Retiring Internet Explorer, Bezos whatsapp hack can happen to anyone

[sman]

Retiring Internet Explorer

https://textslashplain.com/2020/01/19/retiring-internet-explorer/

The Jeff Bezos hack could happen to anyone

The story of the Saudi crown prince allegedly using WhatsApp to break into a billionaire’s phone is a quick lesson in cybersecurity.

https://www.vox.com/recode/2020/1/22/21077747/jeff-bezos-whatsapp-hack-saudi-prince-mohammed-bin-salman

[exile360]

I'm really going to miss IE.  IE10/11 was such a different animal compared to the less contemporary, less secure iterations of IE that preceded it, and to this day I still have yet to find any browser from any vendor that even comes close to rivaling the level of customization and control over settings (many of which are related to security, enabling knowledgeable users to lock down the browser to a much greater extent than is possible in other browsers without large numbers of third party plugins and extensions, and even then, with so many of the settings being core to the browser's internal functions even third party extensions cannot accomplish what many of those settings could do for privacy and security).  I doubt we'll ever again see a browser like IE.  Everything is far too dumbed down these days, with only basic settings and options being exposed to users.  IE11 was a far cry from the much maligned IE6 of the past that gave IE its longstanding bad reputation.

IE11 is also the fastest browser by a long shot, at least compared to both Chrome and Firefox, at least in all my experience and testing.  It launches faster and loads individual and multiple pages/tabs more quickly.  It also tends to be much lighter on CPU and RAM when running in the background, especially compared to Chrome which tends to eat RAM like a starving man at an all-you-can-eat buffet.

That said, time and web standards move on, and while IE 11 was a huge step towards embracing modern web standards, it still had lots of legacy code within that Microsoft is better off abandoning and starting fresh with a new codebase (one big reason it really doesn't surprise me that they've chosen to adopt a popular open source solution in Chromium for their latest browser).  ActiveX needs to die due to the security risks it exposes, an issue that also exists to some extent with certain features and extensions in other browsers such as push notifications (a feature that should never have been created) and the innumerable PUP plugins/extensions that exist for Firefox and especially Chrome, though perhaps not to the same extent as ActiveX.

I do imagine that I can't be alone in my thinking though, and I suspect that it won't be too long before we see some creative developer come along with a new browser that embraces the more efficient, user-focused aspects of browsers like IE with a big focus on privacy, security and performance and mops the floor with the countless Mozilla and Chrome clones out there (including Microsoft's own Chromium based Edge browser which recently launched), however I don't know how much of a niche in the market there is for such a thing, but I will definitely be keeping my eyes and ears open to see what develops down the road because the existing top browsers are far too bloated for their own good, especially with mobile computing and low powered chips becoming the norm, both in the form of smart phones as well as the dramatic increase in laptop and tablet sales we've seen over the past several years.  I know I'm not the only one who sees that my web browser is almost always at the very top of the list of processes consuming RAM and CPU, even when it's doing nothing but sitting in the background with a few tabs open, not streaming any video or rendering any dynamic/animated content (and it's even worse if you also monitor your GPU/graphics usage as I do, in real-time, one major reason I won't ever leave a browser open while gaming unless I absolutely have to).

[sman]

@exile360 the auothor of the article is involved in browser development right from IE, and the comments would give more insight as to where things are headed (in fact he says some improvements like webcrypto)

Quote -

Developers who apply digital signatures to their apps and server operators who expose their sites over HTTPS do so using a digital certificate. In ideal cases, getting a certificate is automatic and doesn’t involve a browser at all, but some Certificate Authorities require browser-based flows. Those flows often demand that the user use either Internet Explorer or Firefox because the former supports ActiveX Controls for certificate issuance, while Firefox, until recently, supported the Keygen element.

WebCrypto, now supported in all modern browsers, serves as a modern replacement for these deprecated approaches, and some certificate issuers are starting to build issuance flows atop it.

-unquote.

[sman]

@exile360

The End of Life of Internet Explorer 11

https://medium.com/@burger.neal/the-end-of-life-of-internet-explorer-11-12736f9ff75f

What you can do as Website

Stop supporting IE 11. It is as simple as that. As soon as more and more Websites do not work in IE 11 the easier it is for the corporations to see the need to move on to another browser and nobody will be using IE 11 anymore.

Microsoft Edge packs new features Internet Explorer never had, such as built-in note taking, easy sharing, the ability to work in several windows at once and integration with Microsoft's virtual assistant, Cortana.

[exile360]

1 hour ago, sman said:

What you can do as Website

Stop supporting IE 11. It is as simple as that. As soon as more and more Websites do not work in IE 11 the easier it is for the corporations to see the need to move on to another browser and nobody will be using IE 11 anymore.

See, I HATE when someone makes a statement like this.  They don't give a single valid reason for stopping support for IE11 for websites/servers.  Instead, they make a call to arms for all webdevs of the world to artificially put an end to IE support by simply forcing a flag on their sites to dictate that IE is incompatible.  This is not the same thing as software becoming obsolete due to a lack of compatibility, standards or features/requirements.  It is the same kind of crap that Microsoft tried to pull with Windows update in Windows 7 with modern CPUs.  Architecturally there is absolutely 0 difference whatsoever between a CPU created in the year 2014 vs one of the latest Intel or AMD chips that came out just this year, nor will there be any difference in the chips that come out next year or the year after that with regards to OS and application compatibility; if there were, then those new CPUs would require an OS even newer than Windows 10 or any existing build of Linux available right now.

I would understand if IE11 had some fundamental flaw or missing core features/APIs etc. that made it more difficult to support than say Chrome or Firefox, however if the only reason a given site might not work with IE is because the dev that coded the page put in an extra javascript string to deliberately check the user's browser and report that the site cannot function if the returned value is IE11, than that is just total BS, period.  I am not saying that anyone should go out of their way to support a deprecated browser or operating system, however if all you have to do to continue to support it is LITERALLY NOTHING, and in order to stop supporting it you have to actually put in ADDITIONAL EFFORT to specifically and DELIBERATELY break it, then that is just foolishness.

It is the same reason that I have been arguing for so long that Windows 7 will likely be supported by applications for a long time to come in the future, simply because there is nothing in Windows 10 with regards to general APIs and application compatibility that Windows 7 doesn't already fully support natively out of the box, so short of something like Microsoft pushing a new version of .NET and preventing it from installing on 7 and every developer in the world suddenly switching to .NET, it just isn't likely to happen.  This is why Malwareybtes continues to work on 7, why most applications still do, and why most will continue to do so in the future, at least until either a new major build of 10 ships that absolutely breaks backwards compatibility (including with applications that functioned on previous builds of Windows 10, not just 7), or they insert an OS version check to artificially prevent the installation of the application on Windows 7 (the same tactic MS is using to prevent updates on newer CPUs in 7; something which can easily be bypassed with the right tools).

With all of that said, I am NOT saying that anyone should stay on 7 or IE11 because they absolutely should not.  It's a 10+ year old OS and a 6+ year old browser (not accounting for updates, patches and service packs of course) and users are generally far better off using more modern software.  I just despise the idea of developers trying to dictate what software and/or hardware a user/customer may use by creating artificial requirements and barriers with no basis in reality.  It's like building a new road and telling everyone that they are not allowed to drive on it if their car is older than the year 2016.  It's stupid and makes absolutely no sense because a car from 1993 is just as capable of driving on any road that a car from 2020 fresh off the assembly line can.  Computer hardware and software is in most cases quite similar and there are only a few special cases where this is not true, especially when comparing IE11 to Chrome or Firefox, or Windows 7 to Windows 10.

Edited January 23, 2020 by exile360

[sman]

@exile360

MS security chief doesn't want IE to be used (that it's not a browser and only stop gap solution until legacy sites update to modern browsers).

Microsoft security chief: IE is not a browser, so stop using it as your default

Internet Explorer is a 'compatibility solution' and should only be used selectively, warns Microsoft exec.

https://www.zdnet.com/article/microsoft-security-chief-ie-is-not-a-browser-so-stop-using-it-as-your-default/

Jackson doesn't even consider IE to be a browser, at least in the modern, standards-based sense.  

"You see, Internet Explorer is a compatibility solution," wrote Jackson in the blog. "We're not supporting new web standards for it and, while many sites work fine, developers by and large just aren't testing for Internet Explorer these days. They're testing on modern browsers. 

"So, if we continued our previous approach, you would end up in a scenario where, by optimizing for the things you have, you end up not being able to use new apps as they come out. As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web."

It is a relic of a long-forgotten past, a browser that does not support HTML 5.12, JS2042, CSS 4 

Edited January 23, 2020 by sman

[sman]

@exile360 comparison of browsers & features can be checked in https://caniuse.com/#compare=ie+11,edge+79,firefox+74,chrome+82,safari+TP,opera+64

see attachment of some feature comparison 

 

Edited January 23, 2020 by sman

[exile360]

1 hour ago, sman said:

@exile360

MS security chief doesn't want IE to be used (that it's not a browser and only stop gap solution until legacy sites update to modern browsers).

Microsoft security chief: IE is not a browser, so stop using it as your default

Internet Explorer is a 'compatibility solution' and should only be used selectively, warns Microsoft exec.

https://www.zdnet.com/article/microsoft-security-chief-ie-is-not-a-browser-so-stop-using-it-as-your-default/

Jackson doesn't even consider IE to be a browser, at least in the modern, standards-based sense.  

"You see, Internet Explorer is a compatibility solution," wrote Jackson in the blog. "We're not supporting new web standards for it and, while many sites work fine, developers by and large just aren't testing for Internet Explorer these days. They're testing on modern browsers. 

"So, if we continued our previous approach, you would end up in a scenario where, by optimizing for the things you have, you end up not being able to use new apps as they come out. As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web."

It is a relic of a long-forgotten past, a browser that does not support HTML 5.12, JS2042, CSS 4 

See, that's a fair assessment and reasonable argument, however the argument from the previous article you linked about deliberately blacklisting IE just for the sake of attempting to force users to upgrade/use an alternative is bogus and poor advice in my opinion.  He's stating the exact reasons that I no longer use IE as my browser any longer and haven't for some time now, not because of some artificial barrier, but because it is dated and lacks certain modern features compared to more current browsers, and such are the reasons that people should upgrade to something else, not because some snobbish webdev on some website 'said so'.  It is the difference between using what is needed and letting others dictate what you use based on their opinions.  It's like buying a new car every 3~5 years as car dealerships and manufacturers would prefer.  Planned obsolescence is a silly reason to replace anything if it is still functional and adequate for its purpose, however as I already mentioned, IE11 is badly out of date now so I don't know why you're posting information about web standards and all that.  I've already said I don't use it nor do I recommend its use to anyone else.  I was simply stating the reasons I disagreed with the stance of one particular individual who's article you cited, not because getting off of IE is a bad idea, but because his proposed approach for doing so and reasoning is flawed and just plain wrong.

[sman]

@exile360 the article was very clear that IE is hanging on with just 3% mkt share .

Quote -

Let me tell you the story about a little browser. In the beginning, there was a love for Internet Explorer, a deep and passionate love for the browser that was simply faster, better and more capable than anything the competition brought to the market. While users loved the browsers, corporations loved the browser even more. IE dominated the market with over 91% global market share.

That was about 20 years ago. After years of mistreating the developers, IE has become the most hated browser in the world. It is a relic of the past, developers hate it. They are forced to debug working standard-compliant websites with bad developer tools. Users are frustrated as some websites work fine, then others do not at all. And corporations cannot stop using it and don’t even know why they initially made the decision to create their web app exclusive for IE 11.

The market has changed and IE is hanging on with about 3% market share (global stats counters). Sadly this number is calculated from openly collected data on the internet. Nobody knows how much market share IE has internally in corporations.

People working at corporations do not have a choice they have to use the browser that is installed on their system. On one of my last projects 40% of the active users were accessing the site using IE11.

Unquote

Quote -

This is the Future of IE 11

Imagine a future in 25 years. For the last 25 years, IE 11 took away space on your hard drive. It is a relic of a long-forgotten past, a browser that does not support HTML 5.12, JS2042, CSS 4 and some guy without any knowledge of technology tells you to debug your web app for IE 11, as it is company policy to only use ‘trusted’ technology. You pass on this task to the new web developer you hired. A young web developer with high hopes on working on cutting-edge tech, tasked to debug a browser that was on life-support even before he was born and he never ever used in his personal life.

You can prevent his future. People can change, and corporations are people (at least in the U.S.).

unquote

 

[exile360]

Yes, Chrome has pretty much become the defacto browser these days, no doubt about it.  Again, I was not saying that anyone should even attempt to support IE11.  I never said developers should attempt to support the legacy IE browser in any way shape or form.  In fact, I specifically said that they should not go out of their way, putting in that same extra effort to BREAK compatibility with IE11, that's all.  That means that all they need to do is completely disregard IE as a factor when writing their web code and focus on whatever standards, animations, new tech, scripting, Chrome-friendly features or whatever that they see fit to put into their websites and spend their dev time on.  I was simply stating that attempting to FORCE users off IE by deliberately placing a call in a webpage the checks the browser version and refuses to render at all if IE is detected just to spite IE is just as silly as deliberately going out of your way to continue supporting the legacy browser and wasting dev time on ensuring IE compatibility.  It is the same thing, just from the opposite side.

My stance is and has always been throughout this entire thread that web devs should do whatever they like with their webpages and DISREGARD IE11 compatibility, whether to support it or to deliberately break it.  They should in essence do NOTHING with IE11 in mind at all; that's what I'm saying.  The guy who said that web devs should deliberately block IE from working is wrong; any dev who prioritizes IE11 support, potentially abandoning better, more secure code and ignoring current standards that can make their webpages better, more efficient, and more feature-rich is WRONG.  Both sides are WRONG, period.

The right side is to simply ignore IE's existence, focus on building their sites the way they want them (hopefully with security and performance in mind, because no one likes a hackable page with slow code that rips up CPUs and wastes tons of bandwidth) and just make sure that it works with the most popular browsers on the block (which right now are Chrome and more Chrome thanks to the large number of Android mobile devices and users that install Chrome on Macs, PCs and non-Android smart phones and tablets, with Firefox taking up around 10%, and IE lagging way behind at around 5%~6% or less depending on how you count them).

[sman]

@exile360May be the author has conveyed the frustrations of developers in wrkg with ie11 and called for shifting from it for the better, for even for die hard supporters to see the light like corporations of their attempt to stick around with a dying browser with falling mkt share.

Maybe your soft corner for IE is hurt with his conclusions to find acceptance in the manner it was spelt out. But whatever the ack of  shift from IE is good and practical given the problems with it.

[exile360]

Sure, no one should be supporting IE deliberately, however I do understand why some companies continue to stick with it, particularly in situations where they are forced to due to legacy hardware and/or software that cannot function without it or through more modern browsers, however those are typically extremely rare corner cases so it isn't a demographic that most web devs need to be concerned with.

My issue with the one guy was simply that he was stating that devs should go out of their way to write extra code into their pages to block IE, and of course then you later posted a point stating that devs shouldn't be forced to go out of their way to support IE.  See the contradiction there?  Do you get how those two things are fundamentally mutually exclusive of one another?  Either IE is worth writing extra code for or it isn't.  If it isn't, then it isn't worth deliberately writing extra code to block it either.  If it is, then there shouldn't be a problem with sites supporting it if they choose to.

Also keep in mind that the number of web technologies and standards that IE cannot render are relatively small, and that even if it is incapable of rendering a particular aspect/component of a page, that does not mean that it won't be fully capable of rendering the entire remainder of the page, so it's not like we're talking about a binary situation here.  It just doesn't make sense to argue that IE should die by any means necessary, including writing code to block it, while in the same breath cutting IE down on the basis that it requires additional work to support it.  Those arguments together make absolutely no sense.  Get it?

[sman]

@exile360 he never said about writing code to block IE but for websites to stop supporting it . 

And it's not one article but even first article (subject article) which is by an author, a developer involved in IE who moved on to Chrome and then to Chrome edge , also stating about retiring IE. 

Maybe you want IE to keep wrkg , for whatever reasons (even after MS itself calling for shifting from it) and want to make a case for it, but a lost cause, with overwhelming factors against it.

IE 11 will work until windows 10 is around but websites would have moved away in toto from it, before we see it's inevitable end.

[exile360]

Nope, I don't care to continue using IE, I just see no reason to deliberately break compatibility with something if the cost of continued basic support is 0 (and by that I only mean that sites do nothing with regards to supporting IE or not supporting IE; in other words, they should pretend it doesn't exist and simply disregard it as a factor in their development and whatever happens, happens; as long as sites/devs do things this way, the web will move on and eventually the browser will die; this is how killing off old operating systems, hardware, and software have always worked in the past; it has almost never required a concerted effort on the part of all the devs of the world to help Microsoft to 'kill' their obsolete products).

Do I think sites should worry about IE compatibility just because a few stubborn corporations are hanging onto it for whatever reason (along with a handful of stubborn users with outdated systems)?  Nope, not at all.  I think the only devs that have to worry about such a thing are those who are actually employed by those same companies, as those companies do get to dictate the requirements for their work, and if IE compatibility is a requirement then the dev has 3 choices: convince the company to stop using IE (this only works if they can absolutely PROVE that losing IE won't break their legacy stuff; usually that same legacy stuff not working with newer browsers is precisely why IE support is a requirement in the first place, so good luck), convince the company to invest in new infrastructure/software/hardware/whatever it is that requires IE still so that they can get off the dated browser (costs money, not always possible; sometimes these companies are using stuff that no longer exists/has no 'shiny new version' for them to upgrade to, and these are the most difficult situations to overcome, both for the devs and the companies, especially when that same legacy stuff is mission-critical to their work/daily operations), refuse to code in support for IE and stand on their principals of a modern web; then immediately get back to LinkedIn to find a new potential employer .

It sucks, but that's really how it is for a lot of devs and companies.  Thankfully they make up a very small percentage of the total devices/browsers online, so the reality is that most devs and websites need not be concerned about them, and as long as the rest of the world keeps moving on, eventually these companies will be forced to change their strategies and somehow solve the problem so that they can get more up to date and use a newer browser.  This is probably the approach the guy was advocating, and that's fine, however if you read the comments on that article you'll see what I mean about these corner cases as at least one dev who has worked for some of these companies with legacy stuff posted a comment explaining his experiences.

Anyway, all I have been saying all along is that if supporting IE isn't actually holding back a dev and their progress and isn't adding any extra work to their plate, then don't sweat it and they should just keep doing what they're doing, and not shy away from adopting newer, better standards and code when they come along, and if that newer code and those newer standards break IE compatibility, then so be it.  Don't hold up progress for a dated browser that very few people actually use.  However if a site only has minor compatibility issues with IE and the page basically works in IE as it is and there's no great gains to be had in further 'modernizing' the code to more fully break its existing IE compatibility then there is no reason to do so.  Devs shouldn't go out of their way to break IE either.

It's like when the first x64 operating systems started becoming commonplace.  Initially, finding native x64 software was extremely rare because a very large number of systems were still running 32 bit operating systems, and supporting two separate builds of an application just to provide a native solution for each is both costly and time consuming (and generally not really worth the extra effort, especially since most applications gain absolutely nothing from going full native 64 bit), however over time this changed.  Now we finally live in an age where most software is native x64 and many applications don't even have 32 bit versions available any more.  That didn't happen because some dev or blogger or even large corporation like Microsoft screamed from the rooftops that everyone should abandon native x86 code and go full on x64, it happened because it was the next natural step and the actual real-world data told those developers and companies that it was the right path; the path of least resistance.  This is incidentally why Windows 7 is likely to be capable of sticking around for far longer than any other OS that came before it, at least as long as Microsoft sticks to their guns on keeping Windows 10 as the 'last version of Windows', because the vast majority of software which is actually 'designed for Windows 10' has absolutely 0 issues installing and running properly on Windows 7 because there just aren't enough differences for that to be a reality.

With IE it is a bit different, but in many ways it actually isn't.  Most of the basic code used for websites hasn't really changed in many years, so it works fully and renders properly in virtually any browser, including IE11.  That doesn't mean that sites will always be this way and that IE will always enjoy the level of compatibility it has now, but it does mean that when the shift does happen and IE isn't really supported by most sites any more, it will be that way because it happened organically because the timing made sense and the new code that is more secure and more efficient just isn't backwards compatible with IE any more, and for the vast majority of users that will be just fine because they will have long since moved on to a more modern browser, and for the remaining few holdouts that still want/need to use IE for whatever reason (like those 'stubborn' companies I mentioned), they will simply have to deal with it, and THEY will be the ones rolling their own solutions rather than putting on the devs of third party websites to do so, this way they are the ones paying the cost of continuing support (much like what Microsoft is doing with extended security updates for Windows 7, except I doubt those companies will have enough money to pay Google to make it worth their while to provide IE support for their sites and services ).

[sman]

@exile360 there are many voicing their disapproval of IE 

Quote -

"As a developer, did you know if you support IE11, you have to compile all your JavaScript to ES5 instead of ES6? This increases the bundle sizes by 30% in many cases which can turn into a significant performance decrease"

"IE11 isn't secure either… you can't secure a customer's data when they are using a tool that doesn't meet current security standards, which IE11 does not."

umquote

Stop Using Internet Explorer 11

https://www.andrewconnell.com/blog/stop-using-internet-explorer-11/

 

 

[exile360]

Yes, I read it.  I'm not saying they should continue to support it so I have no idea why you keep hammering away at that point.  I've literally said numerous times that they should DISREGARD IE.  I don't know how to make that any clearer than I already have so I guess I'll just leave it at that and if you feel like posting more information I was already well aware of (and have already stated in my own words), you can be my guest.  It's your time.

[sman]

@exile360 as you kept repeating "that it's wrong to write code to block IE" which no one said, that made me to give additional quotes voicing their disapproval of IE.

And I'm taking time off from my trading which will be well served in concentrating in it.

And also for the reason your quote, that IE is not too bad idea and that pages will still work inspite of its limitations, when in reality there is a performance degradation using IE which I had to highlight

Edited January 24, 2020 by sman

[exile360]

That performance degradation only exists if they specifically include that code for IE compatibility, right?  So if they do what I said, disregarding IE compatibility that performance degradation would be gone, would it not?

Anyway, on the bright side, for now at least IE serves a purpose as a backup browser for extreme cases for certain sites.  That's about the only use I get out of it these days, and that's rare, but it has come in handy a few times (again, I'm not suggesting any of these sites should continue to support it or that anyone should try to use it as their primary browser, this is just anecdotal).  For example, both Netflix and Amazon Video currently support IE through Microsoft's own Silverlight plugin (an attempt by Microsoft to replace Adobe Flash Player; we all know how that worked out, especially with the advent of HTML5 which requires no plugins/extensions to function), however because they do, when there have been times that the HTML5 (or previously Flash) versions of their sites were down, I have been able to load up IE and get the sites and streams to function through Silverlight.  That said, I am certain that they will terminate Silverlight/IE support eventually, as they should of course, this is just something to be aware of in case it comes in handy any time before they do.  The only thing I wish though is that Netflix would port over the additional functions available in Silverlight when pressing ALT+SHIFT+Left Mouse Button.  It gives access to numerous controls for the stream as well as stats on the current quality/framerate/bandwidth etc. and even has a function for adjusting the speed of the audio to better sync it up with the video.  You can also manually select the bandwidth target to manually set the stream quality (similar to how you can select from various resolutions on YouTube, though in Netflix it is based on the bitrate rather than the screen resolution).  None of these functions are available in other browsers sadly, so I'm sure they will simply be phased out.  Thankfully there hasn't been as much need for them as there once were (there was a time that Netflix would frequently drop the video quality while streaming content even though your internet connection has ample bandwidth to handle the highest quality, and manually configuring the bitrate in Silverlight would often correct it, forcing it to bump the quality/bitrate back up to the maximum for the content being viewed, however I have noted that they've gotten much better about maintaining full quality since implementing their 4K and HD streams/settings over the past few years).

Anyway, my point about continuing to be compatible with IE wasn't about deliberately choosing to support it/not break it (which is where the performance degradation would come into play), it was simply an observation that even if they follow the most modern standards, IE will likely still work to some extent and web devs simply shouldn't worry about maintaining IE support either way and should just do what is best for their sites as they see fit, which in most cases today means implementing code that works well with Chromium based browsers.

[sman]

@exile360 Since MS doesn't want to annoy corporates by withdrawing IE11, it has kept a compatibility mode for IE11 in Chromium edge which should serve dual purpose of modern & legacy sites to work on. And which you can also check out for your media viewing/playing.

[exile360]

I doubt that would work since you cannot install Silverlight, which is required for those sites/functions I mentioned (at least in IE, and the settings only exist when streamed through Silverlight of course).  There's also a plugin called 'IE Tab' or similar that I've seen, but the same issue applies: no ActiveX compatibility.

It's not a big deal or anything, just a little tool that I thought was worth mentioning since it is something we will all lose access to once Netflix and Amazon kill off IE support completely.

[Living_Computer]

On 1/23/2020 at 3:23 PM, exile360 said:

That said, time and web standards move on, and while IE 11 was a huge step towards embracing modern web standards, it still had lots of legacy code within that Microsoft is better off abandoning and starting fresh with a new codebase (one big reason it really doesn't surprise me that they've chosen to adopt a popular open source solution in Chromium for their latest browser).  ActiveX needs to die due to the security risks it exposes, an issue that also exists to some extent with certain features and extensions in other browsers such as push notifications (a feature that should never have been created) and the innumerable PUP plugins/extensions that exist for Firefox and especially Chrome, though perhaps not to the same extent as ActiveX.

What is the problem with push notifications? I use them on some sites, and they are pretty convenient sometimes.

For example on Lichess/Discord Web App.

 

[David H. Lipman]

Push Notifications are highly abused. 
Many unscrupulous sites use social engineering to goad one to Allow the notifications that become persistent and many are malicious such as FakeAlerts. 
Most are nothing more than an Advertisement and Malvertisement vehicle,

[sman]

@Living_Computer read https://heimdalsecurity.com/blog/push-notifications-security-risks-how-to-disable/

[exile360]

Please refer to this Malwarebytes Labs article as well as this Malwarebytes Labs article.

Just about every day we see more users who think they are infected because they constantly see notifications in their tray and browser that they don't know the source of, trying to scam them, telling them that they're infected, advertising products that they don't want etc.  It's as bad as the old ZLOB Trojan from years ago, but far easier for the bad guys to abuse since it is already built into the browser.  This means they don't even have to infect the system with anything to get such a presence on the user's system.  They just have to convince the user to allow notifications for a website.

[Living_Computer]

Oh, i use them quite a bit. On legitimate services they are really convenient.

And by trusting a web site with notifications, i don't have to let them install software on my system and risk getting infections and all kind of stuff.

If they bother me i can disable them with like 3 clicks.