01.25.10

Internet Explorer Still Not Secure, Still Standards-hostile, and Still Giving the NHS a Headache

Posted in Asia, Google, Microsoft, Security, Standard, Windows at 12:24 pm by Dr. Roy Schestowitz


Yorkshire air ambulance (NHS)

Summary: Internet Explorer mayday is still here, SVG is still not supported, and British taxpayers pay the price (or pay with their lives)

GOOGLE has issued a challenge to China, removing some censorship in the process (and getting some praise or flak for it). Totalitarians’ sympathiser, Microsoft, says it will carry on censoring results for the suppressive regime, which it later denies because it does not want the public to know (bad for PR). We wrote about this before and provided extensive evidence.

Using a new product, Microsoft helps manipulate search engines like Google and it is curious because Google’s China attacks were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] (and more specifically, Microsoft’s negligence [1, 2, 3]). Internet Explorer is still not secure. From the news:

A renowned security research company has revealed that it has managed to discover yet another set to vulnerabilities in Internet Explorer, Microsoft’s web browser, a mere day after the company patched the browser after a high-profile and highly-publicized attack on Google in China.

There was also a vulnerability disclosed a day after Microsoft had released patches. How about the vulnerability that’s 17 years old? Among the news coverage we have:

  1. Microsoft investigates 17-year-old Windows flaw
  2. Microsoft warns of flaw in 32-bit Windows kernel
  3. Microsoft confirms 17-year-old Windows vulnerability
  4. Microsoft confirms low-risk zero-day in Windows kernel
  5. Microsoft: Identifies 17-Year-Old Bug in Windows – It’s about time
  6. 17-year-old Microsoft flaw affects Windows 7
  7. Microsoft Warns About 17-Year-Old Windows Bug
  8. Microsoft investigating ZeroDay impacting Windows NT Kernel

On the heels of Microsoft announcing an out-of-cycle patch for the ZeroDay vulnerability in Internet Explorer, researcher Travis Ormandy has released details on another ZeroDay that exists in the Windows NT Kernel on every system version from Windows NT 3.1 to Windows 7.

This is confirmed by Microsoft itself by the way.

The NHS, which is a Windows shop for the most part [1, 2, 3, 4, 5], should already abandon Windows or at least abandon Internet Explorer.

Why the NHS can’t get its browser act together

[...]

Don’t worry, said Microsoft a few days ago: the zero-day vulnerability that Chinese hackers exploited to infiltrate Google’s network only affects Internet Explorer 6 (released in 2000) running on Windows XP (released in 2001).

The implication being that nobody uses that still, do they? Ed Bott, who has forgotten more about Microsoft than many people know, says in a vehement blogpost at ZDNet that:

“Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6.”

Ed Bott is a Microsoft-bribed mouthpiece, so it hardly matters what he says about Microsoft products. He lied about rivals of Internet Explorer a few days ago (by repeating the Microsoft talking points). He is almost ZDNet’s way of advertising Microsoft under the more trustworthy guise of “blogs”.

As an aside, Internet Explorer still does not support SVG, which has been around for ages. There is no reason to believe that this will change, according to this new analysis which says:

As usual, Microsoft’s action drew considerable scrutiny and even skepticism. It’s not hard to find commenters who write about “false marriage”, “damage” and lock-out. The major market reality that has impacted SVG for years is that all major Web browsers support it–except for Microsoft’s Internet Explorer. Numerous projects have decided against SVG in their designs precisely because of this lack.

Initial reaction to Microsoft’s decision has been, in my paraphrase: “Finally! Soon IE will support SVG, and we can get back to our programming.” I’m unconvinced — but also unsure that it matters.

There’s no guarantee that Microsoft will ever upgrade IE again, let alone that it’ll include SVG. Even if it does, it’ll be many years before use of earlier versions (IE 5, 6, 7, and 8, for example) falls below whatever threshold decision-makers decide should apply.

We wrote about this in:

Internet Explorer should just be removed from the Internet. It was only put on the Internet in order to sell Windows, Office and along with them substitutes to standards like SVG, so it’s not just simply a Web browser.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Bill Gates [PDF]

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2010/01/25/msie-svg-and-nhs/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Yuhong Bao said,

    February 2, 2010 at 9:23 pm

    Gravatar

    “How about the vulnerability that’s 17 years old? ”
    AFRIK that is because it is a bug in the NT kernel support for V86 mode used by NTVDM to run DOS apps.

What Else is New


  1. Links 14/5/2021: KDE Plasma 5.22 Beta and GNOME 40 in Gentoo

    Links for the day



  2. Audio: “Unjust Computing Clamps Down” by Richard Stallman

    The FSF has finally uploaded the LibrePlanet talk of Richard Stallman



  3. Links 13/5/2021: KDE Gear 21.04.1 and LibreOffice 7.0.6

    Links for the day



  4. The EPO's War on Justice and Assault on the Law -- Part 4: The President of the Boards of Appeal

    A deeper look into the ‘sausage factory’ that is EPO tribunals certainly helps us understand the inherent bias of many decisions, including a recent decision on European software patents like a controversial simulation patent



  5. Judging the Judges

    Today we shall take a closer look at Carl Josefsson, a person who shall become a figure of interest if he sends EPO courts to the United States in clear violation of the EPC (looking to rubber-stamp an unlawful decision already made before this case even started)



  6. When EU Authorities Tell You to Complain to the EPO Itself About EPO Privacy Violations...

    “Kafkaesque” at the EPO; Kafka could do a whole novel about the flirtations with or affairs of ‘justice’ at the EPO



  7. The Need for Reliable Governance at Freenode

    Why the current and high-profile (albeit somewhat covert) owner of the network, who seems to care about Free software (it has made him very wealthy), should put the whole thing in reliable hands and not attempt to 'monetise' it in any way



  8. IRC Proceedings: Wednesday, May 12, 2021

    IRC logs for Wednesday, May 12, 2021



  9. Andrew Lee of Private Internet Access/London Trust Media Increasingly Owns and Controls Freenode (Updatedx2)

    The details about Freenode ownership and control are explained in a resignation letter urging users to move to another network



  10. [Meme] eBPF is Not Microsoft's, But It's Certainly Googlebombed by Microsoft

    eBPF isn't Microsoft's. But sites that work closely with Microsoft keep mentioning that term as if Microsoft created it and champions it (typical tactics).



  11. Links 13/5/2021: OpenSUSE Leap 15.3 on Finer Hardware, AMI Dabbling in Free Firmware

    Links for the day



  12. The EPO's War on Justice and Assault on the Law -- Part 3: The Current Line-up

    The composition of the Enlarged Board for case no. G 1/21



  13. System76’s First Keyboard Packs in Plenty of Surprises

    Putting the genie back in the bottle is hard, and moreover the corrective post from Joey Sneddon may cause a bit of a 'Streisand Effect'



  14. Links 12/5/2021: HAProxy Data Plane API 2.3 and Mousepad 0.5.5

    Links for the day



  15. IBM is Destroying Red Hat, Squeezing Red Hat's Work for Cash, Laying Off Staff, and Asking Staff to Resign

    Layoffs are not a new thing at IBM (hardly so in the past couple of decades or more), but they're oversensitive about the Red Hat agenda



  16. [Meme] Longing for the Original IP Kat...

    It would be nice to see more posts critical of injustice at the EPO, as we've just noted



  17. The EPO's War on Justice and Assault on the Law -- Part 2: Just Another Pro Forma Rubber-Stamping Exercise?

    Half a decade after Benoît Battistelli ‘kidnapped’ and then defamed judges (it started in 2014) António Campinos has done nothing to restore lawfulness at the EPO, as controversial referral case G 1/21 shows; in fact, they recently approved European software patents after pressure from Campinos himself



  18. Why I'm Using Just a Landline and Recalling My Richard Stallman (RMS) Interview on Working Locally or How the Signal Processor in Phones is a De Facto Back Door

    A longer-than-expected rant about what mobile phones have turned into and a look back at (or listen to) what Richard Stallman (RMS) told me way back in 2013



  19. The European Campinos Award

    The campinos (peasants) of Europe shall gather around for another ceremony championing farmers and nurses... or not



  20. Personal Thoughts About the EPO 'Kangaroo Court' Scandal

    Some unscripted and unedited thoughts about the current EPO scandal/series, which shows intervention such as stacking by António Campinos, continuing the tradition of Benoît Battistelli with his attacks on justice itself



  21. Doing Justice by Reporting Injustice

    Europe's second-largest institution, helped by Europe's largest, is engaging in a massive attack on the very concept of the Rule of Law and incredibly enough the so-called 'press' (or 'media') doesn't report on it



  22. IRC Proceedings: Tuesday, May 11, 2021

    IRC logs for Tuesday, May 11, 2021



  23. Links 12/5/2021: New Audacity and Musescore Owner Named, Microsoft May Lose "JEDI" (Trump's 'Bailout Package')

    Links for the day



  24. The EPO's War on Justice and Assault on the Law -- Part 1: Rumours of a Kangaroo Court at EPOnia

    EPO's President Benoît Battistelli viciously attacked judges and slandered judges; António Campinos adopts a more 'soft power' approach, but nevertheless the impact is the same



  25. Bill Gates Exposed

    While publishers like ZDNet worked hard (on Microsoft's budget) to distract us from real scandals many nefarious things were happening; are we witnessing the fall of Gates?



  26. Welcome to ZDNet's 'Linux' Section...

    ZDNet, which defamed RMS to help distract from Bill Gates scandals, is doing what the sponsors (IBM, Microsoft, Linux Foundation) pay for



  27. Europe's Second-Largest Institution, the EPO, is Partly Based in the United States

    The EPO has outsourced its operations, including its 'courts', to the United States; this seems to be the so-called 'New Normal'



  28. You Look for Linux News and Instead It's Microsoft Noise and Openwashing

    Imagine trying to go about doing your own 'business', only to be confronted by paid-for plugs (sponsored) by the people trying to undercut/undermine your business; welcome to "Linux" in 2021



  29. Links 11/5/2021: Maui 1.2.2 and Tor Releases

    Links for the day



  30. The Next Generation of Free Software (or Software Freedom) Activism, Tackling Newer Problems

    New challenges as labour rights and human rights are further eroded, thanks to 'high' 'tech' with its very 'innovative' 'features'


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts