mailing list archives
Re: IE is just as safe as FireFox
From: Borja Marcos <borjam () sarenet es>
Date: Thu, 18 Nov 2004 15:47:18 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Why is it that Microsoft's code has less quality even though all code
written is instantly audited? (Each line of code is checked before it's
'passed' in to the code tree.)
Design, design and design. Also, design.
Writing programs isn't a simple matter of writing code and auditing it
for buffer overflows. What about the lousy MIME-type handling in IE,
detecting intelligently (but after declaring it harmless in the
"security check") that a program disguised as an audio file could
actually be an executable, and happily running it?
It is bad design. The same as ActiveX. Why are many IE security
problems avoided by disabling "Active Scripting"?
There seems to be an obsession with "code" these days. And people
affected by such disease forget that the code should come after a good
design, and a bad design can only be fixed scaping it and starting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.