For anyone who hasn't heard about this, experts are recommending switching to another browser.
Here's the link; Major flaw revealed in Internet Explorer; users urged to switch : Christopher Null : Yahoo! Tech

[dazman]

Thanks for that Gary. I use (& recommend) Firefox on my home computers, but still use IE at work...time to switch to Firefox.

[jct us101]

The only flaw with Internet Explorer is that IT'S INTERNET EXPLORER.

[MoiVous]

The only flaw with Internet Explorer is that IT'S INTERNET EXPLORER.

Precisley - and according to the article, its been there since IE5. What's more, M$ bought the original from NCSA and can't have revised the core app (typical). Their competitors have (FF3 is all new, Opera is unique, and Safari/Chrome are a new architecture)

I dumped IE years ago, and when they tried to stop us using it at work, I found a few workarounds to use FF and Opera

[séamuis]

Firefox. seriously, just use Firefox and not worry about it. why doesn't everyone use Firefox anyway? if I'm not browsing with Firefox its Songbird (Mozilla). its completely beyond my comprehension , why people still use IE. Microsoft makes good products, and I still use Win XP, but IE is now and always has been trash.

[J.Scott]

Precisley - and according to the article, its been there since IE5. What's more, M$ bought the original from NCSA and can't have revised the core app (typical). Their competitors have (FF3 is all new, Opera is unique, and Safari/Chrome are a new architecture)

I dumped IE years ago, and when they tried to stop us using it at work, I found a few workarounds to use FF and Opera

I use Mozilla Firefox on my personal computers. I was using it at work until I got a nasty email telling me to delete it from my laptop immediately as it was a security risk to the Company's assets! Oh well, it's their machine and their system and they will be the losers. Most of our work is done through a VPN so maybe they will be alright - I'm not sure.

[ftpaddict]

He who still lives in the stone age uses IE.

[MoiVous]

I use Mozilla Firefox on my personal computers. I was using it at work until I got a nasty email telling me to delete it from my laptop immediately as it was a security risk to the Company's assets! Oh well, it's their machine and their system and they will be the losers. Most of our work is done through a VPN so maybe they will be alright - I'm not sure.

I had this discussion with the IT people at my work, and the only real reason they wouldn't use FF was because the wet behind the ears IT people at head office didn't know about the deployment features of FF to secure the browser for corporat policy (ie content filters, bypassing proxies etc). I pointed it out to them (with URLs etc), but they ignored me. It was too hard for their tiny little corporate minds.

I actually use FF, Opera, IE (from 5.5 to 8beta), Safari and Chrome to test our dept web pages. Given that 27% of our traffic is FF. As their policy is stopping me effectively doing my work my boss and I feel that bypassing their ignorant policy is justified (IE is NOT standards compliant - still!). How else do I test web pages? And I frequently find differences between the browsers (IE being the worst offender).

On the other hand, if you read the SysAdmin SMS forums - we are the bad guys. Reminds me of the days of white coated acolytes in air conditioned computer rooms with 20 pens in their pockets who treated system users with contempt....

BTW, FF was probably detected by Microsoft System Management Server on your laptop - a dump app (from Microsoft of course) that looks at your Uninstall entries in registry. If you hide them (and there are apps to do it) you can continue with FF.

The other thing they tried was to remove the Javascript DLL with Potentially Unwanted Programs apps (as in McAffee) - but there are work arounds for that too.

So if you really want FF or Opera back, you can get them.

[newmikey]

BTW, FF was probably detected by Microsoft System Management Server on your laptop - a dump app (from Microsoft of course) that looks at your Uninstall entries in registry. If you hide them (and there are apps to do it) you can continue with FF.

In a corporate environment as friendly as that: run Portable Firefox from a stick! See PortableApps.com - Portable software for USB drives

[ve2vfd]

I've been using Opera forever... who needs IE?!

Pat

[Arpe]

My IE has been patched already. MS are onto it.

[ChrisPlatt]

Yeah, no sweat. Just downloaded the patch...

Chris

[cpopham]

Before I begin a giant rant, let me explain that while I'm not a sys admin, I have worked IT support before (I'm a software developer now).

For what it's worth, I also use Opera, except for specific job related things.

Firefox. seriously, just use Firefox and not worry about it. why doesn't everyone use Firefox anyway?

I don't really want to get into a giant debate about it, but Firefox isn't perfect on the security front, either. All software has security issues, unfortunately.

I use Mozilla Firefox on my personal computers. I was using it at work until I got a nasty email telling me to delete it from my laptop immediately as it was a security risk to the Company's assets! Oh well, it's their machine and their system and they will be the losers. Most of our work is done through a VPN so maybe they will be alright - I'm not sure.

I don't understand why people have this strange idea that the computer their employer provides for them is their personal playground. Your employer pays for it, your work pays for the costs of its upkeep, and if your employer decides to restrict you from doing doing something, I don't understand why people take such umbrage to it.

The fact of the matter is that unauthorised, software IS a risk to the company one way, or another. For one, there is the licensing concern - if you pirate software onto a company machine, your company is typically legally liable for this. For another, consider this not entirely unrealistic scenario:

Say that your employer has a web based system in which employees can look up and change their HR records (e.g. bank account numbers for pay, etc). Suppose due to a screwup by the developers of the system, something doesn't work right in Firefox, and as a result, your bank account number gets garbled, and the company pays someone else instead of you. You're not going to be happy, and neither are they.

Now, you might say, "but it's the fault of the developers of the HR system", and you're sort of right, BUT cross browser compatible web applications cost more money than IE only ones, simple as that. They cost more to develop, and they cost more to test. Would you be happy for the extra costs to come off your paycheque?

I had this discussion with the IT people at my work, and the only real reason they wouldn't use FF was because the wet behind the ears IT people at head office didn't know about the deployment features of FF to secure the browser for corporat policy (ie content filters, bypassing proxies etc). I pointed it out to them (with URLs etc), but they ignored me. It was too hard for their tiny little corporate minds.

Which is great, except that last time I looked, the Group Policy features of Firefox STILL DIDN'T ACTUALLY WORK PROPERLY, and the user was still capable of overriding them. It's not a case of their tiny corporate minds anything... IT JUST PLAIN DOESN'T WORK.

On the other hand, if you read the SysAdmin SMS forums - we are the bad guys. Reminds me of the days of white coated acolytes in air conditioned computer rooms with 20 pens in their pockets who treated system users with contempt....

That's because you ARE the bad guys. For whatever reason, someone has set a corporate policy, and IT is instructed to enforce it. When you try to go around the policy, you waste everyone's time, and you waste company money. If the IT staff don't enforce the policy as they are required to do, then they put their jobs at risk. When they have to spend time trying to catch you, it's wasting time they could be spending actually validating third party software. This in turn is wasting company money. In fact, you're wasting even more company money with the time you spend trying to get around the policy...

I see that you do, in fact have a good reason to have these programs... So why aren't you following proper channels to get them approved so you can do your job? All you're really doing right now is generating a possible case for dismissal based on misconduct should some senior manager ever get upset about you violating the policy.

Having been on both sides of the IT / Users fence, I understand a lot of the frustrations of both sides. It helps if you accept that they have a job to do, and work with them to get what you want.

Oh, and for what it's worth, I have every browser you just named, and more on my work pc (for the same reason you do) WITH APPROVAL - I sought permission through the proper channels before installing them.

[séamuis]

I don't really want to get into a giant debate about it, but Firefox isn't perfect on the security front, either. All software has security issues, unfortunately.

I never said FF was perfect, do not make assumptions. I am very aware that FF like all software has flaws regarding security. but nobody can deny that FF is a far better browser regarding security, compatibility, user expandability & customization, ease of use, reliability, etc, etc, etc. so my point still stands. and since I do not work in an office in front of a PC all day I guess the rest doesn't apply to me.

[MoiVous]

That's because you ARE the bad guys. For whatever reason, someone has set a corporate policy, and IT is instructed to enforce it. When you try to go around the policy, you waste everyone's time, and you waste company money. If the IT staff don't enforce the policy as they are required to do, then they put their jobs at risk. When they have to spend time trying to catch you, it's wasting time they could be spending actually validating third party software. This in turn is wasting company money. In fact, you're wasting even more company money with the time you spend trying to get around the policy...

I see that you do, in fact have a good reason to have these programs... So why aren't you following proper channels to get them approved so you can do your job? All you're really doing right now is generating a possible case for dismissal based on misconduct should some senior manager ever get upset about you violating the policy.

I knew a SysAdmin type would chastise me..... I regularly check out a few SysAdmin forums on the latest control freak buzz - so I know their problem. I also note that many of them regard users as fools - not a good attitude either IMHO.

But to answer your criticisms - I have tried to talk to them - repeatedly! (you should see my file on it....). I have written letters with all the justification, countersigned by my dept head. I've even spoken on the phone to the head of IT, but been told it is not policy. We don't do things of this nature lightly, but the policy makers think that one size fits all. It does not.

So as you can see, we try to use channels to get things done, but they don't have any real understanding and will not listen. The real joke is that ALL of the IT account managers are bypassing the policy too using apps like IceWeasel and Chrome.

And as for wasting money - they waste money too by not consulting with users about impacts of their policy. My bypassing of their ignorant policy increases productivity for a small expense of finding the solution.

I can understand the SysAdmins predicament in general (they are caught in the middle) but they administer poorly developed policy.

If policy makers set foot in a real work environment dealing with clients they might set policy more appropriately! It can happen - I've seen worksites with clever user policies that fit a workers needs! Guess I've offended a few policy makers too.....