Face-Off: Whos to Blame for Browser Holes?

 
 
By Sean Gallagher  |  Posted 2004-07-12 Print this article Print
 
 
 
 
 
 
 

The recent rash of security problems related to Windows-based Web browsers has led some to ask if the browsers themselves are to blame—or is Windows itself just not safe?

The recent rash of security problems related to Windows-based Web browsers has led some to ask if the browsers themselves are to blame—or is Windows itself just not safe? First, Microsofts Internet Explorer was found to be vulnerable to a number of potential attacks from a Web page. While many of the recently discovered attacks on IE were found to be based on previously patched holes in the browser, an attack that allows for the download and launch of malicious code from a compromised Web server has prompted some security organizations to urge users to consider alternate browsers.
Then, last week, a similar "shell" vulnerability was discovered in the open-source Mozilla browser for Windows. The flaw was quickly patched.
So, whose fault is it, anyway? Two of eWEEK.coms Topic Center editors have opposite answers. Steven J. Vaughan-Nichols, eWEEK.coms Linux & Open Source Center editor, lays the blame squarely at Microsofts feet. "No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do," he says, "the bottom line is that the serious, gut-wrenching problems happen on Windows; not on Linux, not on Mac OS." IE users worried about security breaches didnt get many answers from Microsoft during an online chat with its officials. Click here to read more. Larry Seltzer, eWEEK.coms Security Center editor, sees it differently. "I think the argument is that Windows should prevent the shell scheme from executing programs, but this isnt a job for Windows," he says. "This is a job for the browser. All Windows is doing in the case of what was just patched in Mozilla is taking an instruction to run a program and running it. If the browser didnt ask for it, it wouldnt happen." Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  

 
 
 
 
Sean Gallagher is editor of Ziff Davis Internet's enterprise verticals group. Previously, Gallagher was technology editor for Baseline, before joining Ziff Davis, he was editorial director of Fawcette Technical Publications' enterprise developer publications group, and the Labs managing editor of CMP's InformationWeek. A former naval officer and former systems integrator, Gallagher lives and works in Baltimore, Maryland.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel