Lab Notes

Musings on Wi-Fi security issues, our product plans, and the general state of the world. Follow up with your comments and complaints to Lab Notes's .

If It's So Easy...

...then why doesn't Microsoft do it?

Peter Torr opens up a can of worms with an article questioning the security of FireFox, the increasingly popular alternative to Internet Explorer. What makes the whole thing so juicy is that Peter works for none other than Microsoft.

I agree with his point that software vendors must digitally sign their executable. After all, it's not hard — we do it for every Windows executable we ship. And it's not expensive — our Thawte digital certificate cost us $200. If the FireFox guys can afford a two page spread in the New York Times, certainly they can afford a code signing certificate.

Where Peter goes wrong is with this comment:

One of the many criticisms of Internet Explorer is that customers are fooled into downloading spyware or adware on to their computers. This is indeed a legitimate problem, and one of the ways you can reduce the risks of getting unwanted software on your machine is to only accept digitally signed software from vendors that you trust. Every time you download a random piece of software from a random location, you're taking your chances with your PC and all the information stored on it. You wouldn't take candy from strangers, would you?

So why isn't this the default in Internet Explorer? The fact that the Internet Explorer executable itself is signed is nice, but the fact that Internet Explorer then turns around and allows downloads of anything and everything is the real problem.

via Michael Howard's Web Log

By Periodik Labs on December 21, 2004 11:22 AM | Permalink

Lab Notes

If It's So Easy...

Search

Recent Entries

Monthly Archives