Major IE Vulnerability Exposed

Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

BBC

This is the tag line that has already greeted many readers today as news travels further about a serious security flaw effecting every version of Internet Explorer from 5 to the latest IE 8 beta.

The exploitation of this vulnerability has already said to have compromised as many as 10,000 websites (roughly 0.02% by Microsoft’s estimation) and been used to steal game passwords, but could potentially be used to steal other more vital information.

“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group; however, many security experts are urging users to switch to an alternative browser. Some of the more popular alternatives to Internet Explorer are Firefox, Opera, ChromeSafari, but there are many lesser known alternatives–many of them are free of charge such as Maxthon.

Microsoft is currently working on a patch for this vulnerability, however no release date has been set. This is not to say that you need to unistall IE, nor that other browsers are impervious to vulnerabilities and security flaws. Malware exists due to bugs in the code of programs, and no code is perfect. Patches continue to roll out for every platform (yes, even Mac). While it’s the responsibility of software vendors to fix and release patches in a timely manner, it’s the responsibility of the user to install the patches offered in just as an efficient time frame as well as practice safe habits both online and offline.

Advertisements

The Trinity of Search Engines

Microsoft has voiced concern that Yahoo’s intended deal with Google would violate anti-trust laws. The deal would allow Yahoo to place Google advertisements on their site and collect revenue from them. The General Counselor for Microsoft cited alleged comments from Yahoo Chief Jerry Yang regarding a “bipolar” market with Yahoo and Microsoft at one end, and Google at the other.

(Yang) said ‘If we do this deal with Google, Yahoo will become part of Google’s pole and Microsoft,’ he said, ‘would not be strong enough in this market to remain a pole of its own,”‘ Smith told the Senate Judiciary Committee’s antitrust subcommittee on Tuesday.

I find this statement rather ironic since Microsoft recently attempted to acquire Yahoo. After Yahoo’s public chastening of the software mogul, Microsoft is now backing one of the main investors, Carl Icahn, to obtain a controlling share of Yahoo and clean house amongst Yahoo’s committee members.

In defense of the deal, Google’s Chief Legal Officer David Drummond stated “Google and Yahoo will remain fierce competitors. This agreement will not remove a competitor from the field.”

The full story, albeit on Yahoo, is available here.

Windows XP Sp3 Access Denied Error

WinXpHaving just tried a couple times to install Sp3 and having still received this error–one that frighteningly hasn’t been resolved yet in Sp3–I thought I’d post a quick guide on how to get around this problem using some wicked voodoo The information contained in this guide was taken from here.

If there are any previous installations of either beta or release candidate versions of Sp3, then you must uninstall them before installing the final version.

Download and install subinact.exe.

Open Notepad (Start Menu-All Programs-Accessories-Notepad) and copy and paste the text below into the new Notepad document:

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

Save-As “reset.cmd” (yes, including the quotation marks) to C:\Program Files\Windows Resource Kits\Tools.

Now, Open My Computer and double-click the file you just created in C:\Program Files\Windows Resource Kits\Tools.

Wait for the program to finish running before continuing on (yes, it takes a while, that’s normal).

Download and install Windows XP Service Pack 3 (which, although on Microsoft’s servers, is noticeably absent from their website).

Welcome to Service Pack 3 🙂

Update: Don’t bother looking for Sp3 on Microsoft’s official website. Microsoft has pulled Sp3 for XP as well as Sp1 for Vista from their website due to

a compatibility issue between Microsoft Dynamics Retail Management System (RMS) and Windows XP SP3 and Windows Vista Service Pack 1 (SP1). Microsoft Dynamics RMS is a retail chain management solution for small and midsize customers.

Update: 5-16-08: Sp3 is now available through Microsoft’s Windows update as well as in their download center. It’s about time!

Windows XP Sp3 Release Date

WinXpWhile doing some research online, I came across this bit of information from Neowin: Microsoft will make Sp3 for XP available for download by the general public April 29th. Sp3 won’t hit automatic updates until June 10th, however. More information from Neowin available here.

What’s the big deal about another service pack for an already aged operating system? How does as much as a 10% performance boost sound? One author even suggested that users should upgrade from Vista to XP Sp3. While last month’s Sp1 for Vista provided countless bug fixes, benchmarks have shown that overall performance is actually slower than pre-Sp1. The real-world user experience sometimes is far different from synthetic benchmarks.

If you’re curious about Sp3 for XP, I’d recommend you head over to Paul Thurrott’s Faq.

Oh, and a word of warning for those of you who would be tempted to try the Release Candidate 2 Refresh…Out of impatience, I tried installing this on my system, and after several failed attempts and a good deal of voodoo (aided by searching Google), I finally was able to.