Posted on 07/09/2004 9:44:27 AM PDT by N3WBI3
In a lively online discussion Thursday, Microsoft (Quote, Chart) engineers faced off with end users who lobbed irate questions, comments and a few tirades about its Internet Explorer browser.
More than any topic, security reigned as the most pervasive theme during the online discussion, including when end users could see the next patch for vulnerabilities in IE.
IE staffers said the XP SP2 service pack is currently available for download as release candidate 2. That means it's not completed, final or stable yet, and that the final stable SP2 is coming soon.
The chat came in the wake of recent security concerns with the browser, and expectations for fixes in the next version of IE. The browser's ActiveX scripting vulnerabilities have been faulted in several recent high-profile attacks that hit Web sites running Microsoft IIS 5.0 servers.
Within hours of Microsoft releasing its patch last week to plug a hole in its IE browser, a Dutch security expert posted code on his site that revealed the patch still leaks.
"ActiveX often receives much criticism but I do not believe it is true that it is the source of bugs," wrote Dave Massy, an IE Program Manager. "In Windows XP SP2 we have done much to reduce the opportunity for inadvertently installing software. It is true that a great many crash reports coming in to Microsoft are from 3rd party extensions to Internet Explorer and in SP2 we have improved the mechanism to identify the culprits and inform them so they can improve their software."
Although Microsoft staffers picked the questions they wanted to answer, they did not shy away from the tough ones.
Asked by one questioner why he should waste his time supporting IE when other browsers don't require as much "upkeep," IE Product Unit Manager Dean Hachamovitch explained that IE remains a target.
"IE is a super powerful Web browser that hundreds of millions of people choose to use," Hachamovitch replied. "As long as they're using it, MS is going to keep making it better. As long as that many people use it, there will be bad people who try to take it down."
Others asked about features they would like to see in future versions of IE, such as the tabbed browsing feature now common in most alternative Web browsers (including Mozilla, Opera, Konquerer, Safari), and including RSS (define).
The Microsoft engineers avoided tipping the company's hand on whether those features were in the works, but did note the interest of users calling for them.
Users peppered the forum with questions about how IE handles and implements Web Standards, in particular IE's support for the various Cascading Style Sheet (define) specifications including the CSS3 specification.
"CSS3 has actually been in progress for a number of years and you'll find that IE6 already supports some parts of CSS3 such as vertical text layout," wrote Massy. "This is particularly useful for Far Eastern languages. We can't at this time commit to implementing every part of some of these recommendations but we look at these carefully."
Hachamovitch said he hopes all of the IE developers have non-IE browsers installed. "I have a few others installed on my machines because I want to see what other people are using, what they like, and how it works," he explained.
Another online participant asked if hundreds of millions of people choose to use IE or if it is forced upon them, in a reference to the browser wars on the desktop between Microsoft's IE and Netscape.
"People choose," replied Hachamovitch. "Hundreds of millions of people actively use Windows and they get to choose. Nothing in Windows as it ships keeps them from downloading other software that extends their browsing experience (e.g. the Google or Ebay toolbars) or changes it (e.g. an alternative browser)."
Throughout the session, which involved over 100 participants, members of the IE team appeared at home on the hot seat. "I've worked at Microsoft for 14 years and I have always felt like the underdog," said Hachamovitch. "Maybe the road behind us looks easy, but at the time going it wasn't. I welcome the feedback today. Getting informed is the only way I know to get better. The day we don't get heated feedback I'll be concerned."
Well, they sound fairly professional--though I'm sure a guy from the PR department was sitting next to them to "help" with their answers.
It's too bad IE doesn't offer much and version releases are so few and far in between.
Notice how its Microsoft only? Could it be because of the braindead shell: scheme handling of the OS? If it is a Mozilla flaw, why is Microsoft removing it in XP SP2?
Yes, and a patch was released by Mozilla within 24 hours. How quickly do MS release patches for their flaws?
Not to mention, a 5K patch that doesn't require a reboot. Even modem users can download this one.
Or, an upgrade to IE6 that forces you to install outlook and media player...
Not if its modular code, a good code design should have clear inputs and output if you want to make a compatability layer write it seperatly and feed it into the inputs. Now I dont know if MS is doing this (it a Unix must).
Apparently, the problem is with Windows, not Mozilla, since there only appears to be a problem with XP, and Mozilla avoids this problem when run under other operating systems, including 95/98.
Patched in a few hours, and fixable by settings in 0 minutes. This bug is due to the fact that when Mozilla / Firefox encounter a protocal they dont know how to handel they hand it off to the OS (which is why it only affected windows), a quick setting. When is MS going to have there patch out for the latest IE bug? something about SP2?
Soon is not good enough. We need it now.
I'll take one security bug every once in a long while over doing weekly security/bug fixes on a browser that's so tightly integrated into the OS as to allow the attacker more control over my computer than me, and so inherently insecure (activeX, zones, etc) as to make it almost impossible to fix without a complete re-write. :-)
hahaha... don't you have sopme computers to patch or something?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.