Posted on 07/19/2004 2:03:49 PM PDT by hsmomx3
Will this new service pack be compatible with other browsers such as Netscape, Mozilla, etc?
I am very curious to know if they have tested this with a broswer other than IE.
You'll more than likely be unaffected.
It's available now....beta though...
Should be OK.
LOL!! Thanks for the laugh. I needed one today.
This "new" service pack that MS is providing will not change the underlying lack of security in IE or Windows. Sorry, that's just the truth. The problem is that the code that would have to be changed is of such a large quantity that they would have to re-write Windows from scratch to secure it. The problem is not just in the IE browser, but embedded into the very system code of Windows itself.
I know, you [and many others] will just dismiss this as MS bashing, but there is a lot of fact behind it. To give you a good explanation, it is easier to quote from what a tech-geek poster on a different message board wrote. Quoting:
"The controls that form Internet Explorer are a core system service in Windows. They are fundamental to the operation of all modern Windows versions. The Add/Remove Programs dialog in Windows 2000 and Windows XP? That's generated using the same controls that form Internet Explorer. I say "controls that form Internet Explorer" because IE isn't really a single application (like, say, Firefox or Opera), it's really a collection of libraries that can be called by top-level processes like the Explorer shell, Internet Explorer, the Add/Remove Programs dialog, or other applications. Probably the most important library is MSHTML.DLL, which more than anything else probably is Internet Explorer.
These controls must be able to have full system access, or else they won't be able to do their job. They have to be able to spawn admin-level processes and write to local files and do other things that are "bad" from a security standpoint, because when these controls are used as part of the basic Windows UI, they have to be able to do these things as part of day-to-day operation. And so we have Security Zones.
The Local Zone is where (by default) all of the "full access pass" stuff runs, the stuff that you see in the Explorer shell and other regular Windows UI bits (as well as HTML files and things that are sitting on your hard drive). Nothing from the Internet is supposed to run in the Local Zone. Everything that you view in Internet Explorer goes in the Internet Zone, the Local Intranet Zone, the Trusted Sites Zone, or the Restricted Sites Zone. You can set the security parameters on those four zones in the Security tab of the Internet Options in IE.
Most of these security exploits you see in Internet Explorer are called "cross-zone scripting exploits". What they do (usually) is find a way to use scripting to open a Local Zone resource (such as a help file), and then somehow alter it so that it contains malicious code instead. This is how the Ilookup trojan works. Other exploits escalate the security level of an iframe to Local Zone, or some other tactic. But the general idea is getting malicious code into the Local Zone without your permission, where it can be executed with full system access. This is why locking down the Local Zone is a workaround against these sorts of exploits, but locking down the Local Zone has serious side effects in Windows itself.
The difference between Internet Explorer and other browsers is that the other browsers simply do not have this sort of problem. Mozilla and Opera do not have the requirement to manage operating-system level tasks using the same controls they use to render web pages, and so do not even have a "Local Zone" to take advantage of. They are not designed to let scripts do bad things at all.
There are still exploits that can be performed on browsers like Opera and Mozilla. Directory traversals, buffer overflows, taking advantage of design defects... Hell, have a look at the stuff Opera's had to fix in version 7 so far. (I think the "really big favicon" exploit is my favorite.) And you can find cross-site scripting vulnerabilities in Mozilla, but they don't let you install software; they just cause data security problems because one site might be able to read another site's JavaScript variables or cookies or something. But IE's fundamental security model makes it incredibly vulnerable to exploits that allow the arbitrary installation of software, or worse.
And that's why IE is more fundamentally insecure than the alternatives, and until something is fundamentally changed about it (which may or may not happen with XP SP2), it's going to remain more fundamentally insecure regardless of popularity levels."
End Quote. So you see that it is just more than a 'security update'. And yes, many programs and services will be broken or disabled by the changes made by the Service Pack. They have to because the SP will have to drastically change the operating environment for all programs, programs that were written relying on certain services and interfaces being "turned on" or available to the program. Turning them off will 'break' those programs.
Regarding whether the SP will be compatible with other browsers and whether they have tested it with other than IE, no one can tell you except Microsoft. And with their history of hiding programming hooks in the Operating System that enable their programs to work better than a competitor, or putting actual code in the O/S to 'break' a competitor program [yes, it's true, no matter what the MS evangelists here claim], and then lying about it to the public, press, software developers and regulators and the courts shows that more than likely they won't be telling you- the public- the truth.[If they will knowingly use 'doctored' video in Federal Court for testimony and evidence, why should they have an incentive to tell the truth to the public.]
There was a similar browser security flaw pointed out in Mozilla Firefox last week and within 24 hours there was both a patch and a revised complete version put online for download. The MS evangelists will point to this and say "Aha, see it happens to others as well." However, this "security flaw" wasn't a security flaw in the browser, it was a security flaw in Windows that allowed the browser - and probaby all browsers - to just pass a parameter to it to be executed by Windows. Therefore, the "flaw" wasn't actually in the browser code, but in the flawed security of the operating system itself. And if that underlying O/S security flaw is not completely changed, then any program can be used to compromise Windows.
I know this is probably more technical information than you asked for or ever wanted, but I hope it gives you some insight into why this "Service Pack" will not actually fix Windows security, but will only change some switches that were "on" by default to "off". The flaw is the fact that the IE code - and Outlook therefore with it- is so embedded in the O/S that it actually can't be "fixed" without a complete re-write and re-install.
The best a non-technical Windows user can do is get a good anti-virus program [probably not Norton] and keep it updated daily, a good sofware firewall [Zonealarm is easiest and best], a different browser such as Firefox or Opera, and have someone who is a 'tech-geek' available to install, setup and support all of that. But Windows is not, and will not be, secure or non-vulnerable exactly because the underlying O/S code was not written to be and cannot be changed enough to be.
[Flame retardant suit is now on]
Been operating with the SR2 beta version for 2-3 weeks now.
I use Firefox. Seems pretty good.
Crashes sometimes with many windows open but now sure why.
MS had a PR out today saying the time to hatch is getting close....
how does it look where you are?
Been operating on the SR2 Beta version for a month or so.
IE still hangs as was without the SR2 Beta version at some sites.
FOXFIRE crashes with too many windows open--more than 4? but irregularly.
And the blue screen of death still appears blaming a device driver but no clue which one.
So, I don't know. Will see. Will be happy when it comes thru. I hope. Please keep me posted.
I haven't accessed autoupdate in several days.
Blessings
I have Firefox 9.2.. Haven't tried SUSE.
Have tried to find out if there's a later version of Firefox.
Have a Logitech cordeless keyboard and a cordless large Logitech trackbal. They work together OK. Supposedly. Sometimes wonder if one of their drivers is the problem but have the latest versions.
Haven't seen the trackball here. Hope I can get a replacement when this one wears out. Love it. Large and natural shape of hand.
THX.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.