How Can I Trust Internet Explorer?

Recently, a guy wrote an interesting blog: [How can I trust Firefox?](http://blogs.msdn.com/ptorr/archive/2004/12/20/327511.aspx). Basically he went to explain why installing Firefox is not a safe process. He works for Microsoft (no wonder) and he is not even a coder (no wonder), so it is normal for him to have a soft spot for their products.

One logical answer to that question is: *Can I Trust Internet Explorer?* I for one don’t trust it a bit and find that downloading and installing [Firefox](http://www.mozilla.org/products/firefox/) is well worth the risk. Of course, he did all his experiment in Windows, which is not a safe neighborhood anyway. Under most Linux distribution, Firefox is already included. And any updates from the vendor to Firefox are digitally signed by [GnuPG](http://www.gnupg.org). So, none of his rants are valid within Linux environment.

I also find his rant about [Verisign](http://www.verisign.com) signing certificate very funny. It doesn’t matter if Internet Explorer ultimately trusts Verisign certificate while [most of the world don’t](http://www.google.com/search?q=%22verisign+sucks%22&ie=UTF-8&oe=UTF-8). Microsoft does its users a disservice if they choose to trust Verisign certificate. Do you trust Verisign? I don’t. So, if Internet Explorer trusts Verisign, why should I trust Internet Explorer? Furthermore, all the signing certificate does is to ensure that the package really comes from the right vendor and it’s not tampered on the way (I’m not trying to downplay the importance of this issue, by the way). It doesn’t prevent a malicious vendor who is willing to spend [a few hundred dollars](http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html) to get a signing (some spyware creators do!). It also doesn’t prevent bug in software, a bug in signed software can easily be used by malicious code to execute as the signed software behalf.

He did however point out some problems in Firefox that warrant a fix. Should be easy enough for Firefox developer. Almost all of his points was trivial (but important nonetheless), like dialog boxes defaulting to OK. Expect the next update of Firefox will contain these fixes.

Leave a comment

Your email address will not be published. Required fields are marked *