Saturday, July 10, 2004

This is the longest I time I have spent without writing, and for some reason it's not really bothering me as much as it should. I think this is happening because I am busy enough with work and algorithms and commuting. It's strange but I believe my creativity is simply finding more outlets at work.

I can write about mundane things I suppose such as Spiderman 2 and Fahrenheit 9/11, but I don't really think that will be in the spirit of this blog. So instead I'll just talk about how more and more people I know seem to be shifting to Firefox from IE. It was inevitable I guess. Microsoft last released the last version of IE in 2001 and there haven't been any features added since. Add to that the fact that malcontents on the Internet seem to be eager to find vulnerabilities in IE and exploit them.

I switched browsers when the URL phishing vulnerability for IE was announced. Microsoft took a whole month to fix that. Until they did the recommended workaround in the Microsoft Knowledge Base was to type out the URL for each link that you were planning to click! (If you don't believe me read the third bulleted point in the Knowledge Base Article.) The phishing vulnerability allowed malicious users to fool you into believing you were browsing on a trusted site (like Microsoft.com) when in fact you were getting pages from a malicious site (like some criminal server in Russia intent on getting you to enter you credit information.) Microsoft took a week to fix the Download.Ject vulnerability and even then they did not fix it properly. Download.Ject exploited a IE vulnerability and allowed people get infected by trojan software by simply visiting a malicious website. The Download.Ject trojan software would then find and send sensitive information (bank account numbers, credit card numbers) to the malicious website owners. The Mozilla shell vulnerability, which would allow for the execution of arbitrary EXE files on you computer if you followed a "shell:" link, was patched within 24 hours of it's announcement.

I don't really care if software is open source or not as long as the price is right - Internet Explorer and Mozilla Firefox are both free. I do care that the software I use is secure enough to protect my privacy and my money. Internet Explorer and Microsoft have failed in that respect. I'll go back to them when Firefox and the Mozilla Foundation fail. I don't use a cheap, easily breakable lock on my door, why should I use a cheap, easily breakable browser.

No comments: