Roger said:
But it can be turned on in FireFox and off i IE. How many times have you
seen the message "You need ActiveX enabled to view this site properly..."
Followed by instructions of how to turn it on. Many un-informed users will
simply turn it on.
While no software can 100% protect a user from themself, you have to
EXPLICITLY turn this on - the novice user is at least afforded the
opportunity to be aware that something is going on. Who knows, some may
even ask questions before blindly pushing Yes. A default MS OS
installation - which 100% of computer purchasers get when they buy their
PC's with MS OSes on them is ON BY DEFAULT - along with a whole host of
unneeded services, networking protocols, etc. In the case of Microsoft
- unsuspecting users will have no clue that it is on (and in the case of
many that it even exists) until they run into a major problem with an
applet compromising their system.
There are very few applications on home computers that require Java - so
why have it on by default? The people who do use these Java
applications will know they need to enable Java.
And you're suggesting MS isn't? So IE7 is just a waste of everybody's
time.
As long as Microsoft has IE so recklessly hooked into the core of the
operating system - yes, it will be a waste of everybody's time.
Microsoft is extremely slow at providing fixes or workarounds to
existing compromises in its browser and I don't forsee that changing.
IE7 is only being released to try to counteract its diminishing market
share in the browser field - to Firefox, Opera, etc. not because of some
morally grand vision to make everybody's internet experience any more
secure.
Based on the stick they get from the world in general, I would imagine
security is high on MS's list, hence the development of IE7. Also, look
how they've crippled Outlook in successive versions. By default, Outlook
2003 will not let me open an Access database that I added to an email I
sent to someone else.
As I stated above, securtity is not high on Microsoft's list - if their
track record of slow fixes, shoddy initial OS releases which required
immediate service packs, etc. are any indication. If they truly were
high in the security conscious department they would have built IE INTO
the operating system with Windows 2000 and not hooked it in like a
shadetree mechanic. With the releases of Windows 2003 and XP they still
did not address this issue properly (wolves in sheep's clothing). So we
still have the same foundation for all these compromises in place 6
years and 2 additional OS releases later. Lets see if they address this
issue with the upcoming Longhorn release - I seriously doubt it.
In the end it comes down to the user. An uninformed or stupid user can
leave themselves open to attack in any browser. Basic advice - don't click
on anything unless you know what will happen.
Where do I stand regarding my allegiance to any particular software? Well
I write applications around and customise MS Office for clients. Why MS
Office? Because I've only found 2 businesses in my area using anything
else (and for the record they were using an MS OS and Lotus SmartSuite).
With this I'm in agreement - sort of.
I won't go so far as calling users stupid as I would complacent. Then
again we dont ask automobile owners to be expected to adjust their
emmissions, tweak their air/fuel mixtures, and be able to decipher ODB
II diagnostic codes to SAFELY operate their vehicle - which like
computers are luxuries which have turned into necessities. Why should
we REQUIRE this level of behavior to SAFELY operate a computer? At
least the alternatives to IE are separating themselves from the highest
risk areas of the Microsoft Operating system when they design their
browsers and leaving the option to the user to OPT IN to those riskier
technologies if they so choose; which is more than can be said for the
company that propogated these security issues in the first place.
Perhaps Microsoft would be smart and go to a modular design in their
next OS release instead of building an OS with a "one size fits all"
approach - with all the extras being pretty much outdated by the time
the OS is released anyway. Now that would be a novel approach.