Wednesday, July 07, 2004

where do you want to infect today?

the savvy & geeky have long used "alternative browsers" like mozilla (i have firefox at home; mozilla at work) or opera instead of that steaming heap of security holes and non-standard-compliance called internet explorer. i give mozilla (and mozilla firefox) my highest recommendation for its wonderful features like tabbed browsing and built-in pop-up blocking (you can't get tabbed browsing in IE at all, & need to add a third party plug-in to get pop-up blocking in IE). i adamantly refuse to even open IE unless i'm going to a site that won't work without it (in which case i'll try to ignore that site) or for browser compatibility testing when i'm doing web design.

but recently reports of IE security flaws have reached such a fever pitch that security heavyweights like CERT and others are in the news beseeching people to install other browsers, saying that IE is too insecure to use at all. of course, this is what many geeks have been saying for years, but for this to show up in headlines on places like cbs is a new development.

m$ just released a patch to fix some of the newest flaws, but reports are that this band-aid is virtually useless at keeping out attacks. no worries, m$ says, because service pack 2 will address all these problems... but SP2 will only be available for winXP so if you are using any other operating system (win98, win2k, mac os [like any self-respecting mac user would want IE anyway], or whatever... or if you have a pirate version of xp, for that matter) then you are not going to see any IE fix anytime soon.

alas, if you're a wage slave like me, you might not have the option of installing a usable browser, because in many "enterprises" (read: ginormous faceless behemoths), users and IT managers don't want to switch. the problem is that many of these enterprises fucked themselves over by making their sites dependent on m$'s proprietary "activeX" controls. m$ won't release the information necessary for other browsers to make activeX work, though maybe that's a good thing because activeX controls are what hackers are using to install malware on your machine in the first place. but the good news is that others are trying to build their own alternative to activeX that will use open standards, so the time might soon come when the only reason smart users will ever need to use IE is for browser compatibility testing.

No comments: