Ann Arbor Business to Business
Small Business and the Internet

Internet Exploiter

August 2004

By Mike Gould

Most people surf the Web using Microsoft Internet Explorer. Most people use Windows. Most people are at grave security risk because of the above. How did we get here and what should we do?

A Web of Intrigue
Windows users are by now inured to the fact that their operating system has more holes in it than it takes to fill the Albert Hall (to pick up a Beatles theme that I should have dropped last month -"Salmon in the way she moves", indeed…). Security flaws are found almost daily and by now everyone is used to installing patches on a regular basis and updating their anti-virus software hourly. Those who aren't are unwittingly hosting PC zombie-bots on their computers that are spewing forth porn, spam, and porn spam to the rest of the world. You have virus-scanned your system recently, haven't you? Updated your system? Installed patches? Washed behind your ears?

Up to now, most malware makes its way into your system via email attachments. But that is sooo last year - this year's model is to infect you when you go to a site that slips you a mickey on the sly while you browse. And the way this happens is that Microsoft, in its eagerness to integrate everything in site (er, sight) and its total disregard for the security of its users, makes it really, really easy for Internet Explorer to do Bad, Bad Things to the rest of a Windows-user's system.

(The usual disclaimer goes here: most of the above or what follows does not apply to Mac or Linux or whatever users - but you knew that. There were some Mac security vulnerabilities discovered recently, but these were quickly patched and had little effect. But there might be Mac viruses again someday, so fans of the one-button mouse need to stay vigilant.)

Browser Wars Redux
To review how we arrived at this sorry state, here is a quick and dirty trip down memory lane to the Era of the Browser Wars. Once upon a time Tim Berners-Lee invented the World Wide Web. To enable regular people to visit and explore its wonders, a group of people at the University of Illinois invented NCSA Mosaic, the first browser. This was spun off into a commercial entity that produced a browser called Netscape (NS), which is the first browser a lot of people used. After first blowing off the WWW as a passing fancy, Microsoft decided it might have staying power, and in its usual thuggish manner, decided to remake it and the Internet itself in its own image. The tool they developed is called Internet Explorer (IE), and it fought and eventually defeated NS to become the dominant browser in the land. This it did using the usual MS tactics of Extend and Engulf, Fear, Uncertainty and Doubt (FUD), and monopolistic practices that would make the robber barons of pre-trust-busted Standard Oil blush with envy.

In the process, they decided to make it as difficult as possible for Windows users to use anything but IE. They lashed it to their operating system with the software equivalent of epoxy and baling wire, and there you have it tied up in a nutshell (so to speak). In the process they used two otherwise innocuous bits of software, ActiveX and Active Scripting to allow the browser to talk to the OS (Operating System, i.e., Windows - sorry for all the acronyms, but I have a word-count constraint here and a complicated tale to tell).

So here's what happens: you go to an innocuous-seeming site, and while poking around, click to a page. You peruse the content, and while you read, this little drama is going on in the background:

The code on the page "tells" IE: "Yo, IE, tell the OS to please take this little snippet of .exe code I got here and fire it off so I can turn this PC into a slave and use it to flood the Internet with spam". "You bet", says IE, passing the code to the OS. The OS says: "Sure thing, IE, whatever you say. Sounds like fun." The deed is done, the PC is infected, and no one, especially the user, is the wiser. Then the user starts experiencing digital hiccups, and unexpected slowdowns when connecting to the Internet, as thousands of spams are sent out to the world in the background.

Not-so-Standards
Then there is the matter of Web standards. In its never-ending attempt to take over the WWW, Microsoft started promoting website coding that works only with IE. Netscape retaliated with code that worked only with NS, and Web developers like myself had to go to elaborate lengths to build sites that would work with both browsers, open to all, which was the original intent of the WWW. Fortunately, most of this is behind us as browser builders have grudgingly cleaned up their act and most now obey the standards promulgated by the W3C, the international Web standards group.

But there are still lots of sites out there with bad code in them because of this, and there are still a lot of bugs in IE that MS hasn't bothered to clean up. And IE doesn't support a lot of features that other browsers do, like pop-up ad blocking. (That's right, you don't ever have to see a pop-up again.)

Stop the Madness
Because of this and other exquisite little inconveniences, a lot of agencies are telling their users not to use IE for their browsing. So what else is out there?

There are a number of other browsers available for the Internet community; Opera, Netscape (on its last legs and fraught with problems of its own), Safari and Chimera for Macs, etc. But the alternative getting the most press these days is Mozilla's Firefox. Mozilla is an open-source producer of several pieces of software, most notably the Firefox browser. (The name Mozilla is a combination of Mosaic and Godzilla - revealing its origins in the original browser development team. Mozilla was the original logo for Netscape.)

Visit http://www.mozilla.org/download.html and try it out. I did and I am enjoying it.

Firefox is in late beta (which means it isn't fully baked yet) and Mozilla expects to ship the finished version this September. It, too, has had its share of security problems, but it is now patched and the final version is expected to be everything IE is not: standards-compliant, fast, and secure. And most importantly, not made by Microsoft.

Mike Gould is a mouse wrangler for the U of M, runs MondoDyne Web Works, is a member of Factotem.com, and welcomes comments addressed to mgould@mondodyne.com.

MonodoDyne <M> The Sound of One Hand Clicking...
734 904 0659
Entire Site © 2016, Mike Gould - All Rights Reserved