

If you're visiting family over the holiday, turn off Internet Explorer.  - FSecurePal
http://www.f-secure.com/weblog/archives/00002080.html

======
jakevoytko
Follow the OP's advice: don't remove IE unless it is unused! You may lose a
convert by removing it without explanation.

My parents navigate the Internet by clicking the arrow next to the address
bar, and clicking the webpage they want to use. The last time I tried
converting them, they also used work-related webpages with ActiveX controls,
which no sane browser would ever support. Tech is slow outside of the tech
industry.

My parents' Chrome usage would be a play in three Acts:

Act 1: _Confusion_. "Where did my Sites go? The ones that were on top. I used
to click something to click the sites, but now that's gone. There's no arrow!
I have to open History? I didn't have to do that before. Where did my Homepage
go? What's a 'tab'?"

Act 2: _Judgement_. "I had this the way I like it before. I don't think I can
get used to using this. And I couldn't use the Work system, so I have to keep
switching between things."

Act 3: _Trashbin_. "That Google thing? I uninstalled that. We didn't like it.
And we couldn't use it for Work."

As they say, the best user interface is the one you already know how to use.

~~~
Maskawanian
Use IETab for those specific websites, seamless support.

~~~
seabee
Not seamless in my experience. There is one site in particular that I need to
use whenever my domains need renewing; the javascript menus didn't work in the
IE tab, but was just fine viewed from IE itself. Not a clue why.

~~~
mMark
I've had the same problem with a couple government websites up here in Canada
(don't ask why our Canadian Gov websites aren't compatible yet... incredibly
frustrating).

Installed a fully secured suite of FF in a law office w/IETabs. Forms wouldn't
load in it. Chaos ensued.

None of them ever used FF again and now tell everyone it's "that crappy
program tech support installed".

Now I didn't uninstall IE but I hid the icon. Lesson learned. Just leave the
icon in their quicklaunch with FF on the left of it. Instruct them to use the
orange icon because it's safer and faster. If they don't use it and their
computer gets fubar'd you can just tell them that you told them so and fix it
up for them.

~~~
windsurfer
I worked for Public Works and Services Canada, and all our sites must be
compatble with IE 6 and Firefox 3.0 before they are pushed to production.

------
stevefink
As a developer who's deeply tied into web technologies, I cannot help but grin
at this post. Unfortunately, I know where this is going to lead, however. My
mother visits a site that embeds WMV-based videos for her Russian TV shows. It
was not until she purchased a new MacBook that I realized that this was the
site she visits 90% of the time she's on the Internet. I thought installing
Flip4Mac would solve her crisis, and it partially did, video and audio came in
through Firefox as expected. With that said, seeking within the video does not
work as naturally well as it does in IE. In fact, it doesn't work at all. The
end result was I purchased my mother VMWare Fusion 3, a copy of Windows XP,
and ended up having to tutor her on the usage of a virtual machine, the
mechanics between how to seamlessly work with the two operating systems, etc.
I still get daily tech support calls that eat up a lot of my personal time,
now not only for the MacBook, but for VMWare Fusion, Windows XP and IE/Safari
usage.

The web developer in me loathes IE for obvious reasons which will not be
reiterated here for the billionth time. The son in me kind of wishes my mother
just had a simple netbook running windows xp, IE, and nothing else.

~~~
eru
You can install Windows XP on a Macbook.

~~~
rm-rf
And install all it's vulnerabilities on your Mac?

~~~
eru
Yes. And its ugliness.

------
NathanKP
Better yet, why not install Google Chrome and replace their Internet Explorer
link with a link to Google Chrome? Just make the link have IE's icon so that
they don't wonder where the internet has gone.

They will marvel about how you "made their internet faster." I like to make it
even easier for people by making two different links: one called "Internet"
which takes them to Google, the other called "Email" which takes them to their
web email. The results are instant simplification, security improvement, and
general betterment of the web by migrating more people to the Webkit rendering
engine.

~~~
JonnieCache
My tip is to simply install an IE-simulating theme for firefox:
<https://addons.mozilla.org/en-US/firefox/addon/4129/>

Then install the following extension to change the titlebars:
<https://addons.mozilla.org/en-US/firefox/addon/57/?id=57>

Finally a bit of desktop shortcut renaming and icon-customisation, and mother
will never be any the wiser!

~~~
Xuzz
It's kinda sad... but I've actually done exactly that before.

------
trotsky
Current 0-day or no, you'll be doing much more good in the long run if you
replace the pre-installed acrobat reader with a 3rd party viewer.

~~~
w1ntermute
It's not even preinstalled, so it shouldn't be that difficult. Foxit and
Sumatra PDF are both great choices.

~~~
wwortiz
If they are a regular computer purchaser (i.e. buy from a manufacturer like
hp, dell, etc.) it most certainly is preinstalled along with and old version
of java and an old version of flash for their convenience.

~~~
w1ntermute
Wow, I didn't know this was the case. I always immediately image the hard
drive, then wipe it and install Linux. I was under the impression that Java,
Flash, and Adobe Reader had to be manually installed. Isn't it bad security-
wise to bundle old versions of them? If the user puts off upgrading, they
could easily get hit by an old vulnerability.

~~~
wwortiz
That is pretty much the main point of my comment is that they bundle these old
versions and so many people just click no when java asks to update (I haven't
seen a popup for flash so I don't know how many answer yes to that) and adobe
only has a tray icon when the reader needs to update (which is perpetually
there on so many machines).

One of the biggest annoyances for me with new windows laptops is that many of
the manufacturers no longer send the windows cd to reformat if they send a cd
at all it is to recover back to the condition with all crapware installed.

HP now has a recovery manager to create recovery disks for you and the last hp
computer I saw had to create 5 dvds in order to recover to that state (which
would probably require something like a 6 hour reinstall).

It is a sad state if you ask me that you get this now because it allows
manufacturers to take away cost by bundling shareware with the computer, just
a few years ago toshiba was still shipping legitimate windows cds which
allowed you to reformat to normal windows.

~~~
w1ntermute
> HP now has a recovery manager to create recovery disks for you and the last
> hp computer I saw had to create 5 dvds in order to recover to that state
> (which would probably require something like a 6 hour reinstall).

And you can only create one set of recovery discs. I was creating recovery
discs one time several years ago and the burn process failed. I had no way to
start over. I never needed Windows on that computer, but if I had, I'd have
had to fork over another $50 to Lenovo to get a set of discs.

That's why these days I just use Clonezilla to image the entire hard disk
before Windows can even boot up for the first time. From that image, I can
always restore Windows to its exact original state, and it's generally a hell
of a lot faster than installing from optical media. Not to mention I can make
as many copies of that Clonezilla image as I want, and store it
wherever/however I want (local backup vs. offsite backup, optical media vs.
hard drive vs. tape drive).

~~~
wwortiz
Well it at least seems to verify discs now.

------
lgeek
Actually my parents are using a Debian box with Chromium. I found it is a lot
easier to manage remotely than a Windows box; it's really low maintenance;
they won't grab malware and the Gnome desktop can be really dumbed down - I
only left the window switcher, shortcuts for chromium and skype on the panel
and on the desktop, time and date, volume control.

~~~
TomasSedovic
Have you somehow got Flash working correctly or don't they use it?

I've never seen a Linux system running Flash as "smoothly" as Windows do.
That's on Arch, Fedora and Ubuntu on fairly modern computers with decent
specs. 32bit seems to be better than 64bit but it's still slow and buggy.

~~~
aceofspades19
I've never seen flash run smooth on any os

~~~
TomasSedovic
Fair enough, but it's got much better performance on Windows than on Linux.

~~~
cookiecaper
Sure, but it's still definitely usable on Linux, as much as we'd like to avoid
using it. YouTube, Zynga, and most other sites that laypeople use that depend
on Flash work acceptably.

------
vinhboy
Saw this bug on a security researcher's tweet couple of weeks ago:
<http://seclists.org/fulldisclosure/2010/Dec/110>

Today found a great write up about how to exploit it here:
[http://www.breakingpointsystems.com/community/blog/ie-
vulner...](http://www.breakingpointsystems.com/community/blog/ie-
vulnerability/)

I have no idea what any of it means. If anyone has any good links that teaches
newbie concepts to these things, please do share. Thanks.

------
topbanana
Is IE8 really so bad?

~~~
rm-rf
The more interesting question: Is IE8 significantly worse than the
alternatives?

I think not.

All major browsers on all common operating systems have exploitable
vulnerabilities often enough that switching browsers will not solve the
problem.

~~~
fjarlq
But all major browsers are not targeted with the same vigor. IE is targeted
much more vigorously because the criminals stand to gain much more from their
efforts than if they target, say, Opera.

Also, Chrome's sandboxing is designed to assume the browser will have
exploitable vulnerabilities, so there are two hoops that the exploit must jump
through instead of just one. In this latest IE vulnerability there is only the
one hoop and then on most machines the exploit has acquired administrator
privileges.

~~~
rm-rf
Because of it's market share? Perhaps.

------
endlessvoid94
I convinced them to switch to a new iMac.

Mission accomplished.

------
mmaunder
That frozen-industrial-wasteland photo of Helsinki is awesome.

------
bgmccollum
Uh...Chrome Frame?

------
maeon3
1\. Remove all shortcuts to Internet explorer from the start menu,
mydocuments, desktop, and search menus.

2\. Install latest version of firefox, use IE themes.

3\. Make a shortcut to start firefox, but change the icon to internet
explorer, the retarded blue 'e' symbol.

4\. Make sure you get all the bookmarks copied over.

5\. Make sure any buttons, keys or special behavior moved to equal features on
firefox.

6\. Also put some firefox shortcut icons around the start menu and desktop.

They won't even notice anything is different, and if they do, tell them they
had to radically update it so that it would be more secure and faster.

If they were tech savvy enough to notice what you were doing, they would have
the skill to change it back, and most likely would be already using firefox.

~~~
rm-rf
And then Firefox will announce a zero-day. What will you have gained?

~~~
fjarlq
You'll have gained more time to obtain a fix, because Firefox vulnerabilities
are not attacked as swiftly and as broadly as IE vulnerabilities.

~~~
rm-rf
I haven't seen any evidence of that. Do you have some data that you can share?

One thing that I have noticed is that Mozilla tends to push Firefox fixes out
as soon as they are ready, rather than waiting for a monthly patch cycle. For
a home user, that's probably good (but annoying). For a corporation, it's
royal pain.

