homepage Welcome to WebmasterWorld Guest from 54.234.128.25
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

This 61 message thread spans 3 pages: < < 61 ( 1 [2] 3 > >     
Internet Explorer -- is anyone actually using it?
yet another security hole discovered
luma




msg:575957
 10:23 am on Apr 5, 2002 (gmt 0)

Is anyone actually using the Internet Explorer? I hear it's quite good at rendering pages and easy to use but what good is it if you can't use it to surf the Internet?

Today, another security hole was mentioned on German online news magazines. So this is probably the 10th security issue in two months. I don't use Windows much so virtually every time I boot into Windows and want run "WindowsUpdate", I will have to install yet another security fix.

If the Internet Explorer was anything but software (and installed by default and being almost impossible to remove) everyone would file law suits and demand a saver product. Why/How can Microsoft deliver such a piece of cr*p?

Here are some of the headlines (from German online news magazines) from the last two months. And this is without the Messenger, Outlook, Office and general Windows security holes:


Golem Network News -- 05.04.2002, 09:55
Sicherheitsloch im CSS-Interpreter vom Internet Explorer
[golem.de...]

heise online -- 29.03.2002, 14:58
Sicherheitspatch für den Internet Explorer
[heise.de...]

Golem Network News -- 11.03.2002, 10:24
Sicherheitsloch im Windows Explorer
[golem.de...]

Golem Network News -- 05.03.2002, 10:17
Sicherheitslücke in Microsofts Java-Machine
[golem.de...]

heise online -- 04.03.2002, 16:26
Internet Explorer führt lokale Dateien aus
[heise.de...]

heise online -- 22.02.2002, 13:03
Neue Sicherheits-Patches von Microsoft
[heise.de...]

Golem Network News -- 22.02.2002, 11:11
Drei neue Sicherheitslücken in Microsoft-Produkten entdeckt
[golem.de...]

heise online -- 12.02.2002, 15:49
Internet Explorer: Neue Patches, neue Lücken
[heise.de...]

And don't tell me you are using some "personal firewall". It's nothing but an illusion of security and will provide hardly any real security if you allow your browser to pass traffic through it.

 

mivox




msg:575987
 9:19 pm on Apr 5, 2002 (gmt 0)

I'd say the principle is a bit more malevolent that. For those bent on destruction, any place of concentrated resources is the spot to attack.

Hehe... do what I did: Buy a Mac, move to B.F.E. Alaska, use Opera as your browser & Eudora for your email. I'm INVINCIBLE!!!! ROFL...

(Well, except that my website & email are hosted in New Jersey...)

nwilson




msg:575988
 9:27 pm on Apr 5, 2002 (gmt 0)

alot of talk re: ms are attacked 'cos they're popular. I agree.

However, look at servers... Win servers most certainly are not the most popular and they get knobbled everytime someone can be arsed to try....

hahahahah

msr986




msg:575989
 9:30 pm on Apr 5, 2002 (gmt 0)

mivox, if everyone did that, they'd find a way to get you. ;)

brotherhood of LAN




msg:575990
 9:57 pm on Apr 5, 2002 (gmt 0)

I agree that IE is preferrable, though MS products can sometimes be a bit tedious, like frontpage and access

someone quoted figures for netscape, the figures are higher for edu sites, alot of the schools seem to use netscape.

i totally agree with MS software being exploited purely because of its wide usage

all things aside, if its compatible, count me in ;)

mivox




msg:575991
 10:18 pm on Apr 5, 2002 (gmt 0)

they'd find a way to get you

Mmm... Not once I complete my tinfoil-lined, underground igloo arctic ice-bunker, they wouldn't.

That said, before I switched to Opera, IE was my preferred browser, but it's a much safer animal on the Mac platform.

tedster




msg:575992
 10:29 pm on Apr 5, 2002 (gmt 0)

Here's one that really bugs me - I downloaded a recent patch for Explorer, but when I tried to install it, I got the message that there was no IE6 on my machine, so it wouldn't install.

So I got a buggy patch for a buggy browser!

In the past month, I got infected with a worm twice, and both times happened when I forgot to return to Opera after checking sites in IE. I do know better. I know my IE6 has security problems, so I try never to use it for general browsing. However, when I'm checking PR, what am I gonna do?

Next week I'm visiting my business partners and they have broadband. Guess I'll download a whole new IE installation then.

littleman




msg:575993
 10:57 pm on Apr 5, 2002 (gmt 0)

Want peace of mind? Give up on MS, you will never have security as long as the source is closed.

Key_Master




msg:575994
 1:50 am on Apr 6, 2002 (gmt 0)

I agree 100% with what Brett said- every word.

corvo




msg:575995
 2:32 am on Apr 6, 2002 (gmt 0)

As opposed to the software holy wars that seems to have been spawned by this thread, i took the main issue to be the responsibility of a company producing a flawed product, any company.
i would love it if someone could show me another line of goods that can cause thousands of dollars worth of lost productivity and not cause a major backlash.
MS are not the only ones to release bug ridden software ofcourse (look at Oracle), they just have a huge market share. finally it seems to have become a big enough problem for gates to write a memo on "trustworthy computing". it will be nice to know that when you are using final release software you are not someones outsourced quality control program.

back to my first coffee of the day.

tedster




msg:575996
 4:59 am on Apr 6, 2002 (gmt 0)

Bill's got the FBI warning people off Microsoft products [webmasterworld.com]. He's got to do something!

joshie76




msg:575997
 10:15 am on Apr 6, 2002 (gmt 0)

Standards compliance? Who else has implemented P3P?

I think without doubt IE is easily the most standards compliant browser. MS are pushing open standards everywhere like SOAP etc.. It's also the most forgiving browser (which could well be the origin of some of their problems) - I'd personally be happy for this to go and have a totally strict protocol. Admittedly, they've added some of their own non-standard stuff too but believe me if you ever get the chance to work on an IE only web-native application you will fall in love with this extra stuff.

>> In the past month, I got infected with a worm twice

That amazes me. I know there are holes in IE but I'm yet to meet someone whose fell victim to a hole in IE. A recent review of IE builds in our organisation showed we had a handful of people who just hadn't patched since the first release; yet nobody had any problems (obviously) we've patched them up now.

tedster




msg:575998
 12:15 pm on Apr 6, 2002 (gmt 0)

Well, you should have seen the web neighborhoods I took my unpatched IE into. Down by the docks at 3am! I think the first one may even have called out for the second one.

Jeepers




msg:575999
 5:49 pm on Apr 6, 2002 (gmt 0)

By joshie76. I think without doubt IE is easily the most standards compliant browser... It's also the most forgiving browser... Admittedly, they've added some of their own non-standard stuff too...

A fully standards compliant browser should not be able to forgive sloppy code as it immediatly throws the standards out of the window and becomes non compliant, also the fact that they have thrown in non standard stuff remove the compliance.

IE is also not free. You buy a bare bones box or build one yourself, you then have to pay for the Windows CD (legally), you are paying for all that is on the CD not just the OS, when you buy with bundled software or the OS installed your still paying for it.

Personally I could not care less which is and isn't compliant, I write for IE and fix the bits that don't work on NS, it annoys the h*ll out of me that I have to do that but it's easier than writing 100% compliant code. At the end of the day at least 88% of browsers in use are IE so if I can't fix my code to work on non IE browsers I'm only losing a maximum of 12%, but most things are fixable anyway.

BTW when you preview your post and then use the back button as suggested you lose your post. You all probably know that, but this is the first post I've made on this forum so please forgive me for preaching to the converted.

There is only one reason I don't like NS and that is because of all the extra work I have to do because it it so compliant

EX_S




msg:576000
 3:59 am on Apr 9, 2002 (gmt 0)

Aah, another browser war thread :)

I was a staunch NS 4.7 user, and wouldn't change to MSIE for a very simple reason: MSIE doesn't do enough to tell me what's going on. For downloads, it's got a little blue progress bar that slowly fills up at an arbitrary rate. I won't know whether my connection has stalled or not as the blue bar is still filling up slowly. And what's with the MSIE 404 error pages? If the server throws up an error code, I want to see it for myself, not my software's interpretation of it. Regardless of its other merits, information blockout makes MSIE frustrating to use.

The earlier releases of Mozilla had an excellent download display and a readout of the total load time. Not sure why Netscape 6 ditched it. Opera's readout is also good; you get a readout of kb/s download speed and number of images remaining. It's only problem is when the connection stalls (instead of reading 0kb/s, the previous speed simply decays).

I would go so far as to say that I'd like to see a mini Go!zilla style download graph telling me exactly what's going on with the connections. A one-click instant traceroute for troublesome servers would also be nice. :)

joshie76




msg:576001
 8:05 am on Apr 9, 2002 (gmt 0)

"Well, you should have seen the web neighborhoods I took my unpatched IE into. Down by the docks at 3am!"

I was wondering what you were up to! Thought it best not to ask ;)

Re: The 404 error messages. I thought you only go the MSN screen (which I find quite handy if I'm guessing URIs) if the server response was just a simple 404 - any custom error message would override it.

tedster




msg:576002
 8:24 am on Apr 9, 2002 (gmt 0)

> There is only one reason I don't like NS and that is because of all the extra work I have to do because it it so compliant

Welcome to the forum, Jeepers.

I agree with you very much. In fact, I've never liked IE, and I usually avoid it. I agree with EX_S on this one - IE hides too much important information. It's almost as bad as teaching my Mom how to use her AOL account.

That's one thing I love about Opera. You want to see what's happening under the hood? No problem?

Eric_Jarvis




msg:576003
 11:46 am on Apr 9, 2002 (gmt 0)

OK

I use Windows at home...before that I used MS DOS...at work we have a system that by my choice will be entirely Windows 2000 from next week

so you can't call me an MS knocker...I use the operate syatem because it is the best available option

but I have every right to criticise MS for their utterly ludicrous default settings, their complete inability to get to grips with multi-user systems, and their misunderstanding of the web and the Internet

if I didn't want to use their software I simply wouldn't care...I just want them to get it right...to understand that we are all working in different ways, and would like the chance to have a little more control

...and to stop selling Front Page, of course :)

backus




msg:576004
 1:07 pm on Apr 9, 2002 (gmt 0)

IE6 is extremely stable, and for me works fine as a browser. After hearing everyone go on about Mozilla 0.9.9, I downloaded it. Same errors as before. I load up certain pages which work fine in IE, and they crash on Mozilla. None of the plugins work properly. Flash is even slower on Mozilla, if it works at all. It's a mess! You can't possibly force something like that on someone! IE does what it is supposed to do, and does it very well. If it crashes for someone, then it's probably because you messed it up somewhere, by installing freeware which contain SR ad programs.

AlbinoRhyno




msg:576005
 5:01 pm on Apr 9, 2002 (gmt 0)

The MSN search is easily changed by going to Tools / Internet Options / Advanced and changing it there. In fact, most of the "simple" things that people complain about cn be turned on / off by going there.

Somewhat unrelated thought - Does anyone actually agree with the train of thought that it should be illegal for MS to bundle IE with Windows? If so, how would any new computer surf the web? It would make no sense for browser makers to pay computer companies to bundle their browser since the browsers are free, and no one could go download Netscape (or IE for that matter) since they don't have a browser. Basically, we would see either a proliferation of AOL users due to their agressive cd-marketing strategy, or an increase of cds in the mail as every browser manufacturer starts sending them to every address...

I like the current options. Besides, if anyone has a right to sue MS for using their "monopoly", it's Hoyle. Freecell and Solitaire are definitely not an important OS function, and think of all the people who don't buy Hoyle products as a result of a bundled solitaire? ;)

pcguru333




msg:576006
 5:46 pm on Apr 9, 2002 (gmt 0)

It is off topic, but I highly disagree the Supreme Court ruling on Microsoft being a monopoly and there is no harm in bundling IE with the OS.

Who pushes the use of one browser over another? Uninformed users will stick with IE or start using AOL the second it hits the mailbox. But a great majority of users are from work, schools, libraries, etc. Those PCs are setup by IT personnel that make informed decisions.(Schools are always behind in technology, thus the high use of netscape.)

Those decisions are based on ease of use and support, as well as compatibility with the OS and other software (ie MS Office, etc)

This doesn't address Macs or other machines, but I am speaking on the majorities

My praise goes to Microsoft for helping to standarize the world of PCs. I also applaud those that truly compete with Microsoft and help push the envelop and improve competition.

papabaer




msg:576007
 6:36 pm on Apr 9, 2002 (gmt 0)

I have to agree regarding IE & Windows: I would expect an operating system to be capable of navigating the Web.

I use Opera for the features and speed (amazing!), but I do respect IE6's rendering capabilities, and I still just may type an url into the address bar of any open windows folder simply because it's there... and I can.

I feel strongly however, about "forgiving browsers" and place much of the blame of the preponderance of sloppy coding on their existance.

A little "tough love" would have brought us all to some form of standards much earlier... and with much less squawking!

Now it's like taking a pacifier away from a spoiled toddler. Bwaaaaaaaah! I don't want to write valid code!!! I never had to before...! Bwaaaahaaahaaahhh! ;)

wasmith




msg:576008
 2:06 am on Apr 10, 2002 (gmt 0)

>> So I got a buggy patch for a buggy browser!

ROFLOL, isn't updating MS lots of fun.

wasmith




msg:576009
 2:29 am on Apr 10, 2002 (gmt 0)

The problem comes down to managing usability and risks. If google were to measure how many systems it could collect information about in the "C:\my documents\" directory the number would be scary. It's going to take something like 9-11 to wake people up to the risks on most of the versions of IE that load from the win98/setup.exe, 95, xp, or w2k.

The problem is a bit bigger than just IE. Then OS is designed to pass objects to libraries that can open them. If the lib is not secure, it makes little difference what the front end is. Everybody has their own idea about the best support programs to use to open files. I would compair it to p2p file sharing, the potential for security errors is very big; increase the programs for p2p and you increase the potential.

joshie76




msg:576010
 8:07 am on Apr 10, 2002 (gmt 0)

In 'Weaving the Web', Tim Berners Lee states something along the lines of his vision of the internet being that 'browsers' would no longer exist and the WWW would be seamlessly integrated into the OS of computers. Seems the high courts disagree.

knighty




msg:576011
 8:28 am on Apr 10, 2002 (gmt 0)

>>A little "tough love" would have brought us all to some form of standards much earlier... and with much less squawking!

Papabear, while it would be nice to have everyone contributing to the web with standard code to do so is to censor the web.

The Internet is a massive communication tool, anyone can post anything from anywhere in the world.

Should we punish friends and family because the photos they uploaded of their new baby don't comply with the W3C? Perhaps we should clamp down on Charities trying to use the web but doing it themselves? Or what about those nasty Sandra Bullock fan sites?

Lets ban them all from the web!

Lets turn a free mass communication tool into an elitest club where only those with the right handshake can get in.

Yes, those who call themselves "web designers" should be coding correctly but lets not forget the reason why browser's where invented in the first place - to access the web!

papabaer




msg:576012
 9:36 am on Apr 10, 2002 (gmt 0)

knighty, another perspective, the one I intended, would make it easier for anyone to post "family photos" or any sort of free expression to the web by removing the "mysteries" of html coding.

Much like attempting to learn the English language, the exceptions, not the rules, are by far, the most difficult - ain't they?

Clear structure and formal rules are just that, and as such are far easier to learn than the hacks, the work-arounds and the general "jump-through-the-hoop" nonsense we have come to accept as the necessary evils of Web Authoring.

It has been the "forgive-this-sloppy-code" but "don't-render-that-sloppy-code" inconsistancies that has made Web Authoring so foreboding for many newbies.

Forgiving browsers and "devil-may-care" attitudes have done more to make the web a confusing, and less welcoming place, than anything else.

Rules bring order.

Take the four basic rules of XHTML as an example:

  • XHTML elements must be properly nested
  • XHTML documents must be well-formed
  • Tag names must be in lowercase
  • All XHTML elements must be closed

These four simple rules alone clear up much of the confusion of writing valid code, but if an attribute is left "unquoted" will the page still display? Yes... and to this I say, "A pity: another learning opportunity lost!"

I would rather see the page fail because of the oversight, not forgiven and rendered regardless. This is what I mean by "tough love."

How long do you think it would take before anyone coding their first webpage would "learn" to quote all attributes, close all tags, and properly nest elements? Far from being elitest, quite the contrary in fact, I see this as absolute fairness for all.

In a perfect world, budding Web Developers would be concentrating on learning advanced techniques, not advanced "hacks" and work-arounds.

Web Standards is an attempt to bring order out of chaos, reason out of insanity and thereby making it less intimidating and far more welcoming to those who wish to write their "great web novels" or post family photos.

From my years of working as a "trouble shooter" I can tell you, I was always much happier knowing conclusively "why something did not work" as opposed to "wondering why it did."

Forgiving browsers are anything but in the long run. Allowing, even encouraging, bad coding habits is not in anyone's best interest.

Tough love gets a lot easier after the first few lessons....

Let's not even get into using HTML as a layout tool for all these years... Just try to explain to a newbie why they need a dozen transparent.gifs to make that table display properly so the picture of the "new baby" lines up with the photo of "Dad" and not opposite the photo of "Uncle Tim." I never did trust that lecherous son-of-a-don't-cha-know! ;) Don't cha?

knighty




msg:576013
 12:17 pm on Apr 10, 2002 (gmt 0)

>>In a perfect world, budding Web Developers would be concentrating on learning advanced techniques, not advanced "hacks" and work-arounds.

There in lies your mistake....assuming that people want to learn ;)

People are lazy, nothing new there. I have friends who like to publish stuff once or twice a year. They want to open front page insert a couple pictures, maybe some text and links to other sites.

They could not care less about proper syntax or nesting tags properly, they just want it to work. If they had to learn anything then its too much like hard work and they probbably wouldnt bother.

I hate Front Page and I hate sloppy code but for those people who are not "budding web designers".

I see no reason why they should not be "forgiven" for the lack of knowledge or understanding about a field in which they have no interest.

backus




msg:576014
 12:25 pm on Apr 10, 2002 (gmt 0)

As far as I am concerned, every MS product has a function. Only an idiot would use MS Access for a medium/large business. Only an idiot would use Frontpage for designing professional websites and MS knows that. The promote Frontpage as a tool for a family to design their own personal page. Frontpage is the Fisher-Price web design software.

nwilson




msg:576015
 12:34 pm on Apr 10, 2002 (gmt 0)

I see no reason why they should not be "forgiven" for the lack of knowledge or understanding about a field in which they have no interest.

Personally I think anyone using FP should be whipped senseless with a knotted rope. :)

Is it universal or unique to Denmark that almost every small business site is built with that monstrosity?

I reckon it must be government issue over here!

(hey, I seem to have become a full member, wahoo!)

luma




msg:576016
 9:15 am on Apr 11, 2002 (gmt 0)

First, let me point out that my main point was indeed lack of
security in MSIE (and Microsofot products in general).

Now it's been almost a week, and guess what:

heise online -- 10.04.2002, 18:11 
Zehn neue Sicherheitslücken im Internet Information Server
[heise.de...]

That translates to "ten (10!) new security holes in IIS".
And yes Microsoft claims them to be critical. They range from
buffer overflows and possible DoS attacts to executing
arbitrary code on the server. Nothing unusual.

Let me add a quote from Bruce Schneier (CRYPTO-GRAM January 15, 2002)
Honestly, security experts don't pick on Microsoft because we
have some fundamental dislike for the company. Indeed, Microsoft's
poor products are one of the reasons we're in business. We pick on
them because they've done more to harm Internet security than anyone
else, because they repeatedly lie to the public about their products'
security, and because they do everything they can to convince people
that the problems lie anywhere but inside Microsoft. Microsoft treats
security vulnerabilities as public relations problems. Until that
changes, expect more of this kind of nonsense from Microsoft
and its products.

So I agree with Brett. Microsoft Windows should have stayed a single
user/single machine OS. They should put up a warning sign, telling
people that Windows can and will not protect their data from anyone
that can access the PC in person or via network. Microsoft Windows
is and will always be a single user/single machine OS. Face it.

Crazy_Fool: i expect that if netscrap and other browsers were
as popular as IE, hackers would find just as many security holes in
them as they manage to find in IE.

I strongly disagree. For example, most Internet servers use Apache.
Jet more IIS servers are being attacked, cracked, defaced, you name
it. If you were right, Apache servers should be constantly down.
Quite the contrary is true.

markd: I wish everyone in the entire world would use Internet
Explorer.
I wish everyone in the entire world would drive
the same car. ;)

Marshall: Did you ever wonder if some of the hackers are
Netscape or other browser programmers just out to give MS a bad
name.
Or any twelve year old kid in the neigboorhood.
I guess it's the latter.

JeremyL: I use IE and why wouldn't I. Big deal if there
are security issues. I hit windows update and in a minute or two they
are fixed.
That will make you a big exception. Check your
browser stats. How many of the MSIE users have applied any patch?
Next to zero.

joshie76: I know there are holes in IE but I'm yet to meet
someone whose fell victim to a hole in IE.
They will eventually:

heise online -- 10.04.2002, 17:22 
Sicherheits-Studie: Hybrid-Angriffe im Kommen
[heise.de...]

This article (sorry in German) ends with (free translation): more and
more home users fall victim to black hats: hybrid attacks (DoS, active
worms via security holes, email worms) increase as an ever growing
number of Windows PC is being connected to the Internet. These
standard PC systems often haven't had a security update for months.

Trust me, we will see some HUGE attacks in the near future. All
these cable/flat users with their Windows boxes, MISE, OE, and file
sharing (gnutella, morpheus, winmx, KaZaA, ...) activated are just
begging to be attacked.

Of course, neither Microsoft nor the users that haven't installed
security patches in years will be held responsible. It's either
gonna be some "terrorists that declared war on CyberSpace"
(meaning $$$ for lots of 3-letter-agencies) or some script kiddie.

joshie76: MS are pushing open standards everywhere like SOAP
etc..
As long as they have to. They can stop tomorrow. I am
still waiting for .doc, .xls and other formats being documented on
Microsoft's web site so everyone can import/share these documents.

joshie76




msg:576017
 9:21 am on Apr 11, 2002 (gmt 0)

"As long as they have to. They can stop tomorrow."

I don't understand (doesn't make sense)?

They don't have to at all, they are choosing to do so because people like us moan if they don't. Isn't that what we want?

This 61 message thread spans 3 pages: < < 61 ( 1 [2] 3 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved