Saturday, March 28, 2009

Take it from a guy...

...who deals with with this sort of thing to put food on the table:
IE 8 is better - not perfect, but an improvement. However, it still has ActiveX, which is completely and utterly unsecurable.
The problem isn't even so much that you're downloading native code from Al Gore's Intarwebz, but that these controls also have security bugs, they never get patched, and J Random Web Site can invoke them at will.
Yes, the control is signed by Microsoft. That doesn't mean it's vulnerability-free, and since you checked that box that said "Always trust content signed by Microsoft Corporation", it can (and likely will) be used against you.
This is probably why some sites don't work for Hammer - they require ActiveX. Bad, bad security juju.

Not that I had any inclination to go back to Internet Exploder, but for anyone who does, those are words worth pondering, I think. If there are any sites that don't do so well with Firefox, I suppose one could try Google's Chrome, or Opera, and I know there are a few others that I forget. Input, Ted? (or any other security guru reading?)