The macosxhints Forums

The macosxhints Forums (http://hintsforums.macworld.com/index.php)
-   The Coat Room (http://hintsforums.macworld.com/forumdisplay.php?f=8)
-   -   MSIE should be banned from the internet (http://hintsforums.macworld.com/showthread.php?t=77367)

Alex Yeh 08-27-2007 06:30 PM

MSIE should be banned from the internet
 
CERT lists 5 vulnerabilities for IE this year alone, not including larger systemwide vulnerabilities of Windows that would effect IE. None for Firefox or Safari. On SecurityFocus, IE gets 16 pages of entries, compared with 2 pages for Safari, and 5 for Firefox. IE on Windows is the only major internet browser that uses ActiveX, a major vector for viruses and malware (and a bad idea, too). Among web designers and the w3c, it is well-known that IE does not even render documents correctly - there are serious issues with the way IE developers implemented CSS, and its (proprietary) javascript implementation (jscript) has a number of bugs, including an exploit that allows an attacker to gain access to any text in the system "clipboard" of computers running Windows.

In spite of all this, IE is the most popular browser on the planet - because of MS's huge market share.

cwtnospam 08-27-2007 06:40 PM

Absolutely!

baf 08-27-2007 06:42 PM

Agreed but it wouldn't say "most popular" but "most used". Because to often there is no choice as a company has sites that can only be used from MSIE on Windows......

Alex Yeh 08-27-2007 06:49 PM

^^Good point, although I’ll bet Steve Ballmer would disagree :rolleyes:

of course, Steve Ballmer would disagree with this entire thread :D .

tlarkin 08-27-2007 06:57 PM

Quote:

Originally Posted by baf (Post 404367)
Agreed but it wouldn't say "most popular" but "most used". Because to often there is no choice as a company has sites that can only be used from MSIE on Windows......

Yup, it has to do with Active X which is truly hate. I mean I don't know if any of you have to deal with Active X, but I do on a daily basis. I am forced to, because certain websites I have to use to process warranty claims on hardware failure use Active X. On one particular site I have to shut down all security features of IE and let Active X do whatever it wants. So, that leaves that machine wide open for attack.

When will companies learn to use server side solutions with HTML, PHP, Perl, MySQL, etc which can just run through any old web browser.

baf 08-27-2007 07:03 PM

Can't agree more. And when it has to be client side most of it be be done by a java applet they also have had some security problems but far less then activeX

Jay Carr 08-27-2007 07:16 PM

I like IE! It gives those hackers a big fat juicy target to completely distract them from attacking Firefox.

baf 08-27-2007 07:22 PM

Good point except when I have to use it. But I have a way of reducing the danger. I'm running IE on a "throw away" pc that can be reimaged when needed. Talking to that by rdesktop :D

Alex Yeh 08-27-2007 07:54 PM

For anyone who has pulled their hair out (or rapped their head on their desk, if they have no hair) trying to get a website to work in MSIE, here is a javascript that purports to “fix” IE, at least in regards to some standards compliance issues. Pretty embarrassing for the Microsoft engineers, I'd say, when a freelance javascript programmer can do a better job at making their browser behave well than they can.

I should add, this solution is far from comprehensive, as you would expect, but it is admirable nonetheless

tlarkin 08-27-2007 08:21 PM

Quote:

Originally Posted by baf (Post 404394)
Good point except when I have to use it. But I have a way of reducing the danger. I'm running IE on a "throw away" pc that can be reimaged when needed. Talking to that by rdesktop :D

What happens when your "throw away" PC gets a self propagating virus or worm on it and all the sudden you just put your whole network in a situation that could become very very bad.

All my PCs at work are expendable and my windows XP virtual machines on my intel Macs are expendable, but at the same time I don't want to risk it or have to go through the work of reimaging a computer. That is 15 minutes I will never get back.

cwtnospam 08-27-2007 09:12 PM

Quote:

Originally Posted by tlarkin (Post 404415)
What happens when your "throw away" PC gets a self propagating virus or worm on it and all the sudden you just put your whole network in a situation that could become very very bad.

Another reason why it's so important to avoid using Windows whenever possible.

tlarkin 08-27-2007 11:12 PM

Quote:

Originally Posted by cwtnospam (Post 404427)
Another reason why it's so important to avoid using Windows whenever possible.

This really has nothing to do with Windows, per se, because a windows user can use mozilla, firefox, opera, etc. This is really about developers who make things in the wrong manner.

Really the biggest problem is, when companies buy huge web front ends for their data base that has cost them millions in dollars in software licensing they don't want to abandon it, because it would be seen as a loss of money. Trust me, if I had the power to abolish active x, I would. Unfortunately for me, you, and the rest of the world I can't do that.

schwartze 08-28-2007 12:02 AM

Quote:

Originally Posted by tlarkin (Post 404377)
When will companies learn to use server side solutions with HTML, PHP, Perl, MySQL, etc which can just run through any old web browser.

I would think it has a lot to do with pre-packaged solutions that get sold to places.

Today I was asked if we had IE7 on all the computers (we don't) because a group just purchased a software package that "needed" it. The salesman was there and I asked him why it was necessary. He wasn't sure and was willing to call the IT department to find out. We went to the site and found out IE6 or above was recommended.

I asked about Mac users (students) and was told that it works with Mozilla, not Safari.

But back to the point. Many places sell pre-packaged solutions. Many great packages can be made if you have the right resources, but not all places have the time or talent to spend on the resources when they do have the money to spend to get it set up ASAP.

And finally, as for HTML, php, mysql, etc... I built a site moons ago entirely in ASP (classic), MS_SQL on IIS because that was what we had. It was standards compliant, able to be used by anyone on any platform. Active X as far as I know is not there to connect to the million dollar oracle databases (they use Java for that) but to make tweaks to the user machine - which to me is just a big no no.

If you want to put anything past a cookie on my computer I won't be returning to your site.

tlarkin 08-28-2007 12:14 AM

Quote:

Originally Posted by schwartze (Post 404505)
I would think it has a lot to do with pre-packaged solutions that get sold to places.

Today I was asked if we had IE7 on all the computers (we don't) because a group just purchased a software package that "needed" it. The salesman was there and I asked him why it was necessary. He wasn't sure and was willing to call the IT department to find out. We went to the site and found out IE6 or above was recommended.

Yup I agree, and one some of the sites I work on running a Siebel system, they are pretty much forced to develop for IE since it is part of the package. When a company forks over millions it is an investment, and they won't migrate easily with out some sort of cheap way to do so. They see it as another million dollar problem if they migrate to a new platform, which in many aspects they are right. It could easily cost just as much again to migrate.

Quote:

I asked about Mac users (students) and was told that it works with Mozilla, not Safari.
Strange, what specific system are we talking about that supports one webkit based browser but not the other one? Though I am sure Apple did make their browser their own way, just like they made their own distro of Unix.

Quote:

But back to the point. Many places sell pre-packaged solutions. Many great packages can be made if you have the right resources, but not all places have the time or talent to spend on the resources when they do have the money to spend to get it set up ASAP.
Many people in general fear change too.

Quote:

And finally, as for HTML, php, mysql, etc... I built a site moons ago entirely in ASP (classic), MS_SQL on IIS because that was what we had. It was standards compliant, able to be used by anyone on any platform. Active X as far as I know is not there to connect to the million dollar oracle databases (they use Java for that) but to make tweaks to the user machine - which to me is just a big no no.
Active X runs scripts just like a java script would, however the real difference is that Active X allows full access to windows, and the windows kernel (I think, I'll have to fact check that later on). Thus making it more robust but at the same time a security and stability risk.

Quote:

If you want to put anything past a cookie on my computer I won't be returning to your site.
What about just like your opinion on something? What if they ask that?:D

schwartze 08-28-2007 01:13 AM

Quote:

Originally Posted by tlarkin (Post 404510)
Strange, what specific system are we talking about that supports one webkit based browser but not the other one? Though I am sure Apple did make their browser their own way, just like they made their own distro of Unix.

I am going to have to speak with the group that purchased the software tomorrow so I will know more about it then. I am thinking it's a new "Blackboard". Damn, I miss Prometheus. They were a great group with a great project.


Quote:

Many people in general fear change too.
In all camps. I agree.

Quote:

Active X runs scripts just like a java script would, however the real difference is that Active X allows full access to windows, and the windows kernel (I think, I'll have to fact check that later on). Thus making it more robust but at the same time a security and stability risk.
It's that kernel thing that is scary. Oracle stuff uses java (maybe javascript too?) and this is at least supposed to be sandboxed and it slows down the fastest computers so not much can do anything else to harm it while it's running.

Interestingly I found out today that Opera on a blackberry chokes on javascript. Javascript that wasn't even called yet. I have to test it out again to see if it was a fluke.

It's not just IE, Mozz, or Safari anymore. It's all these smart phones too that need to be developed for.


Quote:

What about just like your opinion on something? What if they ask that?:D
We know no one really wants to hear my opinion, unless it's to validate theirs. :D

tlarkin 08-28-2007 01:18 AM

Here lies the problem with Java, and Java based technologies. It was a language developed by committee for universal functionality. I personally will not use java unless I have to. I have used pure java based apps that run so slow, and so crappy but they work on everything. It is like you sacrifice performance for universal functionality. There is a duality to it.

We run blackboard at the school system I work for. Luckily for me, I have nothing to do with it. One guy runs it, so its not my problem. However, I know we have had our issues with it.

Alex Yeh 08-28-2007 02:34 AM

Quote:

Originally Posted by tlarkin (Post 404510)
…Strange, what specific system are we talking about that supports one webkit based browser but not the other one?…

Just a minor point here - Firefox doesn’t use Webkit. It uses Gecko.

cwtnospam 08-28-2007 08:14 AM

Quote:

Originally Posted by tlarkin (Post 404492)
This really has nothing to do with Windows, per se, because a windows user can use mozilla, firefox, opera, etc.

Microsoft merged IE and Windows for a reason. I have two crappy, Windows only apps I need to run. Other than that, the only thing I need Windows for is to access sites that require IE. As far as I'm concerned, Windows and IE are the same thing. One big stinking pile of garbage.

Alex Yeh 09-04-2007 09:38 PM

I found this pie chart just recently. So true! So true.

ThreeDee 09-04-2007 10:59 PM

Quote:

Originally Posted by schwartze (Post 404521)
Interestingly I found out today that Opera on a blackberry chokes on javascript. Javascript that wasn't even called yet. I have to test it out again to see if it was a fluke.

A bit off-topic:
http://www.mozilla.org/projects/minimo/

schwartze 09-04-2007 11:47 PM

Quote:

Originally Posted by ThreeDee (Post 406375)

Thanks for the tip. Interestingly with the Blackberry it was only 1 that I found the error on. Others it worked on.

Back on topic.

It's not just IE. Today we had a user that was copying and pasting info from a Word document into a web form. It was coming out mangled when it shown as output. My best guess for her was that the site that was taking the info wasn't stripping it clean and all the fun invisible info in Word Documents was messing with the style in the output. Not having contact with the web group that takes care of the application there wasn't much I could do.

Which brings me to one last point. When creating any form of web application, when 30,000+ users are going to start using it on a specific date - it's probably best not to test and play with new features on that day.


All times are GMT -5. The time now is 01:20 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.