I understand Microsoft has spent more money securing IE than the Sultan of Brunei has on his harem. I'm still not impressed by that! It's a measure of how crappy and insecure the code was to begin with, not a measure of commitment to product quality.

http://www.usatoday.com/printedition/money/20041013/gatesqa13.art.htm

Q: Speaking of security, Internet Explorer has had well-publicized holes …

Gates: Understand those are cases where you are downloading third-party software.

:erm: <cough> bull **** </cough> :rolleyes:

Q: There is talk of a Google browser. Internet Explorer has had its security woes. How do you keep users?

Gates: More has been invested in making IE secure than any browser on the planet by a long shot. Nothing is going to change. That's the one over 90% of people are going to keep using.

:stickout: Doesn't that just make you want to display one of those nifty "Get Firefox" buttons?
;) Or use Opera?

Oh, that wonderful IE! If it takes months to address this problem, and IE's market share further declines, I wonder if Bill will get the hint that the market (hopefully) won't wait two years for his next browser?

http://news.zdnet.com/2100-9588_22-5408453.html

It's been barely two months since Microsoft made a pop-up blocker available for its Internet Explorer browser--but Web advertisers have already found a way to slip their loathed marketing pitches past it.

I actually saw a pop-up yesterday, the first one I've seen in the entire year since I switched to Opera.

:)

IMHO , the most notorious comment was :



Q: How about “search”?

Gates: You will see amazing search in (the next version of Windows called) Longhorn. In fact, even before that comes out — which we expect in 2006 — we'll have MSN offerings that will provide very rich search capabilities. Search is a big area for us. We've got smart competitors, Google and Yahoo, but we see ways that we can take search way beyond what we or they have done to date.



That's challenger, I mean, common, they're treating Google ? <lol>

Yeah, they're a little behind Google Desktop Search (http://desktop.google.com/), announced last Thursday - which will probably come about much much sooner than 2006, and won't require an MSN subscription.

I wonder if Bill is in kahoots with all the spyware manufacturers? ;)

obviously theres going to be holes in IE thats only because its the most widly used internet browser and obviously for this reason the most targeted..

Soon enough, you will come to see that explorer is the most secure and mostly invested on browser on the net..

anon-e-mouse, I do hope your joking lol.. I mean would bill really risk the reputation of microsoft? Of all companys Microsoft is trying too put limitation on adverts on its network of sites and hopes to one day to stop then alot.

If they've invested so much into Explorer, why is it that it's been more than four years, and they have yet to fix all of the fundamental errors in its programming? We're not even talking about security issues. Here's a thread where I pointed out a few of them - just a few, mind you: http://www.webhostingtalk.com/showthread.php?s=&threadid=324029&perpage=15&highlight=Internet%20Explorer&pagenumber=3 - look about four posts down.

Every other browser manufacturer fixes these errors and makes the fix available right away. Microsoft only fixes problems that could lead to lawsuits (not fixing a known security hole will get you there fast).

The major reason for all of IE's holes is that it's inextricably tied in with the OS. With every IE release, the browser has become less and less a standalone application. When the app relies so heavily on the OS for its functionality and vice versa, and the app represents a direct portal to the outside computing world, you're bound to have more security holes than with standalone applications (which all other browsers are). I can't wait to see what happens with IE7, which will not be available standalone in any way, unless someone illegally reverse engineers it. Some hacking team somewhere is licking its chops waiting for that release!

Originally posted by Postmaster
obviously theres going to be holes in IE thats only because its the most widly used internet browser and obviously for this reason the most targeted.. Soon enough, you will come to see that explorer is the most secure and mostly invested on browser on the net..
What've you been smokin', Postmaster? :)

Allow me to cite one example: the MIME type "text/plain" has always meant the document should be displayed as text, not rendered according to any markup present. Internet Explorer, since its inception, has rendered the "text/plain" content type. This has always been a security hole on the WWW, and IE is far from the only browser to make this mistake. Other vendors have been quick to fix this flaw once it's pointed out to them. Microsoft took eight years to address the issue, proof of their security commitment, with the release of XPSP2. All other versions of IE should have javascript disabled entirely to avoid this security issue. Nice.

The problem is Bill. He decided he knew better than the spec he had no intention of following (HTTP) when he made his browser, and stuck by his guns when he was demonstrated to be wrong. Then, we get answers to questions like the interview above -- those aren't problems with our code, it's all third-party vendors. I have many more references to this and other security issues which are indicative of a negligent approach. Hopefully they've wised up, but Bill's comments in that interview don't bode well for the future, and they certainly don't give me any confidence that Mr. Gates has changed his attitude and embraced security during code development rather than fixing things once they've been exposed.
MS have a page which documents their MIME Type handling in IE (http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp), but at no point do they admit that this behaviour is contrary to published interworking specifications (see RFC2616) or that it has security impact (active content of various kinds, e.g Jscript in HTML, could be slipped past a customer's protection disguised as text/plain, but could still be interpreted as active content by MSIE).

http://ppewww.ph.gla.ac.uk/~flavell/www/content-type.html