June 29, 2004

THANKS, BILL:

Internet Explorer Is Just Too Risky: Until Microsoft proves it can fix IE's security bugs, you're better off using one of a few good alternatives as much as possible (Stephen H. Wildstrom, JUNE 29, 2004, BusinessWeek)

In late June, network security experts saw one of their worst fears realized. Attackers exploited a pair of known but unpatched flaws in Microsoft's Web server software and Internet Explorer browser to compromise seemingly safe Web sites. People who browsed there on Windows computers got infected with malicious code without downloading anything (see BW Online, 6/29/04, "What's the New IE Flaw All About?"). I've been growing increasingly concerned about IE's endless security problems, and this epsiode has convinced me that the program is simply too dangerous for routine use.

Historians looking back will one day wonder how we managed to achieve so much technologically despite the blight of MicroSoft.

Posted by Orrin Judd at June 29, 2004 12:08 AM
Comments

Having worked at the Evil Software Empire on a number occasions as a Mac programmer, I've concluded that the key to Microsoft's success has always been that it strives not to produce the best, but that it strives to produce the most good enough cheap enough. Good enough to use and usually get the job done, but not bad enough to make you switch to something different. They are counting on people being willing to shell out thousands of dollars in several hundred dollar chunks to keep fixing problems, and not paying the same amount in one big chunk that a switch would require.

They produce the K-Cars of software. The Mac is an Avanti, while Linux is a Chevy pickup that needs some bodywork to replace the duct tape.

(When WIndows 98 came out, they passed around simple white on black bumper stickers that said: "Windows 98-- So good the fed want to make it illegal." My Mac cooworker and I made our own version-- "Windows 98-- 90 dollars of digital duct tape." I displayed both all summer and I've still got them around here somewhere.)

Posted by: Raoul Ortega at June 29, 2004 12:50 AM

Once Microsoft won the browser war, they basically shut down the Internet Explorer group and reassigned the programmers. There is a little-known scandal in the computer security world about how Microsoft chronically drags its feet in fixing critical bug reports in Internet Explorer.

The Download.Ject worm uses a well-known variant of a cross-site-scripting (CSS) bug.

http://62.131.86.111/analysis.htm

When we finally remove the Script encoding it looks like this which we immediately recognize as the adodb.stream issue I reported on Aug 26 2003!! (red. Microsoft where's the patch??)

There are a several other major loopholes that have been reported in computer security forums, some more nasty than the one exploited by the current worm-du-jour.

But Microsoft has other priorities.

Posted by: Gideon at June 29, 2004 1:03 AM

I would encourage everyone to try FireFox. You can control pop-ups and cookies, and tabbed browsing is great!

Posted by: jd watson at June 29, 2004 1:34 AM

It could be argued that the Internet capabilities built into Windows 95 -- TCP/IP stack, good browser, etc. -- were in great part responsible for the first broad Internet awakening.

Microsoft has been expanding the IE team for some time, and there are a number of positions open.

How's your C++, Raoul? :-)

Posted by: Jorge at June 29, 2004 1:44 AM

From Jorge's link:

I'm returning to work on the Internet Explorer team. A team that I used to work on a few years ago and I'm very excited to be returning to the team where we clearly have much work to do.

Barn, meet door.

Posted by: Gideon at June 29, 2004 1:55 AM

Note that Mac IE and WIndows IE are two different products. There won't be any more Mac IE development at long as Apple has their own OS X browser (Safari).

Years ago I worked briefly with a Mac dev team (at an inland outpost of the Evil Empire) that was doing a prototype of a cross-platform port of Windows IE to the Mac. Was abandoned as too difficult/too incompatible/not worth the effort. I heard later that my little substitute registry library did make it into the Mac 4.5 release, so it wasn't a total waste of time.

I really don't like the way they develop software at the Evil Empire, even on the Mac side. Too much emphasis on hard deliverable dates means that when compromises are made the outcome can be predicted in advance. (See earlier posting on "good enough.") Quality Assurance is also a low priority. I had one project where they never did actually test my code. Lucky for me I was porting a tested Windows DLL, so only my Mac specific changes were at risk. But even then, weeks before the deadline, our client software exposed a Mac vs. Windows OS issue that got fixed with one ugly kluge. Testing would have found it in time to be done right.

Posted by: Raoul Ortega at June 29, 2004 2:55 AM

I'll second J.D.'s vote for Firefox...I've made the switch completely. It also has some great extensions, like the RSS Reader Panel so you can stay on top of a multitude of blogs.

Posted by: The Other Brother at June 29, 2004 5:47 AM

I've been using Opera lately which works quite well, except with the brothersjudd blog.

Posted by: Governor Breck at June 29, 2004 7:12 AM

Firefox is nice - download it at mozilla.org. There is also an email client there (Thunderbird, but I haven't tried it yet) that sounds good.

I haven't missed IE since I switched from it months ago.

The thing that surprises me about all this is the corporate reaction; why aren't they screaming bloody murder? Why do they put up with this b.s., having to apply emergency patches on an almost weekly basis? It's ridiculous. People's expectations for client software on desktop Windows machines are way, way too low.

Posted by: Jeff Brokaw at June 29, 2004 8:12 AM

Governor,

What problems do you notice with Opera? I just tried it and noticed that it cuts off the bottom of the page...you can see the whole page in full screen mode. I'll try to figure it out, but my guess is that it's due to the page not validating...I had to remove the doctype declaration to get it to play nice with selecting text in IE!

Posted by: The Other Brother at June 29, 2004 9:30 AM

Jeff,

I've just started using Thunderbird (switched from Eudora) and am very pleased. The extensibilty of Thunderbird and Firefox make it easy for the community to add new features, which a corporation might never see a profit for.

Posted by: The Other Brother at June 29, 2004 9:32 AM

"known but unpatched flaws"

What else do you need to know?


Another vote for Mozilla Firefox. I switched because I got sick of IE, but now I love it.

Posted by: Bob Hawkins at June 29, 2004 2:25 PM

I switched to Opera because a review claimed that it was much faster at loading web pages than IE, and I have found it to be very much the case. the basic version of Opera is a free download, and it blocks popups like a champ. Opera does cut short the main page of brothersjudd blog, but if you go to the current month in archives, it puts up the entire thing.

Posted by: John Cunningham at June 30, 2004 2:17 PM

I have used Mozilla for about 3 years. It has improved continuously. I have not yet switched to Firefox and Thunderbird, because I think that the main Mozill product is more stable and mature and use most of its components anyway. Some of the advantages of Mozilla include:

Tabbed Browsing-- open links in tabs under the active page while you are reading.

Type ahead find. find words or links with out opening a search dialoge box.

search history through the address bar

Real WYSIWYG printing.

effective pop-up blocking

cookie management.

and the price is right. its free to download works on all platforms, and is upgraded frequently.

Posted by: Robert Schwartz at July 1, 2004 11:37 PM

I forgot higlighting a word or phrase on a web page and googling it with a right click.

Posted by: Robert Schwartz at July 2, 2004 12:11 AM
« IT'S FUTILE TO TRY COMING BETWEEN LEMMINGS AND A CLIFF: | Main | MAKE EUROPE HAPPY, ELECT THE ANTI-AMERICAN: »