December 18, 2008
Could it be that Microsoft has mole engineers who intentionally plant security holes?
Or else, how could EVERY version of IE be so flawed? Every single version, every time?
-
I don't think it's sabotage. I don't even think it's poor software design, really. I think it's two things: 1) First problem is tying the browser in with the operating system. They've got the guts of IE built into so many things, making one minor change in the browser can break a lot of applications that don't at first seem to even be related to the program. So, instead of fixing things using new approaches, they spend a lot of time ensuring backwards compatibility - which also bloats the codebase, a problem in itself (more code = more places for bugs to pop up). 2) Second and more obvious problem is that unlike Mozilla, Microsoft never threw out the old code entirely and started fresh. They should have, but they don't. Even Vista shares some code with Windows 3.1, near as I can tell (the "Add new font" dialog box certainly hasn't changed in any version of Windows I have ever looked at, from 3.1 on up). Old bugs aren't written into new versions, they were already there: The new house is built on the shaky foundation of the old one.
-
Microsoft's legacy is not dissociating the interface from the operating system. That's their biggest flaw.
-
frogs pretty much has it. The size of your company and the size of your family of software products is inversely proportional to your ability to make fundamental changes to that software. Plus there's MS's laser-like focus on backwards compatibility with their old busted browsers, in order not to piss off corporate customers by breaking their intranet sites. As for point 2, total rewrites are kind of a "here there be dragons" territory. It can and has been done to success, but there is a high risk of disaster. Many software engineers are dead set against ever doing such a thing. I seem to recall reading that MS actually did attempt a full rewrite of IE several years ago, but the project snowballed and was ultimately abandoned. If you're going to do a rewrite, do what Apple did with OSX. Find an already existing core product that works well (BSD), rather than rebuild from the ground up. Get Webkit or Gecko and build your browser up from there. Which Ballmer recently said might be an option for them, actually, but I'll believe that when I see it.
-
Frogs pretty much has it--MS Bloatware However, I don't discount the idea that there haven't been a few holes written in by disgruntled employees or wizkid types. Anytime you have that large a codebase there's plenty of room for error, intentional or otherwise. Plus working with the innovative type of people that love to tweek and twist, you're bound to get someone who's going to try to put their stamp on it. Might not have been done maliciously, just a Kilroy-was-here-and-will-be-back thing.
-
Holes, backdoors? No way.
-
Plus, I think IE gets more more scrutiny. Anyways, yeah, abandon it. You should've years ago. Chrome, Opera, Firefox, Safari, anything but. The only time I use IE is to verify that my spyware removal tools are working. Sometimes I go so long without them finding anything at all that I start to worry that they've been disabled somehow. So I'll browse for a couple minutes with IE, scan again, and when I discover new threats, I'm satisfied that my spyware removal tools function.
-
Only problem with that theory is that the security holes intentionally put in wouldn't work.