I hate talking about the subject of Microsoft's security yet again but...
Last week, when I raised the thorny issue of how too many websites were
incompatible with browsers such as Netscape, I received a number of emails
from people asking why I was using such a slow, clunky browser.
I'm also regularly asked why I don't use Microsoft's Outlook email program -- preferring
instead to use the excellent NZ-developed Pegasus Mail.
Some even accused me of doing solely so that I could demonstrate my anti-Microsoft
feelings.
Sorry folks -- I use Netscape as my browser, even though IE is now in version 5.x
(having now been around for quite a while in Internet terms), and I use Pegasus
as my email program -- because I don't trust the security in Microsoft's
products.
And before you all rush to put finger to keyboard and berate me yet again
for engaging in an "anti-Microsoft" rant -- please read the stories linked in the
headline section below.
Yes, once again, even more holes have been found in Microsoft's browser and
email client.
This time it appears that the Virtual Card mechanism has the potential to
wreak havoc by opening the door to viruses and trojans which can steal data
or erase files from your PC. Even those with version 5.5 of Outlook Express
are susceptible to this security flaw if they are dumb enough to open
one of those stupid, bandwidth-wasting VCards sent by an unknown party (and
let's face it -- there's little point in opening one sent by someone whose
details you already know right?)
Then there's the manner in which malicious website owners can hijack Microsoft's
browser by replacing the default startup-page with whatever page they
nominate.
The mechanism by which this is achieved was already known to Microsoft -- and
indeed they issued a fix -- but their browser remains vulnerable and over the
weekend I received a number of emails from people who had their browser
settings screwed up by this flaw.
They were all extremely frustrated that, even though they manually reset the
homepage, the next time they started their browser it went back to the
malicious site by default. Fortunately several sites have now published the
way to reverse this "infection" -- but with a decently designed and tested
browser it shouldn't become the job of the media to fix people's PCs.
Now I'm the first to acknowledge that Netscape isn't perfect -- far from it --
but I'm becoming increasingly happy to be the user of a minority browser which
most hackers feel isn't worth the effort to try and exploit.
And when will Microsoft finally learn how to design a secure Internet application
or server?
Well don't hold your breath folks -- they still seem to believe that securing
a PC simply involves locking the door as you leave the room. The company
appears to continuously treat security as an "add-on" or an afterthought rather
than as a core element of their products.
What do you think?
The Weekly Is Downloadable
If you haven't received your Aardvark Weekly by email, you can
download it here. Subscribers
to the emailed version will get each version several days before it appears
here.
As always, your feedback is welcomed.
|
Did you tell someone else about Aardvark today? If not then do it
now!
|
|
