Computer newbies forum: ***READ THIS if you use Internet Explorer***

Any vulnerability is a problem, thats what people need to understand. Take Nimda and Code:Red as well as Sasser. MS knew about the problems quite a few months before, yet chose to keep their collective heads in the sand.

According to Secunia's figures(http://secunia.com/product/11/), IE has 19 tested and proven vulnerabilities, some are harder to exploit than others, but thats not the point, ANY security hole is unacceptable on any software running on any OS. 19 of them going unpatched is an outrage. It doesnt matter how large or small it is, if its there, history has taught us, someone will exploit it to their own ends.

Adware and Spyware arent at issue here but since its been brought up, Those problems affect the archetecture of the Windows OS itsself, though its good to note that IE's a major vector(as is email). My question is why isnt there any Mac OS spyware/adware? same thing with BSD and Linux? Its not that its any harder to write for those archetectures, there just arent as many holes in any of those OS' security as a whole for the script kids to want to learn to break into them.

And its not because of marketshare or the GPL as Redmond's legions(and yourself) like to argue. Ive been told by a few CISSP and GIAC certified security professionals that some 90% of the servers on the web across the globe run either Apache or BSD. Seems to me that those OS have the marketshare when it comes to critical infrastructure, so if Linux and BSD were as generally as vulnerable in general as Windows is, through any means now, not just through a browser native to the OS like IE or Apple's Safari, the Internet and Web as we know it would simply cease to be.

Until MS gets a clue and gets proactive about security, the only way to mitigate is to cut off a vector, whether that means switching to a different OS, using a tool to prevent whatever from happening, or switching web browsers is up to you. Defense comes from Depth and Diversity.

But do keep in mind that theres no single, black and white, right answer when it comes to security.

Dear sir

I would like to point out to you that I did used to use
Internet explorer But after lots of problems with the software and after a few yrs I managed to switch it
I was unable to up until now and have started to use
mozilla firefox which is adequet for my needs I hope that
you will not be tearing this one to bits has up to now it has served me well..a wellwisher

Theres a simple solution to IE's problems: Quit using it and Outlook Express.

I'm absolutely convinced that Internet Explorer is a massive threat to National Security (Slammer proved it, so did Code Red, so did Nimda, so did Sasser, so did Beagle/Bagel/NetSky/SkyNet, need I continue?) and since MS seems so reluctant to provide anyone who purchased a license before XP SP 2 came out with a fix for quite a few serious problems, the NSA or US-CERT, or even FEMA and the Emergency Preparedness and Response Directorate of the DHS should either do something to mitigate these problems before something major happens, which is only a matter of time, or the afore mentioned agencies should pressure congress to put some heat on MS over this. Its quite simply insane to know beyond the shadow of a doubt that a blasted corporation is putting your personal security and our national security as a whole at risk because they want more bloody money. And thats exactly what's going on.

To Microsoft and its ill-informed devotees: Its pretty insane(like many of Microsoft's policies) to leave your customers(including the United States Armed Services and Government) vulnerable because they dont want to deal with XP in general or the horrible excuse for a firewall thats in SP 2. How is security with no egress monitoring considered useful? If you dont know whats going out, then controlling things that are coming in is sort of pointless. MS just simply doesnt get it. They dont get it on Open Source, they dont get it on Security, they dont get it on DRM, they quite frankly just dont get it at all.

If you want to be 0w3ned and be used as a tool to whatever cracker's whim then use IE. Help participate in making a coming disaster worse.

If on the other hand you dont want every script kiddie and their buddies across the net to attack you and would rather be a more secure node, use Firefox or any of the other browsers built on the Gecko architecture, like Netscape 7.x or Mozilla Suite.

Anyway, to further strengthen my position, Secunia has 70 advisories for IE, 19 of which are unpatched. To those of you who dont know better, thats 19 individual gaping holes in your security that anyone who so chooses can decide to exploit, literally anyone from a simple college script kiddie to a government bent on destroying us like North Korea or a terrorist group thats well versed in technology like Al-Qaeda, you're just as much of a target to all of em.

Firefox 1.0 on the other hand has no advisories. Draw your own conclusions. Seems the folks up in redmond dont really care if you're a walking target as long as they're making money.

If you dont believe me on my vulnerability figures, go check for yourself:
http://secunia.com/product/11/ for IE
http://secunia.com/product/4227/ for Mozilla Firefox

At this point, those who wish to learn about the good and bad points of Internet Explorer and other browsers can certainly do so by reading all posts. All sides of the issue have been expressed and further posts will make the thread unworkable.

Hope this helps.

Grif