In a recent blog entry, my companion in the hunt for technology truth, Larry Seltzer, points out that you really, really have to try hard to screw up hard to mess up your Windows PCs copy of Internet Explorer with a Java applet that can run via Firefox, and some other non-Internet Explorer browsers.
I mean the spyware-bearing applet on Firefox does everything except scream at you that installing it is a bad idea.
People being people, I understand that its spreading rapidly.
Maybe we should have a gate on the Internet saying “you must be at least this smart to ride on this network.”
While this particular bug requires stupidity above and beyond the call of idiocy to get, it does point out a problem thats peculiar in modern operating systems to the Windows desktop.
Windows—be it 3.1, the first usable version, or XP Pro—was designed to be a single-user, stand-alone PC operating system.
Because of that design, Microsoft made what seemed like a good move at the time. The boys from Redmond made its IPC (interprocess communications), like ActiveX, DLLs (Dynamic Link Libraries) and OCX (OLE Control Extension), extremely powerful and without any real security.
Remember, they were thinking single-user, non-networked computer.
In turn, Microsoft designed its most important applications – IE, Microsoft Office, and Outlook – to not only use, but depend, on these IPC mechanisms. The problem, of course, is that Windows PCs dont exist as stand-alone machines.
Microsofts one seamless whole has become one giant security hole.
Thus, this latest security problem really isnt an alternative browser problem. Its a platform problem.
Its also an old platform problem. I first pointed it out in 1992 in Windows for Workgroups, Microsofts first Windows-based LAN product.
Then, I was able to use Excel and DDE (Dynamic Data Exchange, another IPC), to pull data out of a “secured” payroll XLS file.
I was able to do this not because Im some technical whiz. I just looked at the specs, thought about it for a minute, and about 10 minutes of Excel macro-programming later, I was in.
Things havent changed that much in the last 13 years.
This first example of someone abusing this kind of vulnerability through an alternative browser and Suns JRE (Java Runtime Environment) requires stupidity to get.
It wont be the last. Just as an endless series of worms have relied upon it to attack Windows system via Outlook, we can now expect more attacks of this kind.
Dont expect Internet Explorer 7 to solve your problems. Its security improvements—like reduced-privilege mode becomes the default and no cross-domain scripting—are flimsy fixes.
The real problem, Windows inherently insecure nature, requires major surgery.
The name of that “operation” is Longhorn, but God alone knows when Longhorn will finally show up—2010!?
But will that solve Windows problems? I doubt it.
Next Page: Running Windows your way.
Running Windows your way
Now, interestingly enough, with LitePC Technologies 98lite Professional v4.7, you can rip Internet Explorer out from Windows 98, 98SE and ME.
Ive used it since it first appeared as a student project, and I highly recommend it for people who want to run Windows their way, rather than Microsofts.
The companys XPLite and 2000Lite, however, while giving you incredible control over what your Windows system actually runs, cant tear all of IE out from Windows.
Darn it.
Microsoft made a big point of saying that the Web browser was part of the operating system a few years back, and now were having to live with the problems that come from integrating a program that talks to the entire networked universe with a fundamentally insecure infrastructure.
Lucky us.
Its been more than three years now since Bill Gates proclaimed that “Trustworthy Computing is more important than any other part of our work.”
Yeah. Right.
No, Firefox isnt perfectly secure. No, Linux isnt perfectly secure.
Nothing is sure but death, taxes and Windows crashes.
Yes, Windows with open-source programs like Firefox and Thunderbird is still more secure than Windows with Microsoft programs.
But, if you want a PC you can run without wondering every day what new security problem arrived during the night, youre better off with Firefox and Linux or Camino and Mac OS X.
Windows. Just say no.
eWEEK.com Senior Editor Steven J. Vaughan-Nichols has been working and writing about technology and business since the late 80s and thinks he may just have learned something about them along the way.
Check out eWEEK.coms for the latest open-source news, reviews and analysis.