Sunday, March 07, 2010
Browser Wars : Some Complaints, A Recommendation
Will the "browser wars" never end? One could have hoped so, now that Microsoft has begun providing the "Ballot Screen" so Windows users can choose their browser. Fine, there remain problematic details regarding which browser appear in the primary list, which are on a secondary list, and which are not even mentioned. There is also the less-minor detail that this "Ballot Screen" is only furnished for Windows Seven and, at least initially, only to European Union customers.
That those of us running Windows XP (because our hardware still works but is not powerful enough to run a more recent Windows operating system) will not benefit from the "Ballot Screen" is one complaint. Here are some others :
- On 2 March 2010 (last Tuesday) a security flaw in IE8 was identified; to the best of my knowledge, it had not been fixed on Friday, 5 March, when Microsoft sent me a message urging me to upgrade to IE8 for greater security. In fact even today, US-CERT indicates
Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.
- In order to use Microsoft Live Messenger, it is now necessary to use to most recent version of the client program (or at least a more recent version than the one installed on this computer), and I reluctantly accepted the update recently. Not only is the program about three times bigger (and stresses this poor old computer), but the installer set IE8 as my default browser without asking my permission. It took me quite a while, making changes case by case in the Folder Preferences (Actions associated with file types) to eventually have another browser open when I click on a link in an e-mail. BTW, I have uninstalled Live Messenger.
- Despite my painstaking changes to avoid launching IE, when I clicked on a "help" link in an older Adobe product, it opened IE8! That is annoying, but not altogether surprising; I had previously noted that Adobe Acrobat Reader would launch IE rather than the default browser when links in PDF documents were clicked (but I haven't checked lately whether that is still the case). Speaking of Adobe and PDF, which are not strictly speaking actors in the browser wars, but are arguably beneficiaries since it was the incompatibilites among, and non-respect of standards by, browsers that created the "need" for PDF and Flash, ScanSafe reports that
"Malicious PDF files comprised 56% of Web-encountered exploits in 1Q09, growing to 80% by 4Q09. Flash exploits encountered via the Web dropped from 40% in 1Q09 to 18% in 4Q09. This trend is likely indicative of attackers’ preference for PDF exploit, likely due to the increasing availability of vulnerabilities and the continued widespread use and acceptance of PDF files in the workplace."(emphasis added)For those who didn't do the arithmetic, that says that in 1Q09 96 % of Web-encountered exploits were either malicious Adobe PDF files or Adobe Flash files (or streams). In 4Q09, that rose to 98 % (80+18).
- A most unexpected problem arose when I tried to check my Yahoo! mailbox from a terminal at the University of Strasbourg. Like most French universities, UdS uses a Linux operating system (currently Gentoo), and the standard browser is currently Konqueror. Well, Yahoo! informed me that I could only access their services if I used one of the browsers they support! They did, helpfully, provide the list (Internet Explorer, Firefox, Safari, Opera, Flock) with links to installers. While it is surely a service provider's prorogative to require clients (especially non-paying clients) to use specialized agent programs for access to some services (as Skype does, for instance), it seems more "iffy" to require clients to use a specific browser to access a "portal" such as Yahoo!.
- Browser choice should be easy to find and carry out, and it should apply in all circumstances unless changed by the user (administrator) for all things Internet: links clicked in e-mail, in pdf documents, wherever.
- The one exception: if the user has already launched a browser, and it is still running, it-- the already-running browser-- should be used; another browser--even the "default browser"--should not be launched just because it is the default.
Tags: Yahoo!, Microsoft : Adobe : Adobe Flash : Adobe PDF : browsers : Windows : freedom : choice : no Michelle Malkin nude photos here