Linux & Open Source - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Linux & Open Source


You Can Run Firefox, But You Cant Take the IE Out of Windows



 By: Steven Vaughan-Nichols
2005-03-15
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Linux & Open Source story.


  Table of Contents:
  1. You Can Run Firefox, But You Cant Take the IE Out of Windows
  2. ' Running Windows your way '

Rate This Article:
Poor Best
You Can Run Firefox, But You Cant Take the IE Out of Windows
( Page 1 of 2 )

Opinion: It's not Firefox's fault that some things, like Windows security, never get better.

In a recent blog entry, my companion in the hunt for technology truth, Larry Seltzer, points out that you really, really have to try hard to screw up hard to mess up your Windows PCs copy of Internet Explorer with a Java applet that can run via Firefox, and some other non-Internet Explorer browsers.

I mean the spyware-bearing applet on Firefox does everything except scream at you that installing it is a bad idea.

People being people, I understand that its spreading rapidly.

Maybe we should have a gate on the Internet saying "you must be at least this smart to ride on this network."

Resource Library:

While this particular bug requires stupidity above and beyond the call of idiocy to get, it does point out a problem thats peculiar in modern operating systems to the Windows desktop.

Windows—be it 3.1, the first usable version, or XP Pro—was designed to be a single-user, stand-alone PC operating system.

Because of that design, Microsoft made what seemed like a good move at the time. The boys from Redmond made its IPC (interprocess communications), like ActiveX, DLLs (Dynamic Link Libraries) and OCX (OLE Control Extension), extremely powerful and without any real security.

Remember, they were thinking single-user, non-networked computer.

In turn, Microsoft designed its most important applications - IE, Microsoft Office, and Outlook - to not only use, but depend, on these IPC mechanisms. The problem, of course, is that Windows PCs dont exist as stand-alone machines.

Microsofts one seamless whole has become one giant security hole.

Thus, this latest security problem really isnt an alternative browser problem. Its a platform problem.

Its also an old platform problem. I first pointed it out in 1992 in Windows for Workgroups, Microsofts first Windows-based LAN product.

Then, I was able to use Excel and DDE (Dynamic Data Exchange, another IPC), to pull data out of a "secured" payroll XLS file.

I was able to do this not because Im some technical whiz. I just looked at the specs, thought about it for a minute, and about 10 minutes of Excel macro-programming later, I was in.

Things havent changed that much in the last 13 years.

This first example of someone abusing this kind of vulnerability through an alternative browser and Suns JRE (Java Runtime Environment) requires stupidity to get.

It wont be the last. Just as an endless series of worms have relied upon it to attack Windows system via Outlook, we can now expect more attacks of this kind.

Dont expect Internet Explorer 7 to solve your problems. Its security improvements—like reduced-privilege mode becomes the default and no cross-domain scripting—are flimsy fixes.

The real problem, Windows inherently insecure nature, requires major surgery.

The name of that "operation" is Longhorn, but God alone knows when Longhorn will finally show up—2010!?

But will that solve Windows problems? I doubt it.

Next Page: Running Windows your way.





  Reader Comments: You Can Run Firefox, But You Cant Take the IE Out of Windows
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Linux & Open Source Articles          >>> More By Steven Vaughan-Nichols
 


x}r㶲s\@♵M=Ҕl3Z-/K3ΤN!1Erm%'?_v8x -2{<5D 74Aș=!1(ٟ9#ޚ'w>;(ˑԫQ]}nw2'v=7v@\~}@^cFwD%x_'Щ=ѩ€wɔiPلި/3}B}F7\3mgb^Q$Ё_ ¢%yCGu)pC(DsXqDǎH;*C'x8ӽi/DeO؀IQIM"x<&j>wn=ݣw23X]~j4Lߵ!Zpj9:TN`UFfnڭaㅰH A=c9p< G,gs'9"QcO$ա%Uq˝LJNtXF>D>8zvGx09ry j5jfL {n_%z0sw6O)L|@ɠ#ӱaGPu#o8sh#m#HSKVUBX)ڑ^rww3mù-Ӟߛ7?rfoFϿΔiR;]t>^H CKo -%ZATwNi\t?59NNַ߈+QT"*rp4KI hjCG'${@BsoVQ+ZVH+(H.գQZzO``%pbQUri[򓩥}o_]^uzmo|JAͼ94o o 3E@;- uj 0k:j56kiJuf!`FܼNR$9Vϡȟ4R\ 9lb vfyM)o dz!CCZ9nVȨUSA%EI7CD r2#~B(PHQ>z%Kus7p#Kg񇰻fe՜YWa>2G#-*<Ǟ4Nv..~:ozmPqJ,0B-$]evrcjۛZ\MfzTb(7Z`Lm,1,Ltϭ y0`hvz?3Ϩagnۉ!9~tDAG66^lzK裩IXn`Nt&Hqp{4ڭ-%H_ >< zNJ$>6Zχ`˦MfB9;ǻerkm͠~(wMP>X^0{@`^@Z8`88ʼE]q2>o ޜꦥM L<ģ|D w C|'s\(L7^"{""D%  h4AǰEEN@@7;.VKŤ\*1=Ri !3g RTD;7քbZ z)0 eVRihn1!UG,D`v9r,L.Y O6JԭybQ9ҴZ hқ͑ Kܺye&,@PCb;*O<sy h? OzuK  +ZsξS : jI!VB!7OH wf@nmHݤ|r%eR{`MLE2a==%ӻnR/0}ԙQĠ3BZSOs\| g:[6[7˦EI8Jەi]jk-T8W7Bɶ/²xcP66R(kυ5Ӳ =2P" Cx EZ҆Ss m _&TYWӟBtX)Z%a5sV@d@7h` DlVCax9Zz' As,\OT.n9g q>Jeǝ:~ҧ ;BSjb3}Ä끄 _%tp:P[%n//g+ i{u]ؕ.RL|zn P[aHz{>8`Tfla86-b?x;ڈy /ƨ_$Q?{2,exY΁5mIr'j3 4]}Zj<897!Ro=>  4 ıLBYaX88l];( 2qŝa&9~ L>AS-cfDی3$!MT&E)'h.E5 dh*O|qNx@ Ez .҈ ڀsgDrAab H$T `nR@:kRUԓxZC@^~~J%$tX2H=:{>Q7Ϗ9(ghW9d*>GHR-ʪZJ _=>2z4Ebw8pc}y __ PݩQoN(foܦ;PC.sO.S˰)#.# ,c`72$hWXSJ$z`sZiA7GGѝWKV'=iv?3jGswq5 EYw-4 )aKPs hj_R vU#tT# 3)X]QiRiQؽe=O᧘ZӁQ}/5u<|X\.(``!>ߏz0f&Ш)lTgm/ RU *~i;:{oJ.8F2<"C8bS>dV}P@K!nΚ667=ϼt[̍<9E7"=_g`%SQl7xv@̬k}#u6霎0 M,G\մRb/Y`#1s*? .=< Rglס3/i21󓫻Z+U c ׃nc>G7sWnb*r6=_?K=[L4@V1-0]̞̙-mdۨ5 L VjeavG8fz%~^{~w?I jp2N*,E$B(NY HXٌ*r_ kRUG 4@DB#+}r'nPzQ|Z%W&j|$>rcO ZMBR%%!~!VA#Ǹ"ZAX_xLl AKl!/`.P(c/Z4["X6)DД7ϰ3Rb kQh#e-BwYb@ O+skKIm'O+Kzu U!ndUT tVB 'I9 g?amy`:JU4qy27(۞kMn@ ?wśn 02Nr|(VVJr=ȹi0F\0R,WyHP?lZ.+BvQ *s>P|o =$Є_؆ +~7?l)ɡHHD>DiF\{e">QP(?תۣ[ L $q%YUihj/#}4g +f[I.~GQW uxH >^y!2@#nnt/y렘v~&`}?W hqïR吔,j~ptђ:m~t1} }L@IP 4 5="!}ׇ̿{9fչ ]whgg~py- 8@W~\9o^}\/~tϺW9\dcxx\#R@!pWv*<aSڎ6N ,$Z[?8i4rG=^p@چWҽj8`\Rh5c-I'“ Ey4:8mj19 ²VXHe`|C WtvcE9,{B:.Ϛ_i9DC[ `M/ԩ #ADrElFzRFijV{DGė$0_ί0[L㷜oWȘID_q+ '=?E]h':I쀐 ׉ NN9ks_<#pp"0xc.A-H7ܾJ>$S0QJh"g8A;)~ڲ{, /=;SL&Q([4wiaEtKbs-ɔbJ4:eޞ,Hy=Ym@ybZӽK3%;/'X;[ VH_8_`wNg",GTAΈmYv?{xXL7mb򇴺'ͳ~4/?&mЯ> H-Э>u?y{do&<)dzIl֜u 9obXKwfimԕa6FKp?Koҽ{g;᧥mestȳV*1$DH!Hnm e_"2gNIJn/:Ld< ,f}x3tT?,#ze9mfoxzooo=ȥ&q=*~Ϻ7]f+wB%mJK{9nhp;D%ÝqQ#y∶K`!j>bϽ5o14L,*z>;l-3hL ;yor:? G Ofx՛R\P`-ݺܭ1J3"q#ĠHߚSsEs _534:as*|"ZyVa oE[ά(W3o-(oǜxkn R*weT+cgS[Kϡ.'̼V&v zГqi+"@ыO-1-}O:d|:3mXY-?5uY]QTRSJMwӗ?<>,?zBȏBxEx47K} gǣ8JM-+)78$SXcvѹ#\; ?Ω&}DA2I<^yȝ>sC|Ah$cD%ؙQr8I1e!I|Ndo<7DmCԖz ZRV$DH6ğ4:ˣع,iwq𹣽,Q,Aɛv7+ G{ 7o6znA፛Dx]GN|2rIu9|'Cq$ܨe0X2J)B1tŢ@8NBb:q ]eh60 .b! &1_.ä3peyb (Z?;ˌRG-g>N+bb 4La;V b%ޙ,xDdId+Na$ne%!-ILurrT) gB,|YL`s1T$gy6y 0d`m& iAZֶ${-Y2zV#إ#H-Ԣ2 >C<<=[jy KbA-%<G<@QZUSq ]حdֶ%KDNX}A_&R2K`*2"B"ҫ֊;#֣ol[JٖJ'0Զ'%La %}Iìzp9|G,Bby3@ Йy H W"ȞM=+ǿjjtŠĹcPK:~KJ}XU2jAU2/f(3'N8pO'u)Ғ(|ROx%ppl(s{43[L*  jtL4AI]14AtST3h4C$ B> 4D~Պ Qx4#(RYJJy|X% 9999_i\*Ԋ4exW}|!u Keeuy |E:B_yYz=hmFX?[ϋ{bM`WJ@Àuj_e y_-ݖK-ms~Z@gx/_WB/oOW $g~NݼB %RS43s7/i4;K$CYJu4||'>>IL7sgQcBu{&5 Ԗtl`]:qf_;|{B7xnI0)kcj[Nz兌r)Te=cm6tx!i`j UesC6,I!~ƣ_E.FȏX-˵GvV=@7A}2 L96% (<>$R.IY5!xán1u 2j:NǃOdt م ;żzb6|M(>h_9 `EgT,p<)||LXK~pNbX*"NcJ ʓ10u =twgɮdxLuˢ6L44aREo^o"tP00Q0^!< !vxc/ʐC/ FsiQu}hB|uO_]1$;d9*-:E%0cl HC[f4upZxƅKu?d,+8"w^ k~b~i/m~vcm|`26[Ӳ뿓$yjz`'ݴŵX,hMVÙBt}3a饇]曟#{7G7w-Gf ]G?DځrUt7 &dZP_,%\k>1m!o A&Ku>H]^Oq\dIw'y{Ddb =M)*a ?D~7긯L7v_.FڋLL\LQXcJ;*9i}^t~ J5?4+O|odQ^ Bx8j K{{[mڸ$z5"m]v7{""aTQ]kN9-0 թ~;T&-V68I YW mqCvI rˣa#ʱ,q|JDyDW9q.)eN e9L19w%1i}PRM#8=%17{#8Gc8V55xo+0ꛈr59#Ÿ R"R./> l?QX2n$?؎7ӭ 6ǜMEfAiRT9Us\:$VG ]J1x~[aRWwƄFWe:-0Q5t+\U Bfx-F5֠wIlo<)fF<&L8`;bw^=Vڹ𚮴qwzRKo^;G'inVu&RCKo#n@Gӡg1EG8a4n$]>\JƂ,6c="QGlTҊj95Y ~fK x.'}sy\lgN((bXL~-= ŐO9 j|}.[>V-V]M5j^(]L\!a Buw#ᷭ lslӳ9/0۱px6-Rý,&HPjߚc#/Vkў` .,9)KxfV-j%VG4K,2;k4]&拡   rQ̏XJ0[1 K}JFV#lEiw]_Ō\>fF+iAwcsDOcLѾǓx 1+TTbЭB1˪M;InP}sY?e=` '2t/x~ B {=Jl~ChM,Û~|U:h|%wҹnZ,לEh 7٤߄QT1 :{ᛂrPZ-}G_ 6a^zGZq!G)}o [#d2zޘ8# XJWH7}H['鍀I㏖+62sjl: /uh_?#=4;g};kzxX2d,9k`XțE4@_ Ϯ>&Ow:ڀ (]Afxw;n0Osˮa!auh c>r*?Dr6Б`5A1H3'T~3)5՝ cpT`sjNd5B&t85{ߟz=n%[ lx Dx& pbx|^ôG֜iĄ@㐷;PbA=Q\26Faŷ^(l8*wxc||>K0/ (Z`,%RvAS"V21C(c^BMFh_fGBg4:` F" U g8= wSܕɭrgf)p͒w\j:rtT(ʁ2|{C@us,2us x\jJFŇ$!Ѕ8i,)@"!9͉k)#m u;5G@p),f,TՊR &uUu]j)q]]x YV^"rӄ\I \A] / PIZ WuKs_Ч6#k7srڽ"MrznާU^Y8a[kN|Sw/'/U&hT/晾xQ(;OFYyfvʜT{<ʥ,% Y*w"<MqgqD4[ohlУm{hĉiSrO?gRf@g+Ճo\w0 lE/QxCJ,n3 ;|_sst Z<6T?rֱ1u|j[l'$}'r1>aaw. ]C?yߥH׹ pi1Q.`Vk{7F51o93 30-6G@0~m ohhd9Yk+cɘP'G4WB):3U\6 id:,Nd=:vMhpbAoN[a>$N*۹d$ӧugsIz5~Pq9Lh}#Ϙ^'(z ̸>ΐR8K)Mu8:\5m$$&b3@ gYlVHRq1^R[aD.vUlv[h* b>v"مxދZ^y|XqE*9"Qo @A$tXa+Nvޒۍ־( ;><=رGH#eUI;.~m%o ]*K%GbF8] "!_Sanh.yUHR}J0~N:]#խ`*s^gOA{&^ٱs1cbV!qdFW-[@ e`1l4aeh)fYձ w 7g}޴m΢ƄJu AY=_v{[=/'_f cJ\g'ۂ~GK2G S<"Y4/'`)O#xje 3 .^A-F14%o,gkVTF \