Users of the world's most common web browser have been advised to switch to another browser until a serious security flaw has been fixed.
...
Microsoft says it has detected attacks against version seven of the browser - its most widely used edition. But the company warned that other versions were also potentially vulnerable. (LINK (http://news.bbc.co.uk/1/hi/technology/7784908.stm))Why would anyone bother to switch back?

Official according to 'Trend Micro'.

Official according to 'Trend Micro'.That's true; Microsoft do seem to be keeping remarkably quiet about the problem and certainly aren't encouraging their users to abandon MSIE in favour of Firefox, even in their suggested workarounds - Link (http://www.microsoft.com/technet/security/advisory/961051.mspx).

It's quite a misleading article actually as it very much created the impression (with me at least) that it was Microsoft recommending the change. It was only my second read through that I really noticed the bit at the bottom about it being an advisor from Trend Micro recommending that.

I recommend that users of Trend Micro switch to another AV product because PC-cillin is a massively over-weight application that hogs anything less than a quad core high-performance PC. Sorry, but I'd rather deal with a virus if I'm unlucky enough to get one than infect my system with a resource-killing application such as PC-cillin.

As for MSIE - that's scary stuff indeed :(

It's ridiculous how linked in to the O/S MSIE is. The O/S should provide the security, the browser should operate within that framework.

Good, in a way, hopefully this will be another nice shove to getting people on better, more compliant browser. My job will be a lot easier if Firefox become the market leader.

Absolutely nothing wrong with IE 7. Pretty quick, very compatible, I don't use add-ons and just works straight from the tin.

Before anyone shouts noob bias, I'll add I have an MSc in Software Developent with Distinction and 6 years J2EE development.

I'll add I'm not surprised by another anti MS article from the BBC; how they've not been picked up on their agenda yet is unfathomable.

Absolutely nothing wrong with IE 7

Did you not read the opening link?

The one where Microsoft recommend pretty much crippling your browser and user account because there is a gaping hole in IE7, IE8 and probably IE6? :p

Well, there obviously is something wrong with it :p. Microsoft said so and the people who have been stung will also tell you the same.

Even if nothing was wrong with it it's still out performed by many other browsers, uglier and less inviting to use than Firefox. I've used Firefox for years now and can't ever see me going back to IE, I just don't like it.

Absolutely nothing wrong with IE 7. Pretty quick, very compatible, I don't use add-ons and just works straight from the tin.

Before anyone shouts noob bias, I'll add I have an MSc in Software Developent with Distinction and 6 years J2EE development.
Then I'm sorry Booie but you should know IE7 is 'very compatible' because designers have had to case a lot of code specifically for it, and that isn't right.

I'm a fan of MS, make no mistake, but considering the browser share they have simply by association with Windows, they just haven't done good enough with IE - both in terms of standards compliance and security. IE7 is better than IE6, and hopefully IE8 will be better still, but there are definitely things wrong with IE7 - just as there is with Firefox, Safari and Opera, but at least their standards compliance is leaps better than IE.

Did you not read the opening link?

The one where Microsoft recommend pretty much crippling your browser and user account because there is a gaping hole in IE7, IE8 and probably IE6? :p

There's a security flaw they've admitted to that will soon be fixed; hardly means it's bad per se.

Here's a list of firefox security vulnerabilities: http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

Let's not get hung up on any of these as they're not MS though.

Then I'm sorry Booie but you should know IE7 is 'very compatible' because designers have had to case a lot of code specifically for it, and that isn't right.

I'm a fan of MS, make no mistake, but considering the browser share they have simply by association with Windows, they just haven't done good enough with IE - both in terms of standards compliance and security. IE7 is better than IE6, and hopefully IE8 will be better still, but there are definitely things wrong with IE7 - just as there is with Firefox, Safari and Opera, but at least their standards compliance is leaps better than IE.

I agree with their compliance; heck I used to write enough pages to know but as an end user as it's the most popular browser you're more guaranteed to have the pages you visit work first time.
I've tried IE8 and I didn't like it much with many many sites completely broken and the need to run it virtually all the time in IE7 compatability mode. Hopefully they'll fix it all before launch.

There's certainly things wrong with it as there is Firefox (which I felt was completly broken at the launch of version 3) and the other browsers. I just feel this is sensationalist BBC reporting against an easy target.

... I've used Firefox for years now and can't ever see me going back to IE, I just don't like it.It would be nice if Windows Update didn't insist on using MSIE.

Good, in a way, hopefully this will be another nice shove to getting people on better, more compliant browser. My job will be a lot easier if Firefox become the market leader.
Don't hold your breath. I imagine more and more SaaS apps to be deployed on the IE platform and as a result, it will maintain its position, for many years yet, as the corporate choice; and try convincing an organisation who rely on Sharepoint and products such as MS Dynamics that they should use FF or Opera.

Indeed, a real shame but very true. We have several internal Web 2.0 SaaS-type packages that struggle to work on anything but IE - one is our timesheet package and the other is our main project planning package. They do both sort of work on non-IE, but with annoyances that mean I just end up going back to running them on IE again. :'(

If we, as a software house, struggle with this sort of issue, you can bet that less tech-centric companies than us just don't bother trying.

I've tried IE8 and I didn't like it much with many many sites completely broken and the need to run it virtually all the time in IE7 compatability mode. Hopefully they'll fix it all before launch.

All this browser talk got me trying the newer beta for IE8 (they sent me an email quite recently) and I'm far more impressed than beta 1. All my favourite sites seem to work fine and my god if it isn't quick.

The extra security (InPrivate Browsing was the only really good thing I took from Beta 1) isn't a bad thing either.

And the fix is out, for those so inclined...

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Already been offered it on at least one machine by Windows Update.

I'll give it to them, they're quick.

Well, 7 days since they initially acknowledged it on their site, where they implied they already knew about it before then.

Not bad but still room for improvement.

Forgive me for being totally uninformed, but i've always wondered this:

Is one of the reasons so many security flaws are found in windows software because more people actually look for them? By that i mean, as windows is the dominant operating system and IE the dominant internet browser, if someone wants to cause some havoc then designing an exploit/virus for those platforms is the way to go.

Surely OSX, Linux, Firefox etc do have places where they could be exploited too? I don't believe those guys have managed to create completely secure software, but then i've also never heard of an OSX virus or a Firefox exploit so maybe i'm just wrong?

All that aside, IE is a pants internet browser anyway :p

There is no doubt that Windows and MSIE are always going to be a more attractive target for anyone trying to develop an "exploit". As you say, they totally dominate the market and are likely to be the software used by any "naive" user who doesn't care about any claimed refinements in OSX, Linux, Firefox, Safari, Opera, etc.

As to MSIE being pants - 99% of browser users neither know nor care whether it is or not; it is available by default on the majority of new systems, broadly speaking it does what people want a browser to do and there is most chance that it will work with any web-site they visit.

I used to subscribe to the market share argument, but not as much these days.

Attackers will going for the easiest win with the least effort. Apache on Linux is by far the most common web server setup out there, but it's IIS which is targetted because it's less effort to exploit.

And the fix is out, for those so inclined...

http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx

Already been offered it on at least one machine by Windows Update.
I can't even connect to Windows Update this morning for some reason :/

I was suffering from that a fair bit yesterday and assumed it was just me. :dunno: