Solve : Is IE a security problem??

1.	Solve : Is IE a security problem??
Answer» Well, it looks like MS will extend support of MSE into 2015. A quick google search shows most experts are unimpressed and confused by this strategy. I READ several very critical comments about MSE calling it virtually useless. This bothers me because I use MSE. Also read several very critical comments re IE saying it is inferior to other browsers especially as it relates to security. So, I have converted to Chrome and made it my default browser on my winXP PC. Do you folks agree that Chrome is superior to IE, at least in terms of security? I am trying to do everything I can to improve security as MS will stop patching XP in April. Realistically you need to start thinking about moving on from XP. IE is still used by programs and the OS, so not using it doesn't negate any security holes which are discovered, and after April these won't be patched.Quote from: artbuc on January 17, 2014, 03:16:14 AM Also read several very critical comments re IE saying it is inferior to other browsers especially as it relates to security. This is usually the go-to of IE detractors, but it's difficult to substantiate- first you need to define what security is, what it means to be secure, and how to compare how different products differ in those qualities. As I write this, it seems that all the current major browsers have unpatched security issues, which can allow for security bypass and system access. So despite what Chrome, Firefox, and even Opera users might TELL you, switching is more a case of exchanging ONE set of holes for another set of holes, rather than a case of switching from a old sieve to a riot shield. Quote I am trying to do everything I can to improve security as MS will stop patching XP in April. What the cut-off means is that Microsoft will stop patching, as you said. The cycle is usually- Malware authors exploit security issue->Microsoft learns about it->Patch is issued. Since these security patches are applied to XP, it means that the security problems would be with the underlying system. Some problems, for example, are exploitable in any program whatsoever, so changing your browser would do nothing. Others apply to specific subsystems, or would apply only if a program is able to execute. Even so, regardless of OS, the main way people get infected is not through some devious genius hacker managing to remotely exploit a vulnerability to get a worm on your system, but simply trojan downloaders that get installed when you throw caution to the wind because you absolutely must run a program from a questionable source. Most "Exploits" are in the browsers themselves and the ability to say have a browser download a file and execute it without further prompts. on XP these vulnerabilities are rather copious on any Browser because that new malware program now has full control and can install services and other fun stuff. If running on Vista/7/8 with UAC enabled, however, the new malware program that get's launched through the exploit will have limited privileges, so at the very worst you will get a unexpected UAC prompt for an unknown application requesting administrator access. Ideally with XP you would set up a Limited User Account, the downside is that doing so means you have to switch to your admin account to install or uninstall programs or perform certain tasks, which is a massive pain and is usually enough to make people stop using a Limited User Account.Thank-you all, especially BC, for your thoughtful answers. Seems like the vast majority of experts here agree that I need to leave XP behind. There may be some debate about how soon XP will get into trouble but it will happen. MS has just extended their XP security issued updates for another Year...Quote from: patio on January 17, 2014, 11:44:00 AM MS has just extended their XP security issued updates for another Year... Have they? I thought it was just support for MSE on XP that was being extended.Wouldn't make sense for them to release it just for users of MSE...but rarely does anything they do make sense.Quote from: patio on January 17, 2014, 03:58:28 PM Wouldn't make sense for them to release it just for users of MSE...but rarely does anything they do make sense. http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx Quote We've received some inquiries about what "no LONGER SUPPORTED operating system" means. To clarify, this mean that, after April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.

Answer»

Well, it looks like MS will extend support of MSE into 2015. A quick google search shows most experts are unimpressed and confused by this strategy. I READ several very critical comments about MSE calling it virtually useless. This bothers me because I use MSE. Also read several very critical comments re IE saying it is inferior to other browsers especially as it relates to security. So, I have converted to Chrome and made it my default browser on my winXP PC.

Do you folks agree that Chrome is superior to IE, at least in terms of security? I am trying to do everything I can to improve security as MS will stop patching XP in April. Realistically you need to start thinking about moving on from XP.
IE is still used by programs and the OS, so not using it doesn't negate any security holes which are discovered, and after April these won't be patched.Quote from: artbuc on January 17, 2014, 03:16:14 AM

Also read several very critical comments re IE saying it is inferior to other browsers especially as it relates to security.

This is usually the go-to of IE detractors, but it's difficult to substantiate- first you need to define what security is, what it means to be secure, and how to compare how different products differ in those qualities.

As I write this, it seems that all the current major browsers have unpatched security issues, which can allow for security bypass and system access. So despite what Chrome, Firefox, and even Opera users might TELL you, switching is more a case of exchanging ONE set of holes for another set of holes, rather than a case of switching from a old sieve to a riot shield.

Quote

I am trying to do everything I can to improve security as MS will stop patching XP in April.

What the cut-off means is that Microsoft will stop patching, as you said.

The cycle is usually- Malware authors exploit security issue->Microsoft learns about it->Patch is issued.

Since these security patches are applied to XP, it means that the security problems would be with the underlying system. Some problems, for example, are exploitable in any program whatsoever, so changing your browser would do nothing. Others apply to specific subsystems, or would apply only if a program is able to execute.

Even so, regardless of OS, the main way people get infected is not through some devious genius hacker managing to remotely exploit a vulnerability to get a worm on your system, but simply trojan downloaders that get installed when you throw caution to the wind because you absolutely must run a program from a questionable source. Most "Exploits" are in the browsers themselves and the ability to say have a browser download a file and execute it without further prompts. on XP these vulnerabilities are rather copious on any Browser because that new malware program now has full control and can install services and other fun stuff. If running on Vista/7/8 with UAC enabled, however, the new malware program that get's launched through the exploit will have limited privileges, so at the very worst you will get a unexpected UAC prompt for an unknown application requesting administrator access.

Ideally with XP you would set up a Limited User Account, the downside is that doing so means you have to switch to your admin account to install or uninstall programs or perform certain tasks, which is a massive pain and is usually enough to make people stop using a Limited User Account.Thank-you all, especially BC, for your thoughtful answers. Seems like the vast majority of experts here agree that I need to leave XP behind. There may be some debate about how soon XP will get into trouble but it will happen.

MS has just extended their XP security issued updates for another Year...Quote from: patio on January 17, 2014, 11:44:00 AM

MS has just extended their XP security issued updates for another Year...

Have they? I thought it was just support for MSE on XP that was being extended.Wouldn't make sense for them to release it just for users of MSE...but rarely does anything they do make sense.Quote from: patio on January 17, 2014, 03:58:28 PM

Wouldn't make sense for them to release it just for users of MSE...but rarely does anything they do make sense.

http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx

Quote

We've received some inquiries about what "no LONGER SUPPORTED operating system" means. To clarify, this mean that, after April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.

Solve : Is IE a security problem??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment