Google Joins the IE-6 Must Die Campaign

http://www.computerworld.com/s/article/9150138/Google_joins_the_kill_IE6_campaign

ComputerWorld is reporting that starting on March 1, 2010, Google Docs and Google Sites will no longer support Internet Explorer 6.  Considering that IE6 is 9 years old, it’s not surprising.  There have been two versions of Internet Explorer in the past 9 years, alongside offerings from Mozilla, Apple, and even Google themselves.  Corporations have NO excuses for not updating their applications and services to support the later versions of Internet Explorer (or the alternative browsers). 

If you are a web-developer, I strongly urge you to drop support for Internet Explorer 6 in your sites.  Redirect the visitor to a page that says something to the effect of "The browser that you are currently using is old, outdated, and insecure.  Here are some links to the latest browsers which are supported on this site."  In fact, I would suggest following Google’s lead and dropping support for Firefox 2.x, Apple 2.x, Google 3.x, or earlier browsers.

Here are some links for coding the version detection into your websites. 

http://www.mozilla.org/docs/web-developer/sniffer/browser_type_oo.html This page is geared mainly for older browsers to show the page in an optimized format.  You can easily modify the code to redirect the user to another page that recommends they upgrade.  (instead of (ie5up), you could use (! ie7up)).

http://www.quirksmode.org/js/detect.html The code in this site parses the browser’s information for the version number.  You can modify their example inside of the "You are using…." box to create your redirection (if browser < IE7, Firefox 3, Chrome 4, then redirect here.).  This script does not detect Safari–due to how Apple formats their browser identification string, but you could probably add it in fairly easily (you just need to know the internal version number of Safari 4 which is any number greater than 528.18.  It’s 530.17 on Mac, 530.17 on Windows (4.0.1) but 528.18 on their iPhone, so I would just use the lower value because there are no "versions" on the Mac or Windows that contains that number (source http://en.wikipedia.org/wiki/Safari_version_history )).

Personally, I prefer the second route to the first one.  I may include it in my blog at some point (redirecting people to this post or another page).  However on the first page, they actually discuss the >= or in your case < (use gte for >= and lt for < in your if statements).

Have a great day and if you’re using one of these older browsers, then you may want to switch things up.  http://www.microsoft.com/windows/internet-explorer/default.aspx http://www.getfirefox.com or http://www.apple.com/safari

Patrick.

Microsoft Releases Out of Band Update for Internet Explorer

If you haven’t heard this already, there was an incident where Google and about 20 other companies were hacked last month.  It allegedly is tied into the Chinese Government.  Because of this, a few things have taken place.

Google is threatening to pull their Search engine out of China (at the very least they are threatening to stop censoring search results at the request of the Government) and they threatened to delay the release of their new phone in China.

People were throwing blame around at different companies and different applications for this hack.  It turned out that the hack was done on Internet Explorer 6.x—due to an unannounced vulnerability.

Microsoft is reported to be releasing an out-of-band update today for this vulnerability.  They also recommend the following steps to mitigate it:

  • If you are running Internet Explorer 6, it’s time to upgrade. 
  • Regardless of whether you are planning on upgrading, you should set your Internet Zone to “High”
  • Internet Explorer 7 and 8 users (on Vista or Windows 7) should enable “Protected Mode”.
  • All users should enable Data Execution Prevention (DEP) on their computers.  DEP prevents the computer from executing code which is stored in memory that is supposed to only contain non-executable code.
  • You should be running in non-Administrative accounts (or have UAC enabled) to restrict the rights of an infected user.  This is something that everyone has been preaching since the dawn of Windows XP.

There are people who are trying to tweak this vulnerability to work in Internet Explorer 7 and 8 on Vista and Windows 7.  One of the people claims that DEP won’t mitigate this, if the application doesn’t “opt-in” to it.  I’m not sure if he is referring to Internet Explorer (which you will opt-in by enabling DEP) or the malicious code.  Also I’ve read that some systems (namely netbooks and older CPU’s) do not have “Hardware DEP”, so enabling it doesn’t actually work. ***I can’t verify this***

So, what should you do???

First and foremost you need to get updates.  This is regardless of whether you use Internet Explorer or not.  It’s better safe than sorry—especially since some programs do not follow the rules about default browsers.

This is a good time to try out Firefox with the No-Script addon and also Google Chrome.  I would even suggest Apple Safari, but I haven’t used it very much to know what it’s limitations are.

Some people would say this is the time to remove Windows, and switch to another Operating System (namely Linux) or buy a Macintosh.  While I love Linux, I don’t think that is the best solution in this case (although I would encourage people to try a Live CD out).  And I definitely cannot recommend spending $1,000+ on a new computer—just to get a Macintosh.

The short end of the stick is this.  Update your computer after 10:00 am PST today.  I would recommend an alternative browser.  However, since this potentially affects Outlook, Outlook Express, Windows Mail, Windows Live Mail, and anything else that uses Internet Explorer, you NEED to update the computer.

On a side note, Microsoft is also releasing an advisory about a Kernel vulnerability.  This requires the attacker to be able to log into your computer from your computer (meaning not from the Internet).  It remains to be seen if they will have a patch for this today or not.

Have a great day:)
Patrick.

Microsoft Changes their Browser Ballot Screen—Again.

The tech news is abuzz this week because Microsoft agreed to make another change to their “Browser Ballot Screen” in the European Union again (in hopes to accommodate complaints by a rival browser maker).  The complaint was that by putting the browsers in Alphabetical order (which would make sense to any normal human being, IMHO), it favors Apple’s Safari Browser over everyone else.  This from the same people who initially complained that having Internet Explorer first favored the default browser over all of them.

So, Microsoft agreed to generate the ballot screen randomly, and remove the Internet Explorer icon from the top-left corner of the window.  If this is acceptable, then people who have Internet Explorer set as their default browser will receive this via Automatic Updates in the future.

I have some opinions about this….

1.  Is this the end of the whole quibble?  I don’t think so. Personally, I think that one of the other browser makers (probably Opera, since they are the ones who seem to be screaming the loudest) will run the ballot screen a few hundred or thousand times, and count how many times each of their rivals shows up first.  Then they’ll complain that it’s skewed towards their rival (if it’s more than they show up).

2.  Is this even an idea that should be pursued at all?  Yes and no.  On the one hand, I do understand that it’s Microsoft’s operating system, so they should have a right to package their own browser with it.  Apple does with Safari.  Linux does with Konquerer and Mozilla.  Google’s Chrome OS will do it with Chrome.

On the other hand, I agree that the end-user should be offered a choice.  Most end-users aren’t even aware of other browsers.  Look at the video a few months ago from the US State Department, where Secretary Clinton said that they won’t use Firefox, because they would have to update it (it automatically updates).  She wasn’t even aware of Firefox—had to ask for clarification about what it was).  So, having the ballot screen is a good idea (if nothing else, to inform the users).

3.  In as much as I think the ballot screen is a good idea, it shouldn’t have come around because of a court mandate.  And Microsoft shouldn’t be the ONLY company (and Windows shouldn’t be the ONLY Operating system) which offers this.  Apple and Linux should have ballot screens offering the user a choice of browsers as well.  What’s good for the goose is good for the gander.  Also, I don’t think this should be limited to Europe.  I think that Microsoft, Apple, and the Linux distributors should put this in for every country.  WITHOUT A COURT MANDATE DIRECTING THEM.

4.  I also think that this should be an Automatic Update regardless of what browser is set up as your default.  I can tell you that I know people who have only heard of Internet Explorer and Firefox.  They haven’t even heard of Opera, Safari, or Chrome.  And if they have, it was in passing.  Oops, the makers of Opera may read this and push that it be given out to anyone who has Internet Explorer or Firefox as their defaults now…

Let me know what your opinions are on this whole deal.  Do you feel that it should have even happened?  Do you think that it’s going to be resolved with this current plan for the screen?  Do you feel that it should be done on all operating systems, or just Windows?  Would a ballot screen influence your choice at all?

Have a great day:)
Patrick.

How To Fix A Missing Security Tab in IE: Guide for Windows XP, Vista and Windows 7 Users

How To Fix A Missing Security Tab in IE: Guide for Windows XP, Vista and Windows 7 Users

If you’re running into issues where the Security Tab is missing from Internet Explorer’s Internet Options, then this article will help you to fix the problem. 

It’s also my first post on BrightHub.  Hopefully the first of many tech-related articles that I’ll be writing.  I’m currently writing in their Computer Security channel and their Green/IT channel.  But I encourage you to check the entire site out—as it’s full of good, useful information.

I’ll still be doing my posts here and am definitely working on my online backup series.

Have a great day:)
Patrick.

Edited because the article was corrected on Brighthub and on the search engines.  I wanted to make sure the corrections were reflected here as well.