Infrastructure // PC & Servers
Commentary
7/11/2007
03:35 PM
50%
50%

A Tale Of Two Browsers

Internet Explorer and Firefox are sitting on a bench, enjoying the warm summer sun. Suddenly, Firefox sneezes, reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I think I'm coming down with something," it says. "Is there something I can do to get rid of this problem?" Then IE sneezes. What does it do?

Internet Explorer and Firefox are sitting on a bench, enjoying the warm summer sun. Suddenly, Firefox sneezes, reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I think I'm coming down with something," it says. "Is there something I can do to get rid of this problem?" Then IE sneezes. What does it do?It reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I just want to tell you," it says, "that wasn't my sneeze, my handkerchief is perfectly clean, and if I sneeze again I'm telling everyone it's Firefox's fault."

Sorry for the bad joke, but this is what immediately popped into my head when I read Sharon Gaudin's recent news item about a new security flaw that seems to be affecting both browsers. Apparently, a researcher named Thor Larholm has asserted in his blog that, "There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols." In other words, if you're using IE and visit a Web page that calls on a Firefox URL -- with, presumably, malicious code attached -- Firefox will be launched and will execute that code. The result? Two sick browsers.

Of course, this all depends on several factors, including the tendency of the user to go to malicious Web sites and whether your version of Firefox has the specific FirefoxURL handler. However, what I became most interested in was actually the reaction of the two browser vendors to the news: A Mozilla representative said they will be patching the problem in an upcoming release, while a Microsoft representative wrote that "this is not a vulnerability in a Microsoft product."

Strictly speaking, the Microsoft rep is right. The ultimate vulnerability is in Firefox. But this vulnerability only exists in the presence of both browsers. And would those of us who have both IE and Firefox on their systems (which includes everyone who installed Firefox but decided not to uninstall IE -- in other words, a lot of people) really care which browser is the one being ultimately targeted when our systems slow down to a crawl? And is a general policy of defensiveness really appropriate when you're dealing with a potential problem that will affect your user base?

Over the years, Microsoft acquired a reputation -- not unearned -- of acting as though it was the only viable source of software around; if its products had any interactions with other software products that didn't work, well, it was the user's fault for straying from the path. Over the last year or so, my impression was that Redmond had mellowed a bit, understood that our current technology is based on a culture of complex collaborations with other products, and had learned to Play Well With Others. I hope I wasn't being optimistic.

[UPDATE: Several people have pointed out that most people can't decide to uninstall IE, whether or not they want to -- there isn't a way to do that without some severe hacking. And they're quite right -- my error.]

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.