CHRISdotTODD

As yet another security issue is found in Internet Explorer, it is a good time to remind you that Internet Explorer is used for more than web browsing. A few months back I pointed out how Microsoft Project had problems due to the ActiveX security settings I had set too high. Another such program is Outlook and Outlook Express. With the latest issue, you could receive an email with embedded code that would exploit your computer. This problem is big enough that Microsoft may actually release it outside their normal monthly patch cycle -- they have only done this once -- to fix a problem with their DRM. This problem is big enough, you can actually get a fix from a third-party . Perhaps a better fix, in addition to using Firefox (or Netscape) instead of Internet Explorer, use an alternate email program such as Eudora or Thunderbird (from the makers of Firefox).

Yesterday my organization announced that they are still unable to get a fix from Microsoft for the security patch MS06-042 from August 15 that broke our ClearQuest web interface for creating queries. The August 15 patch was actually the third release of the MS06-042 patch from Microsoft, as each time they have introduced new problems. The original release of the patch actually introduced security problems . This is the recommendation from my company to fix the problem, "Internet Explorer is the only browser impacted by the Microsoft security patch. The only known workaround at this time is to use one of the other supported browsers; Firefox version 1.5 is suggested ."

Are you still using Microsoft Internet Explorer (IE)? If so, then you are what I call security ignorant. eWeek recently published two articles on how Firefox adoption has slowed down and that it will be more difficult for Firefox to grow further. (See " Internet Explorer Loses More Ground to Firefox " and " Firefox 2.0 Beta 1 Is No Slam-Dunk ".) Their argument is based on usability, and that Microsoft will release IE 7 as part of a security update. Hmm... that should be a clue right there. Perhaps Firefox is not familiar as Internet Explorer; perhaps Firefox does not display all of your websites the same as Internet Explorer. I say, so what -- security, which includes your privacy, are more important than having to learn a new browser. And if your favorite website looks different or does not work right -- tell the web master and/or find a new favorite site. I have been using Firefox for some time now, I other than visiting Microsoft.com for some Windows updates

I had posted on June 5th my experience with how Microsoft project 2003 had problems with certain functions due to the security setting in Internet Explorer, My Computer domain begin set to High. On June 14th, Microsoft finally conceded that there is no fix expect to lower the security settings. I can either change the default setting to Medium or Enable five settings, which for all intents and purposes is the same as changing the security to Medium. Here's the response attempting to describe why it's okay that Microsoft has impeded IE into Project: There is a reason we don'’t expose that functionality in IE by default. It used to be there in Windows 2000 Server and Pro, but it serves little purpose, provides no protection against the outside world, and generally only breaks things. Worse, since its set on a per user level, it doesn'’t prevent OTHER users or the system security context from running something '‘bad'’ on the local machine, only the logged in

Microsoft has made this rather confusing. If you support Windows with Internet Explorer or are a web application developer, read on; if not, skip to the last line . The way I read security Bulletin MS06-013 , the change has already been released, but a patch in IE is keeping it from being active. As quoted in the bulletin, "This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent." This is also taken from the bulletin: Some of the important modifications include the following: Security level for the Internet zone is set to High . This setting disables scripts, ActiveX controls, Microsoft Java Virtual Machine (MSJVM), and file downloads. Automatic detection of intranet sites is disabled. This setting assigns all intranet Web sites and all Universal Naming Convention (UNC) paths that are not explicitly listed in the Loc

Are you aware of the changes to how the ActiveX Control works within IE? Most (possibly all --– I am not sure) IE plug-ins use ActiveX to load within the IE browser; and therefore if your site's user base is predominately IE user, which is true for most of us, this presents a potential big problem. If you are lucky, users will only have to double-click on controls instead of single click. (The first click is to activate the control, while the second is to use the control.) This is an exert from Microsoft's site, http://support.microsoft.com/kb/912945/en-us : This update changes the way in which Internet Explorer handles some Web pages that use ActiveX controls. Examples of programs that use ActiveX controls include the following: Adobe Reader Apple QuickTime Player Macromedia Flash Microsoft Windows Media Player Real Networks RealPlayer Sun Java Virtual Machine You can download the update today from the same page to test for yourself -- I understand this will be pushed d