The reason that companies use IE for system utilities like Windows Update, is that HTML is relatively easy way to build a user interface for these kinds of applications.
It's unfortunately that Microsoft didn't provide an HTML engine for these applications which wasn't a full blown Web browser. Add/remove programs in Windows is an example of building an application using HTML, CSS, Javascript, and ActiveX controls which hasn't introduced security problems in IE. JavaScript, plugins, and file associations have their place on the Web. Without them, we wouldn't have things like Acrobat reader, Web-based email clients, Google Maps, YouTube, etc. Richard From: Jeff Kell [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2008 7:02 PM To: Richard M. Smith Cc: [email protected] Subject: Re: [funsec] Texas Bank Dumps Antivirus for Whitelisting Richard M. Smith wrote: So under HA, a Web browser can only show ASCII text files. After all, HTML itself is a programming language with intermingled code (ie., HTML tags) and data ("text"). Well, it's not *that* bad. HTML tags and other markup that affects the layout is fine. Tables, forms, queries, etc are all fine. That just affects what goes into the browser window. It's not the browser itself that broke things, it was Javascript, plugins, and automatically executed externals (file associations). The abomination from hell is IE, where you use your browser to *UPDATE YOUR OPERATING SYSTEM*. Jeff
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
