« previous: Don't | next: Happy Birthday Everyone »

Microsoft Hogwash

It’s gotten to the point of absurdity.  There is a new security flaw reported in Internet Explorer every week or two.  Even more scary is the fact that there are likely just as many that go unreported -- only the bad guys know about them.  IE flaws are no longer news; a month or two WITHOUT one would be news.

I used to cringe at the thought of friends/family using it.  Now it’s to the point where I’ll have to start telling people, "It’s either me or IE."

The latest couple of security exploits to surface are one MS "fixed" 6 years ago, and one that monitors "secure" connections to banks and sends the captured sensitive data to the crook’s server.

If you use IE, you are insane.  It’s that simple.  It’s analogous to storing your important real-life stuff -- cash and jewels and financial docs -- on your front lawn in little bags labelled "take one."

You can install mozilla for free and use it instead, without removing IE, without negatively affecting your system in any way, etc.  Even CERT is recommending it:

The U.S. government’s Computer Emergency Readiness Team (US-CERT) warned Web users to stop using IE, because of the ’significant vulnerabilities’ found in domain/zone security model, DHTML object model, MIME-type determination and ActiveX.

Notice how Microsoft "innovates" security flaws into many parts of the browser, not just one or two.

In other MS news:

There won’t be a retail product [of Windows XP64], he said.  Resistance to that, Marr writes, "really surprises me. SB (system builder)/Disti (distribution) is the easiest and least expensive way to get your new OS, especially if you build your own PCs."

Translation: our product is so stinking expensive (since it takes us 2-5 years to make a single release, and at any given time we’re paying to litigate a half-dozen lawsuits against us) that the only way people will pay for it is if we hide its price in the cost of a whole computer.

Posted by Anthony on Jul 3, 2004 2 replies
Filed under: General

Comments:

01. Jul 6, 2004 at 10:53am by Rolly:

Thanks for the warning!  It sounds like I need to stop using IE for online banking and buying.  How can I be sure the same or other security flaws do not exist in mozilla?

02. Jul 6, 2004 at 11:44am by Anthony:

Well, the same flaws almost certainly don’t exist, because Mozilla is written by completely different people/groups than IE.

That doesn’t mean there’s never security flaws in Mozilla, but they are not anywhere near as frequent as in IE.  And Mozilla isn’t the target of attackers as IE is, because about 90% of the world uses IE, while less than 10% use Mozilla.  It’s simple economics: terrorists didn’t target a couple of midwest farm buildings on 9/11, they targeted massive population centers.  So any flaws that do exist rarely/never get targeted.  Of course, it’s possible for Moz to become as popular/more popular than IE, but that seems highly unlikely, and certainly isn’t likely in the short term.

In general, Mozilla is more secure for a few reasons:

- It’s not tightly integrated into the Operating System like IE is, so a flaw won’t let the attacker take over your whole system, like with IE.

- Mozilla does not (and would never) let a website install a program onto your computer automatically, without your confirmation.  That’s how many of the IE exploits take place.

- It’s an open-source program developed by hundreds of volunteers around the world and updated daily.  More eyes on the code means they’re more likely to catch security problems quickly, often before any bad guys do.  At Microsoft, they literally never announce/fix security problems until someone outside the company discovers them (often a bad guy), and even then, their response is infamously slow.  They own the market and they have no motivation to do well on their own.

- In general, programmers who make networking programs have security as a top focus.  But at Microsoft security is an afterthought, only applied after massive public outcry, to prevent negative publicity from affecting sales.

In any event, the record is the proof.  There probably have been some Moz security flaws at some point in its history, but I’ve never heard of one.  But there have been many dozens of them in IE, and they only seem to be getting more frequent.

Reply to this message here:

Your name
Email
Website (optional)
Subject

HomeCreate PostArchivesLoginCMS by Encodable ]