Internet Explorer is dead: zero-day hammers final nail into browser coffin

Updated happygeek 0 Tallied Votes 389 Views Share

Microsoft has released YAIESA, or Yet Another Internet Explorer Security Advisory if you prefer. This time, SA2757760 warns about a new zero-day out there in the wild which impacts all users of Internet Explorer 9 and earlier versions. It's the usual case of targeted attacks being spotted which could lead to the remote execution of malicious code if you happen to view an infected website.

dweb-ie9rip Although users of Internet Explorer 10 are not affected according to Microsoft, which accounts for a tiny minority of IE users of course, this does amount to what I see as the final nail being hammered into what has already become quite a creaky web browser client coffin of late; and here's why.

Microsoft has issued a number of 'workarounds and mitigations' that can be deployed to protect users. There's the 'Enhanced Mitigation Experience Toolkit (EMET)' for starters. Or a temporary patch, to you and me, which requires a fair bit of configuration fiddling to be of any use. Fiddling such as, and I hope you are sitting down with a cup of tea and some time to spare, the following:

Changing your Internet and local intranet security zones to the high setting in order to block ActiveX Controls and Active Scripting, which Microsoft admits will hit you in the usability stakes so further recommends you add trusted sites to your trusted sites zone. Quite how you are expected to know what sites can be trusted not to have been infected by the zero-day exploit is, frankly, beyond me. Microsoft hasn't finished yet though, also recommending that users of Internet Explorer should configure it to prompt before running Active Scripting (or even disable Active Scripting in the aforementioned zones) which, it adds, will once again disrupt your using of sites that are not in the trusted zone. Deploying the Enhanced Mitigation Experience Toolkit (EMET) is also recommended, but tough luck if you do not speak English as it's only available in that language.

I have some difference advice which is a lot simpler, and guaranteed to be effective against this particularly serious zero-day threat: stop using Internet Explorer and switch to Chrome, Firefox or Safari instead.

mooner 0 Newbie Poster

Just back in May they discovered 16 zero days in Chrome, so how is it safer?

Member Avatar for diafol
diafol

Chrome's 16 zero days were patched within 24 hours AFAIK. I didn't have to do anything. Safer? Probably not at the time of testing. After? How many IE users out there have gone through the steps mentioned above? I don't know, just curious.

Despite the safety aspect, why the hell anybody would be using IE out of choice is beyond me. My school has just moved over to Chrome from IE - years too late IMO. Dominoes fall, dominoes fall...

happygeek commented: true dat :) +11
johannamc 0 Newbie Poster

run microsoft windows malicious software tool... took off a trojan from my ie and it stated working !!

Jimbob12080 0 Newbie Poster

I have no idea why people use IE in anycase. Always use Firefox or Opera

gunny -2 Newbie Poster

Malicious software removal tool is almost as pathetic as IE is. Also doesn't it seem odd that this thing seems to always happen just when Microsoft is trotting out a new version of IE. IMHO they could really care less about producing a browser that is secure. It seems to be about being "shiny and bright". What ever happened to a browser being just plain FUNCTIONAL? To hell with all the bells and whistles and "Decision Engines" and Google trying to play Big Brother with their tracking everybody and everything.

mobb.deepghana 0 Newbie Poster

any remender

mobb.deepghana 0 Newbie Poster

any remeder to problem with download manager

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.