Linked by Thom Holwerda on Mon 2nd Apr 2007 21:05 UTC, submitted by Dale Smoker
Windows Microsoft has decided to rush out a fix for a flaw in Windows, saying that the problem has become too serious to ignore. The flaw, which will be patched on Tuesday, was originally disclosed to Microsoft in December, but it was not publicly reported until last week. The bug lies in the way Windows processes .ani Animated Cursor files, which are used to create cartoon-like cursors in Windows.
Permalink for comment 226955
To read all comments associated with this story, please click here.
Laurence
Member since:
2007-03-26

{

Firefox is not integrated with the OS, but Firefox is more vulnerable to this flaw because it uses the same Windows API to handle the cursors; instead, IE7 under Windows Vista is NOT at risk due Protected Mode.
So if a software is integrated into OS doesn't mean is unsafer than anether one, because all software can use the same libraries and API with or without integration. IE just uses the HTML/Internet libraries which come with the OS, but it runs with the the same user's privileges like another not integrated browser.
Integration makes no differences in security.
Why people doesn't complain about linux's Konquerror which is integrated in KDE as well Internet Explorer is integrated in Explorer?
Why people doesn't complain about Safari browser which is integrated with Mac OS X?
Why people doesn't complain about Thunderbird wich use the same Firefox gecko engine?
IE is not more integrated than other browser, IE is just a program which use HTML/Internet libraries included into OS like in every modern linux's distribution you have HTML/Internet libraries


}


While I understand the point you're trying to make, you're not entirely accurate on several points there:

1stly: Though both Firefox and IE use the same APIs to render cursors, IE has vulnerabilities in the way it runs web pages and executes scripts on there. Vulnerabilities which are not present in firefox or Opera (though both Firefox and Opera have other vulnerabilities not present in IE). So it's the vulnerabilities in IE that expose windows rather than the fact that IE is integrated or not.

2ndly: According to the BBC news, it was announced that people who use Firefox and Opera would be safe from the attack. I can't verify the accuracy of this (seeming as I'm not prepared to compromise my own system just to run a test.) but one would hope that a bold claim like that on a national news site would be accurate. link: http://news.bbc.co.uk/1/hi/technology/6509865.stm

3rdly: IE /is/ more integrated into the Windows OS. While earlier versions of Windows (98 to be precise) was proven not to require IE despite MS's claims, I'd doubt that's still the case with 2000 and XP.

Edited 2007-04-03 16:14

Reply Parent Score: 2