computerworld.com— The vulnerability that sent Microsoft scrambling on Monday and is being used by hackers now to attack Internet Explorer (IE) users may have been reported 18 months ago or more.
Jul 7, 2009View in Crawl 4
The problem exists in both IE 6 and IE 7 on Windows XP.Going to 7 will not help. Also web sites that were written only for IE often only work with a specific version of IE. This is due to poor adherence to W3 web standards by both IE and web developers that created these sites. This combination makes for a powerful stumbling block to upgrade IE browsers.Good developers will look at W3 and proprietary standards/specs and try to reconcile them and then test with multiple web browsers: IE, Firefox, etc.Upgrading to IE 8 this early on does not look like a completely safe bet for cautious, conservative users/customers. They like to wait and see how others fare at it and also do their owntesting and wait for the reports of others who have put the new browser version through the ringer.Plus, maybe not all website have updated to be compatible with IE8 yet. There is a lot of proprietary IT software out there that breaks when a new version of IE tries to run it.
Look, in the wake of the controversy that erupted over how long they knew, Microsoft stepped up to the plate and admitted in July 2009 (following large scale successful exploitation of the flaw in the wild) that they have known about this flaw since early 2008 - a year and a half.Microsoft claims that this is not technical but we just do not know this is the case. We have not seen their metrics on how many known flaws they are siting on without disclosing them. There is no transparency. Customers and users do not have those metrics.
No, Linux never made the web browser "part of the operating system". In fact, different distros of Linux feature different web browsers.Likewise, Apple never made a web browser "part of the operating system" that could never be removed. Mosaic (precursor of IE) ran on the Macintosh before it ran on MS-Windows. When Mac OS X came out, it came with IE. In 2003, Apple released Safari and it came with the subsequent versions fo the operating system. Microsoft pulled IE for Macintosh one week after Apple announced Safari.It is a good thing Apple does not tie operating systems to browsers and vice-versa. Though IE only run on MS-Windows, Safari runs on Mac OS X and MS-Windows. Microsoft's reason for pulling IE from the Macintosh was that they "couldn't compete with Apple".Obviously, Apple has no problem competing with IE on Microsoft's own operating system platform. You can take this to mean that Apple is more successful than Microsoft at competing with their web browser on a different OS platform or that Microsoft was not being fully honest.So as far as the subject of web browsers goes - other operating systems are not monolithic with respect to web browsers. According to Microsoft's sworn testimony in court of law, IE is a monolithic part of MS-Windows.The next version of MS-Windows, Microsoft recently claimed to the EU, will not include IE and users will have to install it as a separate download. However, until that happens or the torrent of successful exploits is drastically reduced, the comment "monolithic ways are killing them" is a fair statement.Bringing up the subject of the Linux kernel in a thread discussing IE's known problems and the the impact they have is totally off topic. Attacks on Linux users is completely spurious rhetoric and even more wildly off topic.
I think we are all fed up with these web browser bugs at this point - especially the ones with security implications or user data-loss hazards.It companies would disclose how many security, data loss, and rendering bugs they had - along with whether it worked in the latest version of its two largest competitor's products, I think we would all be a lot better able to see the light at the end of the tunnel. Or at least figure out how far of it was. Or failing that, determine that we were in the wrong tunnel.
johnnysoftwareJul 12, 2009
The problem exists in both IE 6 and IE 7 on Windows XP.Going to 7 will not help. Also web sites that were written only for IE often only work with a specific version of IE. This is due to poor adherence to W3 web standards by both IE and web developers that created these sites. This combination makes for a powerful stumbling block to upgrade IE browsers.Good developers will look at W3 and proprietary standards/specs and try to reconcile them and then test with multiple web browsers: IE, Firefox, etc.Upgrading to IE 8 this early on does not look like a completely safe bet for cautious, conservative users/customers. They like to wait and see how others fare at it and also do their owntesting and wait for the reports of others who have put the new browser version through the ringer.Plus, maybe not all website have updated to be compatible with IE8 yet. There is a lot of proprietary IT software out there that breaks when a new version of IE tries to run it.
johnnysoftwareJul 12, 2009
Look, in the wake of the controversy that erupted over how long they knew, Microsoft stepped up to the plate and admitted in July 2009 (following large scale successful exploitation of the flaw in the wild) that they have known about this flaw since early 2008 - a year and a half.Microsoft claims that this is not technical but we just do not know this is the case. We have not seen their metrics on how many known flaws they are siting on without disclosing them. There is no transparency. Customers and users do not have those metrics.
johnnysoftwareJul 12, 2009
No, Linux never made the web browser "part of the operating system". In fact, different distros of Linux feature different web browsers.Likewise, Apple never made a web browser "part of the operating system" that could never be removed. Mosaic (precursor of IE) ran on the Macintosh before it ran on MS-Windows. When Mac OS X came out, it came with IE. In 2003, Apple released Safari and it came with the subsequent versions fo the operating system. Microsoft pulled IE for Macintosh one week after Apple announced Safari.It is a good thing Apple does not tie operating systems to browsers and vice-versa. Though IE only run on MS-Windows, Safari runs on Mac OS X and MS-Windows. Microsoft's reason for pulling IE from the Macintosh was that they "couldn't compete with Apple".Obviously, Apple has no problem competing with IE on Microsoft's own operating system platform. You can take this to mean that Apple is more successful than Microsoft at competing with their web browser on a different OS platform or that Microsoft was not being fully honest.So as far as the subject of web browsers goes - other operating systems are not monolithic with respect to web browsers. According to Microsoft's sworn testimony in court of law, IE is a monolithic part of MS-Windows.The next version of MS-Windows, Microsoft recently claimed to the EU, will not include IE and users will have to install it as a separate download. However, until that happens or the torrent of successful exploits is drastically reduced, the comment "monolithic ways are killing them" is a fair statement.Bringing up the subject of the Linux kernel in a thread discussing IE's known problems and the the impact they have is totally off topic. Attacks on Linux users is completely spurious rhetoric and even more wildly off topic.
johnnysoftwareJul 12, 2009
I think we are all fed up with these web browser bugs at this point - especially the ones with security implications or user data-loss hazards.It companies would disclose how many security, data loss, and rendering bugs they had - along with whether it worked in the latest version of its two largest competitor's products, I think we would all be a lot better able to see the light at the end of the tunnel. Or at least figure out how far of it was. Or failing that, determine that we were in the wrong tunnel.