OSNews

Well, XP is now 7 years old. Gotta pull the plug some time.

Sure, but this is the security of the web browser on potentially hundreds of millions of computers. Being that flippant with other people's security is a terrible display of weakness and I hope it comes back to bite Microsoft hard.

I don't think 'flippant' is quite fair or even accurate here - though typical of people not seeing the big picture.

EVERY time Microsoft even wants to THINK about changing something, they HAVE to keep backwards compatability in mind because at the end of the day they answer more to their BUSINESS clients than they do Joe sixpack. For all the talk of them 'raping' Joe sixpack and his home machine, the REAL money for Microsoft comes from it's business customers - many of whom are tied to poorly written in-house crapplets. No matter that they are garbage script kiddy visual basic rubbish, you break those and who are they going to blame? Microsoft - even when much of the fault lies with piss poor coding habits and outdated methodology. Look at EVERY time Microsoft tries to fix ANYTHING, they have to nix it or live with that many businesses simply won't install the upgrade until it's shoved down their throats.

Honestly, Microsoft cannot AFFORD to care about the users who know better as they likely will move on to greener pastures like Firefox or Opera... It's impractical to take the time to deal with Joe user who sees nothing wrong with continuing to try to use IE6 (lord knows I've tried personally and some people JUST WILL NOT LISTEN) - As our good friend said, the real answer is "Developers, Developers, Developers, Developers, Developers, Developers, Developers, Developers!" For every experienced C++ *nix head that can quote you the BASH man pages from memory, you have 20 business programmers churning out financial crapplets in VB. The big money comes from corporate support, and financial software developers come from the big corporations. This means BUSINESS websites and applications take priority - and businesses change at a pace so glacial it makes IE development the past decade look outright speedy. You know business, the thing that PAYS all of us? (... or at least those of us with REAL JOBS, not 'professional educators', 'professional lecturers' or kids still having life paid for by mommy and daddy - Windows Guy opens wallet to pay the artsy slacker Mac guy AND the back room *nix geek)

It's only because of their own success that so many developers STILL have their head up their backsides about even thinking about upgrading past XP SP1. With EVERY patch there is endless hubub about shit VB crapplets, ActiveX crapplets and a whole host of other poorly written CRAP (much of which doesn't even follow the guidelines Microsoft set up for writing applications) being broken, and businesses making a huge stink about it.

LOOK at the technoligies that are the biggest security holes in Windows - The big two are activeX and VBScript, both of which are exploited repeatedly in Outlook and IE. They and all the rest of the 'features' that became security risks were developed long before W32.Blaster owned XP boxes and script-kiddies could run rampant (like the windows messenger which has been around since WFW 3.11/NT3.1) - it was a frontier where the idea of developing browser extensions and even web applications was virgin territory. Most of the web as we know it today CAME from Microsoft. Who even TRIED to add CSS2 support first, and made it to market first (even if it was buggier than a bayou) - WHO came up with the mere NOTION of browser extensions? Who came up with the mere IDEA of a XMLRequest for Javascript which today is the cornerstone of the ever so popular AJAX? Here's a clue - it wasn't Mozilla OR the W3C. (and people accuse Microsoft of not innovating)

LOOK at web applications - back in the days before AJAX or to when flash was a tinkertoy... you had two players - one ran like crap on the hardware of the time and was difficult to deploy (Java) since most users didn't know what a plugin was, and didn't like the idea of them - the other (activeX) worked in the browser everyone was using anyways - IE. Let's be honest, 90% of plugin formats are stillborn so far as the internet goes with ONE exception - Flash. Serously, who the devil uses java to write in-browser applications anymore? You come across a website that needs java to function, don't you kind of laugh at how pathetic it is?

In particular, it was IE5 that WON the war for Microsoft in the business sector. For all the badmouthing today of IE 5 when it comes to web standards, at the time of it's release it was so far ahead of the competition in that department (since NS5/Gromit was coat-hangered and NS6 often the butt of a joke akin to Duke Nukem Whenever) that comparing IE5.x to NS4 is a bit like comparing Opera 9.5 today to IE5. Established businesses built their in-house crapplets around that - much of what is considered a security hole today was a 'wonderful new freedom of programming' when it was released - Which is why many websites today STILL require IE for the simplest of functionality that could be done EASIER today cross-browser, but nobody wants to change what's worked just FINE for the past DECADE just because there's a new 'flavor of the week' browser.

... and that's before we even TALK about the commercial applications that are tied to Trident (the rendering engine that drives IE) - Antivirus software from Trend and Symantec, AIM 6, Google Talk (It's a hoot that one of the companies endorsing Firefox the loudest has many of it's applets tied to Trident - there's a reason it's windows only), Steam, etc, etc... You actually FIX the browser up to standards compliance and fix all those security holes, you run the risk of breaking ALL of those applications!

Microsoft did this amazing thing all the way back to IE4 - they made the entire browser API available to programmers with frameworks available even in competitors compilers (see the tBrowser object under TPW/Delpi) All this YEARS before Netscape even thought of releasing the source to their browser to the public (and years before the majority of programmers outside University or the server backroom had heard of the term Open Source, much less took that naive idealistic rheotoric seriously). While letting programmers call the API for rendering is NOT in the same league as releasing the whole source, it shows that they were in fact more open than Netscape was at the time. (I can remember many developers of the age badmouthing Netscape for their closed practices back then the way people talk about Microsoft today) If they had not done so, there would be no Maxthon or Avant browsers, no trident rendering in NS8, no Neptune plugin to run Trident under other browsers like FF or Opera, and frankly I have my doubts AOL (did I just say AOL?) would even have considered open sourcing Gecko if programmers hadn't already given them the cold shoulder in favor of a browser that DID provide them access.

Hindsight is 20/20, and today the 'vulnerabilites' of these technologies are obvious - Look back to 1995-2001 and NOBODY was talking about ANY of this. Funny that, hindsight may indeed be 20/20, but it always amazes me how the masses don't remember yesterday.

Now, it's not all rosy and I'm with the crowd that Microsoft has rested on it's laurels WAY too damned long, and continuing to have to support browsers that still haven't caught up to decade old specifications is getting really annoying. Continuing to support aging VB crapplets and ActiveX rubbish that wasn't particularly well written in the first place - But lets at least be honest about how we got where we are today and take into account ALL of the reasons Microsoft makes the decisions it makes.

In other words, "in before the LOLZ MICROSHAFT SUXORS"

... and sorry for the lengthy post, but someone had to say it.

Edited 2008-04-10 10:53 UTC

Tiem to stop drinking the kool-aid dude. Microsoft is the only one responsible for the security problems they have. HOw can you not know that putting self executing code into your email system is a recipe for disaster? And who actually uses that? Yet do you see Microsoft changing it? That feature alone is behind proabably 3/4 of the virus out there. Or how about the fact that it runs as ROOT? Dont tell me that role based security hasnt existed far longer than Windows. You are right about one thing though, people do bitch when MS changes things. SOmetimes you gotta break a few eggs if you want to make an omlet.

Af for innovation, CSS was developed by the W3C, and even Mosaic had browser extensions for things like video playback and stuff. Unless you are talking about a specific kind of extension...However, IE 7 was the first IE to not contain Mosaic code. So much for innovation.

Well, before they pull the plug, I hope they first deliver a decent operating system to follow it up (i.e. not Vista).