PSA: Don’t Use Explorer

John_Webber_-_Portrait_of_Captain_James_Cook_-_Google_Art_Project

I get email:

The U.S. Department of Homeland Security recommends that all users temporarily discontinue the use of Microsoft Internet Explorer (IE) due to a critical security flaw.

More here.

If y’all already knew all about this, what can I say?  I’m old and slow.

Image:  John Webber, Portrait of Captain James Cook c. 1780

 

Share On Facebook
Share On Twitter
Share On Google Plus
Share On Pinterest
Share On Reddit






41 replies
  1. 1
    JDM says:

    I stopped using Explorer a while back too, but this makes me wonder: Fatherland Security want you to stop using it? is it uniquely resistant to NSA snooping? :)

  2. 2
    Butch says:

    Every single one of the company’s on-line tools (monthly status reports, timesheets, expense reports, webmail, file transfer) are based on IE and will not function in anything else. I’m stuck.

  3. 3
    CONGRATULATIONS! says:

    What a crock of shit. What are they going to do, send the entire US government home until Microsoft can get off their fat asses and get a fix out?

    (if you didn’t know, in most Fed shops you are REQUIRED to use IE and no alternatives are acceptable)

    @JDM: The problem is a zero-day exploit that’s been known about since late last week. Why the news just seems to be coming out today is beyond me.

  4. 4
    jheartney says:

    Us OSXers couldn’t use Explorer if we wanted to. If the thing would just die it’d simplify web developers’ lives immensely.

  5. 5
    cokane says:

    IE has been garbage ever since there was browser competition, iirc

  6. 6
    catclub says:

    @Butch: The unstated text is, ‘to go and visit dicey websites’
    (which your company may be!).

    If your use is only internal, less risk.

  7. 7
    CONGRATULATIONS! says:

    Us OSXers couldn’t use Explorer if we wanted to.

    @jheartney: au contraire. Fire up Parallels/Virtual Box and use any flavor of IE you want.

    I know at least one person (yes, he’s an idiot) who runs full-time Windows on the Mac because it’s “more secure”.

    But there are a lot of Mac folks who need to set foot in Microsoft’s world every day for work. And they’re frequently some of my more difficult users, as they are not aware of viruses, hacking, or exploits and routinely do the stupidest shit imaginable because they think it can’t happen to them.

  8. 8
    beltane says:

    I make it a point to never use IE anyway.

  9. 9
    Ash Can says:

    @CONGRATULATIONS!: It’s not. The government advisory came out yesterday. I saw it discussed elsewhere.

  10. 10
    Belafon says:

    Why is the DoD telling us this? I thought it was the job of the NSA to warn us about security threats. How long do you think the NSA has been exploiting this to spy on Americans? Was this in the documents that Snowden took?

    (In before Cassidy, though this sarcasm is totally my own.)

  11. 11
    Someguy says:

    Mozilla hired a known bigot, IE sucks, and Google is basically evil, contra their corporate maxim.

    Given the Big 3 are some combination of corrupt and insecure, anybody got any suggestions on browsers?

  12. 12
    Butch says:

    @catclub: It’s actually a fairly large company but you’d laugh your head off at some of the sites; it takes about a dozen clicks and two log-ins to get to your current timesheet.

  13. 13
    CONGRATULATIONS! says:

    Given the Big 3 are some combination of corrupt and insecure, anybody got any suggestions on browsers?

    @Someguy: Been using Opera since 2002. I have always been very happy with it, but it is not everyone’s cup of tea.

  14. 14
    Just Some Fuckhead says:

    People still use Internet Explorer?

  15. 15
    catclub says:

    @Someguy: Lynx!

    en.wikipedia.org/wiki/Lynx_(web_browser)‎ Wikipedia:

    Lynx is a highly configurable text-based web browser for use on …. be found in repositories of most Linux distributions, as well as in the

  16. 16

    @jheartney:

    Years ago, Microsoft ported Internet Explorer to Unix, the slogan for this short lived product was something like “Bringing the internet to Unix” Never mind the fact that the first web browsers ran on Unix like systems….

  17. 17
    Belafon says:

    @Someguy: Write your own. I would suggest first writing your own programming language. You might also need your own operating system.

    It’s the only way to be totally sure.

  18. 18
  19. 19
    Omnes Omnibus says:

    @Belafon: An internet of one.

  20. 20
    srv says:

    Well now I have to be contrarian and download IE.

    Hitlery has declined to keynote at Netroots Nation this summer. She’s already decided to throw progressives under the bus.

  21. 21
    mike with a mic says:

    The issue is with Adobe actually. If you aren’t using Flash, are using IE 10.0 or after, or have Microsoft EMP enabled this isn’t an issue.

    That said apple Safari, Google Chrome, and even Firefox have all had similar fuck ups. No browser is safe, you need to have several to chose from. Though Safari is by far the biggest pile of shit out of them all. The best was the hole Safari caused that broke security in Windows, so as soon as it force installed in an itunes update you got fucked.

  22. 22
    Amir Khalid says:

    I only ever used Internet Explorer to find and download Firefox on a new PC, and then never again. The guy who sold me this current laptop downloaded Firefox for me so I’ve never had to use it on this machine.

  23. 23
    Schlemizel says:

    @CONGRATULATIONS!: BINGO!
    Several of the apps I use every day either do not work or at least do not work well unless using IE. How do we allow developers to get away with that crap? Imagine how well facebook or Amazon would do if they said “Sorry, you can only get us to work with IE?

    I will do what I have done for the last 4 years, use IE for the things I must & not for anything I don’t have to. Lucky for me my job responsibilities allow me to install Firefox & Chrome, most cnnot.

  24. 24
    Schlemizel says:

    @mike with a mic:
    Yeah, I got word of a new critical exploit this morning tied to Adobe that hits all browsers equally. Adobe is a major problem as is JAVA, much much much worse than your browser choice and there is almost nothing most people can do about it.

    Keep updating & pray that the other wildebeests are slower so the lions take them instead.

  25. 25
    Roger Moore says:

    @cokane:

    IE has been garbage ever since there was browser competition, iirc

    Was IE a good browser before their was competition? When it dominated the market you could usually count on sites rendering correctly, but it still sucked in terms of security and UI. And you were more or less screwed if you used an OS other than Windows.

  26. 26
    Davis X. Machina says:

    @srv: They’d boo her if she went.

  27. 27
    nellcote says:

    @Davis X. Machina:

    They’d boo her if she went.

    or throw shoes.

  28. 28
    CONGRATULATIONS! says:

    Several of the apps I use every day either do not work or at least do not work well unless using IE. How do we allow developers to get away with that crap?

    @Schlemizel: Back when I did software development for the gov, IE (client) and Microsoft (server) were mandated, all the way from the very top. Suspect some folks got a hell of a job for writing that into acquisitions. At any rate, that’s why we can’t have nice things.

  29. 29
    Roger Moore says:

    @Someguy:

    Given the Big 3 are some combination of corrupt and insecure, anybody got any suggestions on browsers?

    Opera? Konqueror? Lynx? Telnet to Port 80?

  30. 30
    catclub says:

    @CONGRATULATIONS!: “IE (client) and Microsoft (server) were mandated, all the way from the very top.”

    This is changing. Our new timesheet entering system [never mind that we were doing paper timesheets in 2014] noted that it worked best on Chrome. I was shocked.

  31. 31
    yam says:

    @Roger Moore: s_client to port 443, it’s the only safe way…

  32. 32
    Jim C. says:

    @cokane:

    Yes, this. I honestly intend no offense, but I’m frankly shocked that ANYONE is still using Explorer these days ever since other, better, options became available a decade or more ago.

  33. 33
    Jim C. says:

    @Someguy:

    Pale Moon is basically a Firefox clone (or at least it was the last time I used it regularly a couple of years ago) if you want to avoid using Explorer, Firefox or Chrome.

    Though given that Firefox fired the bigot, that’s what I’ve continued to use after initially being exasperated about having to decide if I wanted to ditch it or not. I can now use it free of guilt.

  34. 34
    Roger Moore says:

    @catclub:

    This is changing. Our new timesheet entering system [never mind that we were doing paper timesheets in 2014] noted that it worked best on Chrome. I was shocked.

    It gets especially confusing when you use web apps written by different groups that each have their own browser preference. Most of the apps we use at work expect IE, and some require it because they use ActiveX controls. But one was set up by an outside consultant and has terrible performance problems with the version of IE on my computer, so I have to use something else.

  35. 35
    Eolirin says:

    Here are the details of the exploit. It’s nothing particularly out of the ordinary. Other browsers have had similar issues and this doesn’t even remotely approach Apple’s broken SSL implementation.

    I think the proximity to heartbleed is just making people jumpy.

    https://technet.microsoft.com/en-US/library/security/2963983

    As a side note, enabling EMET prevents the exploit from functioning. http://support.microsoft.com/kb/2458544

    IE9+ are solid browsers, on a technical and security level at least (features and UX are much more debatable), and MS spends more resources and focus on security than the other players. It isn’t the early 00’s anymore.

  36. 36
    jheartney says:

    @CONGRATULATIONS!:

    Fire up Parallels/Virtual Box and use any flavor of IE you want.

    In which case we are no longer using OSX.

    But there are a lot of Mac folks who need to set foot in Microsoft’s world every day for work. And they’re frequently some of my more difficult users, as they are not aware of viruses, hacking, or exploits

    They probably have this bizarre idea that being a computer user shouldn’t require that you became an expert in security.

  37. 37
    CONGRATULATIONS! says:

    They probably have this bizarre idea that being a computer user shouldn’t require that you became an expert in security.

    @jheartney: No, they have an even more bizarre idea that the internet is a playground strewn with flowers and populated by unicorns, and that there could never be any bad consequences to any actions they choose to take.

    They’re a lot like children who were taught that it’s totally OK to play on a freeway.

    I’m the security expert for my workplace. I would never expect my users to be that. But I do expect that they should know enough to not play on the freeway. And a lot of my Mac users don’t. But after a couple of ruined hard drives, a ton of lost work and some unpleasant conversations with their bosses, they learn.

  38. 38
    Villago Delenda Est says:

    @Omnes Omnibus: Reminds me of the absolutely dreadful “Army of One” recruiting campaign. What, they’re trying to appeal to Randian assholes?

  39. 39
    Omnes Omnibus says:

    @Villago Delenda Est: I used it as my template. I thought it was a horrible ad campaign. I liked the “Be all you can be” campaign.

  40. 40
    another Holocene human says:

    @Roger Moore: ie arrived as competition to Netscape Navigator, actually.

    Nobody was interested so they bundled it in basically all PCs sold for a few years and told the feds it was an integral part of the operating system.

    The result was 0wnd IE, 0wnd computer. Windows came out with a built in firewall a few editions too late.

  41. 41
    What Have the Romans Ever Done for Us? says:

    I work for the federal government, and the only browser on our machines is IE. So, exactly how am I supposed to do all the stuff I have to do on the internet every day (not commenting on BJ – other actual work stuff) and follow this directive?

Comments are closed.