Internet Explorer: No Catching Up with Firefox Now

Mozilla FireFox already has the technological lead in the browser market and the momentum has just started to build. So, how can Internet Explorer catch up? They would have to open the code completely and allow their community developers to start writing extensions.

If you look at something called the Exchange Client Extension, Microsoft envisioned a community of developers who would add functionality to first the inbox mail client and later to Outlook 97. But, even with a large developer community, only a few people ever wrote ECE's. When they did, Microsoft usually incorporated them into the next version of Outlook. So, most of those extensions suffer from link rot.

So, here comes IE 7 and Microsoft has picked up on some of Firefox's hot features. But, even if they copied every cool FireFox feature, how will they get people to duplicate the extensions? Would they turn IE 7 into a free office suite? I can already do almost everything I need for my daily work with Google Mail, the toolbar and the Mozilla calendar client. What compelling IE 7 features would make me want to change from Linux to Windows Vista?

I think that even if IE 7 turns out to be a great browser, Microsoft could not afford to put the functionality into it that FireFox has already. And, why would people pay for Microsoft's productivity tools inside the browser?

I think the non-core Mozilla development community is having too much fun with the tool kits for making extensions. This may only be the start of a database of applications tied to FireFox. I'm seeing some serious applications being developed just for FireFox.

Besides, every time Microsoft comes out with a new version of something like Internet Explorer or Outlook, it turns into Internet Exploder and Outbreak!

Have you ever seen some of the vulnerabilities that Microsoft has had in some of its Internet applications? A little while ago, I got an email forwarded to me from our editor-in-chief. He replied off the top of his head to one of our editors who asked about some vulnerabilities. He also said he's seen hundreds of pages of hot fixes, so this is only a little bitty list:

Create a Word document and embed hidden fields, such as the "IncludeText" field, in it. An attacker then e-mails the malicious document to the intended victim. When the victim opens the document, the fields retrieve data from the hard disk. The attacker would then receive the stolen data in the document when the victim e-mails it back to him.



Break up large outgoing e-mails into two or more smaller files, sneak viruses past many common Simple Mail Transport Protocol (SMTP) content filtering engines.



Outlook 2002 exposes a vulnerability due to inadequate checking of parameters passed to the Outlook email client. The vulnerability is caused by the way a "mailto:" URL is interpreted. An attacker creating specially formatted "mailto:" URLs can cause Outlook to run privileged script, ultimately leading to the execution of malicious code which can be delivered to the victim via a specially crafted HTML email message or from an intruder-controlled web page.



Stack overflow error in the Network News Transfer Protocol (NNTP) Response Parsing function.



Microsoft Outlook and Microsoft Exchange, can be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error when decoding TNEF (Transport Neutral Encapsulation Format) MIME attachments. (winmail.dat)



Cross site scripting attacks. This flaw is due to an input validation error in Outlook Web Access when processing a message containing a specially crafted "IMG" tag, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser.



Email spoofing attacks. This flaw exists in the message header parsing engine and occurs when the "From" field contains multiple comma-separated addresses, which may be exploited by an attacker to spoof the "From" field.



Outlook Web Access (OWA), can be exploited to redirect users to a malicious Web page. The problem resides in the "owalogon.asp" script when handling the "url" variable, which may be exploited to inject malicious URLs into the form and redirect users to a fake login page.

Since I am a Linux user, I never have seen these kind of things. It makes me wonder about anything our friends up in Seattle suburbs make. I guess I am spoiled.

I just want to ask people a question. Are we doing everything we can to make Linux work for the everyday computer user?

I ask for a reason. So many people are risking so much every time they go on the Internet to browse around. I worry about what my children might be exposed to so I put on parental controls. But my twelve year old boy takes them off with a couple of key strokes. Imagine if he goes into some cool site and they have all these exploits and he uses Windows?

Your kids and spouses may be at risk too. Don't let them do on-line transactions under Internet Explorer. The protection isn't there for them.

The original question has to do with Microsoft Internet Explorer catching up to FireFox. First, I don't believe the estimates people use to gauge market share. I think that a company could down load one FireFox, put it on a server and let 100,000 employees download it from there. Most companies wouldn't let their employees go out to the Internet and download something. So, they put it on servers inside their networks.

Second, I wouldn't write an extension for Internet Explorer. If I put my name on a cool piece of code, I want someone to know about it. With Microsoft you only get 15 minutes of fame.

Third, I think that the FireFox momentum has only just begun. I expect companies to start packaging enterprise applications with FireFox. I think people might see more games build for FireFox. Anything that can be web-enabled or any web application you can or can't think of will be coming out faster for FireFox than they did for Windows 95 ten years ago.

Do you think people will start waking up and using FireFox exclusively? I have, but then I didn't allow no Internet Exploder to run on my PC anyway.