Beware! Massive Security Hole in Microsoft IE

[Terrance13]

The answer is that the Operating System should provide the protection.

P.S.: I run both Linux and Windoze XP side-by-side (2 computers).
I run Avista to protect the XP. I run nothing to protect the Linux.
The Linux has never been infected with anything.

The XP got infected twice, in spite of my best efforts. A piece of malware
crept in hidden inside of a repackaged copy of Bittorrent that I downloaded.
And somehow a piece of advertising ware came in inside of something
that the browser downloaded.

Fortunately, Avista detected them during a disk scan, and got rid of them

Oh, and I always use the Linux system to read my email. I get mailed
viruses very often, sometimes three in one day:
"Look at this picture of a movie star with no clothes on."
"Examine this invoice in this zip file for your account."
"Print out this shipping label in this zip file to claim your package."
They are no danger to Linux; they can't run on Linux.

--
'Now I know what it's like to be high on life.
It isn't as good, but my driving has improved.'
== Nina, on 'Just Shoot Me', 13 Jan 2006.

 

[henryp]

The answer is that the Operating System should provide the protection.
The browser is just another page-viewing tool, when you come right
down to it. It's a fancy page-viewing tool, one that can also play
music or show animations, but it's still just a gloried page viewer.

There's a reason every car you buy these days has seatbelts and airbags.

--
Henry
Personal opinion

 

[spbStan]

--

No system is immune to exploits, intrusions and viruses. Windows is targetted because of its close to 90% market share because for a virus to self probagate it needs a certain critical mass of potental targets to be hit with random distributution. Windows with security updates set to automatic updating are no less secure as an individual computer as any other individual computer regardless of OS. When a OS specific attack probagates, if a small number of random targets are likely to reproduce the virus, just like in nature, the virus dies out.

The only real problem with Windows from a security standpoint is that there is not enough diversity in OSs that would cause viruses to die out quickly naturally.

If there were 10 equally distruibuted OSs viruses would be lower in the wild and have less chance to become wide spread.

I run Red Hat, Ubuntu, Vista, FreeBSD and Windows 2003 Server/IIS and see that they all have had potential security holes and have frequent patches. I spend more time patching supposedly virus proof OSs than I ever would have time to shoot photos.

If a Mac is set to auto update, the user thinks he is immune and does not realize Apple is streaming updates as frequently as ir not more than MS is. If updates and patches are done as they become available, no one would have much of a problem.

Look at the nature of the discovered holes, they tend to be very arcane and relatively minor "Potential" holes, usually way before anyone actually exploited them. I did a scan on one of my web servers used for a secure shopping cart last week and 40 "potential" holes were discovered that required a sometimes a bizarre set of circumstances to actually be a hole, including inside assistance to the hacker by a cooperative employee or administrator. That is how limited most of the risks are that these news articles are about that get everyone all worked up.

It took 4 hours to add the patches needed plus recompiling two applications. Each of the "holes" were discovered only within the last 2 months, and none had become a actual realized risk or loss to anyone. In another two months there will be another list of potential holes, again with probably no live viruses or hackers actually exploiting them.

Worry about things much more likely to be a problem like using a CC in a restaurant or driving without a seatbeat.
Turn on auto-update and forget it.
Stan

 

[Bryan Swan]

The XP got infected twice, in spite of my best efforts. A piece of
malware crept in hidden inside of a repackaged copy of Bittorrent that I
downloaded. And somehow a piece of advertising ware came in inside of
something that the browser downloaded.

"Somehow" the browser just happened to download something?! Get over yourself. The browser does only what you tell it to do. If you got infected, YOU initiated it somehow. It doesn't work any other way. Ghost install when visiting a shady website, something you downloaded, something that got installed when you downloaded and installed another program (see any Browser Toolbar plugin), p2p software, etc. You computer doesn't just get sick like you get sick.

If you know how to avoid getting infected in the first place and you keep up to date on your updates, you pretty much don't have to worry at all about your OS having so many security holes that it looks like swiss cheese. The key here is the knowing how to avoid getting infected part. Apparenty animated gifs and flash games that promise a free ringtone are too much a temptation for many people to resist.

--
Bryan Swan
http://www.waterfallsnorthwest.com

 

[Doug J]

The answer is that the Operating System should provide the protection.
The browser is just another page-viewing tool, when you come right
down to it. It's a fancy page-viewing tool, one that can also play
music or show animations, but it's still just a gloried page viewer.

There's a reason every car you buy these days has seatbelts and
airbags.

And locks...

--
Best regards,
Doug
http://pbase.com/dougj

 

[BIJ001]

Bill Gates never comprehended system security.

The Bill Gates O'es have their heavy tradition of the desk-top paradigm and ease-of-use: not security.

 

[Doug J]

Everything else pales in comparison...

--
Best regards,
Doug
http://pbase.com/dougj