IE -- A hard habit to break

Listen closely. The drumbeat urging people to dump Internet Explorer is getting louder. I'm going to march to a different drummer on this one, though. I'll stick with IE.

The long-dormant browser wars are heating up again, thanks in part to pesky Russian scam artists looking to shake down Web users accessing sites powered by Microsoft's IIS. Because the trick of the Scob -- or Download.ject -- attack involves exploiting IE, pundits everywhere are pushing the panic button.

Columnists from eWEEK, BusinessWeek and even Microsoft-owned Slate wrote about how they are swearing off Microsoft's Web browser, and they urged others to follow suit. Slate's Paul Boutin even gives

The week's top headlines

Experts suggest ditching Internet Explorer

IIS attack may portend future attempts

No support loophole for NT 4.0

Microsoft downplays antivirus acquisition rumors

Sun CEO lashes out at Microsoft, IBM, Red Hat

some step-by-step pointers on how to make the switch to Mozilla's open-source-based Firefox. I wonder how that one's going over in Redmond about now. It's a response that's as predictable as the reaction system administrators must be having at the thought of their users downloading, installing and changing settings as they scramble to "protect" themselves.

There have also been reports this week that two influential security organizations are recommending that people drop IE.

Not true.

Both the SANS Institute's Internet Storm Center and the U.S. Computer Emergency Readiness Team said that people should consider using other browsers until Microsoft patches the vulnerability. They also recommended turning off JavaScript and updating antivirus software. That's hardly an urgent warning to get rid of Internet Explorer, but it is a wakeup call to Microsoft to fix these flaws fast.

And it appears Redmond has done just that. This morning, Microsoft released a statement announcing a configuration change for Windows XP, Windows Server 2003 and Windows 2000 that "improves system resiliency to protect against the Download.ject attack." The fix is expected to be available on the Windows Update site later today. And the company said it is actively working on a patch for the IE vulnerability.

Elsewhere in the news

Organizations still running Windows NT 4.0 have been on a roller coaster ride of hope these last couple of weeks. First came news that Microsoft was offering special NT support to financial institutions through an industry group called BITS. Oops. Microsoft had to clarify that this was not an extension of support for NT, but merely a service to help banks and others with their migrations. Then Microsoft released Virtual Server 2005. Some users got a gleam in their eye thinking that they could run NT on top of Microsoft's virtualization technology, and thereby get more free NT support. Wrong again. Microsoft said Virtual Server will help companies as they migrate off NT, but it won't buy them anymore NT support.

Lest there be further confusion, here's the real deal on NT: Free support ended on Wednesday for Windows NT Workstation. Free support for Windows NT 4.0 Server expires on Dec. 31.

A coy courtship of McAfee

Microsoft is feigning indifference about a courtship of Network Associates Inc., known once again as McAfee Inc. Industry watchers say Redmond covets the antivirus software maker, and they speculate that McAfee primed itself for a purchase by jettisoning its Sniffer network management unit.

Still, the two are being coy in public. At the European TechEd conference this week, Microsoft security executive Steven Adler downplayed the company's interest in McAfee, but he didn't exactly deny it either. "We're quite happy with what we've got," he said in an interview with Silicon.com. Presumably, Adler was talking about the antivirus technology it acquired from Romania's GeCAD Software Srl. An interesting side note: The Windows Update site urges users to deploy antivirus software, and it mentions Symantec Corp., F-Secure and Computer Associates International Inc. by name. McAfee is not listed.

Massachusetts Attorney General Thomas Reilly may have to finally admit defeat in his quest to place greater government restrictions on Microsoft's business practices. This week, a federal appeals court rejected the state's bid to overturn the Department of Justice's antitrust settlement with the software maker. In fact, the justices were downright giddy in their unanimous ruling upholding the 2-year-old settlement. Referring to the technology now in Windows that lets users better access non-Microsoft software, they wrote, "We say, well done!"

Is the cease-fire broken?

It's only been a few months since Microsoft CEO Steve Ballmer and Sun Microsystems Inc. chairman and CEO Scott McNealy shook hands on a deal to end their companies' legal feuds with one another, but the harsh rhetoric has returned.

At this week's JavaOne show, McNealy lambasted Microsoft's security track record. At one point, he taunted: "Java is as ubiquitous as Microsoft, name a Java virus." OK Scott, here's one: Scob, while not a virus, uses JavaScript to exploit vulnerable systems. Does that count? (Those who consider JavaScript a distant cousin of Java might think so.)

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close