Thursday, January 13, 2005

IE and its discontents

At home, I use Firefox for browsing. I prefer it for:

  • Tabbed browsing. Have 12 sites open? Click "Close other tabs" to clean them all up. Internet Explorer opens them in separate windows, so you have to close them all by hand.
  • Unicode support. A site uses a certain font. The HTML code contains characters unsupported by that font. What does the browser do? Firefox substitutes a font that supports that character, and only for that character. IE gives up, and displays little meaningless blocks. (This problem often happens with Vietnamese characters such as "ệ" in blog comments.)
  • Security: IE is shit at security.

The last reason is why I am very, very firm with everyone using this machine for browsing. In my best simplified pidgin English "Don't use IE. Bad for Viruses! Bad! Spyware! Use Firefox. Don't use Internet Explorer. Bad! Use Firefox." I may be stretching the truth with viruses, but it's a possibility. Now everyone has heard of viruses in this country. I add "spyware" for honesty. When I first used the machine, the guts were entangled with functional faeces such as "PurityScan" and "DoubleClick". I cleaned it up. I used IE for a while after we got ADSL - and the problem kept occuring. Finally I went to Firefox and the problem stopped. Don't use IE if you can help it.

That partly explains why there are a lot of people down on IE. There's the Browse Happy advocacy site, which shows lots of smiling people willing to share their horror stories of IE with you! They can tell you what alternatives there are - which is useful by itself. But when they ask "Why is Internet Explorer unsafe", it shows a series of article quotes without any overwhelming structure. It's a quick way to lose interest. To be honest, I found the whole site underwhelming. Now if they had provided a good security advisory about IE, that would be sufficient advocacy by itself. Via Securia:

Some vulnerabilities have been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system, conduct cross-site/zone scripting and bypass a security feature in Microsoft Windows XP SP2.

Read the whole thing. It's a nasty vulnerability too. For example, the bad guys (and gals!) could open files from your "C:/WINDOWS/" directory and do no end of mischief. Securia even got a test for it. Give it a go. With Firefox, I found I was as safe as houses. By contrast, Internet Explorer left me more open than the freeway to Baghdad airport. (By the way, I am running WinXP SP2 by the way - an OS that should have been cleared of nasty vulnerabilities.)

The test may come in handy later today. At work, we've got a small LAN network for the teachers. It accesses the Internet - but the only browser available is Internet Explorer. I've requested the installation of Firefox, but our IT want to hold back until they've tested it. I think they're being overly conservative, but what can I do? All I can do is run the Secunia test, document the results, and if a vulnerability occurs, tell them about it. Full URL will be attached to the chit. It's IT's business whether they install Firefox or not. But I'd rather not lose the files I have.

("Browse Happy" found via Royby.Com. The ever prolific Tim Lambert - who celebrates his second anniversary of blogging today! - gives us the Securia page.)