A Tale Of Two Browsers - InformationWeek
IoT
IoT
Infrastructure // PC & Servers
Commentary
7/11/2007
03:35 PM
50%
50%
RELATED EVENTS
How Cloud Can Streamline Business Workflow
Jul 11, 2017
In order to optimize your utilization of cloud computing, you need to be able to deliver reliable ...Read More>>

A Tale Of Two Browsers

Internet Explorer and Firefox are sitting on a bench, enjoying the warm summer sun. Suddenly, Firefox sneezes, reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I think I'm coming down with something," it says. "Is there something I can do to get rid of this problem?" Then IE sneezes. What does it do?

Internet Explorer and Firefox are sitting on a bench, enjoying the warm summer sun. Suddenly, Firefox sneezes, reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I think I'm coming down with something," it says. "Is there something I can do to get rid of this problem?" Then IE sneezes. What does it do?It reaches for its handkerchief, grabs its cell phone, and calls its doctor. "I just want to tell you," it says, "that wasn't my sneeze, my handkerchief is perfectly clean, and if I sneeze again I'm telling everyone it's Firefox's fault."

Sorry for the bad joke, but this is what immediately popped into my head when I read Sharon Gaudin's recent news item about a new security flaw that seems to be affecting both browsers. Apparently, a researcher named Thor Larholm has asserted in his blog that, "There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols." In other words, if you're using IE and visit a Web page that calls on a Firefox URL -- with, presumably, malicious code attached -- Firefox will be launched and will execute that code. The result? Two sick browsers.

Of course, this all depends on several factors, including the tendency of the user to go to malicious Web sites and whether your version of Firefox has the specific FirefoxURL handler. However, what I became most interested in was actually the reaction of the two browser vendors to the news: A Mozilla representative said they will be patching the problem in an upcoming release, while a Microsoft representative wrote that "this is not a vulnerability in a Microsoft product."

Strictly speaking, the Microsoft rep is right. The ultimate vulnerability is in Firefox. But this vulnerability only exists in the presence of both browsers. And would those of us who have both IE and Firefox on their systems (which includes everyone who installed Firefox but decided not to uninstall IE -- in other words, a lot of people) really care which browser is the one being ultimately targeted when our systems slow down to a crawl? And is a general policy of defensiveness really appropriate when you're dealing with a potential problem that will affect your user base?

Over the years, Microsoft acquired a reputation -- not unearned -- of acting as though it was the only viable source of software around; if its products had any interactions with other software products that didn't work, well, it was the user's fault for straying from the path. Over the last year or so, my impression was that Redmond had mellowed a bit, understood that our current technology is based on a culture of complex collaborations with other products, and had learned to Play Well With Others. I hope I wasn't being optimistic.

[UPDATE: Several people have pointed out that most people can't decide to uninstall IE, whether or not they want to -- there isn't a way to do that without some severe hacking. And they're quite right -- my error.]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll