Direct Animation Overflow and IE7

IEBlog Direct Animation Overflow and IE7 | bar stools

IEBlog Direct Animation Overflow and IE7 | bar stools — Sun, 14 Jun 2009 08:34:56 GMT

PingBack from http://barstoolsite.info/story.php?id=7636

Convergence: Microsoft, Mozilla, Nintendo and Sony | yellow5.us

Convergence: Microsoft, Mozilla, Nintendo and Sony | yellow5.us — Fri, 06 Oct 2006 02:33:25 GMT

PingBack from http://yellow5.us/journal/convergence/

re: Direct Animation Overflow and IE7

EricLaw [MSFT] — Tue, 19 Sep 2006 23:39:51 GMT

@Darrin: Please try the steps in the first section of this page: http://www.enhanceie.com/ie/troubleshoot.asp

re: Direct Animation Overflow and IE7

Fduch — Tue, 19 Sep 2006 09:57:15 GMT

@PatriotB "But do Java or .NET meet the performance requirements for, say, playing streaming video or fancy animations? I think the answer is no; even WPF/Avalon, which has portions written in managed code, has portions written in native code as well."
Yes, .Nets does meet the requirements. There is managed DirectX. There is WPF. There is me, who builds my own voxel graphics engine in .Net.
.Net will always use native code co communicate with the system. But I can say that Framework is rather safe. It communicates with native code in secure way.

SO I think that allowing/demanding using .Net scripts/controls is a good thing. They just need to make a good warpper around IE functions.
Hope they'll do it before I die.

re: Direct Animation Overflow and IE7

PatriotB — Tue, 19 Sep 2006 08:27:25 GMT

"I was just thinking about this last night, but is it possible for the respective companies to release these products without using ActiveX? ... I know about the security issues involving ActiveX, but I don't understand why alternatives are not presented by MS."

What would you propose? Flash, QuickTime, RealPlayer -- they need to run native code on the user's computer. And anytime you let a browser plugin run native code, if the plugin is found to have a security hole, then the browser is a vector of attack. Pure and simple. If the Flash plugin for Firefox has a security hole, couldn't you then be attacked via browsing with Firefox?

The alternative to having the plugin run native code, is for the plugin to be managed -- i.e., a Java applet or pure .NET applet that can be sandboxed. Those alternatives do exist. But do Java or .NET meet the performance requirements for, say, playing streaming video or fancy animations? I think the answer is no; even WPF/Avalon, which has portions written in managed code, has portions written in native code as well.

IE7 Final Release

Kosche — Tue, 19 Sep 2006 04:38:31 GMT

I hear IE7 final will be released next month? Does anyone know when it's coming out?

re: Direct Animation Overflow and IE7

Fduch — Tue, 19 Sep 2006 01:54:15 GMT

@Aedrin
In security often different people come to same ideas.

For example I see that some new worms using some of my 3 years old ideas.

re: Direct Animation Overflow and IE7

Aedrin — Tue, 19 Sep 2006 01:34:29 GMT

Fduch:

I was talking about the case where 'GoodGuy' discovers the exploit. So no one is abusing it yet.

So when 'GoodGuy' releases the exploit, suddenly ScriptKiddy and BadGuy know how it works, so BadGuy writes a Script. ScriptKiddies all around the world download it and suddenly everyone is having problems because GoodGuy thought that releasing an exploit publicly would be a wise decision.

re: Direct Animation Overflow and IE7

tuscan5 — Tue, 19 Sep 2006 00:15:09 GMT

Internet Explorer 6 with XP SP2 is requiring the awaited update, because installing Windows Live Toolbar in IE6 as above makes a very fast browser, which has a phishing filter. I think speed is important for effective browsing, and I have not found IE7 able to pace IE6 for speed. You can get a download to stop IE7 being installed. Let's hope MS can write what is being discussed, because a default setting is involved.

re: Direct Animation Overflow and IE7

Fduch — Mon, 18 Sep 2006 23:33:38 GMT

@Aedrin
>If you were actually finding flaws on >software for the sole purpose of helping the >community, then you would not release it to >the public -ever-.

It's too simple.
Lets say there is a security hole. And bad guys are exploiting it. Not in form of a virus, but as targeted attacks.
But there is a GoodGuy. He knows about the bug and wants to stop BadGuys.
He contacts MS and says them everything. But they do nothing or just say "it's difficult to exploit", "won't fix".

What would you do to stop innocent users from suffering?
I'd try to make it as public as possible to draw attention and make MS fix it. (Kheh... If only I was able to draw attention...)