Internet Explorer is seriously one of the WORST software products ever conceived. What could Microsoft possibly have been thinking?
Maybe something like this:
Let’s create a web browser and give it full access to both the outside network and the innermost workings of the operating system. NO! BETTER! Let’s have the OS interface BE the browser! That will get the Justice Department off our back when our “cut off Netscape’s air supply” memo leaks, since by then both of them (OS and browser) will be “merged”.
Next, lets create a technology that allows fully functioning programs to be run in the browser. We can call that ActiveX. We’ll need to set the default security settings pretty low, since we want people to have easy access to this. We can even make people use it to upgrade their copy of Windows. Why have a separate, secure system in place that can only connect to our servers when we can just give the web browser total control of everything and then assume nobody will ever find a flaw that lets them rape systems remotely.
As the crowning pinnacle, lets let 3rd party people modify the browser’s function using this ActiveX thing and not give people any easy way to remove the “enhancements”. Marketers will LOVE the ability to change the browser so that every time it accesses www.disney.com it pops up ads for hardcore midget-shaving porn, especially if the ads show graphic horse fisting, too.
Last item for action: once we are done using our OS monopoly to control the web browser market, we need to stop upgrading the software. Standards? Bah. Who cares. Rendering bugs? Not a problem. Features? Control? Security? Well, we’ll patch critical flaws, but other than that, fuck it. Users can like what we forced the PC makers to ship or they can kiss our hairy beans.
How many times have we seen Critical Updates for Internet Explorer, patching some hole in ActiveX or scripting that would allow a “malicious website” to gain full control of the computer or execute code or whatever? Well, here is an article on exactly what a “malicious” website might be: a site running Microsoft’s own web server. Yes, yet another flaw in IIS allowed dozens of LARGE, RESPECTED websites to be compromised. Now these sites send out the normal pages with a nifty surprise: software that will hijack your computer to start sending spam.What does it take to get your computer controlled? Using Internet Explorer and accessing one of these websites without your Security settings set to “Highest”. That is all. No opening of unknown e-mail attachments like a stupid newbie (and don’t get me started on Outlook allowing code to be run) or sending info to someone claiming to work for a company you do business with. Nope. Just browsing the web. With IE.
Check out Microsoft’s “What You Should Know” article on the subject. Vulnerable systems include Windows NT4 SP6, Windows 2000, Windows XP, and Windows 2003. Oh, I meant “any system running Internet Explorer 6”. That is easier.
I personally never sweat this shit. I have used Mozilla for years, moving over to the Mozilla Firefox web browser more recently. Fast, easy, better standards compliance than IE, pop-up ad blocking on by default, tabbed browsing, and one last thing:
NO IE SECURITY HOLES !!!
I beg you all to make your systems safer. Go use Opera or one of the Mozilla browsers. Launch IE only often enough to run Windows Update. I swear it will be better for you. Once you see the web free of pop-up and get to know tabbed browsing you will wonder how you lived without such things.
If any of you have questions or see a missing feature you want/need after loading a Mozilla browser, let me know. There is probably an extension you can install that will get you the feature you seek.
Update (June 29, 2004):
Hot off the presses, yet another IE “Browser Helper” is wreaking havok on unsuspecting browser users. Install this bit malware (I swear, we should be shooting the human garbage who write these) and your browser watches for you to try to log on to your bank, then sends your login info off to some ne’er-do-wells who can then try to ass-rape your bank balances.
And does IE provide a list of its installed “Helpers” for users to check on this?
Does it give you any way of uninstalling these malware or spyware or adware “Helpers”?
Has IE had a few vulnerabilities that allow “Helpers” to be installed without user approval?
In related news, now that the (still un-patched) system hijack exploit facilitated by a (still un-patched) webserver vulnerability I mentioned in the original entry above has made the more mainstream press, experts are suggesting all IE users either disable scripting for all zones (including the Local Zone) or use an alternative browser.
I think you all know which of those options I advocate.