|Home » Learning Curve
IE Se7en — The Review
IE Se7en is here. It's what nobody's been waiting for. Maybe you should take a closer look?
Redmond, WA (Rixstep) -- 'We heard you', say Microsoft as they begin unleashing their latest net malware incubator on the world. And as the word spreads it becomes easy to see who have been doing their homework and who are incorrigible idiots.
Hard of Hearing?
'Now we have this, now we have that', say the Microsoft chatterboxes. But it's not about how far behind Microsoft are feature-wise and it never will be. And if that's how far you can think about it, you need brain surgery fast.
People can talk all they want about 'features' but features don't matter until the machine itself is beyond threat. As Bruce Schneier pointed out, none of us can be secure until we make everyone else secure. And a planet running Microsoft Internet Explorer is downright stupid.
That very same Bruce Schneier says that no matter what security precautions you are planning on taking you should under no circumstances use Internet Explorer. Period. Bruce Schneier is probably the most consulted security expert in the world, summoned to the US congress on a regular basis to give his take on security issues.
And Amit Yoran as his last act of office before leaving the National Cyber Security Division of the US Department of Homeland Security told everyone to never use Internet Explorer. Never.
You think things have changed? Think again.
It Doesn't Take...
... a lot of brains to see Microsoft are the perennial losers when it comes to secure programming and secure operating systems. They've created a world of confusion where even the most hard skinned experts get lost in the maze of their sloppy code.
You don't get a promotion at Microsoft for suggesting code has to be cleaned. Microsoft bought a few fuzzers and as far as they're concerned they've fixed all their security issues. Push your boss to the wall and claim the company code is buggy and you'll find yourself on a Trailways with a one way ticket out of town.
Suggest some new cool and groovy features that strangely make the software even wobblier than before and you'll get your go-ahead, a dinner on the company at Burgermeister, and maybe even a token recognition from the man himself.
The US Government Accountability Office dismissed another piece of Microsoft software years ago. They not only said it was bad, they said that you should never use it - never - no matter how many promises Microsoft and Bill Gates made, no matter how tempting it was to believe for even a nanosecond that despite all the lies Microsoft had finally got their act together.
The product was hopeless. It was structurally flawed and it could not - repeat could not - be fixed. They were reporting on Microsoft's web server software IIS, but it's the same thing here - it's pointless to even waste time considering the matter.
No other company have ever released software that's been condemned by government offices. No one.
Big Guns & Small Guns
The Washington Post's excellent security blogger Brian Krebs brings up a good point about this IE Se7en update. When asked 'why bother' by his readers, Krebs responded with the following.
Would you leave a loaded gun sitting on the table in a house with toddlers? Hopefully not. Okay, that's a little harsh, but think of it this way: lots of things on Windows use IE's built in rendering engine, and if you have a more secure version of the browser available, why not switch to it?
Why not indeed? But wait a second - doesn't this mean you are still running Windows?
Moving from IE 6 to IE Se7en does not get the loaded gun off the table - it just exchanges it for another one.
Where the Fault Lies
As Microsoft's Windows Explorer is not really a file manager but merely a pretty face on the system's built-in file management, their Internet Explorer is not really a web browser but merely a pretty face on it. The fault must lie lower - in common modules shared as well by all Microsoft web applications such as their infamous Outlook.
'Fixing' Internet Explorer is not the battle: fixing the logic that runs Internet Explorer is. Or could be. But even that doesn't go deep enough.
The CLIX Exchange forum has of late recorded a number of scary tales recounted by PC repairmen brought in to cure Windows PCs of their ills.
Some new high scores:
Ad-Aware found something like 450 bad things. Bad, not the highest number I've seen (that was in the thousands), but serious stuff. Ran it in normal and in safe modes. Still a ton of crap.
AVG anti-virus found 3,460 instances of viruses/trojans. That was in one shot, then there were all the individual instances that showed up - and keep showing up!
I'm running Rootkit Revealer now.
This system is a basket case. The only reason I'm wasting time on it is that I have to talk to the owners about what they want copied off of here. The less the better! But there are 4 accounts on it.
In the meantime, I'm getting in some good practice almost delousing this sucker.
IE keeps starting itself up along with a couple of "applications" called Project1 which I can end in Task Manager, but which can't be located via a search. Even Firefox, which I installed, keeps launching and coming up with popped up tabs, etc.
Why would anyone buy anything vulnerable to this kind of crap? Speaking of which, about 2.25 GB of the files were infected. They were down to just over 100 MB of available space!
This isn't marginal misbehaviour. This is anarchy. Microsoft software brings about anarchy. It makes our planet unsafe.
It doesn't take a computing genius to realise Microsoft are unconscionable losers when it comes to software engineering. The planet's been collapsing under the incessant onslaught of malware targeted at Microsoft software for ten years. Microsoft have never made any improvements. It's time to move on - even a three year old can see that.
'Fool me once', goes the classic saying. Anything can get through one time. No matter how well security firms batten the hatches, there will always be the special ops people, the Kevin Mitnicks, to sneak through. But parasites need something to feed on - otherwise they become extinct.
In the case of Microsoft software, it's a regular hacker's banquet every day. Malware exists because Microsoft products invite the malware in. Get rid of Microsoft products on the Internet and 99% of the people writing malware out there today will be out of work.
It's not a marginal difficulty either: it's really really serious. The Internet today, thanks to Microsoft, is total anarchy. It's a bad neighbourhood. Where no one goes safe.
What They're Saying
Both USA Today and Computerworld have roundups of blog opinion on the new IE Se7en. Is there anything one can learn from reading through these roundups?
- Geek News Central: 'All I can say is that it's about time.' Really? So you idiots at Geek News Central have been sitting around the past six to ten years still running Windows?
- San Francisco Chronicle's TechBlog: 'If you are an IE6 user, I highly recommend you grab IE 7 and start using it.' This is even worse - for this character is telling people outright to use the danged thing despite the competition being better in the features department.
- Preston Gralla: 'It's been a long time coming, but Internet Explorer 7 is here at last. If you're dying to get your hands on the new browser... ' What a nut cake. He really thinks there are idiots out there who want IE Se7en?
You can read the following in all the comments: open source browser fanatics or not, they're still running Windows.
It's as if they all fell into a time warp so they didn't register anything that happened in the last ten years and didn't do the research either.
Don't Be a Loser
The morale of the story? You shouldn't be running Windows anyway. IE Se7en or not IE Se7en is a moot point: the flaw - that annoying flaw that keeps hitting IE users year after year - isn't in the browser and it's not going to be cured by any new flaky idea Microsoft come up with.
So do your own research. Start now. For starting now there's no excuse for not being secure. There's no excuse for using Microsoft products.