much more the than the brightest and best educated who create the systems we use. In fact, it seems that of late, I have been reading in CENT Forums as well as others, more problems relating to FF than any other.

Other browsers, particularly FF I understand are susceptible to many malware that IE is susceptible to as well as some others. And that FF is actually susceptible to a few more than IE is. And FF requires more system resources including memory than most IE versions.

Charlie

You could go many years without ever getting into a traffic accident, but that doesn't mean it couldn't happen tomorrow.

Also, what about the scores of people who come to just these forums with malware problems that can be traced back to IE? There are simply too many of them to be some kind of statistical fluke or normal variation. And what about all the hijacked websites out there that try to exploit known vulnerabilities in IE for the sole purpose of installing malware? Is all of this simply to be ignored because you alone have not had any negative experiences? We're to discount hundred, thousands, maybe even tens of thousands, of people's experiences all because you personally have not experienced anything similar?

Also, to date, there is absolutely NO malware for Firefox that I'm aware of. Not even proof of concept sorts of things. While the possibility is there via extensions, the Firefox developers have learned from the mistakes of Internet Explorer and there are a number of safeguards in place. I don't know where you've been getting your information about it being susceptible to IE malware, but it's obviously the Fox News of tech journalism. Sensationalized, factually dubious (at best), and with an agenda. The only thing I can think of even remotely similar to that, was an odd interaction involving using IE to exploit a Firefox bug, which has already been patched.

The system resources argument is also bogus. There's no way to tell just how much IE uses, since Microsoft buried most of it into various parts of the operating system. Besides, a little extra RAM consumed for some added security seems like a perfectly equitable tradeoff to me. Really not much different from running a firewall like ZoneAlarm instead of the XP firewall, except that Firefox actually offers something more than a bunch of flashing lights and bogus warnings designed to scare and intimidate those who don't know any better.

And if you wish to further this discussion, I would suggest we take it to a separate discussion thread, rather than continue to hijack this poor person's thread. You can disagree with me all you like, but please show some courtesy towards others and do so in a way that doesn't disrupt their effort to seek assistance.

RE: Also, to date, there is absolutely NO malware for Firefox that I'm aware of. Not even proof of concept sorts of things. While the possibility is there via extensions, the Firefox developers have learned from the mistakes of Internet Explorer and there are a number of safeguards in place. I don't know where you've been getting your information about it being susceptible to IE malware, but it's obviously the Fox News of tech journalism. Sensationalized, factually dubious (at best), and with an agenda. The only thing I can think of even remotely similar to that, was an odd interaction involving using IE to exploit a Firefox bug, which has already been patched.

It would pay to "keep up" with things rather than continue to beat the old drum in blissful ignorance. You might take a few minutes to check on:

NSIS Media malware
FormSpy (aka FireSpy)
Infostealer.Snifula (exploits XPCOMs)

Not to mention the many older versions of FireFox installed and in use but UNPATCHED with multiple security flaws that range from memory corruption to buffer overflows. The MSFA 2005-50 flaw in fireFox is one of many exploits pre-loaded in the WebAttacker Toolkit.

So you get the latest version right? It is bundled with Google's toolbar and updates without the usual prompts about new versions or even allowing optional acceptance or declining of the update. This allows someone to hijack a WiFi hotspot and intercept the updates and substitute their own malicious code. (Google toolbar is NOT the only FireFox that exhibits this - SEVERAL of the toolbars including Netcraft, AOL, ASK, Yahoo, PhishTank and many others function the same) Before giving out with the old "So what? Hijacked or just plain old evil Wi-Fi hot spots are already old and well known security threats." because this is a NEW VECTOR for exploiting it because Firefox extensions are designed to install and update whether or not the underlying user account has permissions to install software.

This might shed some light (complete with some screenshots):
http://dvlabs.tippingpoint.com/blog/1015/XPI:-The-next-malware-vector

Here is yet another eye opener:
http://blog.trendmicro.com/ie-and-firefox-join-forces-to-make-computers-vulnerable21/

What it all boils down to is that security and exploits are a problem of the USER more so than of any specific application. I myself use Internet Explorer and have no "infestations" but I take the time to lock it down for security rather than convenience and anyone else can do the same.

I've deleted it Jackson.

Mark

I want specific examples. Give me a line or word that you seem to think is a personal attack. It would be most advantageous for me to know what is considered a personal attack if I am to be expected to avoid them in the future. I suspect that what you consider a personal attack, I consider a proper noun, however I have yet to complete my mind reading course, so I have to rely on these rather antiquated methods of obtaining information.

I agree with caktus and am just as sick and tired of seeing the same old garbage. I have also used IE for better than 10 years.

Richard

I can't move these sub-threads other than deleting them and re-posting copies under my own name. Maybe Admin can move them, but that is for them to decide.

In any case, despite the heated arguments, I am quite happy to leave these posts here for the original poster, "theunseen", to read and try to follow. It is how I learned over the years, and theunseen can easily come back and ask further questions or for clarification if needed.

Jackson knows I am not a technical person and we have had our differences in the past, but generally not over technical issues. I bow to his greater expertise.

And in this case I agree with him. For the most part Internet Explorer is the most vulnerable browser being used. I accept and recognise that many people use IE without problems, and perhaps have never had any. But the sad fact is that for the last number of years, since Microsoft leap frogged over Netscape to become the world leading supplier of browsers, and at about the same time since virus writers caught on to the possibilities of using browsers to pass on their viruses and other malware, IE has been the browser of choice for such virus attacks.

IE is different to other browsers. Anyone who writes HTML and uses ActiveX and Javascript will know that IE utilises Microsoft own proprietary and non-standard html code, and IE is the only browser that uses ActiveX to such a great extent. I know little about Javascript except that coding for each different type of browser is probably different, (perhaps Jackson could comment on that), and so in the mass market of virus writing for what has now become "fly-by" infections, where even a brief visit to a web site can mean a virus is caught, the writers will concentrate on the most used browser and not bother with others.

That doesn't mean to say that the other browsers do not have their own vulnerabilities, I am sure they do. And I am also sure that any browser that threatens to usurp IE as the leading world most used browser will come under intense pressure, just as IE now is.

The problem is about economy of scale. If you can catch unprotected users who mostly use one type of browser, then that is the browser you are going to concentrate on. At the moment that is IE and it has been for a number of years. It may change in the future, but only time will tell.

All us minnows can do to protect our computers and protect ourselves is to avoid the risks. In my case I do that with a whole raft of 3rd party protection agents, and by using IE as little as possible. So in that respect I fully agree with Jackson.

Mark

JavaScript is the same across the browsers. There can be differences in how much of the EMCAScript spec an individual browser implements, and IE is usually the one that implements the least, only partially implements some elements, and sometimes the behavior of a given bit of code doesn't conform to the standard.

And the problem with ActiveX, is that it's basically no different from running some program you may download off of Download.com for example. With Java, you have the virtual machine which tends to restrict, or sandbox, what the program can do. ActiveX is lacking in any real worthwhile sandboxing, and this is by design. Back when IE3 introduced ActiveX, it was supposed to be an answer to Netscape's plug-in system, and in traditional Microsoft fashion, security was a very distant secondary or tertiary concern. Now they've been hoisted by their own petard as the saying goes. This lack of security has become a real headache, but they can't just go and restructure ActiveX to function more like Java without breaking virtually every ActiveX control there is, including the Windows Update control. It's the same deal with Microsoft's non-standard HTML elements, which failed to gain a significant foothold, so now the IE development team is left trying to support the broken IE6 code, while bringing IE7+ more in line with standards.

I also find it too simple an answer to say it's merely a function of popularity which programs are exploited. It might make for more people poking and prodding the program if it's popular, but there still has to be something there to exploit in the first place. Linux and OS X have been gaining in popularity the past few years, but the growth of exploits for either has remained pretty flat. Microsoft treats security as an afterthought, and even then it's always trumped by usability. A good example is how the default setting in XP is to use an account with admin level access, without an assigned password. You don't really need to be a security expert to see the potential problems to having full access to a system without even so much as a password.

Microsoft doesn't really "get" security at the corporate level. The company as a whole is still stuck in the mid-90s when systems were generally stand alone, or on a closed corporate network. So their programs have a higher number of potential exploits. Those developers that may care about security are often prohibited from doing much about it by the corporate culture and a general lack of resources being devoted to the task.

There is a completely non-technical way of looking at this however. If you just go to some site like Download.com, and count up the number of programs designed to fix some little problem with IE, or make up for a lack of functionality... Particularly programs like malware removers, cookie managers, and general privacy enhancing programs... The number seems to be quite high, and that says something to me. When I see a small fleet of support programs like that, I immediately wonder what is wrong with the main program that such things are necessary. I become even more curious/concerned when I see that Opera and Firefox do not have a cottage industry built around dealing with their deficiencies. So, even if I knew nothing about why IE was such a bad program to use, that alone should be enough to give me pause and cause to investigate on my own. It's possible the others are just as bad, but there isn't a large enough user base to have such a well developed support program around it, it's also possible that they simply don't need such an extensive support structure.

Of course, not all the blame can be laid at the feet of Microsoft and developers in general. We, as users, do our part to contribute to this problem. We continue to buy/use these programs, and continue to demand new features. If Microsoft were to create a new version of Windows, rewritten from the ground up to be considerably more secure, but it had fewer features than XP, and had a backwards compatibility rate of maybe 50%... How many here would buy it? My guess is that if you answer honestly, very few, and that is exactly the problem.

dissertation on the joys of Firefox as compared to Internet Explorer. Due to errors in Internet Explorer I did use Firefox for the download of service pack 2, however was unable to get to update site as new version of Firefox did not have IE Tabs.

The very first post hit the nail on the head, when he stated that I had an evaluation copy. He was apparently correct on not being eligible for updates. I realy appreciate the information as it relates to my actual question.

I received an e-mail (private email via link at c-net) from a moderator who verified that the version I have is not retail and so will not be patched or updated by Microsoft. This now makes 2 people who have actually answered my question and several off topic responses. I do appreciate the discussion on Firefox vs IE but I really appreciate the 2 answers I got that were relevant to my question.

Thanks to all involved. I will enjoy the college class but as for the Windows XP it is not worth the cd it came on. I will end up installing Win98 or 2000 on the hard drive to replace it or perhaps just use it for storage. I had nothing but headaches with it.

To the moderator who sent me private mail: Thank you ever so much for clearing it up for me. Yours is a name I can trust and thank you so much. I was overcome by all the discussions on browsers and only the first post hinting at what the problem was then I read your mail and everything became crystal clear. Thank you once again for helpful insight.

Although that wasn't me I'm glad we all were able to help.

And thanks to Jackson for his further explanation of Javascript and ActiveX controls. Much appreciated.

Just one thing, finally. If you can obtain a legal version of XP I believe you should do so. XP is a fine OS generally and is a big leap in my opinion from Windows 98 and 2000. Granted, Vista is now here, but that may be too expensive for you.

Mark

The domain is currently for sale, with the site simply displaying a list of advertising search results. I would not recommend it.

Also, remember that the MSDN-AA licensing agreement, similar to that of MSDN, limits what you can do with the software licenses, so it's not a simple alternative to purchasing a retail copy of Windows.

John