Hacker News new | past | comments | ask | show | jobs | submit login
If you're visiting family over the holiday, turn off Internet Explorer. (f-secure.com)
204 points by FSecurePal on Dec 24, 2010 | hide | past | web | favorite | 58 comments

Follow the OP's advice: don't remove IE unless it is unused! You may lose a convert by removing it without explanation.

My parents navigate the Internet by clicking the arrow next to the address bar, and clicking the webpage they want to use. The last time I tried converting them, they also used work-related webpages with ActiveX controls, which no sane browser would ever support. Tech is slow outside of the tech industry.

My parents' Chrome usage would be a play in three Acts:

Act 1: Confusion. "Where did my Sites go? The ones that were on top. I used to click something to click the sites, but now that's gone. There's no arrow! I have to open History? I didn't have to do that before. Where did my Homepage go? What's a 'tab'?"

Act 2: Judgement. "I had this the way I like it before. I don't think I can get used to using this. And I couldn't use the Work system, so I have to keep switching between things."

Act 3: Trashbin. "That Google thing? I uninstalled that. We didn't like it. And we couldn't use it for Work."

As they say, the best user interface is the one you already know how to use.


I hopefully installed Chrome and set it as the default browser on my mom's new Windows 7 machine. Things seemed fine for a while, until I got an e-mail from her saying that whenever she clicked a link from her e-mail (Outlook, unfortunately), she'd get Chrome's "Aw, Snap!" error message -- which, incidentally, she found obnoxious.

Sure enough, it turns out that this is a common issue that occurs when a link in Outlook is followed and Chrome isn't currently running. (Things work fine if it's already up.) Whether this is a Chrome issue or an Outlook issue is unclear to me, but the bottom line is similar to above.

Use IETab for those specific websites, seamless support.

Not seamless in my experience. There is one site in particular that I need to use whenever my domains need renewing; the javascript menus didn't work in the IE tab, but was just fine viewed from IE itself. Not a clue why.

I've had the same problem with a couple government websites up here in Canada (don't ask why our Canadian Gov websites aren't compatible yet... incredibly frustrating).

Installed a fully secured suite of FF in a law office w/IETabs. Forms wouldn't load in it. Chaos ensued.

None of them ever used FF again and now tell everyone it's "that crappy program tech support installed".

Now I didn't uninstall IE but I hid the icon. Lesson learned. Just leave the icon in their quicklaunch with FF on the left of it. Instruct them to use the orange icon because it's safer and faster. If they don't use it and their computer gets fubar'd you can just tell them that you told them so and fix it up for them.

I worked for Public Works and Services Canada, and all our sites must be compatble with IE 6 and Firefox 3.0 before they are pushed to production.

As a developer who's deeply tied into web technologies, I cannot help but grin at this post. Unfortunately, I know where this is going to lead, however. My mother visits a site that embeds WMV-based videos for her Russian TV shows. It was not until she purchased a new MacBook that I realized that this was the site she visits 90% of the time she's on the Internet. I thought installing Flip4Mac would solve her crisis, and it partially did, video and audio came in through Firefox as expected. With that said, seeking within the video does not work as naturally well as it does in IE. In fact, it doesn't work at all. The end result was I purchased my mother VMWare Fusion 3, a copy of Windows XP, and ended up having to tutor her on the usage of a virtual machine, the mechanics between how to seamlessly work with the two operating systems, etc. I still get daily tech support calls that eat up a lot of my personal time, now not only for the MacBook, but for VMWare Fusion, Windows XP and IE/Safari usage.

The web developer in me loathes IE for obvious reasons which will not be reiterated here for the billionth time. The son in me kind of wishes my mother just had a simple netbook running windows xp, IE, and nothing else.

Flip4Mac isn't my idea of good Mac software. I have it installed on my Mac but basically, it um, isn't good.

I don't have any problem viewing WMVs and doing whatever with them on Linux. Is VNC or mplayer available for Mac OS?

I suggest bootcamp/winxp native install, and just abandon the mac half of it.

You can install Windows XP on a Macbook.

I know it sounds crazy, but I've found teaching my mother to use VMWare had an easier learning curve than BootCamp.

And install all it's vulnerabilities on your Mac?

Yes. And its ugliness.

> The end result was I purchased my mother VMWare Fusion 3, a copy of Windows XP, and ended up having to tutor her on the usage of a virtual machine, the mechanics between how to seamlessly work with the two operating systems, etc. I still get daily tech support calls that eat up a lot of my personal time, now not only for the MacBook, but for VMWare Fusion, Windows XP and IE/Safari usage.

Just enabling Unity for MSIE doesn't work well enough?

Better yet, why not install Google Chrome and replace their Internet Explorer link with a link to Google Chrome? Just make the link have IE's icon so that they don't wonder where the internet has gone.

They will marvel about how you "made their internet faster." I like to make it even easier for people by making two different links: one called "Internet" which takes them to Google, the other called "Email" which takes them to their web email. The results are instant simplification, security improvement, and general betterment of the web by migrating more people to the Webkit rendering engine.

My tip is to simply install an IE-simulating theme for firefox: https://addons.mozilla.org/en-US/firefox/addon/4129/

Then install the following extension to change the titlebars: https://addons.mozilla.org/en-US/firefox/addon/57/?id=57

Finally a bit of desktop shortcut renaming and icon-customisation, and mother will never be any the wiser!

It's kinda sad... but I've actually done exactly that before.

in my experience, they will marvel at the speed for a little while... until a favorite website doesn't display correctly for whatever reason. Then it becomes my job to play tech support.

Other than Windows Update (which non-technical users shouldn't be running manually anyway), I can't even remember the last site I've been do that didn't work perfectly on Chrome (or Firefox). Examples?

On the other hand, we're getting to the point where some newer sites render poorly in IE, run very slowly, are missing features, or don't work at all. HTML5 and intensive JavaScript may be on the verge of reversing the old conventional wisdom about using IE for widest compatibility.

Lots of Korean websites are still stuck requiring IE, unfortunately. Many banking sites require some ActiveX security plugin in order to log in.

>ActiveX security plugin

Irony at its finest

Yeah, tell me about it. You'd think in a country that's as high-tech as Korea they'd find a better way. Some banks even require you to install Windows desktop software to generate keys for login.

Current 0-day or no, you'll be doing much more good in the long run if you replace the pre-installed acrobat reader with a 3rd party viewer.

Just like IE, sometimes you have to use Adode Reader. I deliberately removed Acrobat from my mom's iMac and set Preview.app as the default. Worked fine for years until I got a call a few days ago about a PDF she needed to open to do some work. Sure enough, it was some sort of interactive PDF that only seemed to work with the Adobe Reader.

I've had this before too. I haven't tested for a few versions, but I know that evince was unable to open USPS shipping labels, and I had to go install Acrobat Reader for Linux on my parents' computers. :(

I've had the same problem using Preview. While recent versions of Preview might open the USPS labels, they did not render as well as they did in Acrobat. An earlier version of Preview did a better job of rendering.

This is really good advice - Adobe's reader is a performance destroyer. Foxit is getting bogged down with features but Sumatra [1] is simple and super fast.

[1] http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-read...

It's not even preinstalled, so it shouldn't be that difficult. Foxit and Sumatra PDF are both great choices.

If they are a regular computer purchaser (i.e. buy from a manufacturer like hp, dell, etc.) it most certainly is preinstalled along with and old version of java and an old version of flash for their convenience.

Wow, I didn't know this was the case. I always immediately image the hard drive, then wipe it and install Linux. I was under the impression that Java, Flash, and Adobe Reader had to be manually installed. Isn't it bad security-wise to bundle old versions of them? If the user puts off upgrading, they could easily get hit by an old vulnerability.

That is pretty much the main point of my comment is that they bundle these old versions and so many people just click no when java asks to update (I haven't seen a popup for flash so I don't know how many answer yes to that) and adobe only has a tray icon when the reader needs to update (which is perpetually there on so many machines).

One of the biggest annoyances for me with new windows laptops is that many of the manufacturers no longer send the windows cd to reformat if they send a cd at all it is to recover back to the condition with all crapware installed.

HP now has a recovery manager to create recovery disks for you and the last hp computer I saw had to create 5 dvds in order to recover to that state (which would probably require something like a 6 hour reinstall).

It is a sad state if you ask me that you get this now because it allows manufacturers to take away cost by bundling shareware with the computer, just a few years ago toshiba was still shipping legitimate windows cds which allowed you to reformat to normal windows.

> HP now has a recovery manager to create recovery disks for you and the last hp computer I saw had to create 5 dvds in order to recover to that state (which would probably require something like a 6 hour reinstall).

And you can only create one set of recovery discs. I was creating recovery discs one time several years ago and the burn process failed. I had no way to start over. I never needed Windows on that computer, but if I had, I'd have had to fork over another $50 to Lenovo to get a set of discs.

That's why these days I just use Clonezilla to image the entire hard disk before Windows can even boot up for the first time. From that image, I can always restore Windows to its exact original state, and it's generally a hell of a lot faster than installing from optical media. Not to mention I can make as many copies of that Clonezilla image as I want, and store it wherever/however I want (local backup vs. offsite backup, optical media vs. hard drive vs. tape drive).

Well it at least seems to verify discs now.

It's quite easy either way... but if we're talking about systems that are vulnerable to this ie flaw the chances of it having shipped with acrobat pre-installed are like 99%.

Even just disabling Javascript in Adobe Reader goes a long way to avoiding many exploits. It's pretty rarely used in legitimate PDFs

Actually my parents are using a Debian box with Chromium. I found it is a lot easier to manage remotely than a Windows box; it's really low maintenance; they won't grab malware and the Gnome desktop can be really dumbed down - I only left the window switcher, shortcuts for chromium and skype on the panel and on the desktop, time and date, volume control.

If you ever do a write up or have screenshots of this setup, I would love to see it.

Mine too. Same reasoning. She accepted Ubuntu 100%, which makes sense given it's not much of a different interface than Windows XP for the average user. She even missed it when it was gone for a week (I took her system home to do a fresh install, upgrading 8.04 to 10.04). Forced to use my father's netbook, she said she 'missed the Mozilla fox operating system'. I suppose that does show how much people are tuned into the browser as the main feature of the OS!

Have you somehow got Flash working correctly or don't they use it?

I've never seen a Linux system running Flash as "smoothly" as Windows do. That's on Arch, Fedora and Ubuntu on fairly modern computers with decent specs. 32bit seems to be better than 64bit but it's still slow and buggy.

I've switched Youtube to HTML5 video and that solved their problems. :) Indeed, Flash is a lot slower on non-Windows platforms but if you have to use it, it's usable.

I've never seen flash run smooth on any os

Fair enough, but it's got much better performance on Windows than on Linux.

Sure, but it's still definitely usable on Linux, as much as we'd like to avoid using it. YouTube, Zynga, and most other sites that laypeople use that depend on Flash work acceptably.

Saw this bug on a security researcher's tweet couple of weeks ago: http://seclists.org/fulldisclosure/2010/Dec/110

Today found a great write up about how to exploit it here: http://www.breakingpointsystems.com/community/blog/ie-vulner...

I have no idea what any of it means. If anyone has any good links that teaches newbie concepts to these things, please do share. Thanks.

Is IE8 really so bad?

With two current IE 0-days, one with an exploit package on metasploit it's going to be very widely abused until microsoft pushes a fix.

I'm assuming this is a tongue in cheek comment.

The more interesting question: Is IE8 significantly worse than the alternatives?

I think not.

All major browsers on all common operating systems have exploitable vulnerabilities often enough that switching browsers will not solve the problem.

Another reason why IE is more vigorously targeted: it is patched the least. Some systems deliberately run downrev versions of IE for various reasons (they are pirated and thus afraid of Windows Update, or they are based on a frozen IT build of Windows which only gets updated quarterly, or whatever).

So, even if Microsoft releases a patch for this latest IE vulnerability today, millions of PCs will remain unpatched for months. Valuable targets -- members of the next botnet.

By comparison, Chrome is much more aggressive about updating itself. For example, consider Chrome 6.0's short lifespan:


But all major browsers are not targeted with the same vigor. IE is targeted much more vigorously because the criminals stand to gain much more from their efforts than if they target, say, Opera.

Also, Chrome's sandboxing is designed to assume the browser will have exploitable vulnerabilities, so there are two hoops that the exploit must jump through instead of just one. In this latest IE vulnerability there is only the one hoop and then on most machines the exploit has acquired administrator privileges.

Because of it's market share? Perhaps.

That frozen-industrial-wasteland photo of Helsinki is awesome.

I convinced them to switch to a new iMac.

Mission accomplished.

Uh...Chrome Frame?

1. Remove all shortcuts to Internet explorer from the start menu, mydocuments, desktop, and search menus.

2. Install latest version of firefox, use IE themes.

3. Make a shortcut to start firefox, but change the icon to internet explorer, the retarded blue 'e' symbol.

4. Make sure you get all the bookmarks copied over.

5. Make sure any buttons, keys or special behavior moved to equal features on firefox.

6. Also put some firefox shortcut icons around the start menu and desktop.

They won't even notice anything is different, and if they do, tell them they had to radically update it so that it would be more secure and faster.

If they were tech savvy enough to notice what you were doing, they would have the skill to change it back, and most likely would be already using firefox.

And then Firefox will announce a zero-day. What will you have gained?

You'll have gained more time to obtain a fix, because Firefox vulnerabilities are not attacked as swiftly and as broadly as IE vulnerabilities.

I haven't seen any evidence of that. Do you have some data that you can share?

One thing that I have noticed is that Mozilla tends to push Firefox fixes out as soon as they are ready, rather than waiting for a monthly patch cycle. For a home user, that's probably good (but annoying). For a corporation, it's royal pain.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact