Yeah.  I basically use FireFox for all my web browsing.  But if this other platforms(And by platforms, I mean OSs) thing is true, then Mac and Linux owners may be feeling the same heat Windows owners have been feeling.

I can’t figure out how MS can justify keeping ActiveX, it has a rich history of being a security hole and it isn’t really necessary.  There are more secure ways to do things than to use ActiveX. 

The only reason I can see for keeping ActiveX is to keep a lock on MSIE, which is a piss poor reason to expose users to security vulnerabilities.

... then Mac and Linux owners may be feeling the same heat Windows owners have been feeling.

The biggest difference is that Firefox and other open source browsers are patched much faster than IE after a significant security issue is discovered.

What I don’t understand (as a computer dummy) is why anyone is using IE at all?

Pick one or more reasons:

1.  It comes with Windows

2.  It is the “Internet button”

3.  It is what they use at work

4.  Firefox is too hard   /whine

4.  Corporations set IE as their standard supported browser

5.  Many corporations use web applications that need ActiveX

6.  Some web sites just won’t work with anything other than IE (these are getting to be less common)

Les:

You pretty much answered your own end question during your quotation from the article. The gaping holes in question for other platforms? Java and scripting. Both are used extensively outside of Windows environments as well.

Linux, BSD, Unix and OSX all rely heavily on scripting, even if OSX covers it up with shiny graphics

I know for a fact that all of the major operating systems use or rely on some form of ASLR and hardware DEP as well.

There you have just about everything mentioned as being parts of the issue, with the exception of ActiveX, .NET and IE.

There is similar things in the OSS world though…the Mono project for instance…

It is quite easy to make this kind of error in design though. They mentioned in the article that .NET will load .DLL files into IE for example, and the default behavior of Windows is to treat .NET objects as “trusted”. JAVA will also load objects into a browser in a similar manner, and is similarly trusted by the operating system because JAVA itself is “signed” code.

The designers didn’t account for or didn’t realize the security risk for this type of behavior which is found in all operating systems: Something that is loaded by a “System” level program or process is given a free pass by default (You can however, specify certain behaviors using ACLS or similar).

It would be tough to place blame on any of the teams at MS on this one - as the operating system is working like it is supposed to, and so are the combination of programs involved. It’s not the fault of any individual program, but it’s something that happens when the capabilities and ways certain types of programs handle things are combined together that is the issue.

One of the few obvious ways to fix this is to kill off .NET, JAVA, etc access to any web browsers, but that kind of defeats the purpose of even having any of them and that would kind of set the entire internet, etc back to the mid-1990’s dark-ages if that were to happen (Think banks, etc who use a combination of JS, JAVA and .NET for their online banking sites for instance).

I browse with JAVA turned off on my browsers (Firefox and Opera) and it very seldom causes a problem.  The only site I regularly use that needs JAVA is my credit union’s site.  I generally allow javascript, but I don’t consider it to be much of a risk; more of a potential annoyance, and it is certainly nowhere near as dangerous as ActiveX.

Yes zilch, I use the IE. But only to print web pages. Firefox fail fails miserably at printing most of the pages.

you wrote:

What I don’t understand (as a computer dummy) is why anyone is using IE at all?

Thanks for your answers.  Itdontmatter:
1-4 I understand, but if a dummy like me can do Firefox, then anyone who can’t should probably not be allowed to use a computer or vote.

5- I guess I don’t need ActiveX.
6- I have yet to come across a web page that didn’t work with Firefox, but perhaps I’m just not well-traveled.

Obi- I don’t print much from the internet, but what I’ve done so far has all worked with Firefox.  Again, that probably just shows how humble my needs are…

Zilch:

don’t get me wrong. Firefox is probably the best browser around (depends on what you want to do).

But even the latest version has problems with printing web pages. IE does not. So I browse using Firefox and when I need do print something, I fire up IE, copy and paste the URL into IE etc.

I wonder what I shall be doing when I’ve moved to Linux, BSD or OS-X, which I think will be inevitable in the long run, considering the outlook at M$.

I like to print stuff out and then read it on the tram or train or wherever I am moving.

Huh, I’ve not had any problems printing webpages from Firefox and I do it often.

Though admittedly it’s mostly maps from Google Maps.

zilch, Internet pages that don’t work with Firefox are now quite rare, although there are still quite a few incompatible pages on corporate intranets.  There is a Firefox plugin called ‘IE Tab’ that allows you to open a page in Firefox using the IE engine, which is useful if you come across an incompatible site.  I just noticed that there is a 4 and another 4 on the list—oops.

I also don’t recall running into printing problems using Firefox.