Microsoft Blames Add-Ons For Browser Woes

Posted by timothy on Friday November 21, 2008 @08:58AM from the sounds-semi-reasonable dept.

darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.' This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"

2 of 307 comments (clear)

Min score:

Reason:

Sort:

Re:I'll still blame you for everything else. by stewbacca · 2008-11-21 09:09 · Score: 5, Informative

You forgot the "embedded video frequently doesn't play even though it's a Microsoft codec" bit.
Re:Permissions by Anonymous Coward · 2008-11-21 09:21 · Score: 5, Informative

Konqueror runs flash elements and java applets in a separate process with low privileges and high niceness. When flash crashes, it does so by itself.