| This 61 message thread spans 3 pages: 61 (  2 3 ) > > || |
|Internet Explorer -- is anyone actually using it?|
yet another security hole discovered
Is anyone actually using the Internet Explorer? I hear it's quite good at rendering pages and easy to use but what good is it if you can't use it to surf the Internet?
Today, another security hole was mentioned on German online news magazines. So this is probably the 10th security issue in two months. I don't use Windows much so virtually every time I boot into Windows and want run "WindowsUpdate", I will have to install yet another security fix.
If the Internet Explorer was anything but software (and installed by default and being almost impossible to remove) everyone would file law suits and demand a saver product. Why/How can Microsoft deliver such a piece of cr*p?
Here are some of the headlines (from German online news magazines) from the last two months. And this is without the Messenger, Outlook, Office and general Windows security holes:
Golem Network News -- 05.04.2002, 09:55
Sicherheitsloch im CSS-Interpreter vom Internet Explorer
heise online -- 29.03.2002, 14:58
Sicherheitspatch für den Internet Explorer
Golem Network News -- 11.03.2002, 10:24
Sicherheitsloch im Windows Explorer
Golem Network News -- 05.03.2002, 10:17
Sicherheitslücke in Microsofts Java-Machine
heise online -- 04.03.2002, 16:26
Internet Explorer führt lokale Dateien aus
heise online -- 22.02.2002, 13:03
Neue Sicherheits-Patches von Microsoft
Golem Network News -- 22.02.2002, 11:11
Drei neue Sicherheitslücken in Microsoft-Produkten entdeckt
heise online -- 12.02.2002, 15:49
Internet Explorer: Neue Patches, neue Lücken
And don't tell me you are using some "personal firewall". It's nothing but an illusion of security and will provide hardly any real security if you allow your browser to pass traffic through it.
The number of holes, exploits, virues, and privacy problems that IE has experiences is overwhelming.
How could Microsoft allow this to happen?
We are not talking about the little programming shop on the corner. This is a multinational, established, brand leader in it's industry. How could Microsoft put out such apparently shoddy programming?
I think in order to understand it, we have to look at the Microsoft culture. For two plus decades, Microsoft has been writing for microcomputers. 95% of that time, Microsoft programers have had to concern themselves with one man - one machine.
There were no considerations needed for logins, security, or multi-user environments. It wasn't even until the late 80's that MS put out a solid networking system. Even that networking was for a closed loop environment where the biggest concern was file sharing - not security.
During MS's massive growth during the 80's, who did they hire? They hired green horn, fresh off the farm college boys in Bill Gates' image. Most of whom grew up on one user - one machine computing. They were the high school kids that toyed with the first commodores, apple 2's and ataris.
That culture instilled itself as much as cement in the cornerstones of the building. Many of those programmers entire life experience with computers could be spelled with two letters: pc. Not only did they hire guys fresh out of college that had done nothing but pc programming, they were the same guys that taught the new guys.
Desktop security in that environment was defined by the latest screen saver or keyboard lock utility - all hail SideKick!. They didn't have the training in multiuser, networked environments. It wasn't their game.
Suddenly, in the mid-90's, after years of single user programming, Microsoft found themselves a day late to the internet party without an invitation. When MS did sit down to begin work on internet software, they went to the same guys who'd been programming for one user - one machine for two decades.
That scramble turned panic when Gates called all hands to battle stations in 97. As they went to work in earnest on internet software, they did so in the rushed, hurried, gotta have it yesterday environment. "We'll fix it in the upgrade" became the battle cry.
That code that was produced out of the one user - one machine Microsoftie culture of the 80's, still lives on in many of MS's products today. We see error after error, virus after virus today because the work never went into the core in the first place.
That's no consolation for those of us that would like to use their products, but it does put a back drop on all the problems we continue to see with MS internet software. I just hope they get the worst of them found and fixed before something worse net wide happens.
I still think the OS itself is sound (98se is the best OS I've ever used), but until there is a track record of security, I am going to continue to use all the alternatives to Microsoft products available.
Offices use IE alot because MS have made it so easy for all that software to integrate with each other which means you can get alot more out of you software. Also, web based application generally can do more if designed primary for IE because it has more advanced handling and functionality.
Home users also use it alot because they will buy a PC with Windows and as such they will install IE. Most home users will surf with what they've got rather than going to the troble of downloading and installing new software.
I'd like to stress at this point I use MS even though I'm not keen on it.
yet again i hear the anti-microsoft brigade on the march ...
do these people shout and holler about netscape? how could netscape release netscrap 4.x, a browser that simply didn't work. why did it take them so long to release 6.x? why did they release 6.0, another browser that simply didn't work properly, was a pain to install, repeatedly crashed and still didn't display sites properly? how could such a large corporation neglect loyal users for so long?
the bottom line is that no browser is perfect, but they are all free. at least IE works, which is a lot more than can be said for the alleged competitor browsers.
so, is anyone actually using IE? yes, about 95% of my site visitors use IE.
i expect that if netscrap and other browsers were as popular as IE, hackers would find just as many security holes in them as they manage to find in IE. the thing is, there is no point hunting for security holes in netscrap or opera because usage is so low.
Crazy Fool said it all.
Netscape = 3%
IE = 95.4%
Rest = 1.6%
P.S. You left out the fact that the new Netscape English download is actually foreign and the other downloads don't download the actual browser. Painful.
there's one hell of a lot i've left out ... alas, there are only 24 hours in a day and it'll take all of them and more to rant about the problems with the various non IE browsers ...
From a 100% numbskull, technically inept basis, (ie. me!!) I wish everyone in the entire world would use Internet Explorer.
Everthing works first time (unless I have fouled up), I can use CSS, DHTML and Java without having sleepless nights.
Still doesn't excuse the holes and seeming lack of attention to detail, but even so...
Alas, I'm not the only fan of Internet Explorer.
Crazy_fool I have to echo everything you've said - you're clearly not a crazy fool.
Is anybody using IE? I wouldn't give a XXXX for anything else... and I've tried them all.
What I'd like to know is are the problems with IE laziness on the part of the programmers or are they legitimate bugs (lets face it 99% of software has some bug or other) that HaCkeRz have exploited?
I have seen a steep rise in Netscape 6 clients in my logs lately, and have started using it as my main browser as well. Its more standards compliant and parses faster.
In time i think quality will win, and since AOL is said to be switching from IE to Netscape and the Gecko engine (it was bound to happen after they bough NS a few years back), we are all going to have to take NS 6 very seriously very soon.
Also, standards are becoming more important with portable devices hitting us bigtime in the future, so less i should think that designing for IE (meaning non-standard) will soon take a back seat.
I think there are two things that contribute to all the bugs in IE:
1) It is probably written in C++, a language that encourages security flaws through buffer overruns. Some other languages don't have that problem.
|We'll fix it in the upgrade" became the battle cry. |
That could be said of Netscape as well.
As for the browser wars, right now it's not a war. All the MS bashing isn't suprising. Reminds me of Monty Python's bit in Life Of Brian. What have the Romans ever done for us? Apart from the aquaduct, sewer system, roads, law enforcement...
Netscape has plenty of bugs, NS users are hesitant to mention them. As for the proliferation of malware targeted at MS browsers, why would anyone bother writing code targeted at NS users? Malware writers want recognition so they target the largest market.
As for AOL, adopting the Gecko engine may or may not occur, but if AOL changes the way their browser looks too much they risk confusing the user and that is a well documented no-no. Does anyone consider AOL FORCING Netscape on its users a success for NS? Seems like Micro$oft took quite a bit of heat for "forcing" their browser on us poor unsuspecting surfers.
Competition is a good thing though, the end user benefits. Until Microsoft is dethroned, they will remain the target of choice, however misguided the attackers are. :)
Personally, I have found IE6 to be by far the most stable and best performing browser of all. I regularly use all three "major" browsers (IE, Netscape and Opera) and still prefer IE6.
Netscape 6.0 was a major problem for me because it was so buggy and so obviously not ready for release. It was horrible and I was soured on their product for a long time after it. I've started using it again now and then because I like having alternatives, and I've found the newer release has fixed most of the problems.
Opera is a nice browser and I actually paid for the PRO version (don't like adware). I've started using it more and more, just because I don't like MS's decision to dump Java.
I do hope that AOL goes ahead with it's plans to replace IE, simply because I would like to see more competition in this area.
(edited by: rcjordan at 3:09 pm (utc) on April 5, 2002)
> Netscape 6.0 was a major problem for me because it was so buggy and so obviously not ready for release.
I think you hit the nail on the head there Richard. The release of Netscape 6 has left people with lots of negative feeling/experiences - a bit of a blunder really.
In defence of the Mozilla browser project the version I'm using now - 0.9.9 - nearly a year on from when Netscape 6 was released - is very stable, is not buggy and IMO conforms to the standards better than IE6.
I've not kept track of the security incidents with Mozilla - maybe I'll start to ... I can't help but feel that open source code where people have the chance to inspect and fix security problems for something that has become as integral to computer use as a web browser cannot help but be a good thing. Sure, holes may be found more easily by being open source - but the patches will be released 1000 times quicker than with closed source software.
|expect that if netscrap and other browsers were as popular as IE, hackers would find just as many security holes in them as they manage to find in IE. the thing is, there is no point hunting for security holes in netscrap or opera because usage is so low. |
Exactly my thoughts. It would be theoretically impossible to test a product for everything that it is capable of doing, especially an internet product. Look at how rapidly people/spammers/hackers adapt and refine their tactics.
It's basically a result of the culture - build something as fast as you can and release a patch to fix the problems that are going to show up a month later. Instead of having tests, just release it and you'll have a testing ground for free. If people stopped paying for the laterst release, and made a ruckus about companies not putting out quality product, there might be some changes. As it is now, there is no downside to releasing a buggy product. Look at all the Microsoft bugs, and has their marketshare fallen? No, in fact it has risen...
That being said, I'm not a MS basher. In fact, pretty much all my software (minus web development) is MS. IE 6 works perfectly for me, and is as standards compliant as it gets (to my knowledge). The only standards issue in previous (5.x) versions was the CSS box model, and who wouldn't get that wrong? Let's see, I specify my box to be 300px, then I add 25px margin on the inside of the box, suddenly the box is 350px wide? The W3C were the ones who screwed that up!
Software companies are rewarded for sloppiness. Look at SimGolf (addicting!) - already has two patches out which fix two pages worth of items. CivIII had at least two patches, fixing probably 10 pages worth of items. Apache has patches, and even Linux has security holes.
Did you ever wonder if some of the hackers are Netscape or other browser programmers just out to give MS a bad name.
Any windows user that really, genuinely thinks it's a sound and competent OS is either woefully (but probably happilly :-) unaware of the gaping wholes in the whole thing or just plain bloody minded.
I used Win for years and after toying with mac and finaly settling on linux I count myself lucky to be aware of the choice.
And that, in a nutshell is explains IE popularity, just becuase win users can choose doesn't mean they do. Check the logs, how many ie5.0's are there? Loads right... Most of the masses niether know nor care that they might even upgrade let alone change!
I don't hate microsoft. I applaud there beutiful, blatant and downright crafty and clever approach.
I just wish that the general public wern't so embarrasingly stupid.
not bad. i spent 15 minutes writing an articel for this thread, then i clicked "submit" and i got "the following fields are empty: password" when going back, my article dissapeared.
Probably a bug in IE :-)
sorry about your post, bitch when that happens huh?
>>Any windows user that really, genuinely thinks it's a
>>sound and competent OS is either woefully (but probably
>>happilly :-) unaware of the gaping wholes in the whole
>>thing or just plain bloody minded.
or maybe we're just not paranoid.
I use IE and why wouldn't I. Big deal if there are security issues. I hit windows update and in a minute or two they are fixed.
I just checked our website logs and 87% of our visitors are using some version of IE. I'd say LOTS of people are using it...
Does the fact that these browsers are free to download release the companies who produce them from responsibility for their security weaknesses and crappy performance? I don't know; maybe?
Their opinion has to be, "so what if the webmasters, users and competition look down on us for creating a bad product. They're not paying for it." And as was mentioned above, "Why should we pay for testing. Let the hackers test it; we'll fix it in the update."
Actually, Windows 2000 Pro and XP are finally excellent desktop operating systems. We run thousands of them at our company and the failure rate is exceptionally low. In addition, IE has proved to be a superior product for our users.
We performed testing on Linux, Unix and the Mac OS (I think the mac was OS7.5 at the time). Windows NT 4.0 and later 2000 was by far preferred by the users, was by far more stable, and had by far more products available. That actually was the main problem with the other operating systems - much less software was available.
As far as security and such are concerned, we use automated tools to keep the software up-to-date on all of the desktops.
Our systems are stable partially because they are totally locked down. We found that users who install their own products have many orders of magnitude more problems with the OS than those who don't. So when we rolled out new systems at Y2K we locked them down and the problems almost went away. The statistics changed by the same order of magnitude regardless of the OS.
I hear lots of complaining about windows, but in my experience when competently managed 2000 and XP are very good indeed. And that's the result of hard experience.
|Did you ever wonder if some of the hackers are Netscape or other browser programmers just out to give MS a bad name. |
Marshall, I think you've touched on a good point; after all, the king of the hill is the one to attack, and that is the attraction. It has (often) been argued that if other OS'es or browsers, enjoyed MS's popularity, they too would be subjected to similar attacks.
Never underestimate the resourcefulness of someone determined to wreak havok with the sole motivation of trying to "beat the devil." In this case, the devil is whoever's on top....
I've said it before and I'll say it again, there isnt two days that we dont see the Microsoft name somewhere in the press. That is their goal - make holes, do bugs, cause problems but stay in the media. They are already past the point where people just wont use them. Now its 'Easy enough to update'
:) come on, who cares of Hotmail is down for a few minutes - they got a full page advertisement on news.com maybe some new people will sign up for the passport/hotmail service now.
Yeah, you've gotta hand it to 'em.
I think eventually someone will make a simpler 'restricted' Linux distribution that with the right backing could floor MS Win in 10yrs but untill then they reign supreme....
hahah just like how they are running the anti-unix campaign you dont think there goal was for someone to notice it was BSD run - then the server breaks? and now its on Windows its all settled and fixed?
All that led to so much news on them.
There's is old axiom in theater - bad reviews are better than no reviews. Guess the business equivalent can be - bad publicity is better than no publicity.
> the king of the hill is the one to attack
I'd say the principle is a bit more malevolent that. For those bent on destruction, any place of concentrated resources is the spot to attack.
This is why genetic diversity is important to species survival, why terrorists look to transportation hubs for their mayhem, and why the Internet itself was created.
Microsoft is not a physical concentration of assets, but their near-monopolies in browsers and other business related software means their success has created a cyber-vulnerability of great magnitude. No matter how poor or good Microsoft's products may be, diversity is essential for our cyber-health in a world where not everyone has good intentions.
| This 61 message thread spans 3 pages: 61 (  2 3 ) > > |