EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

01.25.10

Internet Explorer Still Not Secure, Still Standards-hostile, and Still Giving the NHS a Headache

Posted in Asia, Google, Microsoft, Security, Standard, Windows at 12:24 pm by Dr. Roy Schestowitz


Yorkshire air ambulance (NHS)

Summary: Internet Explorer mayday is still here, SVG is still not supported, and British taxpayers pay the price (or pay with their lives)

GOOGLE has issued a challenge to China, removing some censorship in the process (and getting some praise or flak for it). Totalitarians’ sympathiser, Microsoft, says it will carry on censoring results for the suppressive regime, which it later denies because it does not want the public to know (bad for PR). We wrote about this before and provided extensive evidence.

Using a new product, Microsoft helps manipulate search engines like Google and it is curious because Google’s China attacks were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] (and more specifically, Microsoft’s negligence [1, 2, 3]). Internet Explorer is still not secure. From the news:

A renowned security research company has revealed that it has managed to discover yet another set to vulnerabilities in Internet Explorer, Microsoft’s web browser, a mere day after the company patched the browser after a high-profile and highly-publicized attack on Google in China.

There was also a vulnerability disclosed a day after Microsoft had released patches. How about the vulnerability that’s 17 years old? Among the news coverage we have:

  1. Microsoft investigates 17-year-old Windows flaw
  2. Microsoft warns of flaw in 32-bit Windows kernel
  3. Microsoft confirms 17-year-old Windows vulnerability
  4. Microsoft confirms low-risk zero-day in Windows kernel
  5. Microsoft: Identifies 17-Year-Old Bug in Windows – It’s about time
  6. 17-year-old Microsoft flaw affects Windows 7
  7. Microsoft Warns About 17-Year-Old Windows Bug
  8. Microsoft investigating ZeroDay impacting Windows NT Kernel

On the heels of Microsoft announcing an out-of-cycle patch for the ZeroDay vulnerability in Internet Explorer, researcher Travis Ormandy has released details on another ZeroDay that exists in the Windows NT Kernel on every system version from Windows NT 3.1 to Windows 7.

This is confirmed by Microsoft itself by the way.

The NHS, which is a Windows shop for the most part [1, 2, 3, 4, 5], should already abandon Windows or at least abandon Internet Explorer.

Why the NHS can’t get its browser act together

[...]

Don’t worry, said Microsoft a few days ago: the zero-day vulnerability that Chinese hackers exploited to infiltrate Google’s network only affects Internet Explorer 6 (released in 2000) running on Windows XP (released in 2001).

The implication being that nobody uses that still, do they? Ed Bott, who has forgotten more about Microsoft than many people know, says in a vehement blogpost at ZDNet that:

“Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6.”

Ed Bott is a Microsoft-bribed mouthpiece, so it hardly matters what he says about Microsoft products. He lied about rivals of Internet Explorer a few days ago (by repeating the Microsoft talking points). He is almost ZDNet’s way of advertising Microsoft under the more trustworthy guise of “blogs”.

As an aside, Internet Explorer still does not support SVG, which has been around for ages. There is no reason to believe that this will change, according to this new analysis which says:

As usual, Microsoft’s action drew considerable scrutiny and even skepticism. It’s not hard to find commenters who write about “false marriage”, “damage” and lock-out. The major market reality that has impacted SVG for years is that all major Web browsers support it–except for Microsoft’s Internet Explorer. Numerous projects have decided against SVG in their designs precisely because of this lack.

Initial reaction to Microsoft’s decision has been, in my paraphrase: “Finally! Soon IE will support SVG, and we can get back to our programming.” I’m unconvinced — but also unsure that it matters.

There’s no guarantee that Microsoft will ever upgrade IE again, let alone that it’ll include SVG. Even if it does, it’ll be many years before use of earlier versions (IE 5, 6, 7, and 8, for example) falls below whatever threshold decision-makers decide should apply.

We wrote about this in:

Internet Explorer should just be removed from the Internet. It was only put on the Internet in order to sell Windows, Office and along with them substitutes to standards like SVG, so it’s not just simply a Web browser.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Bill Gates [PDF]

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Propeller
  • Slashdot
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Yuhong Bao said,

    February 2, 2010 at 9:23 pm

    Gravatar

    “How about the vulnerability that’s 17 years old? ”
    AFRIK that is because it is a bug in the NT kernel support for V86 mode used by NTVDM to run DOS apps.

What Else is New

  1. Links 2/9/2010: New Survey Shows Red Hat GNU/Linux Increasingly Replacing Windows

    Links for the day

  2. Links 2/9/2010: Red Hat at Year Highs, Fake 'Open Source' Called Out

    Links for the day

  3. Microsoft Saved the Bush Family From Embarrassment

    A migration to Microsoft Exchange in the White House led to loss of crucial data which could help show how the United States entered wars and why

  4. Insanity of Microsoft Patents and the Insanity of 'Green' Patents

    Microsoft earns a patent monopoly on "[o]perating system shut down"; Patent monopolies prey on ideas that help preserve the planet

  5. Microsoft Looks to Communism for Answers

    Microsoft turns to China, hoping that therein exists some way to rescue Xbox 360; instead, China brings competition to Xbox 360, whose price is going up, not down

  6. "Novell Laboratories" and Patent Extortion Against Generic Drugs

    Notorious "death patents" are being used against Novell

  7. It's True, Android is Not Free (Because of Microsoft Patent Extortion)

    New FUD from Microsoft staff and a reminder of what it is that really puts a price tag on Android (and it's not Google)

  8. Bloomberg Gets the Facts Wrong (About SCO and Novell)

    Another example of Bloomberg publishing misinformation, which in this case serves SCO and thus harms Linux

  9. Red Hat Now Worth Almost 3.5 Times What Novell is Worth

    A look at Novell's decreasing relevance wrt to Red Hat and other companies that actually produce and distribute Free software, not proprietary software

  10. “Novell Inc (NOVL) Received an Offer in Early March and Has Yet to Announce a Deal.”

    Novell is still up for sale and the financial market expects some announcement to come sooner or later

  11. Microsoft Says Choose Microsoft to Avoid Lock-in

    Microsoft warns about VMware lock-in as it attempts to sell proprietary hype [sic] V

  12. IRC Proceedings: September 1st, 2010

    IRC logs for September 1st, 2010

  13. Links 1/9/2010: Linux in Ukraine, 'Green Party' of Belgium Moves to GNU/Linux Desktops

    Links for the day

  14. Microsoft Boosters of Software Patents in Linux/UNIX Sued for Patent Violation

    Centrify and Likewise get sued, having attempted to outdo Free software by faking it and adding software patents to it

  15. Microsoft Lobbyists Continue to Push for Software Patents in Europe (Transforming Government) to Tax Linux

    Microsoft wants European GNU/Linux users to pay through the nose, but first it needs to use lobbyists like Zuck to change the law in Europe, by pretending to speak for small businesses

  16. Microsoft Uses Linux to 'Succeed'

    Microsoft uses Linux-powered phones not just to make income (patent tax) but also to spread Microsoft propaganda, which includes Linux insults

  17. Links 1/9/2010: Chakra 0.2.0, Ksplice Free for Fedora

    Links for the day

  18. Apple's Co-founder Steve Wozniak a Patent Trolls' Apologist, Apple is Patenting DRM Ideas

    Wozniak helps prove that also departing co-establishers of proprietary predators defend patent trolling

  19. Microsoft is Said to Have Had an Anti-OpenOffice.org Seminar on Monday (Updated)

    The Microsoft camp is attacking Oracle's OpenOffice.org (OOOo) while pretending that Oracle is an "evil empire" (whereas Microsoft "loves" open source)

  20. Software Patents and Microsoft Hurt Korea as Country Tries to Escape Microsoft Monopoly and Market Abuses

    Microsoft dependencies, Ballnux in Korea, and the ill effects of software patents there

  21. Correcting Common Case of Misreporting: Novell is Not an Open Source Company

    Novell is a semi-shut (or "mixed source") company, not "Open Source" as some Web sites falsely report

  22. Microsoft Florian Promotes MPEG-LA at the Expense of Free Software, Defends Intellectual Monopolies Too

    A fine new example of people who promote Microsoft agenda while pretending to be "FOSS" people

  23. Links 31/8/2010: KDE 4.5.1, Linux 2.6.36 RC3, ACTA Threat Looming

    Links for the day

  24. IRC Proceedings: August 31st, 2010

    IRC logs for August 31st, 2010

  25. Links 31/8/2010: Linux Developer Community From Wind River, Multitouch Tablet

    Links for the day

  26. Patents Roundup: OIN, Patent Attorney Ignorance, “Ultimate Patent Troll”, the Rambus Submarine Patent, Death Patents, MPEG-LA, and i4i/Microsoft

    An overview of patent news from the past few days, ranging from issues that directly affect GNU/Linux to issues that simply show how amoral and dysfunctional the patent systems have become

  27. Why Paul Allen (Interval Patent Troll) Targets Companies That Do Not Cross-license With (or Pay) Microsoft

    A patchy pattern is spotted by Techrights -- a pattern wherein companies that are trolled for big cash by Microsoft's co-founder are actually not paying Microsoft for patents

  28. USPTO is Imperialistic

    Another new set of examples where the USPTO hijacks other countries' policies and threatens businesses overseas using the ITC

  29. IRC Proceedings: August 30th, 2010

    IRC logs for August 30th, 2010

  30. Oracle Promotes hypePod/hypeTunes Just Weeks After Suing Android, Java's Founder Has Message for Ellison

    Oracle is promoting Apple's products and Mister Java himself creates t-shirt designs to protest against Ellison's decision to sue Google with his own patents

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts