Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview with IE Lead Program Manager

Posted by ryuzaki0 on from the through-the-looking-glass dept.

crackman writes "Matasano Security is running an excellent interview with Christopher Vaughan, a lead PM on the IE team. Christopher has worked on every release of Internet Explorer since version 2. He discusses IE7, security lessons learned from IE6, the future of .NET managed code in IE, and more."

3 of 289 comments (clear)

  1. Re:Just don't make me laugh by PFI_Optix · · Score: 5, Interesting

    IE6's security woes have more to do with hooks into the OS, being based on code to support the incredibly badly architected ActiveX, and just plain bad coding than market share.

    I won't argue there. MS picked convenience over security, and it's plagued them (and us) ever since.

    Heck someone wrote a virus or two for OS X, which supposedly holds somewhere between 2% and 4% of the market. Firefox has almost 10%, yet I don't recall it having the kind of security exploits that seem to plague every version of IE, including IE7.

    Firefox has had a few problems, and they were quickly and effectively patched. FF has the advantage of being OSS, which means that the less malicious hackers will find the bug and report it rather than abuse it, simply because they are sympathetic to OSS projects.

    Recall the EI7 zero day exploit? What's funny was, that was a zero day exploit for the beta, which probably had all of 0.0001% of the market - yes, that's pulled out of the air, but it certainly wasn't large.

    Bear in mind that there are a lot of anti-MS types out there just waiting for a new version of IE so they can bang out the first exploit for it to show that MS is weak. And, of course, there's the fact that IE7 is going to be the dominant browser in a few years, whoever gets a head start on cracking it now will have the advantage later when they're making grabs for zombie PCs or burying adware on your system.

    I'm not saying any of that makes up for all the difference, but it's definitely something we need to consider. Firefox simply doesn't attract the vitriol that anything made by MS does.

    And to discount your "IE6 has just been around too long" argument, there's fewer and fewer holes in products like OpenBSD, which have been around far longer than all versions of IE combined. Oh, and OpenBSD and its *nix kindred tend to run the things hackers are truly interested in. But because it's "hard", many just grab a few tens of thousands of windows boxes (easy!) and then try to take down those *nix sites via DDOS attacks.

    OpenBSD has gone through some pretty serious revisions over the years. IE6 has been patched, but it's still IE6.

    --
    120 characters for a sig? That's bloody useless.
  2. Not using .net? by clickclickdrone · · Score: 5, Interesting

    Tsk, I thought .net was the future and Microsoft always ate their own dog food. Yet strangely, IE7 is yet another MS product that is written native. Is there a message here perhaps?

    --
    I want a list of atrocities done in your name - Recoil
  3. Re:Better question for the interview... by Bogtha · · Score: 5, Interesting

    Apparently they think they have a better way of doing CSS than the people who set the CSS standards.

    Try again. Microsoft had employees on the CSS working group at the W3C, while at the same time they were busy coding the proprietary stuff instead. All the finished CSS specifications, right from the first one published in 1996, have an acknowledgements section listing, among others, Microsoft employees.

    The fact is, if they thought they had a better way of doing things, they could easily have brought it up when CSS was being designed, because they are some of the people who made CSS in the first place.

    --
    Bogtha Bogtha Bogtha