SoylentNews is people
SoylentNews
from the the-more-things-change-the-more-they-stay-the-same dept.
While both Betteridge's Law and common sense say, "No," Zack Whittaker at ZDNet takes a closer look:
An analysis of the last five-months' worth of monthly software updates shows that Edge had 25 vulnerabilities shared with versions of Internet Explorer, which had a total of 100 vulnerabilities.
Earlier this month on its scheduled Patch Tuesday update offering, Microsoft released MS15-124, a cumulative update for Internet Explorer, and MS15-125, a near-identical patch for Edge. Of the 15 flaws patched in Internet Explorer, 11 of those were also patched in Edge.
According to a Microsoft blog post earlier this year, the software giant's newest browser, an exclusive for Windows 10, is said to have been designed to "defend users from increasingly sophisticated and prevalent attacks."
In doing that, Edge scrapped older, insecure, or flawed plugins or frameworks, like ActiveX or Browser Helper Objects. That already helped to cut a number of possible drive-by attacks traditionally used by attackers. EdgeHTML, which powers Edge's rendering engine, is a fork of Trident, which still powers Internet Explorer.
[...] Older versions of Internet Explorer will be retired by mid-January, giving millions of users about a month to upgrade to Internet Explorer 11, or to Edge on Windows 10.
(Score: 2) by prospectacle on Thursday December 17 2015, @02:04AM
I don't *really* trust most of the sites I visit, which is the point of a sandbox.
There are also browser settings or plugins to block ads, block scripts that aren't on a whitelist, block plugins or require click-to-load, block cookies, clear cookies on exit, etc.
I would guess the browser is far and away the most used application so it's going to have the widest impact when a security problem is found but that doesn't mean there's no reasonable level of security.
If a plan isn't flexible it isn't realistic
(Score: 2) by Runaway1956 on Thursday December 17 2015, @02:16AM
And, I think it a legitimate complaint that I have to use a boatload of addons to make the browser useful. All of my addons are fighting tracking, advertising, and cross site scripting, all of which overlap.
Advertising, I could probably live with, if it were sensibly done, and didn't hog bandwidth. Tracking, I can't live with at all. The cross site scripting is just plain stupid.
The level of security that I acquire after installing my addons should be the level that less tech savvy people see out of the box. Browser makes should offer security by default, not as an afterthought with addons.
And, that last statement isn't even accurate - the browser makers don't offer these addons, but third party developers offer the addons. Security is an after thought.
(Score: 2) by prospectacle on Thursday December 17 2015, @05:46AM
You're right it's a very legitimate complaint. I agree these should be out of the box feastures turned on by default, instead of plugins or obscure settings. No doubt commercial pressures play an undue part in these decisions. I don't think that in any ways affects whether the web browser in general is a flawed concept. Here's the difference:
Popup blockers and other window-control limiters (e.g. moving windows around, resizing them) used to be unheard of, then it they were done with either add-ons or settings that weren't defaults. Then they became built options or commonly known where they had already been built in, and then they become the default. I'm sure you remember how annoying it was for windows to pop up (or under), especially when it opened a new window as you tried to close the first one. People had abused a useful feature and so tighter control was added.
In technical terms this is quite a small change to the browser. In terms of user experience, however, it's massive. The same is true of having whitelist or blacklist of domains, disabling autoplay, cookies, images, sound, or javascript; with an option to whitelist for certain sites.
These are all minor changes to the default settings. They don't change the basic model and purpose of a web-browser.
Almost all of the web has been an afterthought, both the good and bad parts. Its current state is far from perfect but it has a lot of advantages and continues to evolve.
Also it's not like those plugins are an obscure hack to get around the fundamental flaws in the evil browser model, they are an officially supported way to configure or enhance the browser the way you want. Some plugins become built-in after a while.
If a plan isn't flexible it isn't realistic