Linked by Thom Holwerda on Mon 18th Jan 2010 22:00 UTC
Internet Explorer Ah, the security vulnerability that was used in the Google attack. It's been around the internet about a million times now, and even governments have started advising people to move away from Internet Explorer. As is usually the case, however, the internet has really blown the vulnerability out of proportion. I'll get right to it: if your machine and/or network has been compromised via this vulnerability, then you most likely had it coming. No sympathy for you.
Permalink for comment 404793
To read all comments associated with this story, please click here.
But it's still Microsoft's fault isn't it?
by Johnny on Tue 19th Jan 2010 00:02 UTC
Member since:

I agree that people who are still using IE6 on XP are to some extent responsible for the consequences. However, I would like to point something out that I'm sure that you're familiar with which is Microsoft's encouragement of vendor lockin for software written on Microsoft's OS.

Let me be clear, and I'm sure I'll be corrected if I'm mistaken, but hasn't it always been Microsoft's software development strategy to encourage software developers to a) use Microsoft's OS and b) Use Microsoft's nonportable API and c) Implement broken "open standards" in such a way that software written using Microsoft's api only works with their broken standard (ex. Java++ , the graphics format png is another, Kerberos implementation is another, etc.)

Soooo... if software developers are encouraged to use Microsoft APIs that are *only* compatible with Microsoft's broken standards (ex. activeX), how then can you hold the poor (as in bad luck/bad decision making) businesses who chose to hire software developers who write software in a Microsoft OS that only works on that OS, and God help you if you try to upgrade, because the source code is long gone and/or the developer is long gone.

I mean, I know that had you been the CIO of a fortune 500 company who was informed that the software being written on your computers was hard wired to *only* work on IE 6, you would have kicked some ass and fire the sorry programmers on the spot. But management isn't hired for their technical competency, their hired because they know how to "manage" people, that includes CIOs who are not technical people, they are managers. And let's not forget that the people who make these poor decisions are not the technical people, it's management who calls the shots.

And where do the management get their advice? Do they ask their technical people for their opinion? Well, yes, if they value and appreciate their technical people. And no, if they don't value them or think that they would lose face by acknowledging their technical imcompetence. Instead such managers listen to .... marketing representatives from a large corporation who are *very good* at marketing.

So, where did the idea of locking software to a particular browser with broken apis come from? Not from *all* those businesses who are now screwed, but the central corporation that marketed the message to write to their broken standards using their nonportable apis.

Reply Score: 3