The perils of Internet Explorer
From today’s edition of Good Morning, Silicon Valley:
“In 1997, Microsoft’s Charles Fitzgerald, bristling over complaints about vulnerabilities in Internet Explorer’s active scripting functionality, told a group of Web application developers that if they wanted security on the Internet, they should unplug their computers. But what he really should have told them to unplug was IE, because seven years later Active X is still inherently flawed. In an advisory posted to its Web site Tuesday morning, security outfit Secunia announced four new potential security flaws in IE’s active scripting functionality, all of them rated ‘extremely critical.’ News of the new vulnerabilities, coming as it does on the heels of last week’s IE security cockup, is more bad news for Microsoft and one more good reason to switch to a browser other than IE or, at the very least, disable Active X. ‘I think that the Internet security issues are so poorly handled that only particular forms of insanity would suggest that it has ever made sense to allow client-side scripting,’ said Joseph Newcomer, a security consultant and founder of FlounderCraft Ltd., in Pittsburgh. ‘[ActiveX] is a no-brainer. It is so wonderful for staging attacks. I would no more allow this than a Manhattan resident would consider leaving their apartment unlocked.'”
Interestingly, IE’s market share seems to have dropped for the first time since 1998. The drop is tiny — just 1.32 percentage points — but still… I haven’t used the product since 1999, except when it’s been the only browser available in Internet cafes..