Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Faces Angry IE Users' Questions
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 10 Jul 2004 22:04:17 +1200

"Jordan Cole (stilist)" <stilist () gmail com> wrote:

Hm... the fact that the average user probably doesn't even realise
there are browsers out there besides IE means nothing, I suppose. And
I saw from reading it (this morning) that there are two basic replies
to any question:

a) we're considering it, but can't say for sure - after all, it might
break something on some obscure site

That is no longer a valid, or even "acceptable in Microsoft's screwed 
up internal-cultural view of things" "excuse.  Once upon a time it was, 
but well over two years ago now Billy Boy went public and told the 
world that security is now more important than features.  Of course, 
the skeptical part of the world did not believe that Billy really mean 
it and the skeptical part of the world has been proven right for more 
than two years as almost no-one at Microsoft has actually acted in line 
with that edict, but according to Bill's public prognostications a 
softie cannot validly say any more "it might break something on some 
obscure site" as a reason (or worse, an excuse) for not fixing some 
glaring security flaw...

b) people use it, it's gotta be good! (reminiscent of the "new
hampshire - 40,000 squirrels can't be wrong!" t-shirt old navy or
whoever made)


Same argument applies...  Billy said that security has to take priority 
over functionality.  So what if 40,000 morons decided to use something 
tha MS previously hyped as "the next big thing" -- if its not good 
security practice the softies are supposed to replace it with something 
that is.


Of course, until the first version of IE that cannot support ActiveX 
ships as a critical update on WU, the skeptics know what Bill was full 
of back on that fateful day more than two years ago...

Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]