01.25.10

Internet Explorer Still Not Secure, Still Standards-hostile, and Still Giving the NHS a Headache

Posted in Asia, Google, Microsoft, Security, Standard, Windows at 12:24 pm by Dr. Roy Schestowitz


Yorkshire air ambulance (NHS)

Summary: Internet Explorer mayday is still here, SVG is still not supported, and British taxpayers pay the price (or pay with their lives)

GOOGLE has issued a challenge to China, removing some censorship in the process (and getting some praise or flak for it). Totalitarians’ sympathiser, Microsoft, says it will carry on censoring results for the suppressive regime, which it later denies because it does not want the public to know (bad for PR). We wrote about this before and provided extensive evidence.

Using a new product, Microsoft helps manipulate search engines like Google and it is curious because Google’s China attacks were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] (and more specifically, Microsoft’s negligence [1, 2, 3]). Internet Explorer is still not secure. From the news:

A renowned security research company has revealed that it has managed to discover yet another set to vulnerabilities in Internet Explorer, Microsoft’s web browser, a mere day after the company patched the browser after a high-profile and highly-publicized attack on Google in China.

There was also a vulnerability disclosed a day after Microsoft had released patches. How about the vulnerability that’s 17 years old? Among the news coverage we have:

  1. Microsoft investigates 17-year-old Windows flaw
  2. Microsoft warns of flaw in 32-bit Windows kernel
  3. Microsoft confirms 17-year-old Windows vulnerability
  4. Microsoft confirms low-risk zero-day in Windows kernel
  5. Microsoft: Identifies 17-Year-Old Bug in Windows – It’s about time
  6. 17-year-old Microsoft flaw affects Windows 7
  7. Microsoft Warns About 17-Year-Old Windows Bug
  8. Microsoft investigating ZeroDay impacting Windows NT Kernel

On the heels of Microsoft announcing an out-of-cycle patch for the ZeroDay vulnerability in Internet Explorer, researcher Travis Ormandy has released details on another ZeroDay that exists in the Windows NT Kernel on every system version from Windows NT 3.1 to Windows 7.

This is confirmed by Microsoft itself by the way.

The NHS, which is a Windows shop for the most part [1, 2, 3, 4, 5], should already abandon Windows or at least abandon Internet Explorer.

Why the NHS can’t get its browser act together

[...]

Don’t worry, said Microsoft a few days ago: the zero-day vulnerability that Chinese hackers exploited to infiltrate Google’s network only affects Internet Explorer 6 (released in 2000) running on Windows XP (released in 2001).

The implication being that nobody uses that still, do they? Ed Bott, who has forgotten more about Microsoft than many people know, says in a vehement blogpost at ZDNet that:

“Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6.”

Ed Bott is a Microsoft-bribed mouthpiece, so it hardly matters what he says about Microsoft products. He lied about rivals of Internet Explorer a few days ago (by repeating the Microsoft talking points). He is almost ZDNet’s way of advertising Microsoft under the more trustworthy guise of “blogs”.

As an aside, Internet Explorer still does not support SVG, which has been around for ages. There is no reason to believe that this will change, according to this new analysis which says:

As usual, Microsoft’s action drew considerable scrutiny and even skepticism. It’s not hard to find commenters who write about “false marriage”, “damage” and lock-out. The major market reality that has impacted SVG for years is that all major Web browsers support it–except for Microsoft’s Internet Explorer. Numerous projects have decided against SVG in their designs precisely because of this lack.

Initial reaction to Microsoft’s decision has been, in my paraphrase: “Finally! Soon IE will support SVG, and we can get back to our programming.” I’m unconvinced — but also unsure that it matters.

There’s no guarantee that Microsoft will ever upgrade IE again, let alone that it’ll include SVG. Even if it does, it’ll be many years before use of earlier versions (IE 5, 6, 7, and 8, for example) falls below whatever threshold decision-makers decide should apply.

We wrote about this in:

Internet Explorer should just be removed from the Internet. It was only put on the Internet in order to sell Windows, Office and along with them substitutes to standards like SVG, so it’s not just simply a Web browser.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Bill Gates [PDF]

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2010/01/25/msie-svg-and-nhs/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

A Single Comment

  1. Yuhong Bao said,

    February 2, 2010 at 9:23 pm

    Gravatar

    “How about the vulnerability that’s 17 years old? ”
    AFRIK that is because it is a bug in the NT kernel support for V86 mode used by NTVDM to run DOS apps.

What Else is New


  1. Links 2/8/2021: XEyes 1.2 and Fwupd 1.6.2 Released

    Links for the day



  2. Freenode is IRC... in Collapse

    Freenode is now down to just 13,194 online users, which makes it the 6th biggest IRC network. Months ago it was #1 with almost 6 times as many users as those below it. The graph above shows what the latest blunder has done (another massive drop in less than a week, with a poem and the all-time chart at the very bottom).



  3. Barrier and Synergy Can Work Together, Connecting Lots of Different Machines

    Barrier and Synergy can be configured to work properly in conjunction, though only provided different port numbers (non-default) are specified; in my current setup I have two computers to my right, working over Barrier, and two older ones on the left, working over Synergy; the video explains the setup and the underlying concepts



  4. Links 2/8/2021: Open Science in France and Zoom Pays to Settle Privacy Violations

    Links for the day



  5. It Almost Feels Like Battistelli Still Runs the EPO (by Extension/Proxy)

    The "Mafia" that destroyed the EPO is still being put in charge and is using the EPO for shameless self-promotion; it is never being held accountable, not even when courts demand remediatory action and staff seeks reparations



  6. [Meme] Vichyite Battistelli Committed Crimes and His Buddy António Snubs Courts That Confirm These Are Crimes

    Staff of the EPO is coming to realise (or reaching acceptance of the fact) that the spirit of Battistelli — not just people he left in charge of the EPO — dooms the Office and there’s no way out of this mess



  7. Links 2/8/2021: Linux 5.14 RC4 and 20% Growth in Steam

    Links for the day



  8. IRC Proceedings: Sunday, August 01, 2021

    IRC logs for Sunday, August 01, 2021



  9. Links 1/8/2021: LibreOffice 7.2 RC2 and Lakka 3.3

    Links for the day



  10. Was Microsoft Ever First in the Market?

    Confronting the false belief that Microsoft ever innovates anything of significance or is "first" in some market/s



  11. Links 1/8/2021: 4MLinux 37.0, IBM Fluff, and USMCA Update

    Links for the day



  12. Microsoft Knows That When Shareholders Realise Azure Has Failed the Whole Boat Will Sink

    The paranoia at Microsoft is well justified; they've been lying to shareholders to inflate share prices and they don't really deliver the goods, just false hopes and unfulfilled promises



  13. [Meme] Nobody and Nothing Harms Europe's Reputation Like the EPO Does

    Europe’s second-largest institution, the EPO, has caused severe harm/damage to Europe’s economy and reputation; its attacks on the courts and on justice itself (even on constitutions in the case of UPC — another attempt to override the law and introduce European software patents) won’t be easily forgotten; SUEPO has meanwhile (on Saturday, link at the bottom in German) reminded people that Benoît Battistelli and António Campinos have driven away the EPO’s most valuable workers or moral compass



  14. IRC Proceedings: Saturday, July 31, 2021

    IRC logs for Saturday, July 31, 2021



  15. [Meme] When it Comes to Server Share, Microsoft Azure is Minuscule (But Faking It)

    Don't believe the lies told by Microsoft's charlatans and frauds; Azure has been a total failure and that's why there are layoffs as well



  16. [Meme] Mozilla Has Turned From Technical to Marketing

    Way back, long before Mozilla and Firefox got hijacked by politics (turning Mozilla into a VPN reseller that lies about its stance on privacy), geeks were driving the company, not corporate lawyers and spying/marketing people



  17. Over 1,500 (Known/Unorphaned) Gemini Capsules and Over 160,000 Page Requests in gemini.techrights.org During July

    Techrights is expanding at gemini:// (Gemini space) and over 1,500 capsules are reported to have been found (less than 4 months ago it was about 1,000)



  18. Links 31/7/2021: Kernel Additions and Linux Mint 20.3 Release Date

    Links for the day



  19. Microsoft Azure Stagnating

    Reprinted with permission from Mitchel Lewis, former Microsoft employee



  20. For 17 Days (and Counting) António Campinos Has Failed to Respond to Call for Compliance With the Law

    Team Campinos has been so arrogant and so evasive that there’s no indication (yet) that it will follow court orders (Willy ‘Guillaume’ Minnoye openly bragged about ignoring court orders and he's still cheering for the EPO's abuses); therefore, staff of the EPO takes collective action



  21. Raw: Elodie Bergot Breaking the Law by Threatening Against the Exercise of Fundamental Rights

    Over the years we saw a number of rude letters from Elodie Bergot, the grossly under-qualified spouse of a friend of Vichyite Benoît Battistelli; most of these we never published (we already have these and can always publish if the need arises), but those paranoid and insecure “Mafia”-like ‘cabal’ need to be exposed for the mobsters they are; for nearly a decade they’ve illegally bullied EPO staff in clear violation of the law (and for over 3 years António Campinos has kept those bullies on board); why does Europe do nothing and why is it never holding high-profile abusers accountable (only low-level facilitators)? Is it because the EU too is being infiltrated by them?



  22. Linspire Should Be Avoided in 2021 Just Like It Was Avoided 14 Years Ago

    The brand "Linspire" was brought back, but the agenda seems to be more or less the same, namely pushing proprietary software and serving Microsoft's commercial agenda (in 'Linux' clothing)



  23. The Death of Freenode Would Be Freenode's Own Fault

    Freenode is going dark and now it’s asking people to create accounts at IRC.com (just to get back into the network that they may have already occupied for decades) as if Freenode owns “IRC” as a whole



  24. Links 31/7/2021: KDE Progress and Activision Catastrophe

    Links for the day



  25. IRC Proceedings: Friday, July 30, 2021

    IRC logs for Friday, July 30, 2021



  26. The Smartest Meter of All

    Yesterday a lady came over to take our power readings (electric/gas meter); secure these people's jobs as they help protect people's privacy (dignity) at home



  27. [Meme] A Web of False Dichotomies

    A reminder that Techrights is fully available (all blog posts and wiki pages) in gemini://



  28. Freenode Shrinks by Another Quarter and Gemini Continues to Grow (For Techrights at Least)

    Freenode continues to perish faster than we've imagined; it's a good thing that we've had contingencies set up; regarding the monopolised and increasingly centralised Web, we're still making baby steps towards weaning ourselves off it



  29. Links 31/7/2021: Wine 6.14 and Chrome 93 Beta

    Links for the day



  30. European Media Does Not Care About Europe's Second-Largest Institution Crushing Basic Laws and Fundamental Rights

    New video about the latest publication from SUEPO (the EPO’s staff union); it was published yesterday, seeing that the “Mafia” (what EPO staff actually calls the management!) hasn’t done anything to comply with a wide-ranging set of court rulings from ILO-AT; why has the media said nothing about this and what does that say about today’s media? The material is all in the public domain, in widely understood languages, and SUEPO spoke about it more than 3 weeks ago.


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts