Tag Archives: internet explorer

Internet Explorer 10 is out for Windows 7

Microsoft finally released IE10 for Windows 7 after a long development cycle. Conspiracy theorists think it had something to do with Windows 8 sales. Whatever the reason was, it’s out.

Allegedly, you can slipstream it using these official instructions. I’ll give it a whirl the next time I have to install Windows 7. If you want to slipstream all the other updates, here’s how. You can skip the IE9 part if you slipstream IE10.

The lines between white hat/gray hat/black hat hacking and moral laws

Longtime reader/commenter Joseph asked two questions yesterday: What’s the boundary between gray and black-hat hacking, and is it moral to pick and choose between moral and immoral laws?

The first question is easier than the second. So I’ll tackle that one first. Continue reading The lines between white hat/gray hat/black hat hacking and moral laws

What I did since I (temporarily) need Java

I’ve been seeing the same question over and over in my search logs lately: Is Java safe to run in 2013?

Generally speaking, the answer is no.
I have little choice but to run Java right now, though. I’m studying for a certification exam, and the best quiz program that I know of is written in Java. Its user interface is in Polish, a language I don’t speak, but that bothers me less than it being written in Java. Google Translate can help me with the Polish, but it can’t make Java safe. That’s up to me.

So here’s what I did.
Continue reading What I did since I (temporarily) need Java

Java is patched now, but still not very safe

Rapid7’s Chief Security Officer, HD Moore, estimated it will take two years for Oracle to fix all of the current issues with Java, not counting anything new that happens in that timeframe.

Futhermore, Kaspersky states that 50% of cyberattacks in 2012 utilized a Java exploit. Among those is the newly discovered Red October.

Think for a minute. Antivirus software is anywhere from 75 to 90% effective. Assuming the worst, that means the simple process of removing Java from your computer does 2/3 as much good as running antivirus software. Of course, you shouldn’t do one or the other; you should do both.

If you have a legitimate need for Java in your web browser, such as commercial intranet applications built with Java, enable Java in one and only one browser, then use that browser solely for accessing those Java-powered web sites.

But the best thing to do is just get rid of Java. And if you have something that uses Java, find something else to use.

It took Microsoft about two weeks to fix a critical vulnerability in Internet Explorer. It took Oracle five months. I never thought I’d say this, but Oracle needs to be more like Microsoft.

Yeah, you can quote me on that if you want.

But until Oracle gets religion on security like Microsoft did around 2002, we really have two choices: Avoid Oracle products whenever practical, or keep getting hacked. I’d rather you not choose the latter option.

Why the Windows firewall is OK

I wish I had a nickel for every time I’ve heard an unsubstantiated statement like “Windows firewall is junk.” I went looking, and the best I could find was this, an editorial that said it doesn’t do enough to address outbound connections, particularly on a program-by-program basis.

OK, point taken. But “enough” is a moving target.

Continue reading Why the Windows firewall is OK

Yesterday was Patch Tuesday again

I’m way too tired to do the kind of Patch Tuesday writeup I did last month, so I’ll just remind you, and hope that suffices. This month we have vulnerabilities in Windows, Internet Explorer, Silverlight, and .NET, some of which can cause remote code execution, which is a holy grail for spreading malware. So apply those updates. The Silverlight update applies to Macintoshes as well.

How to slipstream IE9 and hotfixes into Windows 7, step by step

Normally, after you install any version of Windows, you have a ton of patching to do. And that patching takes as long, or longer, than the installation takes, while leaving the system vulnerable to exploits in the meantime. Slipstreaming your hotfixes into your installation media sidesteps those issues, and reduces fragmentation. You get a faster performing system, you get the system up and running a lot sooner, and you save a lot of unnecessary writes to your SSD.

So I wholeheartedly recommend slipstreaming.

Continue reading How to slipstream IE9 and hotfixes into Windows 7, step by step