homepage Welcome to WebmasterWorld Guest from 54.225.57.156
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

This 46 message thread spans 2 pages: 46 ( [1] 2 > >     
Debate : Recall IE?
Is it time to hold Microsoft Accountable?
Brett_Tabke




msg:561206
 3:54 pm on Jul 12, 2004 (gmt 0)

Resolved : after 7 years on the market Microsoft's Internet Explorer continues to falter on an almost weekly basis. Even Microsofts own attempts at fixes are problematic to the point one wonders if you we should apply a patch at all - because you know you will have to probably apply a patch to fix the patch!

Therefore, IE is so fundamentally flawed at it's origin and has cost business (imho) billions in productivity and loses due to virus propagation and exploits, that the US Govt should force a recall of the product.

 

Dudermont




msg:561207
 4:05 pm on Jul 12, 2004 (gmt 0)

Yes, it is too bad that microsoft actually integrated it more because of the antitrust case against them. When it was not part of the os they were breaking the law distrubuting it as a package. I don't know what they would be able to do now though, a service pack that disabled the build in ie and make a stand alone one? Hard to recall something that is part of the os.

lorax




msg:561208
 4:42 pm on Jul 12, 2004 (gmt 0)

Perhaps we should be asking who benefits from the users who have fallen prey to holes in IE and what relationship they have with M$?

kaled




msg:561209
 6:40 pm on Jul 12, 2004 (gmt 0)

There are few things in life more enjoyable than seeing MS take a bashing, but as a programmer, I have a problem with recalling Internet Explorer. You see, at some level or other, IE powers the Windows help system.

Of course, the old help system (pre IE) was, in many ways, much better, but if IE goes, presumably the chm format (compiled html) will go too......... BIG HEADACHE.

Kaled.

encyclo




msg:561210
 7:10 pm on Jul 12, 2004 (gmt 0)

Brett - have you read your EULA for IE, or for Windows? "Read it and weep" is the appropriate expression here: you've got no guarantees of suitability, usability or security.

Also, IE = Windows. If you want a recall of IE, you need to recall Windows. All of it. The integration is complete now, so there are no possible half-measures. So, are you saying that MS should be put out of business? Are you saying that every machine running Windows should be shut down, or banned from the internet until repaired? That every company using Windows shuts down it's IT infrastructure and replaces Windows with <insert other favorite OS here>?

digitalv




msg:561211
 9:54 pm on Jul 12, 2004 (gmt 0)

Brett, if you are so anti-Microsoft why do you use their products? And if you DON'T use their products, why do you care?

I can name more than a few major websites running UNIX or Linux that have been hacked, including CreditCards.com, which was running BSDi at the time. Should the author of the particular flavor of UNIX/Linux they were running be held accountable for their financial losses? Of course not.

Read the EULA - software is provided as is without any warranty. If you don't agree with that, don't install it, and don't use it. Installing it and then making claims of accountability reminds of the people who smoked for 50 years and then sued the tobacco companies.

claus




msg:561212
 10:10 pm on Jul 12, 2004 (gmt 0)

Allow me to suggest that MS might be in the process of recalling IE by themselves, simply by discontinuing the concept of "a browser".

It might be viewed as just another function call that's already in the Office apps, the help system, the file explorer, the media player, and who-knows-where including active desktops and whatever. MS don't really need a browser (as such) if/when the whole OS and the Apps running on it becomes internet-aware. Still, Longhorn seems as far away as it ever was.

All FWIW, and IMHO of course.

encyclo




msg:561213
 10:24 pm on Jul 12, 2004 (gmt 0)

Guess what? The new version 5 of Windows Update is online, and it is starting to check product IDs for Windows XP - meaning if you're using a warez copy, you can't update. So MS would rather have unpatched machines spewing out spam than allowing everyone to update. Not using XP so don't care about Product IDs? Well, the security patches for IE6 which will be included in XP SP2 are showing no sign of being offered to users of older Windows versions.

Of course warez copies of Windows are a bad thing, but it just goes to show that Microsoft care more about sales than they do about security.

As for comparing a hacked BSD server with IE, it's quite laughable. Of course all systems have potential vulnerabilities, but IE is a fundamentally insecure product by design.

if you are so anti-Microsoft why do you use their products? And if you DON'T use their products, why do you care?

Because we have to use their products to test our sites in their shoddy excuse for a browser. Because our colleagues, friends and family use Microsoft products, because Microsoft's problem is the internet's problem, due to their dominance.

"Go Secure - Go Mozilla", as the message now occasionally says in the top right-hand corner of the WebmasterWorld site!

digitalv




msg:561214
 10:43 pm on Jul 12, 2004 (gmt 0)

Of course warez copies of Windows are a bad thing, but it just goes to show that Microsoft care more about sales than they do about security.

Wouldn't you? I mean really, if you had spent a ton of money to develop a product, or even if you hadn't spent a lot of money but put your time into it, would you really give a crap about making sure the people who STOLE IT have the most up to date and secure version? I wouldn't. If you are going to steal from me maybe I can't stop you, but I'm sure as hell not going to upgrade your stolen copy.

As for comparing a hacked BSD server with IE, it's quite laughable. Of course all systems have potential vulnerabilities, but IE is a fundamentally insecure product by design.

If a security hole causes financial loss, why should one company be held liable for their holes and another one shouldn't? It makes no difference what the software is, how flawed it is in your opinion, how many holes there are, how easy an exploit was, etc. If you're going to hold one company accountable for flaws in their software, then you have to do it to everyone. Accountability goes way beyond browsers.


if you are so anti-Microsoft why do you use their products? And if you DON'T use their products, why do you care?

Because we have to use their products to test our sites in their shoddy excuse for a browser. Because our colleagues, friends and family use Microsoft products, because Microsoft's problem is the internet's problem, due to their dominance.

Don't mistake "have to" and "choose to". You CHOOSE to test your products with Internet Explorer. I thought you people were all pro-W3C and pro validation? If your page validates, then it will work in Internet Explorer - so you don't actually need to load up IE to test it out, the W3C validator does that for you. But even if there was no such thing as validation and even if IE didn't render the code the way the validator says it should, it's still a choice to make your page available to users of that browser - just like it's a choice for IE users to check their pages in non-IE browsers and make sure they work there too.

Some people choose to do it, others choose not to. Those who choose not to may be missing out on some visitors, revenue, etc., but either way you look at it it's still a choice.

I'm a Firefox user myself, but Internet Explorer is the number one browser by choice not by force. No one forces them to use IE, nor does anyone force them to use windows. It's in front of them and they use it, plain and simple.

bcc1234




msg:561215
 11:03 pm on Jul 12, 2004 (gmt 0)

Don't mistake "have to" and "choose to".

He-he. Do you really believe that statement yourself?
I "choose to" make money and that makes me "have to" use (at least test with) IE.

Just like I "have to" make money because I "choose not to" live in the street.

If it's 20% or even 50% user-base then it's a choice. When it's 95% then it no longer is a choice.

Saying otherwise is hypocritical of anyone who reads this board and/or has anything to do with the web.

digitalv




msg:561216
 12:35 am on Jul 13, 2004 (gmt 0)

He-he. Do you really believe that statement yourself?
I "choose to" make money and that makes me "have to" use (at least test with) IE.

Not only do I believe that statement myself, I practice it. I've only been a Firefox user for a month or two now, but I haven't used Internet Explorer since a few days after I installed it. I have no need to. I'm still making just as much money as I was before.

tedster




msg:561217
 12:52 am on Jul 13, 2004 (gmt 0)

If your page validates, then it will work in Internet Explorer - so you don't actually need to load up IE to test it out, the W3C validator does that for you.

That's not my experience. Wish it was!

bcc1234




msg:561218
 1:02 am on Jul 13, 2004 (gmt 0)

I'm still making just as much money as I was before.

Assuming that your work involves displaying pages to average computer users (we like to call consumers) - your are either a hypocrite or a fool. Please don't get offended.
I know it might look like I'm trying to insult you, but I'm not.

I described the part about being a hypocrite in my previous post.

The part about fool.
If you think that internal satisfaction of making a pseudo-religious statement regarding some software is more important than making sure your customers don't get any surprises - that makes you a fool in my book.

You see, if you forget to put ">" after the title element - Firefox (at least 0.8) will display the page just fine, but IE will display a blank page (under certain conditions). And HTML validator is only good for pages that are public and "semi-static" (ie, don't rely on sessions to display ALL of the contents).

So when I have a choice of firing up IE to check things out or logging in (or creating a session) with Firefox, saving the HTML to a file on my disk and then uploading it to the validator - I'll pick the former, and spend the rest of the saved time doing more productive things.

digitalv




msg:561219
 1:09 am on Jul 13, 2004 (gmt 0)

And HTML validator is only good for pages that are public and "semi-static" (ie, don't rely on sessions to display ALL of the contents).

So when I have a choice of firing up IE to check things out or logging in (or creating a session) with Firefox, saving the HTML to a file on my disk and then uploading it to the validator - I'll pick the former, and spend the rest of the saved time doing more productive things.

Actually that's not true ... it's all about what tools you're using to validate. If you install the Firefox extension "Web Developer Toolbar " one of the options right on the toolbar is validation and in addition to standard HTML and CSS validation, "validate local HTML" and "Validate Local CSS" are options. All you have to do is look at the page and hit a button - it will upload the LOCAL HTML output exactly as you see it in your browser and validate it. Simple. You don't have to worry about sessions or anything, just go to the page and hit a button.

You really DON'T have to use IE ever again.

bcc1234




msg:561220
 1:32 am on Jul 13, 2004 (gmt 0)

digitalv, read what tedster said.

I've been using Mozilla since before Firefox, Firebird, and Phoenix. And I still use IE to check how everything looks.

There are many things that have nothing to do with HTML that you need to test, like broken "keep-alives" over HTTPS.

Also, some options in IE disable download of certain files. And I don't mean a warning popup asking Yes/No questions. Some files (based on extensions) cannot be downloaded when certain "security" options are enabled.

We might like it or not (I guess most don't), but we have to know this stuff.

So as long as those schmucks with credit cards (I love consumers, in case you haven't noticed :) use IE - we have to use it as well.

Purple Martin




msg:561221
 3:14 am on Jul 13, 2004 (gmt 0)

Here's the problem with the idea of a recall: Microsoft have not sold any software to any of us. We did not buy our copies of Windows, IE, or anything else from Microsoft. We do not have, nor have we ever had, any contract with Microsoft. This means that we can't hold Microsoft accountable for any Microsoft products.

Some of you might be wondering what the hell I'm talking about. Basically, Microsoft only sells to licensed resellers, who then resell to the public. Microsoft does not ever sell directly to the public. For example, at home I have an old Dell machine running Windows 98 and IE5.5. I bought it from Dell, I didn't buy anything from Microsoft. This is a very clever ploy by Microsoft, because it means that they can get away with making shoddy products that aren't "fit for their intended purpose" (that's a key phrase in most consumer protection laws) and we can't do a damn thing about it.

kaled




msg:561222
 9:34 am on Jul 13, 2004 (gmt 0)

Certainly, so far as UK law is concerned, Martin makes a very good point.

However, let's think motor industry for a second. You buy cars from dealerships yet, if there is a fault (the gas tank has a habit of exploding, for instance - it's an MS gas tank) you don't sue the dealer, you sue the manufacturer.

In Europe, special rules apply to the motor industry, as, I imagine, they do in the US. Perhaps it's time for special rules to be applied to the computer industry. However, get those rules wrong and small independent software developers could vanish.

Kaled.

victor




msg:561223
 9:51 am on Jul 13, 2004 (gmt 0)

This seems very relevant at this point....

I picked up a book, discarded as obsolete, at my local library last week. Published in 1972, it attempts (with a fair degree of accuracy) to predict what computing will be like in the year 2000.

Here's the quote:

Now, in fact, it is not difficult to believe that the individuals comprising a car firm might, virtually to a man, believe singly that cars should be much safer than they are. Collectively, however, they have found it impossible to introduce many safety features, or even offer them as optional extras and encourage motorists to buy them, or even commit modest sums to the necessary basic research. Further, very commonly, car advertising, styling, and even the names of the models has been based on speed, power and aggression to the exclusion of virtually everything else, or to comfort luxury and superiority: very seldom to safety. It needed a Ralph Nader to force car manufacturers to begin to take their social responsibilities seriously.

We have described this at some length because we feel it is of particular importance to the computer industry -- hardware, or even more especially, software -- should not allow itself to get into a state where another Ralph Nader (or the same one) will be needed to force systems to be safe, accurate, reliable, and impossible to corrupt or misuse.

Computers and the year 2000. NCC Publications

Think about that: 32 years ago they foresaw the need for a software Ralph Nader. Instead, we got Bill Gates.

Wertigon




msg:561224
 2:11 pm on Jul 13, 2004 (gmt 0)

As for comparing a hacked BSD server with IE, it's quite laughable. Of course all systems have potential vulnerabilities, but IE is a fundamentally insecure product by design.

If a security hole causes financial loss, why should one company be held liable for their holes and another one shouldn't? It makes no difference what the software is, how flawed it is in your opinion, how many holes there are, how easy an exploit was, etc. If you're going to hold one company accountable for flaws in their software, then you have to do it to everyone. Accountability goes way beyond browsers.

The problem is not that IE got security holes; the problem is that IE is not designed with security in mind. In pretty much the same way a medieval town without any walls is wide open to bandits coming in to plunder them, IE is wide open for attacks. And the cost of securing IE (building a town wall) is so great it'd probably mean doing it all over from scratch. Whereas a security hole in Mozilla is easily fixed.

However, no matter how much we wish for it to happen I don't think we can get rid of IE. As has been said, the EULA makes it impossible to force Microsoft to do anything, and Microsoft has invested too much for this to ever back down.

That's my two cents.

Brett_Tabke




msg:561225
 3:39 pm on Jul 13, 2004 (gmt 0)

I'll ask again, becuase -- according to some informed sources -- this topic is going to come up in the mainstream soon.

Should Microsoft (or any software producer) be forced to recall a wildely defective product? Is so, who decides that it is "rotten to the core" like many of use feel IE is?

Gates once said something akin to "if a car or plane is radically defective, then people die; but, when a browers breaks, people don't".

I wonder how true that is?

bakedjake




msg:561226
 3:44 pm on Jul 13, 2004 (gmt 0)

I wonder how true that is?

What good would a recall do?

I mean, the last 3 big worms and the coverage on CNN couldn't convince people to properly patch.

What makes you think "Warning: Return your software, it is being recalled" is going to motivate people any more than "Warning: Virus on the loose, patch your computer".

Recalling software isn't going to make people any less apathetic or stupid.

encyclo




msg:561227
 8:09 pm on Jul 13, 2004 (gmt 0)

Can you split IE and Windows, now that Micsoroft has fused the two for mostly non-technical reasons? Of course, MS plays both sides on this issue - they say IE can't be removed because it is an integral part of the OS, but they treat it differently in terms of support and updates.

It would probably be advantageous to Microsoft that in this instance IE is seen as apart from Windows, so they could minimise the impact of the vulnerabilities and say that Windows itself is still secure.

Personally, I see it that Windows is defective, and so if there were to be some kind of a recall, it should be for Windows not just IE. That would hit MS much, much harder, as Windows is their main product.

But of course, as Jake says, what impact would a recall have? Neither the US government or the EU commission have been able to reign in Microsoft - even the latter's recent $400 million fine is a drop in the ocean compared to the $55 billion in the bank.

The only effective action against Microsoft would be from businesses and consumers. A massive loss of confidence in Windows would be the only way to break Microsoft, but to get that, I fear we'd have to have a massive attack on the internet infrastructure and Windows machines first. The current exploits would be minuscule by comparison.

Anyone want to start a Google bomb for "Security nightmare" linking to microsoft.com?!

pleeker




msg:561228
 9:13 pm on Jul 13, 2004 (gmt 0)

I realize there are about 3-4 different Microsoft / IE threads going now, so feel free to move this if it belongs in one of the others ... or if it's been mentioned already. (I haven't seen it....)

TechWeb article: IE's Market Share Drops, Security Gaffes To Blame [techweb.com]

It's a tiny drop, but you have to start somewhere....

webdevsf




msg:561229
 9:28 pm on Jul 13, 2004 (gmt 0)

Should Microsoft (or any software producer) be forced to recall and wildely defective product? Is so, who decides that it is "rotten to the core" like many of use feel IE is?

This is a ridiculous, nonsensical, baiting question. The answer is clear - we all decide every day.

You can't recall a browser. What the heck does that mean? Force everyone to uninstall it?!

Gates once said something akin to "if a car or plane is radically defective, then people die; but, when a browers breaks, people don't".

I'd like to challenge you to find the exact source of this quote. Otherwise, its just a straw man.

Purple Martin




msg:561230
 11:20 pm on Jul 13, 2004 (gmt 0)

Should Microsoft (or any software producer) be forced to recall and wildely defective product?

Taking that question by itself and ignoring the obvious practical difficulties, the answer is a big YES. People have a reasonable expectation that stuff they buy works OK.

If so, who decides that it is "rotten to the core" like many of use feel IE is?

You'd need a legal expert to answer that one, but my guess would be a regulatory consumer body (office of trading standards, or whatever you want to call it).

Gates once said something akin to "if a car or plane is radically defective, then people die; but, when a browers breaks, people don't".

So what? If my fridge breaks a week after I bought it, I'm entitled to a replacement/refund. If my telephone broadcasts my conversations to the entire city, I'm entitled to a replacement/refund. Heck, if my ballpoint pen doesn't do it's job, I'm entitled to a replacement/refund! Why should software be any different? Talking about people dying is just irrelevant emotive b.s.

Brett_Tabke




msg:561231
 12:21 am on Jul 14, 2004 (gmt 0)

John Mueller also said he wholeheartedly agreed. "The idea that a manufacturer can knowingly sell a defective product (be it software or automobiles) is ridiculous," he wrote. "Microsoft continually produces and markets a product that it knows does not operate as it should. I depend on my PC for almost everything now, including, but not limited to: my livelihood, my entertainment, my finances, my communications, my creativity. This is too much to ask that my 'engine' will work in the 'car' it came in?"

[64.233.167.104...]

webdevsf, can't find that quote anywhere after a half hour of trying. Maybe it was in video? It was way back during IE 3 or 4 and one of the huge first holes was found in IE. A reporter asked him if it should be recalled because it was defective, and he gave something similar to an answer.

grelmar




msg:561232
 2:23 am on Jul 14, 2004 (gmt 0)

Hmmm... Health hazard shouldn't be the only qualyfier to warrant a recall.

Yesterday morning I spent a couple hours "cleaning" a friend's laptop. Guess what I found? The infamous Padodor.

I called him and told him to call his bank and check his account records and credit cards for suspiscious activity, because he does a lot of his personal finances and shopping online. He was the perfect "target market" for Padodor.

He was ok, he didn't lose any money, but seriously, this was a based on a flaw known to the public for 6 months.

It wasn't until a week after Padodor came out the MS released a patch for it, and the patch was a failure.

So now we're going on 7 months, and MS still hasn't fixed a problem that essentially allows any 12 year old script kiddie to plant a bug in your machine that will then allow them to scan any passwords, credit card #s, banking info, or other highly valuable information you might have on your machine.

That is negligence of a very high order. And the user agreement people seem to tout as a legal defence, aren't worth the bits and bytes to encode them. Those kinds of disclaimers only work if there is no direct negligence involved, kinda a "good samaritan" clause. The manufacturer/business owner still has to prove that they made every reasonable attempt to provide a safe and reliable product, regardless of the indemnity clause in the user agreement.

If you think that ain't so, then read the back of your ski ticket next winter. That's covered in enough mumbo-jumbo to protect the ski hill from just about anything. The gist of those disclaimers is "downhill skiing is a dangerous sport, if you get hurt doing it, tough luck bub." And yet people sue Ski Hills successfully on a very regular basis for their injuries. "Willfull Negligence" can be anything from not properly maintaining a ski-lift, to insufficiant barriers around an area that the ski-hill operator may or may not even know is likely to sluff off and produce an avalanche. It's the court's view that the it's the ski hill's operator's duty to know if there is a potential risk, and act accordingly.

Legally, your broken leg from skiing into an avalanche is no different from your broken bank account for surfing with an un-secured browser. They are both "Damage done to person or property resulting from corporate negligence and or malfeasance."

MS better get used to that concept. Because sooner or later, some ambulance chaser is gonna go for the big prize. And the ambulance chaser is gonna win.

kaled




msg:561233
 2:43 am on Jul 14, 2004 (gmt 0)

Some interesting legal arguments are flying about. However, let's go back the the car analogy.

If a thief works out a sneaky way to steal your car, e.g. by listening to remote signals, should you be able to sue the manufacturer when your car is stolen. The answer is, probably NO.

On the other hand, if you compare data security with car safety, you would probably come up with the answer YES.

Consumer legislation simply hasn't caught up with computer technology. So the question is this: Does anyone trust legislators (i.e. lawyers and politicians) to sort this out? - I don't.

Kaled.

amznVibe




msg:561234
 3:17 am on Jul 14, 2004 (gmt 0)

If you remove activex (scripting) from IE and MS-Java, you almost have a bareable browser. Mozilla will never have the dangers that IE does because of this.

Microsoft's insistance in tying the browser to the OS has shot themselves a big hole in their big foot.

How long until microsoft just releases a patch that disables all active scripting as their 2 cent solution?

Go back to the old plugin method (which they disabled in 6.0) for flash and quicktime and the major issues are almost done with.

webdevsf




msg:561235
 1:24 pm on Jul 14, 2004 (gmt 0)

webdevsf, can't find that quote anywhere after a half hour of trying. Maybe it was in video? It was way back during IE 3 or 4 and one of the huge first holes was found in IE. A reporter asked him if it should be recalled because it was defective, and he gave something similar to an answer.

I found a similar quote, in the same article that has a totally different meaning, in the article you quoted, where he's not even talking about security.

When Ford sells a car a dealer isn't allowed to take out the engine and put a different one in. When a newstand sells the Washington Post no one can go to the newsstand and pay them to rip out the classified section and put their own classified section in - if they could they would do so. The basic right to define a product and test it (we have more testers than developers) on Windows and allow it to get to consumer unadulterated is clearly the law of the country. There is no law of castrated products. Our license is for the whole product.

[washingtonpost.com...]

If this was indeed what you were "quoting", you not only took it out of context to inspire your argument, but you changed the whole quote around to support your argument.

But i suppose its all fair when we are talking about MSFT, because they are fundamentally evil and if he didn't say it, then he probably was thinking it, right?

This 46 message thread spans 2 pages: 46 ( [1] 2 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved