Tag: "microsoft"

Iowa State University's IT department clueless?

It isn't very often I come across such bad advice from IT departments - actually that's a lie - in my experience most IT departments are clueless, yes neighbouring County Councils I hear about you guys a lot.  But this has to be one of the dumbest things I've things I've come across.

Iowa State's student newspaper reports that Internet Explorer 8 isn't compatible with their Web Course Tools software, software which by the way is generally regarded as breaking almost every web accessibility rule in the book.

Anyway, their IT department wrongly claims that IE8 was released this weekend.  It was released a month ago.  Automatic rollouts will start this week in very small numbers, but even they're not automatic, and require the user to actually accept the installation.

The department also recommends students using Internet Explorer turn off automatic updates to their browsers.

What?  Turn off automatic updates?  Are you utterly incompetent or just INSANE?  I have a general rule of thumb for dealing with people who recommend average computer users turn off automatic updates, that rule involves punching them in the face, words just cannot express the utter stupidity of such a statement.

They then recommend that people who have already installed IE8 uninstall it.  Alright fair enough, if you didn't do your job properly 12 months ago and test these things and there's no other option, yes they're going to have to uninstall it.  But they go on and say "run the browser in Internet Explorer 7 compatibility mode."

What?  You're telling me it works in compatibility mode and you're telling people to uninstall it?  You're telling me that you recommend people waste 20 minutes uninstalling it, and go back to a slower and more insecure browser than take the 0.5 seconds to press the compatibility icon next to the address bar?  Are you utterly incompetent or just NUTS?

Incompetent and LAZY by my reckoning.  If compatibility mode works you don't even need to hassle your users to do anything - you guys could actually make the change on your server so it tells IE8 to render in compatibility mode.  How?  If you're using IIS use this in your web.config file:

<?xml version="1.0" encoding="utf-8"?> 
          <clear />
          <add name="X-UA-Compatible" value="IE=EmulateIE7" />

If you're using Apache uncomment this:

LoadModule headers_module modules/mod_headers.so

And then add this:

Header set X-UA-Compatible "IE=EmulateIE7"

Seriously guys, why didn't you test this 12 months ago when the first beta version of IE8 was released and implement the above fix?  Doing that would have meant your users wouldn't have even noticed any difference, it all would have happened completely transparently to them. Why did you wait until a month after its release to even realise something isn't working right, and then why did you give your users such bad advice?

Raise your game, there's a reason IT departments are getting a bad rep.

InformationWeek grasp at straws to bash IE8

InformationWeek have managed to prove their brainlessness continues. As they claim "IE8 Users Downgrade To Explorer 7".

Microsoft (NSDQ: MSFT)'s Internet Explorer 8 appears to be losing market share, even though the browser has been on the market for less than a week.

As of 8:00 am Monday, IE8 -- released Thursday -- held 1.86% of the browser market, down from a high of 2.59% on Sunday, according to market watcher Net Applications. The most likely reason for the decline is that early adopters of IE8 are switching back to the more familiar, and --at this point -- reliable Explorer 7 browser.

The Net Applications data is here. What they should have said if they weren't trying to make an ideological point was:

The most likely reason for the decline is that early adopters had to show up for work Monday morning, where they are forced to use Windows XP and Internet Explorer 6.

As we can see from the Net Applications data (which I've highlighted and marked the days for easier visibility), IE8 usage drops during working hours. This is nothing more than a high resolution version of the weekly cycle between Windows XP and Windows Vista, with Windows XP seeing greater use during the week, and Windows Vista showing greater use during the weekend.

Surprisingly InformationWeek's journalists aren't aware of this effect, despite it being core to their reporting.

Update: PC World are following along spouting the same nonsense, as have TechTree and no doubt others. Despite the fact that as of this hour (0100 UTC on the 26th) IE8 usage has climbed to 2.82% its highest ever figure.

Charlie Miller on the lack of security on Mac OS

OneOne of the bloggers on ZDnet interviewed Charlie Miller the bloke who nailed Mac OS X through Safari in seconds at the recent Pwn 2 Own contest, one of the questions asked is pretty interesting and nicely sums up the OS security situation over the last 3 or 4 years, of course you wouldn't know it reading the press or if you get your information from Apple's PR department.

Why Safari? Why didn't you go after IE or [Firefox]?

It's really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don't do. Hacking into Macs is so much easier. You don't have to jump through hoops and deal with all the anti-exploit mitigations you'd find in Windows.

It's more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn't have anti-exploit stuff built into it.

With my Safari exploit, I put the code into a process and I know exactly where it's going to be. There's no randomization. I know when I jump there, the code is there and I can execute it there. On Windows, the code might show up but I don't know where it is. Even if I get to the code, it's not executable. Those are two hurdles that Macs don't have.

It's clear that all three browsers (Safari, IE and Firefox) have bugs. Code execution holes everywhere. But that's only half the equation. The other half is exploiting it. There's almost no hurdle to jump through on Mac OS X.

Nice to see him mention how annoying Address Space Randomisation is (introduced with Windows Vista), which randomises where applications are in memory upon boot, preventing an attacker from knowing what address any executable code is that they've managed to get into memory. And also the No-Execute Bit (introduced with Windows XP SP2) which marks segments of memory as non-executable, preventing any code that could be inserted through say a buffer-overrun from being executed from these areas.

One of the comments asks:

Miller talks a lot about memory randomization but not much about ACL and the UNIX permissions structure. He was able to know where his exploit was in memory and access it, but was he able to do anything at the system level without throwing up a credentials dialog?

No, the goal was simply to get at user data, not run with administrative rights. To elevate one would follow up by exploiting another vulnerability which can lead to privilege escalation, of which there are far more on Unix based seems than on Windows.

Hopefully people will start to realise how insecure Mac OS X actually is. Although judging on the sort of headlines the press used to cover this, the worst of which saying IE8 released and hacked, without even mentioned how fast Safari went down, or that the build of IE8 used was a beta build and 4 months old.

Internet Explorer 8 released

Internet Explorer 8 has been released for Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Highly recommended, even if IE isn't your main browser grab it from here.

WorldWide Telescope web client now available

The WorldWide Telescope team has released a web client for WorldWide Telescope, written in Silverlight and currently in alpha but from my testing works quite well.

WorldWide Telescope web client

It doesn't support the 3D solar system view yet, but pretty much everything else is in there, including tours. Performance isn't as good compared to the full Windows client which makes use of 3D hardware acceleration. Nevertheless it is pretty useable, and the servers at the moment don't seem to be under as much load as they were when the full client was released last year. As someone who is in the process of making a couple of tours I can't grumble at the increased install base that having a web client will bring.

Check it out at worldwidetelescope.org/webclient.

Tidying up Internet Explorer 8 a tad

Internet Explorer 8 is probably going to be released very soon. So I thought I'd do a quick article on how to tidy the thing up a bit - I'm not happy with how the UI is configured out of the box, It's not as clean as IE7. This is what it looks like right off the bat:

Internet Explorer 8

The most obvious addition is the favourites bar running along the top I'm not the world's biggest fan of this thing. If you don't like the amount of space it takes up and don't mind losing quick access to web slices you can right click on an empty area of it and uncheck the favourites bar option:

Internet Explorer 8 customisation

On resolution constrained computers like my Dell Mini 9 I also turn off the status bar (and run it in fullscreen), I don't generally recommend people do that as they lose the ability to see what website hyperlinks point to, I'd like to see a status bar that automatically hides like Chrome in IE9.

You can also tidy up the what buttons are shown, toggle if they show text and icons or just icons you can do this by right-clicking an empty area of the tab or favourites bar and going to Customise. The options for removing buttons you don't want, for example the e-mail and help buttons looks a bit like this:

Add or remove buttons from Internet Explorer 8

Here's what IE8 looks like after doing a few tweaks to it, much cleaner in my opinion.

1 ... 6 7 8 ...9 ... 11 ...13 ...14 15 16 ... 19