EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.25.10

Internet Explorer Still Not Secure, Still Standards-hostile, and Still Giving the NHS a Headache

Posted in Asia, Google, Microsoft, Security, Standard, Windows at 12:24 pm by Dr. Roy Schestowitz


Yorkshire air ambulance (NHS)

Summary: Internet Explorer mayday is still here, SVG is still not supported, and British taxpayers pay the price (or pay with their lives)

GOOGLE has issued a challenge to China, removing some censorship in the process (and getting some praise or flak for it). Totalitarians’ sympathiser, Microsoft, says it will carry on censoring results for the suppressive regime, which it later denies because it does not want the public to know (bad for PR). We wrote about this before and provided extensive evidence.

Using a new product, Microsoft helps manipulate search engines like Google and it is curious because Google’s China attacks were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] (and more specifically, Microsoft’s negligence [1, 2, 3]). Internet Explorer is still not secure. From the news:

A renowned security research company has revealed that it has managed to discover yet another set to vulnerabilities in Internet Explorer, Microsoft’s web browser, a mere day after the company patched the browser after a high-profile and highly-publicized attack on Google in China.

There was also a vulnerability disclosed a day after Microsoft had released patches. How about the vulnerability that’s 17 years old? Among the news coverage we have:

  1. Microsoft investigates 17-year-old Windows flaw
  2. Microsoft warns of flaw in 32-bit Windows kernel
  3. Microsoft confirms 17-year-old Windows vulnerability
  4. Microsoft confirms low-risk zero-day in Windows kernel
  5. Microsoft: Identifies 17-Year-Old Bug in Windows – It’s about time
  6. 17-year-old Microsoft flaw affects Windows 7
  7. Microsoft Warns About 17-Year-Old Windows Bug
  8. Microsoft investigating ZeroDay impacting Windows NT Kernel

On the heels of Microsoft announcing an out-of-cycle patch for the ZeroDay vulnerability in Internet Explorer, researcher Travis Ormandy has released details on another ZeroDay that exists in the Windows NT Kernel on every system version from Windows NT 3.1 to Windows 7.

This is confirmed by Microsoft itself by the way.

The NHS, which is a Windows shop for the most part [1, 2, 3, 4, 5], should already abandon Windows or at least abandon Internet Explorer.

Why the NHS can’t get its browser act together

[...]

Don’t worry, said Microsoft a few days ago: the zero-day vulnerability that Chinese hackers exploited to infiltrate Google’s network only affects Internet Explorer 6 (released in 2000) running on Windows XP (released in 2001).

The implication being that nobody uses that still, do they? Ed Bott, who has forgotten more about Microsoft than many people know, says in a vehement blogpost at ZDNet that:

“Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6.”

Ed Bott is a Microsoft-bribed mouthpiece, so it hardly matters what he says about Microsoft products. He lied about rivals of Internet Explorer a few days ago (by repeating the Microsoft talking points). He is almost ZDNet’s way of advertising Microsoft under the more trustworthy guise of “blogs”.

As an aside, Internet Explorer still does not support SVG, which has been around for ages. There is no reason to believe that this will change, according to this new analysis which says:

As usual, Microsoft’s action drew considerable scrutiny and even skepticism. It’s not hard to find commenters who write about “false marriage”, “damage” and lock-out. The major market reality that has impacted SVG for years is that all major Web browsers support it–except for Microsoft’s Internet Explorer. Numerous projects have decided against SVG in their designs precisely because of this lack.

Initial reaction to Microsoft’s decision has been, in my paraphrase: “Finally! Soon IE will support SVG, and we can get back to our programming.” I’m unconvinced — but also unsure that it matters.

There’s no guarantee that Microsoft will ever upgrade IE again, let alone that it’ll include SVG. Even if it does, it’ll be many years before use of earlier versions (IE 5, 6, 7, and 8, for example) falls below whatever threshold decision-makers decide should apply.

We wrote about this in:

Internet Explorer should just be removed from the Internet. It was only put on the Internet in order to sell Windows, Office and along with them substitutes to standards like SVG, so it’s not just simply a Web browser.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Bill Gates [PDF]

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Yuhong Bao said,

    February 2, 2010 at 9:23 pm

    Gravatar

    “How about the vulnerability that’s 17 years old? ”
    AFRIK that is because it is a bug in the NT kernel support for V86 mode used by NTVDM to run DOS apps.

What Else is New


  1. Reminder: Vice Chair of the Linux Foundation's Board is an Oracle Executive Who Used to Work for Microsoft

    The Linux Foundation issued statements to the effect of opposing Donald Trump, but its current leadership (people from companies like Oracle, Microsoft and IBM) is a strong proponent of doing as much business as possible with Trump (even in violation of international law)



  2. [Meme] How to Hijack Linux and Free Software to Make Them Proprietary and Microsoft-Controlled

    Intel keeps outsourcing almost everything (that's not proprietary with back doors, e.g. ME) to Microsoft's proprietary software prison, known as GitHub; to make matters worse, Intel now uses the Microsoft-hosted Rust to develop in Microsoft servers, along with Microsoft, code that promotes Microsoft proprietary software (e.g. Hyper-V) and non-standard 'extensions'.



  3. DDOS Attacks Against Us Lately

    (Distributed) Denial-of-service attacks or DDOS attacks have slowed down the site, but we treat that as evidence of suppression and fear (of what's to come and what was recently published), or accuracy (in reporting) rather than inaccuracy



  4. [Meme] Windows as Dead Man Walking (Patches Accelerate the Death)

    Microsoft is squeezing whatever life is left in its “burning platform” (which is already exceeded in terms of market share by Android) that has a "burning" (bricked) WSL with barely any users and plenty of critical problems



  5. We Let Them Get Away With Murder, But They Make up for It by Banning Words

    The Microsoft propaganda machines (notably ZDNet this weekend) are busy portraying Microsoft as a “good company” for censoring words, never mind the actual, meaningful, substantial actions of Microsoft, which is boosting authoritarian people who imprison even babies (for the ‘crime’ of being on the ‘wrong’ side of the border)



  6. High-Profile and Invalid (Invalidated) European Patents Harm the Presumption of Validity of European Patents

    The EPO's 'printing machine' (over-producing patent monopolies) is harming the legal certainty associated with such patents, helping nobody but deep-pocketed monopolists and law firms



  7. Epitaph for (Death of) Patent-Centric Media: Litigation Giant Bird & Bird Nowadays Doing Ads as 'Podcasts' in Think Tank Site 'Managing IP'

    Publishers don't hesitate and openly revel in taking bribes as if it's a badge of honour or importance, allowing themselves to be profoundly corrupted in pursuit of quick cash; we discuss what's happening in sites that pretend to cover patent news (but actually drive agenda of litigation giants, to the detriment of actual innovators)



  8. IRC Proceedings: Saturday, September 19, 2020

    IRC logs for Saturday, September 19, 2020



  9. Links 20/9/2020: 4MLinux 34.0 Released, September Release and EndeavourOS for ARM

    Links for the day



  10. Video: Free Communication With Free Software - Daniel Pocock - FOSSASIA Summit 2016

    The 2016 FOSSASIA talk from Daniel Pocock (Debian) about Free software alternatives to Google, Microsoft Skype and so on (Microsoft started paying Debian in 2016)



  11. [Meme] Microsoft Downtime... Now in 'Linux' (Wait a Month for Microsoft to Restore Uptime)

    Microsoft’s utter failure that is "WSL2" is bringing the failures Windows is so notorious for (loss of work, lack of security, fatal patches) to so-called ‘Linux’; the timeframe for a fix says a lot about just how much Microsoft “loves” Linux…



  12. Coming Soon: Microsoft Leaks (Which Microsoft Pressured Medium to Suppress and Promptly Unpublish)

    Microsoft is no ordinary company; exposing it is like dealing with the Mafia or some drug cartel in Mexico, but we're able to publish truths about Microsoft nonetheless (their notorious intimidation and silencing attempts have always failed against us)



  13. Dishonest Corporations -- Like Smug Politicians -- Pretend to be Something They're Not

    Corporate lies dominate the media, having been crafted by unethical marketing departments with their photo ops and hashtags



  14. GNU is Also a Brand, But It Boils Down to Philosophy and Principles, Not Greed or Corporate Identity

    Why the goal of GNU should be freedom rather than so-called 'world domination' (the objective of large firms with shareholders)



  15. IRC Proceedings: Friday, September 18, 2020

    IRC logs for Friday, September 18, 2020



  16. Links 19/9/2020: Taiwins 0.2 and a Call for Ubuntu Community Council Nominations

    Links for the day



  17. One Year Later Richard Stallman Needs to be Un-cancelled and Attention Turned to the Real Perpetrator of MIT Scandals

    The sheer hypocrisy, treating Stallman as the real nuisance to MIT when it was in fact Bill Gates who trafficked money through convicted sex criminals (to MIT); justice needs to be belatedly restored



  18. ZDNet's 'Linux' Section Isn't About Linux But About Microsoft

    ZDNet's so-called 'Linux' section isn't really about GNU/Linux; it's just the site's usual Microsoft propaganda, bought and paid for by Microsoft



  19. Debian's Network of Gossip and Gossipmongering in Debian-Private

    Reprinted with permission from Debian Community News



  20. More EPO Disclosures: An Explanation of How an EPO Survey Plots to Dismantle the EPO's Staff

    Dismantling the Office for the benefit of a bunch of private companies (taking over various duties of EPO staff) seems like the management's goal; included in image form (and text) below is today's publication. There's a PDF with text (not OCR) but it contains metadata.



  21. Forced Confessions and Thought Control in Debian

    Reprinted with permission from Debian Community News



  22. [Meme] You Cannot Elect/Vote Corporations Out of Power (Eternal Vigilance is Required)

    Based on early polls, Biden will be president-elect in about a month and a half; but it’s important to remember that the election (if honoured by the current tenant of the White House) won’t be the end of corporate abuse of power in the same sense that driving Microsoft out of business won’t miraculously mean that Free software ‘won’ (we have a lot more to confront still)



  23. Debian Volunteers Disallowed and Forbidden From Talking About Politics (Unlike Debian's Aristocracy That Handles All the Money From Sponsors)

    Reprinted with permission from Debian Community News



  24. Political Compass for Free Software (and Those Who Attack Software Freedom)

    With RMS (the father of the movement) betrayed from multiple angles (OSI, Linux Foundation etc.) it’s probably important to depict what’s going on, quasi-politically speaking



  25. Richard Stallman Has Not Changed His Tune at All

    Richard Stallman's (RMS) principled views regarding software go back to the days of zeroes and ones; his position 35 years ago was almost indistinguishable from today's position



  26. IRC Proceedings: Thursday, September 17, 2020

    IRC logs for Thursday, September 17, 2020



  27. Keith Packard: Richard Stallman Was Right (About the GPL)

    A 2020 video (before lock-downs) from the brain behind X11 and various lesser-known projects



  28. The Quandary of 'Ethical' Sponsors and One's Ability to Criticise Them (Otherwise It's a Potential Bribe in Exchange for Censorship of Critics)

    When Free software advocacy groups are indebted to companies that greatly harm people's freedom (including privacy) we have to ask ourselves questions regarding morality and ethics because money isn't inherently evil, it depends who or where it comes from (on what implicit conditions)



  29. When Attempting to Run for Debian Project Leader (DPL), Only to Realise the Process is Rigged (and Censored) to Protect Past Leaders

    Reprinted with permission from Debian Community News



  30. [Meme] Linux Foundation Does Not Represent Linux Users

    With only one truly technical person inside the Linux Foundation Board (it got a lot worse in 2020) it seems safe to call it 95%+ corporate gerrymandering with no signs of improving any time soon; it’s all about letting hostile corporations change Linux rather than allowing Linux to change the world


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts