Results 1 to 10 of 10
  1. #1
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post

    Question Supposed security issues on IE6 through IE11

    I am running 64-bit IE11 (for Windows 7) on 64-bit Windows 7 SP1, and am running it all on a home LAN behind a router with no issues that I am aware of. I have recently read where there have recently been "security issues" in every IE version from 6 to 11, but that it was recently fixed. Is all of this true, and is there anything for this diehard IE user to be concerned about?

    The reason I ask is that I have a friend who is now driving me absolutely crazy because I am still happily using the latest IE11 (for Windows 7). She says she herself has completely switched from IE to Firefox because of the "serious security issues" recently, and is pestering me to death to do the same, otherwise there are serious consequences awaiting me, or so she says. She says IE has not been fixed, but is there any validity or credibility to what she says?

    Can anyone out there give me a fair and impartial assessment on this, please? She is a good friend of many years, but she has a habit of reading what she wants into something like this, and coming to her own non-technically trained opinions often based on half-truths, I fear this is another case where her blinders are keeping her from "seeing the forest for all of the trees in it." Is my IE11 hopelessly broken and a serious security risk that I should immediately stop using and replace? Is there an unbiased opinion on the subject out there, please?

    I'll admit that IE does bug me sometimes, but I have used it since at least IE3 (maybe 2) and I have always liked it. What more can I say? Thanks.

    David E. Cann

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,751
    Thanks
    80
    Thanked 339 Times in 306 Posts
    For about three days, from 4/28 to 5/1, there was some merit in what she said: Microsoft Internet Explorer Use-After-Free Vulnerability Guidance

    (Although even during that period there were temporary workarounds to fix IE security.)

    But then a patch was issued ten days ago: Microsoft Internet Explorer CMarkup use-after-free vulnerability

    Search your Installed Updates for KB2964358.

    (If you had enabled Enhanced Protected Mode and 64-bit processes for Enhanced Protected Mode, you would have been protected throughout.)

    Bruce
    Last edited by BruceR; 2014-05-10 at 14:02. Reason: added EPM/64

  4. The Following User Says Thank You to BruceR For This Useful Post:

    decann (2014-05-10)

  5. #3
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post
    BruceR,

    KB2964358 is listed as installed a week ago today, but that isn't good enough according to her, but MS "won't do the fix that is needed after that one." I will stick with this though, because I don't see any reason not to. <eye roll>

    I'm not familiar with what you are referring to in your last sentence though, so can you tell me what is meant by "Enhanced Protected Mode" and tell me how to check for it, please?
    Quote Originally Posted by BruceR View Post
    For about three days, from 4/28 to 5/1, there was some merit in what she said: Microsoft Internet Explorer Use-After-Free Vulnerability Guidance

    (Although even during that period there were temporary workarounds to fix IE security.)

    But then a patch was issued ten days ago: Microsoft Internet Explorer CMarkup use-after-free vulnerability

    Search your Installed Updates for KB2964358.

    (If you had enabled Enhanced Protected Mode and 64-bit processes for Enhanced Protected Mode, you would have been protected throughout.)

    Bruce

    David E. Cann

  6. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,751
    Thanks
    80
    Thanked 339 Times in 306 Posts
    Quote Originally Posted by decann View Post
    KB2964358 is listed as installed a week ago today, but that isn't good enough according to her, but MS "won't do the fix that is needed after that one."
    Makes no sense (unless she's talking about XP).


    Quote Originally Posted by decann View Post
    I'm not familiar with what you are referring to in your last sentence though, so can you tell me what is meant by "Enhanced Protected Mode" and tell me how to check for it, please?
    These two items at Internet Options, Advanced, Security:

    EPM64.PNG


    Bruce

  7. The Following User Says Thank You to BruceR For This Useful Post:

    decann (2014-05-10)

  8. #5
    3 Star Lounger
    Join Date
    Dec 2008
    Location
    Garrisonville, Virginia
    Posts
    288
    Thanks
    46
    Thanked 1 Time in 1 Post
    Makes no sense to me either, that's why I asked here. She says Department of Homeland Security is now supposedly advising EVERYONE to "stop using all versions of IE now for security reasons," but aren't they the same federal government who botched up that webpage last year that she is getting advice from?

    Anyway, I will take a look at this "Enhanced Protected Mode" thing, but is this something that really needs to be done in all cases?
    Quote Originally Posted by BruceR View Post
    Makes no sense (unless she's talking about XP).



    These two items at Internet Options, Advanced, Security:

    EPM64.PNG


    Bruce

    David E. Cann

  9. #6
    Silver Lounger
    Join Date
    Aug 2012
    Location
    UK
    Posts
    1,833
    Thanks
    30
    Thanked 250 Times in 244 Posts
    That was part of the advice as a workaround until MS issued the patch and isn't necessary now.

    I Enabled Enhanced Protected Mode in my IE 10 until I installed the update and then unchecked that option to revert to 32 bit mode.

    The D of HS issued that warning as at the time there was no other defence or advice to counter it.

  10. #7
    Star Lounger
    Join Date
    Nov 2012
    Location
    Maryland, USA
    Posts
    53
    Thanks
    0
    Thanked 1 Time in 1 Post
    David,

    Have you visited the AskWoody.com site lately? Woody Leonard runs that site and he started this site a while back. It was originally called Woody's Lounge. Anyway, the AskWoody site is full of information about security problems with IE6 thru IE11 that your friend is telling you about. Woody himself has repeatedly recommended that people use some other browser besides MS Internet Explorer. Most often he recommends Firefox or Chrome. I like and have IE9 on my Win 7 machine, but right now it is and has been under attack so I'm using Firefox. All the details are there - www.askwoody.com. Check it out.

  11. #8
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by CEScott View Post
    David,

    Have you visited the AskWoody.com site lately? Woody Leonard runs that site and he started this site a while back. It was originally called Woody's Lounge. Anyway, the AskWoody site is full of information about security problems with IE6 thru IE11 that your friend is telling you about. Woody himself has repeatedly recommended that people use some other browser besides MS Internet Explorer. Most often he recommends Firefox or Chrome. I like and have IE9 on my Win 7 machine, but right now it is and has been under attack so I'm using Firefox. All the details are there - www.askwoody.com. Check it out.
    Woody does not say that we would be insecure from the vulnerability presented in this thread if we used IE 11. Once the patch was issued, Woody's concerns were about other, unpatched vulnerabilities.

    All browsers have unpatched vulnerabilities at any given time. The OP's friend simply reads whatever she wants into any news story about "the IE security issue". I have a few fellow members of both Computer User Groups I attend who are just like her. No amount of tech reading or reality checking seems to convince such people that they are ever truly secure.

    I would trust IE 10 or IE 11 as much as I would trust Firefox or Chrome/Chromium (Linux uses the open-source versions) in my Wndows or my Linux partitions on my laptop. I simply prefer the layout and functionality of Firefox and Chrome, as well as several Firefox Extensions, over IE. Just personal preference. Not security concerns.

    As Woody says, use Firefox or Chrome, but patch IE.
    Last edited by bobprimak; 2014-05-15 at 10:50.
    -- Bob Primak --

  12. The Following User Says Thank You to bobprimak For This Useful Post:

    ruosChalet (2014-05-26)

  13. #9
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,737
    Thanks
    67
    Thanked 544 Times in 492 Posts
    As Bob said "All browsers have unpatched vulnerabilities at any given time. " In fact, Firefox was found to be the least secure browser at this year's PWN2OWN competition.
    See: http://www.extremetech.com/computing...its-at-pwn2own

    Having safe browsing habits is much more important than your choice of browser:
    1. Avoid sites known to harbor malware - porn and pirate music/software sites.
    2. Never click on a url in an email. Open your browser and type the address in manually
    3. Never click on unexpected popups. Fake virus detection warning and offers to fix PC performance pop ups are common. Close the pop up window by right clicking its instance on the taskbar or use Task Manager. To close it.
    4. Keep your security software up to date.

    I'ved used all 3 of the major browsers on a regular basis for years without issue - IE, Firefox, and Chrome.

    Jerry

  14. #10
    Star Lounger
    Join Date
    Nov 2012
    Location
    Maryland, USA
    Posts
    53
    Thanks
    0
    Thanked 1 Time in 1 Post
    Just to clarify - I like IE-9, and I might even like IE-10 when I think it's necessary to update to it. I'm not trying to tell anyone to not use IE if they want to. But in the past month there have been three attacks centered on IE starting with "Snowman", then "Heartbleed", etc. These two were patched I think. The latest one I didn't hear was patched. If it was then great. My intent was to give David some place to find "valid" info. on these IE threats. For more info. go to this site: http://www.infoworld.com/t/microsoft...xplorer-241467
    This caused me to start using Firefox exclusively until an all clear was given for IE. This is the site that Woody referred us to, and appears to be one place where all the scares are coming from.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •