Re: Spyware and Adware affect every internet user

Sebastian Gottschalk <seppi@xxxxxxxxx> wrote in news:4bfe90F11fg36U1@xxxxxxxxxxxxxx:

Fuzzy Logic wrote:

[1] <http://web.inf.tu-dresden.de/~s9053014/iesec.xhtml>

Well I visited the above link and it asked if I wish to save a file.
I said no. Apparently I worked around it?

No. IE is too stupid to recognize the correct MIME type
application/xhtml+xml for XHTML content (which might be related that
this MIME type was added after the release of IE6 Gold) and therefore
offers a download - viewing it locally works fine.
I'm not operating the server so I can't enforce the compatibility MIME
type text/xml (which is correct as well but deprecated), but what you
can do is adding the other MIME to your IE configuration - and it will
work as well. Microsoft is obviously unwilling to do so, even though
ASP.NET uses the new MIME type by default.

And yes, I'm aware of the irony that an IE user can't learn about the
vulnerabilities that well. But as IE isn't suitable as a webbrowser
anyway, who cares?

Apparently you do. I've been using it for years without a single incident.

Security is a process not a piece fo software or hardware. What's
'secure' today can be rendered totally insecure the next when a new
'critical' vulnerability is discovered.

Fine, but MSIE is insecure by design. It will always be insecure no
matter how much you patch. And Microsoft stopped patching certain
critical vulnerabilities back in April '03!

So you're saying Microsoft (or any other software company) intentionally writes insecure software?

The best you can do is find
well supported OS/browser YOU like, learn and use it's security
features, keep it patched and up to date, practice safe surfing and
be diligent and you will likely be as 'secure' as you can be.

Fine, but MSIE has never been designed to be used on any untrusted network.

So YOU say. Regardless of the browser you use it will have vulnerabilities.
.

Relevant Pages

  • Re: Spyware and Adware affect every internet user
    ... No. IE is too stupid to recognize the correct MIME type ... vulnerabilities that well. ... but MSIE is insecure by design. ...
    (comp.security.misc)
  • Re: Windows Media Player executes WMF content in .MP3 files.
    ... >> Internet Explorer sometimes recognizes file types by their MIME type, ... In partial defense of Microsoft, let's note that RFC2616 applies only to ... The way that Microsoft Internet Explorer ... have been caused because Microsoft chooses to execute files without ...
    (comp.security.misc)
  • Re: [PHP] Re: hello
    ... vulnerabilities) or insecure; as all OS's have 1 or more vulnerabilities they are all equally insecure; because they are all insecure. ... "insecurer" - if you make a web app it's either secure or insecure; if you make an operating system it is secure or insecure. ... no, more like your car has a window missing, another car has no locks, and mine has no door; ...
    (php.general)
  • Re: [PHP] Re: hello
    ... Ashley Sheridan wrote: ... vulnerabilities) or insecure; as all OS's have 1 or more vulnerabilities they are all equally insecure; because they are all insecure. ... Madison, Wisconsin 53703 ...
    (php.general)
  • Re: [PHP] Re: hello
    ... vulnerabilities) or insecure; ... this is not a proper comparison. ... web app that allows execution of root commands... ...
    (php.general)