Revisitation of the Browser Wars?

The recent release of the latest incarnation of Mozilla – dubbed FireFox - is making quite a stir; the open source developer team even appeared on the cover of Wired this month, generating a buzz amongst geeks to the heralded Browser Wars of the ninties. It’s going to happen again, some say, as FireFox downloads ’soar’, proving in some sense that Microsoft’s 93% domination of the browser market is somehow on shaky footing. “Bill Gates: watch your back!” is Wired’s tagline.

Well, I don’t buy it.

Everybody wants the nineties to return – who wouldn’t? Those were some great days in technology full of optimism, innovation, and enthusiasm. The browser – the act of browsing – was just being defined. Now we’re in a different age. An age that has already defined what a browser is and does, and the message is clear: to the consumer, a browser is purely a utilitarian applette; a virtual machine for our portals and distributed applications; the browser is a known quantity, consistent, familiar, with a UI just as predictable as a telephone. Does the average consumer want new widgets and innovation? No – the average consumer wants consistency.

That’s the way Microsoft must see it anyway as they’re still continuing to integrate XML/HTML features into the o/s so that the browser becomes ubiquitous, irrelevant. A native browser to Windows means that Windows is your browser. The need for a separate application – and all the compatibility issues that surround it – is an idea that consumer’s pooh-poohed with the demise of Netscape. Yet, here we are again.

The rage for FireFox seemingly ignores the other plausable alternatives – Opera, Hotbot, Netscape – good products that try to incorporate more sophisticated tools that the average consumer really doesn’t need, understand, or want. Opera is by far a superior browser to IE, and probably better than FireFox, but it’s UI is exceedingly complex – people don’t want complexity, they want simplicity. Only ubergeeks really wanted Hotbot or Opera, and the only folks that wanted to keep Netscape on their desktops did it to spite Microsoft…

I can only presume that the buzz around FireFox are the same geeks looking to get out their message of safety and security; a chuckle since Mozilla (aka FireFox) is open source – nothing better than knowing how the fortress is built to storm it. Yet, the only real reason why FireFox is more secure than IE is because it’s relatively new to the market; the bad guys need time to find its holes. And they’ll find the holes. And in comparison to Microsoft’s native electronic-distribution channel built into Windows, it’ll take the AOL-Funded Mozilla Foundation (coding by consensus) too long to respond to emerging threats to do corporate machines or end consumers any good.

I think the idealism is great but the hype is really wrong. FireFox isn’t safer, it’s just newer. FireFox isn’t better, it’s just a telephone, like any other telephone, just as good as the next telephone. FireFox isn’t competitive; it’s development process is slow and anarchistic. Does FireFox represent a return to the Browser Wars? I say no – FireFox is just the frenzied soldier trapped on an island who wasn’t told the war ended.

Russell Mickler, CISSP MCSE

Principal, Mickler & Associates

www.micklerandassociates.com

Anti-Spyware… Isn’t.

Microsoft just released a beta application for Windows to locate, disable, and eliminate spyware. The application is beta so I wasn’t expecting a great deal. I was impressed, though, with its integration with Windows’s update, clean and simple UI, advanced tools for browsing helper objects and resident programs, and, its TSR agents, designed to monitor three areas of potential infiltration.

A few hours, though, proved that glitz and good design doesn’t a solution make. I was running three other applications on the box to find the malicious code – SpyBlaster, SpyBot, and SpyDoctor – each one was identifying completely different areas of infiltration. One would catch a bug while another would say the computer was clean, even with updated definitions. I moved in and out of safe mode, attempting to track down and erase the offending registry entries, programs, and settings that kept bringing the crap back to the machine. And every time, the Microsoft anti-spyware solution would report that the system was clean.

Heck, what were those real-time agents doing? Apparently not stopping the spyware. Once, a toolbar attempted to self-install and the agent asked if I wanted the toolbar to install; it’s this obtrusive red dialog that pops up above the system tray – believe it or not, there’s not a “DOH!” option to prevent the application from answering such an obvious question. Of course not! I mean, that is why I’m running the application. So I answered NO. The agent reported that it erased the infection only to find that it had actually installed, created directories on the primary volume, and placed its executables in the windows\system32 directory. I suppose I didn’t answer the question fast enough.

Fact is, I’ve found that no single application mitigates or reduces spyware. Each application’s definitions seemingly understand different levels of threats. Only a good reformat seems to solve the problem, and as for my client, after the reformat, I set the browser’s privacy and security settings on high, re-enabled the native firewall, refreshed Norton’s definition file, and offered a bit of advice:

1. I demonstrated the difference between a dialog generated by Windows versus a dialog generated by a browser. The browser-based dialog is encapsulated in Windows Exporer and looks different from a normal operating system response.

2. If the browser-based dailog asks a question, always opt for cancel or NO. Do not accept certificates unless you trust the source.

3. Do not install any 3rd party toolbars or search assistants. They are more trouble than they’re worth and open holes into your system that invite other applications to install.

4. Try not to download anything from the Internet whose author your not familiar with. Spyware is being circulated in applications now. Removing the application doesn’t remove the spyware.

And finally, I advised that he download the Microsoft’s Anti-Spyware tool. It’s not much, but it’s something – at least some layer between you and the bad guys.

Russell Mickler, CISSP/MCSE

Principal, Mickler & Associates

www.micklerandassociates.com

© 2003,2004. All Rights Reserved.

None of this material can be copied or used without express permission from the author.

Downtown Blogging

I am sitting in a Starbucks in downtown Portland and using my Palm 3x to compose this message. I am waiting for a collegue of mine to discuss an upcoming course I’ll be teaching.

To pass time, I recall why I hated using this stylus and the reason why I left the daily workplace some nine months ago.

To get to Portland from Battle Ground requires a twenty minute drive to a bride crossing the Columbia River. Like I said, a twenty minute drive – unless another thirty thousand people are trying to do the s me thing. The twenty minutes quickly becomes forty, then, another thirty just to travel ten miles into the metro. It took then another ten to find parking downtown; I couldn’t find a public restroom, even at the Starbucks, and there was a huge line there where the person in front of the line was grasping his head in mental confusion, talking to himself, trying to plat magic tricks with open items on the counter; the clerk was having a fit and the individualbarely knew where he was let alone understood he was buying coffee.

In line, I became distinctly aware of the fact that I hadn’t done this morning ritual in nearly a year. I was shocked at the amount of time, the inconveniences, the literal insanity of it all – how complacent I must have been to simply do this every weekday as routine. Now licking his finger and writing on the windows to Starbucks, are the actions of one mad indicidual any less crazy than my own just one year ago? Everyone is dower, gloomy, glaring here in the downtown coffee house. They glance at me and sneer, these people, angry, uptight, concerns crease their faces. They realize that I don’t belong – that I’ve managed to wiggle free of the jacket – and I’ve only come for the visiting hour.

I’m only too happy to leave.

Russell Mickler, CISSP/MCSE

Principal, Mickler & Associateswww.micklerandassociates.com

© 2003,2004. All Rights Reserved.None of this material can be copied or used without express permission from the author.