, 2004-06-28
Criminals are benefiting from an Internet Explorer that's so complex even Microsoft can't predict its behavior.
Expand all |
Post comment
Redmond's Butterfly Effect
2004-06-28
Anonymous (6 replies)
Anonymous (6 replies)
Redmond's Butterfly Effect
2004-06-30
Anonymous (1 replies)
Anonymous (1 replies)
?Given the innate complexity of zone settings, ActiveX object controls and the various scripting configurations, there is really no excuse for the way multiple vulnerabilities within a single product were handled with such tunnel vision, particularly when their combined exploitation has been exemplified on forums like Security Focus for months now. ?
Is there an excuse for you choosing to run an operating system that came from a vendor with a track record for patches like Microsoft?s? You complain about patches not being available yet you forget that you opted into the situation knowing full and well that most patches? development cycles don?t start until the problem is in the public domain, well after an exploit is available.
I think its time that the security scene recognizes and excepts the fact that when they declare something a ?Zero Day? exploit or a ?New Threat? it has been fond long ago by someone that works more deeply with that peace of software then you do. Until Microsoft is willing to seriously consider the fact that compliance with standards and basic levels of security are more important then the profits of people that like pretty pictures, solving an issue like stringing multiple ?small? exploits into a major security hole is not even going to be on their radar. Let?s face it, any business is for profit.
I?d also like to comment on the current state of IE specifically. I believe that it is fine the way it is. Uneducated people that are not willing to learn what it takes to secure a business or home PC are the only ones that seem to be affected by these malicious browser add-ons. I have tangled with Cool Web Search several times and have removed it quiet easily with tools like Adaware in conjunction with removing its re-install code from the registry. I think that Cool Web Search demonstrates a point that not all problems can simply be fixed with a removal tool alone. Knowing or being willing to learn to remove a tool manually is a must now a days.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/251/27250#27250