Yeah, so apparently my little networking issues this morning caused all of the sites I have on this server, which includes Kurts UnderstandingXML, to serve up the XML feeds for XSLTBlog given that Apache is set to default to the the directory I have this blog stored in. So what would have seemed like a really strange post from Kurt -- that of praising the power of IE and shunning the religous cult of Firefox -- was in fact a REALLY strange post as it came from me, not him. Hopefully enough people subscribe to both our feeds that this would have been easy to spot but I know there are a lot of people who read what Kurt has to say in the much larger XML universe and have no real interest in XSLT so I fear that there may be some people out there scratching their heads wondering what on earth caused such a shift in Kurts opinions -- generally not quite so pro MS as I tend to be. Sorry 'bout that!!!!
On a lighter note... Steve Loughran made some excellent comments on that same post and I wanted to quickly bring them to your attention as it does bring some interesting points to light that I hadn't really considered... I will post his comments in the extend portion of this post.
[via Steve Loughran]
I like a bit of flame bait :)
First, what use is power, if it is abused? The two primary routes for drive-by spyware (that is, not the stuff that sneaks in with apps), is ActiveX and security hole exploit. both browsers are weak on the latter -even firefox seems to like a WinXP reboot (well, on that vmware image anyway) after an update. And both apps are prone to security holes, because they are written in buffer overflow languages (how’s that for flame bait). As Mozilla becomes more popular, it will become more of a target for malware and driveby spyware attacks.
But here is why IE is less secure, today
-Prompted AX download is still enabled in the internet zone. Unless you know how to adjust zone members and security, you cannot disable that without breaking windows update. Which you need, after all.
-IE is embedded everywhere. That isnt usually a bad thing, but it means that the attack surface is so broad. I think the mailers (outlook express especially) are trouble here, as they permit direct exploits of security holes. Mind you, thunderbird has the same problem. hmmm.
-Browser Helper Objects. Somebody thought it was a good idea to let COM components have access to stuff that gets POSTed, even over HTTPS links. Mistake :( . By providing the toeholds for spyware and malware, they provide a source of trouble for end users.
Regarding ‘power’, how relevant is it? Who cares about “more powerful”. None of the friends and family whose boxes I have had to antispyware; they are grateful to be given a copy of mozilla and told it is more secure.
There are some things that’d be nice in mozilla, a good HTML editor component, better XML/XSLT handling another. But then IE could benefit from CSS2 -a bit of power for site designers that IE lacks.
Anyway, its good to have competition again. Would we have popup blocking in IE without Mozilla? I doubt it. Not given that MSN must have made many €€ from popup adds -a bit of conflict of interest there. Would we get IE7? Not a chance. But will IE7 move windows update into its own zone and turn off AX download in Internet Zone? I hope so, but doubt it.
TrackBack URL for this entry:
http://www.xsltblog.com/xslt-blog-mt/mt-tb.cgi/757