PC World Philippines

Posts Tagged ‘ IE ’

Work Around Browser Crashes and Lock-Ups

By Fei on May 17, 2010

By Rick Broida
May 17, 2010

SAN FRANCISCO – Reader Charles decided to be adventurous and try Firefox. He likes it, he says, save for one problem: “It crashes almost every time I use it and sometimes several times a session. I still prefer it over other programs but it sure is annoying. If I have any serious work to do, I go back to Internet Explorer.”Good call, Charles. I can’t tell you how many times I’ve had to counsel users on this very problem. Usually it starts like this: “My browser keeps crashing, I think I have a virus.”

Believe it or not, viruses aren’t always to blame for browser problems. If your browser gets hijacked, meaning it goes to sites you don’t want it to go to or seems impossible to control properly, that’s indicative of some kind of malware infection.

But everyday crashes? That’s more likely the result of bad code, either on the sites you’re visiting or in one or more extensions you’ve installed (particularly in Firefox).

Stuff like this can be difficult to troubleshoot. So my first piece of advice to users in your boat is exactly what you’ve already done: try a different browser. If IE’s giving you trouble, try Firefox. If Firefox doesn’t work properly, try Google Chrome. (Heck, throw Opera and Safari into the mix. Any “different browser” will do.) The idea is to pin down the problem: is it browser-specific, or something affecting your entire system?

You’re already halfway there, Charles. If IE works properly with sites that crash in Firefox, then some plug-in or extension in the latter is almost certainly to blame. Your only real option is to uninstall Firefox (preferably with a tool like Advanced Uninstaller, which should wipe all traces of it), reboot, and then reinstall it.
Then, before adding any plug-ins or extensions, see if the crashes continue. If not, install the add-ons you want–but only one at a time, and perhaps a few days apart.

I know all this is a hassle, but unless you’re willing to abandon your buggy browser entirely, it’s your best bet.

10 Great Google Chrome Extensions

By Fei on January 27, 2010

By Jared Newman
January 27, 2009

SAN FRANCISCO – With Google releasing a stable version of Chrome that supports extensions, it’s a great time to install some of these enhancements for the Web browser. Google says there are now 1,500 extensions to choose from, which you can find can find and install here. To get you started, here are 10 of my favorites:

RSS Subscription Extension: This extension displays an icon whenever you’re on a page that can be subscribed to in an RSS feed reader.

SmoothScroll: Craving that glide you get with Apple’s multi-touch interfaces? SmoothScroll delivers, with options for scroll speed and frames per second. It works great with multi-touch track pads.

Google Translation Bar: Next time some gadget blog links to an obscure Japanese Web site, you can check it out yourself without visiting Google Translate directly.

IE Tab: Not all Web sites care that Chrome is your favorite browser, and they’ll only run in Internet Explorer. For these occasions, IE Tab emulates Internet Explorer within Chrome. Tip: The extension lacks a “Back” button, but you can navigate by right-clicking.

Instant Image Editor: Pixlr is my favorite cloud image editor — it’s a lot like Photoshop, but for free — and Instant Image Editor opens online photos up in Pixlr by holding “Alt” and right-clicking.

Bit.ly: Click the Bit.ly button, and a window appears, containing a shortened link of the page you’re on. I’m removing the Web site proper from my bookmarks.

Google Mail Checker Plus: I prefer Plus over the basic Gmail checker because it lets you preview and manage new messages directly from the current browser window. No need to switch windows just to toss some spam in the trash.

Shareaholic: See a Web page you like? Shareaholic lets you blast it out over several social networking sites and aggregators, including Facebook, Twitter and Digg.

Google Weather: And I’ll be deleting Accuweather from my bookmarks as well. This extension brings up a four-day forecast in predefined locations with one click, and it provides links to Web sites if you want to go more in depth.

Nothing: “This extension does nothing,” developer Salmonella writes. Works as advertised. Good for a chuckle, and nothing more.

Microsoft Promises Early Patch for IE Zero-Day

By Fei on January 21, 2010

By Tony Bradley
January 21, 2009

SAN FRANCISCO – Microsoft announced that it will release an out-of-band patch–meaning a patch that breaks the standard Patch Tuesday release cycle–to address the Internet Explorer flaw at the heart of the attacks in China against Google and other targets. The announcement was short on details, but Microsoft promised to provide more information on Wednesday.

George Stathakopoulos, general manager of the Microsoft Security Response Center (MSRC), stated “We continue to see limited and targeted attacks against Internet Explorer 6 and encourage customers to upgrade to Internet Explorer 8. We also recommend customers consider deploying the workarounds and mitigations provided in Security Advisory 979352 until the security update is ready for broad distribution.”

Andrew Storms, director of security operations for nCircle, commented on the unusual step of breaking the Patch Tuesday release cycle. “Given the never-ending lack of attention on the Microsoft IE bug, it was inevitable that [Microsoft] would release a patch on or before their regularly scheduled February release.”

It is certainly true that there has been no shortage of media attention devoted to the targeted attacks in China, and the revelation that a zero-day vulnerability in Internet Explorer was apparently a prime attack vector. Germany and France have even added their two cents worth by recommending that everyone abandon IE–at least until a patch is available for the flaw.

The fact that the exploit code for the Internet Explorer vulnerability is now publicly available in-the-wild adds fuel to the fire. Storms points out that in the absence of the international attention on the attacks in China, this flaw probably wouldn’t be updated out-of-band. “If the public vulnerability had not been tied to the Google breach announced last week, the bug would have been worrisome, but not nearly as epically perceived by many.”

Dan Kaminsky, director of penetration testing for IOActive, offered his own cautious insight, “We know there is an exploit in the field that is causing some amount of damage using this exploit as its entry point, but this entire situation is defined more by what we don’t know than what we do.”
Kaminsky is alluding to the veiled and sparse information trickling out about the attacks. The Internet Explorer vulnerability has been confirmed as an attack vector, but there are hints and implications that there are others as well. Google has been identified as a target, along with as many as 30 other organizations–most of which haven’t been identified.

The knee-jerk response to lay the blame at Microsoft’s feet and scapegoat the Internet Explorer Web browser misses the point and ignores the larger issue that, not only was this a sophisticated and targeted attack, but that a foreign government is accused of perpetrating the attacks and the United States State Department is backing those claims.

An attacker with dedication and resources can find a way to compromise just about any Web browser or operating system. The impact of precision spearphishing attacks such as this, which leverage zero-day vulnerabilities to infiltrate systems and allow the attackers to extract information, is a much more serious security issue than whether or not Internet Explorer gets patched before February 9 (the next regularly-scheduled Patch Tuesday).

nCircle’s Storms concurs “While the attacks were successful against many high profile companies, they are still of a limited and highly-targeted nature. For the mass majority of users, careful browsing practices coupled with up to date antivirus will provide significant risk mitigation.”

Chrome Web Browser Inches Past Safari

By Fei on January 5, 2010

By Tony Bradley
January 6, 2009

google-chrome SAN FRANCISCO – In the most recent Web browser market share statistics from Net Applications, Google’s Chrome Web browser sneaked past Apple’s Safari to claim third place. The ascent up the market share ladder is more impressive when you consider that Chrome has only been around a little over a year.

Chrome’s 0.7 percent jump from November to December can probably be attributed to the beta versions of the Chrome Web browser for Mac OS X and Linux finally being released. Google also gave Windows users more reason to switch to Chrome with the release of expanded features and functionality for the Windows version of Chrome.

Chrome was marching pretty steadily up the chart even before the recent releases, though. Since January of 2009, Internet Explorer’s share of the pie has dropped just over seven percent. That seven percent has been snapped up primarily by Firefox and Chrome, with Chrome making the biggest jump of them all. Chrome has increased over three percent since January, more than tripling its share of the Web browser market in under a year.

Google is virtually synonymous with Web surfing, so it stands to reason that Google should know a thing or two about how to optimize the Web surfing experience. The Chrome Web browser is not a revolutionary shift from other browsers like Internet Explorer or Firefox, but the incremental improvements are enough to make it worth taking a look at.

The one thing Chrome offers that all users want is speed. Time after time since its release Chrome has come out on top in tests that compare the speed at which the different Web browsers are able to load pages. The difference in time may be mere milliseconds, but for hardcore Web surfers those milliseconds add up, and faster page loading equates to less frustration and stress.

As with all statistics, these can be taken with a grain of salt. Finnish tech site Afterdawn.com claims that recent statistics for users that visit its sites put Firefox on top with just over 42 percent, Internet Explorer in second place just under 40 percent, and Chrome strongly in third with almost nine percent. That is a more tech-oriented site with a much smaller sampling, though, than the statistics compiled by Net Applications.

What does all of this mean to you? Well, nothing really. At nearly 63 percent of the browser market, Internet Explorer still holds a dominant position even though it has lost a significant chunk in 2009. The real battle is still between Internet Explorer and Firefox–a distant second with less than half of Internet Explorer’s stake…at least for now.

The success of Windows 7, which comes with Internet Explorer 8 pre-installed as the default browser (except within the European Union where Microsoft is providing users with a choice of browsers as part of a settlement to avoid antitrust litigation) may help curb Microsoft’s eroding share of the browser market.

As I mentioned above, though, Chrome is a rapidly rising competitor. Google’s reputation and presence on the Web will contribute to the continued growth of the Chrome Web browser, as will Google’s various endeavors, including the Chrome operating system expected to be released before the 2010 holiday shopping season.

Firefox has been climbing as well, and has five times the share of the Chrome Web browser, but Firefox has also been around for more than five years. Odds are fair that Chrome will pass Firefox and steal second place long before either of them threaten to pass Internet Explorer.

Microsoft Patch Tuesday: Critical Update for IE

By Fei on December 10, 2009

By Tony Bradley
December 10, 2009

SAN FRANCISCO – Today was Microsoft‘s final Patch Tuesday of 2009. Microsoft released a total of six new security bulletins, the most urgent one affecting a zero-day flaw in Internet Explorer for which exploit code already exists.

Barring any urgent security issues or exploits circulating in the wild to force an out-of-band update, the total number of security bulletins for 2009 is 74–a 5 percent drop from the 78 security bulletins released in 2008.
Deal with MS09-072 First

Experts are unanimous that the MS09-072 security bulletin, which includes the cumulative security update for Internet Explorer, is by far the most urgent patch released by Microsoft today.

Andrew Storms, director of security operations for nCircle, said in an email “Topping today’s news from Microsoft is the fix for a critical zero-day bug in Internet Explorer. The vulnerability became a top security concern for users when exploit code became publicly available. In recognition of the critical nature of the problem, Microsoft made the fix a top priority and delivered it in about two weeks.”

Another nCircle security expert, senior security engineer Tyler Reguly, agreed “Number one on everyone’s hit list today should be MS09-072, the IE patch, as this includes a patch for the current IE 0-day vulnerability. Patching IE is always crucial but given the public exploit, this should be patched as quickly as possible.

I spoke with Amol Sarwate, manager of Qualys Vulnerabilities Research Lab, who summed it up “MS09-072 is definitely the most urgent. The vulnerability was made public three weeks ago. Attackers have had three weeks to work with the proof-of-concept and develop a workable exploit. If you can only do one patch, do that one.”

Reguly said that beyond MS09-072 the rest of today’s security bulletins are sort of a random mash-up of fixes. They involve a most of the alphabet and a number of acronyms, affecting LSASS, ADFS, and IAS for starters.

In the grand scheme of things, though, there is nothing very urgent once you patch Internet Explorer. Reguly recommends that organizations take the time to properly test the remaining patches before deploying.

Internet Explorer Fail

You may not have noticed, but “Cumulative Update for Internet Explorer” is a permanent fixture on the monthly list of security bulletins from Microsoft, and as far as I can recall it is always rated as Critical. As more applications and services are run directly from the cloud, the Web browser will become even more of a security Achilles heel.

I talked with Qualys chief technology officer Wolfgang Kandek who noted that a significant percentage of Qualys customers still rely on Internet Explorer 6. He suggested that most of the weaknesses being faced could be eliminated by simply adopting Internet Explorer 8.

nCircle’s Storms’ points out, however, that “Microsoft’s secure code development practices are going to come under scrutiny again because today’s IE update includes fixes for two previously non-public exploits that only affect IE8, the newest browser from Microsoft.”

Storms’ elaborated “There’s no way for Microsoft to avoid the speculation that these bugs should have been found during the software development and quality assurance cycle, but the reality is that this was bound to happen. Every product has bugs and more features means greater attack surfaces.”

Don’t Drag Yourself Down

Kandek feels that Microsoft is firmly focused on Windows 7 and would like to keep its eyes–and developers–on the future, but that the massive base of Windows XP installations can’t be ignored. As much as Microsoft might like to walk away from supporting the legacy operating system, Windows XP will still be around for a while.

Its worth noting that Windows 7 has not been directly affected by any of the 12 security bulletins that have been released since it hit the streets. Windows 7 is peripherally affected by the Internet Explorer issues addressed in MS09-072, and there is the ongoing exploration into what is causing the mysterious black screen of death, but no confirmed Windows 7 flaws as of yet.
Overall, though, Internet Explorer 6 is like swiss cheese compared with IE8 from a security perspective. Its also a nightmare for Web Administrators and users who try to do things like view Web pages. The recent Microsoft Security Intelligence Report showed that Windows XP is 75 percent more likely to be compromised than Windows 7.

As weak as those two products are compared with their more modern equivalents, many organizations still rely on them. Those organizations need to take another look at Windows 7 and Internet Explorer 8 and the potential savings in terms of support.

Using Windows XP and Internet Explorer 6 and then complaining about the security of Microsoft products is like driving your car around dragging a boat anchor and then complaining that you’re getting poor gas mileage.