Dave Massy's Blog

# re: Are you comfortable? @ Friday, July 23, 2004 11:28 PM

The road to hell is paved...

Anonymous

# re: Are you comfortable? @ Friday, July 23, 2004 11:47 PM

I stopped using Internet Explorer a while ago, not because I didn't feel secure while banking or shopping, but because I got tired of all the spyware, popups, etc. that target IE. The fact alone that it supports ActiveX scares me half to death. Internally at my company, I once wrote an ActiveX control that would install via IE and attach itself to explorer.exe and proceed from there (it was never signed or distributed in any way). Since then I switched to FireFox, which is much better than I imagined, especially with its tabbed browsing and built in popup blocker. Maximum PC's latest issue has a whole article on why they believe this is the best browser and tips on how to get the most out of it. Security wise, I feel fine using it since it's open source and many people contribute to it...


Don't take this as Microsoft bashing, it's just my thoughts on why I don't use IE.

Gary

# re: Are you comfortable? @ Saturday, July 24, 2004 12:15 AM

Using your knowledge of the code underlying IE is the same arguement Mozilla and open source use, you can see their code. So, for anyone outside the IE team you're almost arguing they should switch. Are we meant to trust the IE teams security? You don't have the world's best reputation, and of course you're pulled back and forth between IE, Longhorn et al.

Writing Secure Code is a great book, but saying you go by the book doesn't hold out, there are still buffer overflows well over a year after billg stood up and said you were concentrating on security.

IE has a crappy reputation, in terms of security and standards adherance. That reputation is well reserved and SP2 may be too little too late. It's taken 3 versions of the browser to finally get decent prompts for ActiveX and BHOs. That's awful.

But tabbed browsing? Heh. Don't care about it at all.

Barry Dorrans

# Fear, Uncertainty, Doubt. @ Saturday, July 24, 2004 3:30 AM

Wow. So, IE, which right now is still vulnerable to this <a href="http://www.kb.cert.org/vuls/id/713878">known exploit</a> is more secure than Firefox. You offer no real reason why it's more secure, except that you've read a book and that you promise that you're working really hard. Well, frankly, that's not good enough. I'm way too uncomfortable with how insecure IE is to run it at all.

Joe

# Features @ Saturday, July 24, 2004 9:02 AM

The main reason I do not use Explorer is not because I'm particularly concerned about security (although that is part of the picture), but because it simply isn't competitive anymore. For a while it was the Rolls Royce of browsers, but nowadays other browsers have achieve nearly perfect compatibility with websites in addition to offering features that I would have a hard time living without now. Tabbed browsing and mouse gestures improve my experience immensely and I fail to see why Microsoft is not improving its browser anymore. Perhaps they just want to keep it simple for the average user, but then they loose many power users / developers.

I'm a big fan of Microsoft's products in general, particularly C#, .NET etc, but Explorer seems strangely forgotten (except for security related bug fixes).

Robert Björn

# re: Are you comfortable? @ Saturday, July 24, 2004 10:45 AM

You've got a good amount of spin for an engineer.
- You only trust IE because of all of the work on security that you see going on.
- Other developers need to take security seriously just because bad guys haven't targetted you yet does not mean that they won't target you at some point in the future.

The underlying assumption is that other browser developers don't take security seriously. Unless you have been working w other browser developers or have other information that you are not sharing this is completely ARROGANT and insulting.

give me a break

# re: Are you comfortable? @ Saturday, July 24, 2004 2:36 PM

I sometimes forget that people use IE for going on the Internet. I am a web developer, I and all my users spend the whole day on Intranet apps. And since I have a captive audience and control over security, we can get away with loading activex controls, etc.. but the thing is, IE (or any browser for that matter) still is no where NEAR where the users would like it, in terms of functionality. We need windows-app behaviour out of a browser.

So while people talk about going Geocities sites and running into javascript exploits or activex downloads.. that's only a part (maybe a small part) of what the world uses the web for. I would say MOST companies have MOST of their apps web-based. So that's every employee of every company, who uses a computer - running webapps from an intranet.

Point is, people that are just focusing on Internet browser have a myopic view of the browsing world.

drebin

# re: Are you comfortable? @ Saturday, July 24, 2004 4:22 PM

Remember that the audience does not see what you see, and we are still waiting on SP2.

lynn

# re: Are you comfortable? @ Saturday, July 24, 2004 5:33 PM

I'm glad that you guys have done the great work for XP SP2, that will be a nice step forward once it comes out.

But I'm really tired of friends and family grabbing me to fix all their spyware infested Windows 98 machines.

The state of IE6 on Windows 98 is just terrible currently.. It would save me a lot of time fixing other people's installations if you guys would come out with an update to IE6 that could be installed on Windows 98, that would provide just a few of the XP SP2 improvements, such as restricted ActiveX installation by default, stuff like that.

It isn't an easy option for these people to just upgrade to XP SP2.

IE's reputation will continue to degrade as these people on downlevel operating systems continue to get massively hammered by spyware... It's really in your own best interests to come out with a downlevel update.

Michael

# re: Are you comfortable? @ Saturday, July 24, 2004 7:33 PM

Michael,

MS isn't out to jam you up, they actually have a published lifecycle for product support. In software terms, an operating system that is 6 years old is pretty old.

http://support.microsoft.com/default.aspx?scid=fh;[ln];LifeWin

"Mainstream support" for Windows98 was retired a little over 2 YEARS ago!! Hotfix support ended last June. Paid support will exist until June 30th 2006 though..

Bottom line, I don't believe they will come out with any more service packs, hotfixes or any specific releases of software for Win98 anymore - it's just not supported, it's too old.

drebin

# re: Are you comfortable? @ Saturday, July 24, 2004 7:33 PM

Err... try going here: http://www.microsoft.com/windows/lifecycle/default.mspx then click 'Consumer Desktops'

drebin

# re: Are you comfortable? @ Saturday, July 24, 2004 8:53 PM

Even though Win98 is old, there is still a lot of it out there. It would really enhance Microsoft's reputation and just generally help out a lot of people if an updated IE was made available for Win98, even though it is so old.

Also, what about Win2k? That is still well within the "Mainstream Support" timeframe right now. Shouldn't it be updated to get security and spyware protections, then?

The reason why I'm bringing this up, is because surely you have noticed that a bunch of pretty non-skilled computer people are running Win98, and their computers are getting totally infested by spyware and viruses. It's getting pretty out of hand. It is difficult to try and figure out what to tell them to do when they aren't financially ready to make a new computer purchase yet.

Another factor is "bang for the buck" - it would probably not be too technically difficult (compared to some things like the firewall, etc...) to back port stuff like different ActiveX prompts to run on Win98. The amount of end-user benefit compared to the amount of development effort is pretty huge.

If this was done, it would make a lot of existing Microsoft customers happy. Happy customers are good for business - when it comes time for those people to buy a new computer, they'll remember "hey, Microsoft came through for me and fixed up all that Spyware stuff that I was having to deal with", and they'll want to buy another Microsoft computer instead of just giving up and going to the Mac or something.

If an update doesn't come out (at least for Win2k, I mean come on!) it will just seem to me that MS just isn't really taking security seriously enough, since they wouldn't be taking advantage of this relatively easy and big security boost that it could be giving to their existing customers who are suffering.

Michael

# re: Are you comfortable? @ Sunday, July 25, 2004 5:59 AM

I dunno, I think that's a little judgemental.

Do you know how some sites get your email address? If you've used anonymous FTP at some point and used your email as the password (as you typically do).. some sites will create an image tag in HTML (height and width of 0), and have the source by an FTP site, that forces your browser to forward along anonymous/myemail@mydomain.com - and now in their logs - they have your email address, and you are none the wiser.

Who would've thought of that? If it was my specific goal to take advantage of the browser, that would've taken me a while to come up with. Yet, Microsoft is berraded for not thinking of it first!! Yeah, after the fact it seems like an obvious security hole.

Hindsight is 20/20. And I do think they are NOW taking security VERY seriously.. true, in the late 90's to 2001 maybe, yeah, they were putting out buggy releases and security was a joke.. not anymore though.. at least in my eyes.

drebin

# re: Are you comfortable? @ Monday, July 26, 2004 1:21 AM

I have to agree with Dave here. I was using Firefox, thinking that Mozilla team takes security seriously. It turns out that they didn't fix a problem for 2 years. Only after a security mailing list showed the bug as a security problem, they addressed the problem. Instead of testing thouroughly they simply shipped their solution within a day. Totally unprofessional. That's the service you get for free I guess. Worse, some even attempted to accuse Microsoft for Mozilla's problems. Also you can find all sorts of lies on slashdot, most of the FUD people are talking about IE can be found there. Slashdot is known to be a portal for idiots who hate Microsoft. They put lots of false news, bashing etc.. very little information about the problems in alternatives though, they focus on Microsoft bashing. It is an obvious choice actually, would you like to go with Slashdot or Microsoft? If you rely on Slashdot, you may and will lose a lot, including money, time, energy and data. It is just a no-brainer choice.

Alex

# re: Are you comfortable? @ Monday, July 26, 2004 11:17 AM

Dave,

> The reason I would not be comfortable doing my banking and shopping with another browser is from my knowledge of the quality of work undertaken on the Internet Explorer team. I know some of you will probably disagree with that view but I stand by the fact that the Internet Explorer team takes security extroardinarily seriously.

I can certainly respect that point of view. But I hope you don't think that it applies to anybody besides Microsoft employees. People outside of Microsoft don't (and can't) have an accurate view of how much effort has gone into security recently. All we can go on is what we see externally.

Internet Explorer has had *way* more security holes exposed over the past few years than any other browser. Even if you have turned it completely around recently, it will take a long period of outperforming other browsers (in terms of security holes) for people to be able to reestablish trust, let alone trust Internet Explorer *more* than other browsers.

Given that other browsers rarely have security holes, it's hard to see how you can outperform your competitors in a way that is visible enough to change peoples perceptions. Even a perfect track record isn't much better than your competitors.

I think the long period of relative insecurity has given you a disadvantage you may find hard to shake.


Barry,

> Using your knowledge of the code underlying IE is the same arguement Mozilla and open source use, you can see their code. So, for anyone outside the IE team you're almost arguing they should switch.

There is a big difference between actively working with a codebase day-in, day-out, and simply being able to review the code. You can't establish the level of trust Dave is talking about unless you are actively working with the code.

There is a well-documented security advantage to being open-source, but the level of trust afforded to that advantage does not compare with code you and your team are personally responsible for.

Jim

# re: Are you comfortable? @ Monday, July 26, 2004 11:27 AM

Drebin,

> Do you know how some sites get your email address? If you've used anonymous FTP at some point and used your email as the password (as you typically do).. some sites will create an image tag in HTML (height and width of 0), and have the source by an FTP site, that forces your browser to forward along anonymous/myemail@mydomain.com - and now in their logs - they have your email address, and you are none the wiser.

That doesn't make any sense. If they run the FTP server, they don't need to generate any HTML, they just need to log your password. Internet Explorer doesn't even enter the equation.

Dave,

> Browsers are an obvious focus of attack as they are a primary means by which one has access to the big bad world. As a result Internet Explorer is probably attacked more than any piece of software on the planet.

Market share isn't an excuse for security holes. Apache has a much larger market share than IIS, and yet it has had far fewer security problems than IIS.

Jim

# re: Are you comfortable? @ Monday, July 26, 2004 11:33 AM

give me a break,

> The underlying assumption is that other browser developers don't take security seriously. Unless you have been working w other browser developers or have other information that you are not sharing this is completely ARROGANT and insulting.

He didn't say those things, you are putting words in his mouth and then attacking him for them.

Jim

# re: Are you comfortable? @ Monday, July 26, 2004 1:49 PM

Jim,

"Given that other browsers rarely have security holes..."

Wow, really!!? Or - another way to put this, is that since Microsoft has over 90% market share for browsers, that their browser is picked apart like no other.

Imagine IE goes away and everyone's beloved "Firefox" becomes the 90%+ browser, you should rest assured, that browser would be blown apart with exploits.

It looks like Microsoft products have more security problems because they have the biggest market share and get the focus of would-be hackers. But if you were to actually objectively compare security exploits across the board - my money is on Microsoft, because they have more money riding on it.

And for "That doesn't make any sense. If they run the FTP server, they don't need to generate any HTML, they just need to log your password. Internet Explorer doesn't even enter the equation." - since this went over your head, let me take a minute to explain further.

If I have a website (and an anonymous FTP server) - I could put code like <pre>
<html>
<head>
</head>
<body>
<img src="ftp://www.someserver.com/somefile.jpg">
</body>
</html>
</pre> (hope that formatter correctly)

So that while you are loading their webpage via a browser, it also got IE to establish an FTP connection so it could load that image. Even if you still don't get it, the point is - imagine there is literally a WORLD full of people trying to figure ways to exploit your code.. you telling me that yours would be bullet-proof?

drebin

# re: Are you comfortable? @ Monday, July 26, 2004 3:01 PM

> It looks like Microsoft products have more security problems because they have the biggest market share and get the focus of would-be hackers.

I've already addressed the market share == exploits myth. Scroll up.

I fully understood the mechanism you were describing wrt FTP. What I was saying was that such a mechanism would be redundant as the attackers already have the information it is designed to retrieve.

> the point is - imagine there is literally a WORLD full of people trying to figure ways to exploit your code.. you telling me that yours would be bullet-proof?

No, I am definitely not. Where did you get that impression? Nobody writes bug-free code. I think the best anybody has managed on a non-trivial problem has been one error per million lines of code, and that was NASA, using formal proofs.

Jim

# re: Are you comfortable? @ Tuesday, July 27, 2004 12:59 AM

I think this is the same Jim who claimed that IE doesn't support Javascript and ECMA standards. Then he conceded that he is incorrect but went ahead with the same claims again. He is the typical slashdotter who doesn't know what he is talking about.


"There is a well-documented security advantage to being open-source, but the level of trust afforded to that advantage does not compare with code you and your team are personally responsible for. "

Being appeared on slashdot doesn't make a stupid claim is well-documented. What makes a code more secure is that credible, skilled programmers looking for security flaws in the code. The more skillful programmers you have the better you are at security. Also remember that most of the linux, apache, mozilla security problems are not published on the news, and when you check them out there are in fact more problems with these software. That's why even debian maintainers' official computers are hacked. Jim is not interested in these facts though.

The very basic nature of better security is about writing more secure code by better techniques, better programmers, and there is no inherent advantage of being open source, in fact it is worse because less skillful people spend time on it because you don't make money on it. Most of the mozilla developers that developed mozilla do not work on it anymore, because AOL laid them off. Mozilla is in fact less secure and mozilla couldn't attrack enough skillfull developers in the world. Just go and read what mozilla developers say about this problem. They thought the same thing, that if they open source netscape they will become an instant success, but they ended up losing all the market share they had because people couldn't pick up mozilla. Still many developers are old developers and from the outside of the mozilla team, not many is spending time on mozilla code base or at least significant amount of time. On the other hand Jim is clearly lying to us claiming that more people are working on the mozilla code than more people on IE. Jim didn't check out how many developers are working on Mozilla, what their qualifications are or how much time do they spend, instead Jim is telling us that because it is open source it has to be better. That's the simple logic he probably picked up from slashdot.

"Given that other browsers rarely have security holes, it's hard to see how you can outperform your competitors in a way that is visible enough to change peoples perceptions."

Slashdot do not represent people. People use 90% of the time IE and windows. Slashdotters try to spread FUD against windows and IE, and that's their problem, not Microsoft's. Microsoft has to fix every problem, and that's what they are doing, but that doesn't mean that you are not a liar. Your perception is not what is important here, because certainly you are going to lie one way or another. For example, when Microsoft doesn't update their windows slashdotters try to ridicule Microsoft for not delivering (Longhorn), but when it updates they claim that Microsoft is forcing its customers to upgrade and that you don't have to upgrade anyway because the new windows is stupid and all. On ther other hand Jim praises Redhat for forcing its customers to upgrade within a year and doesn't see a problem for charging its customers hundrends of dollars per year for just one-two years of support, wheras Microsoft supports its Oses for longer years. That's what Jim and Slashdot is all about.

"I think the long period of relative insecurity has given you a disadvantage you may find hard to shake."

Before that, slashdotters have to shake up their image which is being a liar. The more slashdotters attack Microsoft the less credible they become over the years. Over and over again it is quite well known that Microsoft bashing means being a liar. First you need to establish yourself as a credible person, rather than some lunatic attacking people and Microsoft because you got bored in your life and you are a loser.

"Market share isn't an excuse for security holes. Apache has a much larger market share than IIS, and yet it has had far fewer security problems than IIS.

I've already addressed the market share == exploits myth. Scroll up."

This is one area where slashdotters try to confuse people and lie. Apache doesn't exactly have more market share than IIS. Here is the real situation. Apache is free and cheap web hosting companies use Apache to provide hosting to their customers. Now, because these hosts usually host personal sites, and because jim count the number of sites hosted by Apache, instead of number of apache servers, it appears to be apache has more market share. For example, while most of the big guys go with IIS, people like me and you go with Apache, because it is cheaper. So when ten more people get a personal website they contribute to apache's market share even though there is no new apache running, but on the other hand increasing IIS market share usually means a new company buying IIS or windows server and setting up on the net.

But wait, there is another lie that Jim is hiding or is not even aware of. That is the number of exploits in apache and IIS. There are enough number of Apache problems that really cause problems on the net, including contributing to DDoS attacks. Some of the well known DDoS attacks have been done thanks to hacking into Linux machines running Apache servers, the thing is that though, in the news you hear mostly about DDoS instead of the apache exploits. Nobody is interested in depicting Apache as an insecure server.

For example think about power point and open office's presentation software. Open office is trying very hard to imitate power point, but when someone on the net bashes power point claiming that power point makes people dumber, you do read news about power point and Microsoft, not open office. That's why you should stick with Microsoft in general and not believe slashdotters. Slashdotter's main motivation is continously to lie about facts, twist them, distort them so that at one point they are hoping that you will feel uncomfortable using Microsoft products. In fact slashdotters urge others to do the same just to spread FUD more. They want you to feel safe by using an alternative. For example, they urge Mozilla to use security as a way to promote its own browser, but mozilla is even more insecure and mozilla users do not fix problems. The latest problem they fixed within a day was reported 2 years ago and mozilla simply ignored the problem. However they use it to promote Linux saying that the problem only exists on Linux, instead of windows. They even attempted to accuse Microsoft for this problem.

You should be smart about such allegations. I can assure that in most of the cases slashdotters are liars. That doesn't mean everything they say is false, but most are and the rest is not something that warrants you to change anything. If you do, you will end up with lots of known and unknown problems and headaches. It is worse than where you are now in every respect.

Watch out Jim, he can not explain why slashdotters are so much lying about Microsoft. He can not exactly explain why slashdotters lie about these issues. Instead he will repeat the same lies again and claim that Microsoft is the company which has a problem, not him and his bs source slashdot.

Alex

# re: Are you comfortable? @ Tuesday, July 27, 2004 4:30 AM

Alex, stop following me around the web and raving about Slashdot lies. I will not participate in your silly little arguments so long as you attack me for things I haven't said.

One blatant example:

> On ther other hand Jim praises Redhat for forcing its customers to upgrade within a year and doesn't see a problem for charging its customers hundrends of dollars per year for just one-two years of support, wheras Microsoft supports its Oses for longer years.

I haven't said anything of the sort, and I challenge you to prove otherwise.

The rest of your post is a bunch of lies and half-truths too. But you've already demonstrated that if I bother to respond to them in any meaningful way, you will invent things I am supposed to have said and then call me a liar for saying them.

Leave me alone. If you can't argue against my points without lying about what I say, don't bother at all.

Jim

# re: Are you comfortable? @ Tuesday, July 27, 2004 8:08 AM

Poor old IE team - they've managed to attract a lot slashdot, or slashdot-esque monkies who enjoy arguing on the internet (what's that analogy again?)

I have a question for the IE team: would it not have been easier to issue an update before SP2 that simply changed the security settings of IE and added a popup blocker, and then release SP2? I was wondering what all the implications of something that appears simple like this, are.

Thanks

dave

# re: Are you comfortable? @ Tuesday, July 27, 2004 9:37 AM

"That's why even debian maintainers' official computers are hacked. Jim is not interested in these facts though. "

That's because they were using DEbian woody ;) The security patch hadn't made it's way back from testing or somesuch...

(course, I don't use Debian and would never use a 'woody!')

JP

# re: Are you comfortable? @ Tuesday, July 27, 2004 9:39 AM

"Still many developers are old developers and from the outside of the mozilla team, not many is spending time on mozilla code base or at least significant amount of time"

This is a good point, Gecko is supposed to be quite.."tricky"...for new people to take up.

JP

# re: Are you comfortable? @ Tuesday, July 27, 2004 9:43 AM

Alex..:/

"For example think about power point and open office's presentation software. Open office is trying very hard to imitate power point, but when someone on the net bashes power point claiming that power point makes people dumber, you do read news about power point and Microsoft, not open office."

I have to say, anytime I've heard people speak of Open Office, it's never been out of bliss.

People hate the damn thing, rightly so, and you saying that people always say "power point makes you dumber" does betray what you read. For example, I'm almost positive you read Slashdot daily. Additoinally, you know the Slashdot has the moderation system; just because you see lots of posts hating MS!=every Slashdotter hates MS.

"That's why you should stick with Microsoft in general and not believe slashdotters."

What does this mean?? They should stick inside the company..or lsiten to Slashdotters? How about actual customer?

JP

# re: Are you comfortable? @ Tuesday, July 27, 2004 9:45 AM

Alex, that owned.. good one!

drebin

# re: Are you comfortable? @ Wednesday, July 28, 2004 4:58 AM

Hi,

I tell you what's quite amusing (this isn't an attack on Microsoft, or IE, or anyone really, just spotted something quite amusing). Back when the spoofing/phisihing flaws awareness was made widespread, this kb article appeared:

http://support.microsoft.com/default.aspx?kbid=833786

My favourite section:

Things that you can do to help protect yourself from malicious hyperlinks

The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER.

It jst tickled me - what have hyperlinks ever done for us?

Mr Whatever

# re: Are you comfortable? @ Wednesday, July 28, 2004 4:59 AM

What else is amusing: my spelling of phishing!

Mr Whatever

# re: Are you comfortable? @ Wednesday, July 28, 2004 7:24 AM

Mr. Whatever - what would you write instead? To me, that's common sense. If you are on a geocities site and someone has a link for "Click here to login to hotmail!" - you obviously don't click it (or don't put in your real information).. I read that paragraph as being a really polite way of telling people they are idiots - I don't know that I could've done that better or done that without making fun of said users!

If you are going to be negative like that, don't just bring problems - bring solutions too.

drebin

# re: Are you comfortable? @ Wednesday, July 28, 2004 2:05 PM

Hi drebin,

One of the underlying concepts of the web is hyperlinking.

Typing www.hotmail.com is one thing.

Typing the average link for an Amazon item is something else.

Asking people to ignore this functionality is, at best, poor.

The solution? The fix for the spoofing bug was that.

Remember: I am certain that you are a fully competent computer user who is really confident with the keyboard etc. Give this advice to a novice; the average new computer owner with a few kids, and they are going to back right off from the whole thing.

It was an exceptional situation, but it also took over a month to get the patch out the door.

Excuse me for the negativity... but I *was* amused by the tone of the paragraph - "hyperlinks are bad. Except sometimes they are not."

What would I write? Well, it was a difficult situation, but I might have attempted to warn users to be extra vigilant about the content of the sites they were viewing, to not follow any links from emails from people they do not know, and to be wary about following links from unfamiliar sites. Pretty much what the rest of the article said actually. Checking the link by using Copy Shortcut was a pretty sound piece of advice; but would novices recognise that the URL was malformed?

Mr Whatever

# re: Are you comfortable? @ Wednesday, July 28, 2004 2:14 PM

drebin

Also, rich client apps vs browser - have you tried hosting Windows Forma controls in IE?

There are some issues with code execution this way - look at the Microsoft.Net Framework 1.1 Configuration in Admin tools for what you can and can't do with the applied security policies.

Some good stuff can be achieved.

Just dug out a link:

http://www.15seconds.com/issue/030610.htm

Mr Whatever

# re: Are you comfortable? @ Wednesday, July 28, 2004 5:28 PM

Whoa. I think I just crapped myself!! I'm an intranet developer and we (shamlessly) use ActiveX controls here and there where we just NEED to. Our customers want windows functionality out of the browser. And I've looked high and low to find a .NET equivalent.. this is VERY cool - thanks!!

And to the other point, there are many COMPLETELY valid reasons to have a link say one thing and have the status bar read something else - so you are talking about taking away perfectly valid functionality because of silly users!!

Granted, I have a more conservative view I'm guessing - but the Internet is as dangerous as a dark alley in the worst part of your town, late on a Friday night!! Why WOULDN'T users be vigilant? So me, it's OBVIOUS that you don't click to legitimate links, from illegitimate sources.

It's like your saying we should spend 10 million in tax money to fence off all the dark alleys in the town after dark to make sure people don't walk down there. That's crazy!!

In the same way - with both scenarios, if people aren't reasonably safe, they should sort of expect what they get!!

I know, I'm not very forgiving.. it's just that all the things that Internet people need to protect themselves (limited functionality, limits on scripting, etc, etc) further undermine and limit what I need for Intranet development.... (sigh)

drebin

# re: Are you comfortable? 7/24/2004 5:33 PM Michael @ Monday, August 02, 2004 7:32 AM

Michael & others,
What do you think of c't-IEController http://www.heise.de/software/default.shtml?prg=15332
It places an icon on your desktop and when you start IE with this icon you can set what IE can and can't do.
This restrictions only work when you start IE with the c't icon.

Iam looking forward for the development of SP2.
In the maintime Firefox & Thunderbird are my standard browser/mail apps.
In combination with anti-virus,firewall and anti-spyware apps.
It's said to see that more & more apps (with the correct settings)are necessary to surf without problems....

JR

# re: Are you comfortable? @ Wednesday, August 11, 2004 12:54 PM

Am I comfortable? Yeah, until something happens! HOW hard can it be to separate IE from the MS OS?! Life would be much easier if you could actually uninstall/reinstall the damned browser when it is botched by exploits and sloppy code! Unless you hack the registry, you can't even reinstall the whole thing! It just "repairs"...poorly.

Picture conjoined twins...one can survive if the other dies...but only for a while. IF MS is going to leave the two joined, they doom them both.

cbitguru

# re: Are you comfortable? @ Wednesday, August 11, 2004 6:02 PM

Security is not the only reason to stop using IE. Bad features, bloatedness, accessibility, standards support.

See my website: <a href="http://www.stopie.com" title="StopIE.com - Stop Internet Explorer">StopIE.com - Switch from Internet Explorer</a>

StopIE.com

# re: Are you comfortable? @ Monday, August 16, 2004 2:35 AM

Does anyone know if IE / SP2 includes any updates that help the user defend against phishing?

Ian Grigg

# Pauses Caf? &raquo; Do you feel (un)comfortable? @ Monday, August 23, 2004 9:49 AM

Pauses Caf? &raquo; Do you feel (un)comfortable?

TrackBack

# re: What have you guys been doing since IE6? @ Tuesday, February 22, 2005 10:02 PM

IEBlog