New Browser for Second Life Junkies!

Then it's your loss. The response was entirely reasonable and lucid.

If you're not interested in having a reasoned discussion about issues central to the original topic, you're being just as destructive as the obvious trolls you were previously railing against.

I would expect a response like this from Over Sleeper! lol

heheh they did, ironically about how they couldn't come up with any ideas.

All I am hearing is blah blah blah
ROFL ROFL ROFL RRRRRR ROFL

Give us facts please. Where is this on the site or any other site...can't seem to find it myself? Perhaps you should let them annouce it themselves? Or are you the new LL Spokesperson? Not trying ta be rude, just wanna know.

LOL

Firefox has had its own share of security vulnerabilities in the past year, including several ranked critical:

http://secunia.com/product/4227/#statistics_criticality

You are putting forth statements about 1997 and the year 2000, we are currently in 2006 - so your company's experience 10 years ago is hardly relevant. Yes, Internet Explorer has had security vulnerabilities. Internet Explorer 6 on Windows XP SP2 is not the same IE from 5 years ago or 10 years ago. Do vulnerabilities remain? Yes - they also remain in Firefox and Mozilla, in Windows, in Linux, etc.. Take a close look at the Secunia site and notice how many warnings there are across all kinds of products.

As Firefox becomes more popular, it gets probed more. Whether she chooses to base this browser on IE or Firefox is her choice - considering that IE still has an over 80% market share of usage. With your dire predictions, nothing would be functioning right now if IE were so bug riddled that no user can get away without it destroying their computer.

I think you are referencing worms (self replicated), and they were due to poor design of Outlook, not IE. Virii require user interaction, so it doesn't matter if your using Outlook or Thuderbird, if you click on "Hot Girls.jpg" you'll be in the same trouble.



Start recommending Safari, IE on Mac is discontinued.



Not true. Although you can persuade me if you reference a critical vulnerability for the HTML component that is unpatched.



Very true. I'm not trying to be a fanboi, I still hate IE, and am currently using Flock. But the html components in Visual Studio are powerful, as demonstrated by this project.

Ignore the trolls who promote Firefox, just 'cos they like it doesn't mean you have to hate it. They probably like PEZ, ice cream, sex and Second Life, too. No point in disliking those things just 'cos they like them. Personally, I'd probably still be wiping my hard drive 'cos of worms and trojans every couple of months if I were still using Explorer rather than Firefox.

My original question still wasn't answered though! If I disabled IE from my Windows XP system (note it's still there, it will never uninstall completely, just can't be opened) will MadamG's browser still work? Because I'd love to try it! I'm sure the people in here debating technical browser issues know enough to tell me that.

From someone who is an outsider now, if you have a program working - ie, does what it is supposed to, runs fast, is bug-free to all intents and purposes, then that is worth a great deal. Good structure is a working method which is optimal for getting results, but it is perfectly possible to write a well-structured program that is crap.

In the same way, it is a mistake to dismiss what someone says just because they incorrectly put an apostrophe in 'its'. *cough*. What is important is what they say.

That explains a lot.

Sorry you got the reaction you did from some people. I am amazed that there are so many miserable sods about when it's not even Monday morning.

Anyway, it's a great effort and I really look forward to seeing the browser. When (and where) is it likely to be available?

In case you're thinking what I think you're thinking, all my previous posts about LL and about the evasion issue were made before I started writing it or even thought of doing so. As I say, I actually decided to try as a result of feeling that I should try to contribute something instead of just complaining.

Technically no. But I, personally, would be cagey about typing a username/password into an entry in a Preferences box in a program. On the other hand, if you don't trust an SL web browser enough to log into secondlife.com with it then, well.. basically you're not going to use it. There's very little that can be done about that, really.

Ok, fair enough. A good sentiment.

Indeed, and the standard firefox shell has some design flaws I find disturbing, but they're nothing like the deep and inherently unfixable design flaws in IE that Microsoft has not even attempted to seriously address. For one thing, they're in the shell... you can build a more secure browser around Gecko... and for another, none of them require that the Mozilla foundation keep the holes open and just patch specific exploits the way the IE design flaws do.

I'm not just talking about incidents in 1997, or 2000, I'm talking about problems that I continue to see today. Two years ago new management forced us to go back to IE at work, and despite frequent (and disruptive) updates we have had and coontinue to have more problems with malware (viruses, spyware) exploiting IE's lax security model than we ever did when it was banned.

The fundamental problem is that the HTML control has to reconstruct the status of an object it's displaying (trusted, or untrusted) based on incomplete information.

Gecko, KHTML, Webkit, every other browser core in current use has no "unsafe" mechanisms built in to the core. The only way to add extensions is for the shell program that's passing the page to the display component to explicitly add them. The default condition is that ALL pages are untrusted, and the application (the only component of the system that actually knows the origin of the content) is responsible for adding them.

The HTML control has unsafe scripting and URL handlers built in, and it uses the "security zone" of the object its displaying to try and guess whether it shoudl be granted more rights. Until they change this, and make the rights PURELY the responsibility of the application, IE will continue to suffer from a class of attacks (cross-zone exploits) that no other browser is subject to... and so will any application that uses it to display potentially untrusted content. Until they change the API this will remain true... and every application that uses it sets up a new set of special case rules that the security zones have to model.

The only way to fix this is to change the API. Which means breaking EVERY application that uses the HTML control. Microsoft isn't going to do this, so Microsoft will never fix this.

The HTML control, right now, even in the latest and most recently patched version, is still suffering from this. Antivirus software doesn't solve the problem, because a virus isn't blocked until AFTER it's already infected enough people for it to be noticed. And antivirus software itself reduces the reliability of your system because it intercepts system calls at a low level and changes the way they behave, even if only slightly... we have occaisionally had to disable it for systems used by software developers because it interferes with compilers and other software development tools.

The only "antivirus" I use myself is... I never use Internet Explorer nor any application that I've found to use it. And the last virus I had on my own Windows box was in the '80s.

Don't put words in my mouth. I didn't say that no user can get away with using it without destroying their computer. And it's not a matter of it being "bug riddled". A design flaw isn't a bug. It's worse.

And every year since 1997 I've had people like you tell me that IE has been patched now, that these problems aren't any worse than this or that other browser, and every time there's been another cross-zone exploit uncovered within a few months that has to AGAIN be added to the set of increasingly inconvenient and complex rules in Microsoft's "security zones". And some of them, it turns out, had been in wide use by spyware and other malware for months before discovery and patching.

I can guarantee you that there are holes in the security zones right now, and there's spyware taking advantage of them. I can guarantee you that there's no such problem in any Gecko, KHTML, or Webkit-based browsers.

The problem isn't Outlook or IE, it's the HTML control that both of them use. The same kinds of attacks have been used by email worms sneaking in references to local disk by pointing to the user's mail folders, and by web-based attacks sneaking in references to user's temporary directories or internet cache. This is the most obvious kind of cross-zone exploit... and it looks like a different attack to the user... but the underlying mechanism is still the same. And it's still there... the latest cross-zone attacks have been made by people sneaking URLs or code fragments in via internal corporate bulletin boards: since the boards are in the "intranet zone" the code is treated as more trustable than it should be.

So long as the HTML control uses security zones, this problem will never be fixed.

Unfortunately, once the HTML control gets the object, it doesn't matter what the surrounding shell is made of... the HTML control makes all the decisions.

Yes, but ... why did you disable IE? If it was for security reasons, using any application that displays web pages using the HTML control is at best no different than re-enabling IE.

Great job MadamG.

I would like to try this and will contact you about it.

And now for some music!




I met you before the fall of Rome
And I begged you to let me take you home
You were wrong, I was right
You said goodbye, I said goodnight

It's all been done
It's all been done
It's all been done before

I knew you before the west was won
And I heard you say the past
was much more fun
You go your way, I go mine
But I'll see you next time

It's all been done
It's all been done
It's all been done before

And if I put my fingers here, and if I say
"I love you, dear"
And if I play the same three chords,
Will you just yawn and say

It's all been done
It's all been done
It's all been done before

Alone and bored on a thirtieth-century night
Will I see you on The Price Is Right?
Will I cry? Will I smile?
As you run down the aisle?

It's all been done
It's all been done
It's all been done before

Barenaked Ladies - "It's all been done"

*Cries*

Nah, is not my problem at all! You realize that we all do have choices, in rl and sl?

Necromancy is a choice!