Last week during an interview with Martin Gregory, Microsoft's Internet Explorer Product Manager, I asked what it would take for the company to admit that there is a security issue with the product. "What if you get three security breaches in a month Martin, would that do it?" But Microsoft clones are well trained when it comes to evading leading questions and Gregory, cherub he is, politely chuckled saying "Richard, we've already got a fix and it's in the lab ..."
So there we were a week later and with a grand total of three IE 3.0 security issues in double quick time and Gregory's still would not admit IE had problems.
The third IE bug is similar to the first in two ways. It was discovered by a gang of students who obviously haven't got enough work to do and it exploits IE's now undeniable weakness that allows hackers to roam around hard drives. Christien Rioux, one of the students students who found the hole, took great pride in confirming that .isp files act as an open door to a remote computer's drive (sound familiar?).
That in mind, I tried a different tack. "Martin, if you were in charge of staff who surfed the Internet with a product that had been shown to have three potentially serious issues allowing access to your company's hard drive - would you continue to recommend that product for use in your company or would you pause and reconsider for a moment." He replied: "I would go onto the Internet and download the fix." Bravo Mr Gregory, according to at least two IT managers you're fired.
Of course Gregory is being picked on for sticking to the Microsoft marketing bible, which states in bold Microsoft Blue: "Thou shalt not admit thy product is dodgy."
So here's an independent update: Germany - Chaos Computer Club shows how easy it is to break through IE 3.0 on TV and potentially hack into financial accounts. Andrew Lees at Microsoft says: "Anyone can build a destructive ActiveX control." Cybersnot - Students find a bug that allows users to use .LNKs and .URLs to gain access to a remote computers hard drive. Microsoft issues a fix days later, but won't call it a bug.
Maryland - more students discover a variation in the .LNK and .URL files that once again allow users to hack in to a computer, potentially erasing files. Microsoft "not a bug."
One of the men who fired Mr Gregory was Mathew Landower at the Computer Film Company in London. PC Week asked him what he'd do if he found out his company's browser had a leak. He said: "This sort of thing is obviously worrying and is precisely one of the reasons why we don't use IE 3.0.
Microsoft will not be open with problems, security or otherwise. But, if I found out there were all these security issues I'd certainly look to a safer alternative and I certainly wouldn't carry on using the problem one." Another, Oz Aksugur from an advertising agency in Soho said, "Obviously the issues would need to be serious, but I would certainly think twice about using it if there was an alternative?"
With this PC Week got a call from Andrew Lees, who is director of desktop and Internet and is in fact Gregory's boss. Asked the same question put to Gregory Lees (eventually) said: "No I would not pause to reconsider using IE3.0 to browse the web. IE is no less secure than any other browser." And there you have it.
Astronomers studying first-ever reported merger of two neutron stars claim to have detect light and gravitational waves
Allen died from complications of non-Hodgkin's lymphoma
Stanford researchers made the discovery via data from Greenland
Created via a thin, flexible, and transparent hierarchical nanocomposite film