Microsoft has issued two security advisories for widespread products: the Internet Explorer browser and Windows XP. The patch posted Wednesday points to a “critical” flaw in several versions of IE, regardless of the version of the Windows operating system it runs under. Microsoft also issued an alert regarding a less severe problem with Windows XP.
The IE patch would make CSS support better and more compliant with Open Standards.
Oepn Stanadrds which imo tend to move too fast and be incompatible from version A to B where A=B+1; ….
—
http://homepage.mac.com/softkid
Security patches are nice but what about now well established standards that are not well supported in Internet Explorer ?
For instance CSS1 that does not work correctly or PNG support which is half complete. People tell me : « 256 transparency levels with PNG ? Great ! It doesn’t work on IE ? Let’s forget this feature then… »
And unfortunately the IE working group does whatever they want, they own 95% of the market 🙁
And unfortunately the IE working group does whatever they want, they own 95% of the market 🙁
methinks : this will be changing in 2003? M$ will drop to 90%.
—
http://islande.hirlimann.net
I think PNG should be supported by every browser as the facto
standard since GIF’s killed by UNISYS (r)(tm) are no longer an option.
Some website uses only PNG and no GIF’s they look terrrible under
IE. I think its a game again UNISYS and M$ are good friends so as long
as people are “forced” to use GIF’s for their websites, both make money..
If M$ could make money from PNG’s support would be there tomorrow.
For instance CSS1 that does not work correctly or PNG support which is half complete. People tell me : « 256 transparency levels with PNG ? Great ! It doesn’t work on IE ? Let’s forget this feature then… »
IE does in fact support png transparency, but you need to add some rather funky javascript to your page to enable it.
Look here: http://msdn.microsoft.com/library/default.asp?url=/workshop/author/…
I’ve recently made the full time move to phoenix ( http://www.mozilla.org/projects/phoenix/ ) on my 2k box. It certianly isnt as fast as ie starting up (and the turbo mode does funny things to your system) but its a really lovely browser once its going. I even put an xp skin on to trick myself ( http://texturizer.net/phoenix/themes.html#Luna )
jon
Btw next week get ready for the next critical update, you cannot say it won’t happen, yay!
sh*t I already applied a “critical” patch last December: Q329390_WXP_SP2_x86_ENU.exe
And if it’s anything like the SQL Slammer patches, there is no guarantee that this patch doesn’t undo the fix that the previous one provided.
This was the problem with many servers that DID apply the patches. When the slammer original patch was issued in July-02, many did apply it. Then, at some point in January, another patch comes out that actually undoes what the first one did.
Of course, no warning to the effec that this could even happen. We have become slaves to the very software that was supposed to make our lives easier.
How much time are we spending applying patches, udpating AV signatures, etc, etc, etc ad nauseam.
Sure, even my granmda could use Windows… Right… Let us hope that she is not doing her banking online.
This is a security patch for crying out loud, not a feature release.
bas: I think PNG should be supported by every browser as the facto
standard since GIF’s killed by UNISYS (r)(tm) are no longer an option.
Yes, the royalties suck. But would this make a lot of web developers move to PNG? hell no. If you have a licensed version of Photoshop or CorelDRAW or Frontpage or Dreamweaver or many other programs, you already paid the royalty.
The only people that would be whining is people coding their sites with emacs or vi on Linux and hate to pay a norminal royalty fee. Well, they are in the minority.
Some website uses only PNG and no GIF’s they look terrrible under
IE.
Au contraire. You need to add a few lines of code for it to enable PNG transperancy, the only thing lacking in IE’s PNG support.
bas: I think its a game again UNISYS and M$ are good friends so as long
as people are “forced” to use GIF’s for their websites, both make money..
LOL. In the same vein, a lot of other companies are Microsoft friends and they shouldn’t support their competitors. Take Intel for example. They made USB2. Firewire is supported more by Microsoft, IMHO.
Besides, that doesn’t answer why IE 5 for Mac OS supports PNG.
Whenever I have heard the words “critical flaw” and software, it has been about Internet Explorer.
Probably because it’s been used in that form many times…
People must be quite sadistic if they use IE as their MAIN (important emphasis) browser these days. Yes, there was a period about 2-3 years ago when IE was really the best browser around but with Opera and Mozilla (and its derivatives) being as good as they are, even an MS share holder must be getting tired of the incessant security problems.
IE is for those ****ing sites that force you to use it.
Well, not all the time…
http://groups.google.com/groups?as_umsgid=3CD095D4.9050003%40mo…
Security problem yes, but it’s a client side problem and difficult to exploit to anything useful. The websites I visit aren’t likely to try to exploit it. Even if they do the attack and access granted is trivial at best. Not to mention that I check for winodws updates 2 or 3 times a week. I use IE too often to scrap it over something this trivial.
BTW Pheonix is very nice, I just tried it.
The user is the most serious security flaw! Why do users open viral e-mail? Why do they use the password “password”? Why do they give out their Visa-card numbers to “free” adult sites? Why?
Applying patches and updates are useless without a user using common sense.
Companies and users must realize that networking is insecure and adapt their systems to this. Make back-ups, have redundancy, no mono-cultures etc.
To make efficient networks you have to sacrifice some security. No one wants to constantly input passwords or cards. The human “laziness” is what makes networks insecure.
The IE flaw: An attacker could create a Web page that exploits the flaw and use the page to run malicious code, possibly in the form of an executable file, on a computer that visits the page, Microsoft said.
The Mozilla flaw: XMLHttpRequest allows reading of local files, or as the Register puts it, a minor file access vulnerability (see http://www.theregister.co.uk/content/4/25079.html )
Aren’t these two completely different levels? How is this Mozilla bug a “critical flaw”?
Humans are only worse because they run email apps which create problems with “viral mails”.
Viral mails are caused by an extremely incompetent design, not by its users. How would a mailer, which reads text, allow execution of any code contained in said text? Only becaused designed by an idiot, programmed by idiots, and used by idiots.
//Only becaused designed by an idiot, programmed by idiots, and used by idiots.//
Unlike your mail client, which is used by *millions* of office settings worldwide, right?
And, of course, you programmed it yourself, and your net worth is several hundred thousand dollars, at least.
Or maybe … you’re a penguinista troll, living in his parent’s basement.
I’d bet on the latter.