Is Microsoft creating tomorrow's IE security holes today? | The Register
Quite an interesting piece, wondering whether Microsoft is creating problems for itself in the future with IE, with amongst other things, tight integration with the OS.
I do disagree with one or two point made though, especially "Rapid development cycles won the browser wars, and it wasn't the strong-arming or the marketing that motivated users to switch browsers, it was the features"
My memory of it was that IE wasn't that much more featureful than Netscape Navigator, and if you want to know my opinion of why Microsoft won that war it is the plain and simple fact of being bundled on the desktop when Navigator wasn't. Non-technical users do not go looking for alternate products, so long as the default one they're provided with does a reasonable job.
In fact it's telling that Firefox is gaining ground on IE, as that says to me that a percentage of Internet users no longer regard IE as doing a reasonable job.
Back to the story, I'd agree that tight OS integration is to my mind a problem for IE. I see no reason why an Operating system has to have an Internet Browser. Definately for server operating systems it seems totally redundant (although in several use cases I add that a GUI on a server is a waste of resouces).
From a security point of view having components so tightly integrated into the OS that an administrator cannot easily remove (not disable) them just increases the amount of code that needs maintained and increases the likelihood that code on the server will have an exploitable security vulnerability....


Security Geek, Kubernetes, Docker, Ruby, Hillwalking