I really hope that Microsoft simply makes it impossible to run "Unsafe" CLR code in the browser. Not even an option.
There is an option - but its quite well hidden and obvious as to what it does. IMO its a shame you can't disable ActiveX in IE and only enable.NET apps.
You can see the default security policy on MSDN. Basically controls in the Internet Zone, by default can...
Show an open file dialog to the user, and read a file if the user selects one.
Have up to 10Mb of isolated local storage for up to 365 days.
Display a print prompt dialog.
Open top-level windows of a limited size.
Connect back to the site of origin to send/receive data.
Put data onto the clipboard, but only read data copied from itself.
Which leaves the users in the same position as they were before with signed/unsigned ActiveX controls; do they dare download and run an unsigned/unsafe program?
No,.NET was deliberately designed never to present an end-user with these type of dialog - because end users just cannot easily decide what to click.
MS are trying to move all of these silly "do you want to download and run..." dialog decisions from the end-user onto an admin or secure, pre-defined security rules - which imo is a good thing.
So Microsoft built ActiveX, a technique within Windows for automatically downloading and executing arbitrary programs.
Er, with a security prompt. A crap security prompt, yes, but a security prompt.
Netscape's JavaScript was designed to prevent this through its "Same Origin" security policy, but Internet Explorer's JScript technology, which nominally supports the same scripting language, fails to implement the Same Origin policy.
IE does implement domain security. There have been quite a few bugs in this, yes (and one major one not patched) - but this isn't a problem with JScript, just with IE.
But C# tries to encompass all the power of C as well as features borrowed from Java. And security cannot be added to an otherwise insecure language.
But it isn't C# that provides the security - its the.NET Framework. C# is managed by the same security as VB.NET/JScript.NET.
So far there have been very few and quite minor holes found in the betas of the framework, and (to my knowledge) none in the final.
If that trend continues, I think.NET could actually be quite secure. Its what ActiveX always should have been - managed.
it's the most standards compliant browser available.
Yes, pretty much it is. Shame they can't see past the standards all that much.
it's fast as hell.
Mozilla still takes 20+ seconds to startup on my PC. I wouldn't call that fast. All other browsers take under 5. And yes, I am using the latest version.
it has an awesome email program.
Seems reasonably slow and featureless to me compared to things like The Bat!
it doesn't severely fuck up CSS seemingly randomly the way IE 6 does.
I agree IE6 has some major CSS problems, MS seem to want to solve them however. Mozilla does have some very odd behaviour, where it half-implements (:hover on non-A the last time I checked) or totally oddly implements (display:inline-block) features.
Netscape 6.2 is an awesome "primetime" browser.
Then why has it almost no users at all..?
Netscape is also faster and less "crashy" than IE.
Personally I haven't found this to be the case.
Jes, I come on here to read news, and I end up getting disgusted by people with bugs up their asses sounding like total assholes just trying to shit on peoples' hard work spreading pure propaganda about stuff they obviously don't have any real experience with or knowledge upon and it's just sad.
I'm not trying to shit on the Mozilla team's work. Maybe some of us just don't quite like Mozilla. The best browser for you is an opinion, not a fact. A browser taking a long time to startup on my system isn't propaganda.
Personally I'd actually quite like to see a GOOD competitor to IE - it might well make MS fix some major problems in it. Mozilla isn't it yet, for me.
When, exactly, are Mozilla planning on making their application feel and work like every other app on every OS ever?
Little things like pressing return in the mail wizard should advance to the page. If someone can find me another wizard that doesn't do this, I'll be amazed.
Little UI things like buttons in web pages just don't feel right - the focus dots are drawn a few pixels out, and the buttons don't depress correctly (compared to Windows widgets).
Aren't these things to address before making the themes switch without restarting the browser...?
Hello! I'm sure everyone will be glad to know that currently IE (even
a fully patched IE6) can currently...
* Run any command or program off the hard disk
* Monitor the users clipboard, and steal the contents
* Read or steal any file off the local disk
* Check existence of any local file
* Access the DOM, cookies, or read the content of any other website
regardless of domain, protocol or security zones
* Fake the file name in a download dialog
..although most of those only work if active scripting is enabled.
These security holes are all *proven* to work, and could easily be
used to create a devastating worm. Some of them are about a month old,
and still not patched by MS. Delightful.
The two latest exploits are http://tom.vpwsys.co.uk/clipboard/ (mine!)
and http://www.osioniusx.com - see http://www.securityfocus.com for
more.
* Best CSS2 Compliance out there. IE totally screws up my CSS2 compliant web page.
At least MS are showing an interest in full CSS support now. IE6 has pretty much 100% (although a bit buggy) CSS1 support.
* Tabbed browsing
There are a few plugins that will do this, and Windows XP's taskbar groups multiple IE's together.
* Full control over what javascript functions/objects/features are allowed to execute on a per-site basis.
You can enable/disable scripting for individual sites easily. IE's security zones actually give quite a bit more control than Mozilla has.
* Cookie management on a per-site basis
IE6 has this.
* Image management on a per site basis. Allow/disallow images, stop animated gifs, etc.
Would be nice, you can disable animated gifs for all sites if you wish.
* Site navigation bar
Again, would be nice - but hardly essential. You could make a browser plugin to do this quite easily.
* Proper implementation of a 'favicon'... uses ANY SUPPORTED IMAGE FORMAT, not that M$ specific.ico crap
Er, MS did invent this. Icon files aren't exactly a completly locked file format.
* FAST rendering engine
Mozilla appears to be faster by rendering tables cells as soon as it gets them, often leads to annoying layout reflow. You can make IE do this too using some CSS propeties.
But this guy is preventing -- or trying to, and not doing very well -- Netscape users from even seeing what doesn't work.
Yes, as it is a site about IE development, with examples for IE. It would be plain silly to let NS users try and view it, as there would be errors all over the place.
As it is, he's just trying to piss people off
No, he's trying to share some of his knowledge about IE with the rest of the world. Why slate him for doing that?
What people appear to have lost sight of here is that dagon is primarily an IE (and ASP) developer.
He develops IE applications, mainly (I believe I'm right in saying) for intranets, where IE is guaranteed as the browser.
The stuff he does is impossible to do in Netscape 4, and Mozilla/NS6 have such a small market share there is not much point in supporting them at the current time.
The site he has is about IE and ASP devlopment - please give me one good reason as to why should non-IE browsers be supported there?
So stop calling him an idiot, and look at what the site is about. Mainly IE development. IE developers generally use IE as the browser. Yes? OK then. Please leave him alone. Thankyou.
Slashdot Mirror
There is an option - but its quite well hidden and obvious as to what it does. IMO its a shame you can't disable ActiveX in IE and only enable
You can see the default security policy on MSDN. Basically controls in the Internet Zone, by default can...
Which leaves the users in the same position as they were before with signed/unsigned ActiveX controls; do they dare download and run an unsigned/unsafe program?
.NET was deliberately designed never to present an end-user with these type of dialog - because end users just cannot easily decide what to click.
No,
MS are trying to move all of these silly "do you want to download and run..." dialog decisions from the end-user onto an admin or secure, pre-defined security rules - which imo is a good thing.
So Microsoft built ActiveX, a technique within Windows for automatically downloading and executing arbitrary programs.
.NET Framework. C# is managed by the same security as VB.NET/JScript.NET.
.NET could actually be quite secure. Its what ActiveX always should have been - managed.
Er, with a security prompt. A crap security prompt, yes, but a security prompt.
Netscape's JavaScript was designed to prevent this through its "Same Origin" security policy, but Internet Explorer's JScript technology, which nominally supports the same scripting language, fails to implement the Same Origin policy.
IE does implement domain security. There have been quite a few bugs in this, yes (and one major one not patched) - but this isn't a problem with JScript, just with IE.
But C# tries to encompass all the power of C as well as features borrowed from Java. And security cannot be added to an otherwise insecure language.
But it isn't C# that provides the security - its the
So far there have been very few and quite minor holes found in the betas of the framework, and (to my knowledge) none in the final.
If that trend continues, I think
.NET defaults to fully trusting local code signed with the MS strong name.
When, exactly, are Mozilla planning on making their application feel and work like every other app on every OS ever?
Little things like pressing return in the mail wizard should advance to the page. If someone can find me another wizard that doesn't do this, I'll be amazed.
Little UI things like buttons in web pages just don't feel right - the focus dots are drawn a few pixels out, and the buttons don't depress correctly (compared to Windows widgets).
Aren't these things to address before making the themes switch without restarting the browser...?
...the 40-day-old ones, that is. See http://jscript.dk/unpatched/ for a full list.
Hello! I'm sure everyone will be glad to know that currently IE (even
a fully patched IE6) can currently...
* Run any command or program off the hard disk
* Monitor the users clipboard, and steal the contents
* Read or steal any file off the local disk
* Check existence of any local file
* Access the DOM, cookies, or read the content of any other website
regardless of domain, protocol or security zones
* Fake the file name in a download dialog
..although most of those only work if active scripting is enabled.
These security holes are all *proven* to work, and could easily be
used to create a devastating worm. Some of them are about a month old,
and still not patched by MS. Delightful.
The two latest exploits are http://tom.vpwsys.co.uk/clipboard/ (mine!)
and http://www.osioniusx.com - see http://www.securityfocus.com for
more.
http://www.thecounter.com/stats/2001/December/os.p hp shows Linux below even Windows 3.x and WebTV
* Best CSS2 Compliance out there. IE totally screws up my CSS2 compliant web page.
... uses ANY SUPPORTED IMAGE FORMAT, not that M$ specific .ico crap
At least MS are showing an interest in full CSS support now. IE6 has pretty much 100% (although a bit buggy) CSS1 support.
* Tabbed browsing
There are a few plugins that will do this, and Windows XP's taskbar groups multiple IE's together.
* Full control over what javascript functions/objects/features are allowed to execute on a per-site basis.
You can enable/disable scripting for individual sites easily. IE's security zones actually give quite a bit more control than Mozilla has.
* Cookie management on a per-site basis
IE6 has this.
* Image management on a per site basis. Allow/disallow images, stop animated gifs, etc.
Would be nice, you can disable animated gifs for all sites if you wish.
* Site navigation bar
Again, would be nice - but hardly essential. You could make a browser plugin to do this quite easily.
* Proper implementation of a 'favicon'
Er, MS did invent this. Icon files aren't exactly a completly locked file format.
* FAST rendering engine
Mozilla appears to be faster by rendering tables cells as soon as it gets them, often leads to annoying layout reflow. You can make IE do this too using some CSS propeties.
But this guy is preventing -- or trying to, and not doing very well -- Netscape users from even seeing what doesn't work.
Yes, as it is a site about IE development, with examples for IE. It would be plain silly to let NS users try and view it, as there would be errors all over the place.
As it is, he's just trying to piss people off
No, he's trying to share some of his knowledge about IE with the rest of the world. Why slate him for doing that?
What people appear to have lost sight of here is that dagon is primarily an IE (and ASP) developer.
He develops IE applications, mainly (I believe I'm right in saying) for intranets, where IE is guaranteed as the browser.
The stuff he does is impossible to do in Netscape 4, and Mozilla/NS6 have such a small market share there is not much point in supporting them at the current time.
The site he has is about IE and ASP devlopment - please give me one good reason as to why should non-IE browsers be supported there?
So stop calling him an idiot, and look at what the site is about. Mainly IE development. IE developers generally use IE as the browser. Yes? OK then. Please leave him alone. Thankyou.