> So that's not a security hole in the browser but a security hole in the > head of the user... that's way different. > > Furthermore, the article you are referencing says the same thing - the > user is giving permission to the app to run.
If the security model allows the user to do unsafe things very easily, it is broken. A computer user should not have to be a security expert to perform basic tasks. Even a relatively knowledgeable user could be tricked relatively easily. For example, if your DNS server gets tricked into believing that windowsupdate.microsoft.com points to mybadserver.davewatts.net, all sorts of bad things could happen. > So what is the issue here? > Do you want a new security model because you don't like the old one? > Do you just want the exploits to all be fixed at the same time? > Do you want a host of new features without paying for it? > > I don't think that 1 or 2 are going to happen. > > 1 is improbable, 2 is impossible > > So what's the issue? Just use Firefox. That's what I do. I also encourage others to do that. However, I can't just tell my computer-illiterate father-in-law to download Firefox, and he shouldn't have to know how to install software to use his computer to browse the web. The IE security model is seriously broken, largely due to how well it's integrated with the OS and due to the fact that practically everyone runs IE using administrative privileges. Jochem is absolutely right here (as usual). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:195015 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
