Microsoft

Interview with a Vampire… er, Malware creator

John Silby

“Do not run IE ever, not even once.”
~ Malware developer

Every city in the world has a street you shouldn’t visit at night, where thieves and scam artists live and you probably won’t leave with your wallet intact. This also stands true for the Internet, although getting to these virtual places is rather easier because they’re more likely to show up in your own computer in the form of programs—malware, scripts or other software—designed with a malicious purpose. In the early days such programs were created as pranks or bad jokes, but today they are being used for more nefarious purposes (usually to steal money, personal data or other information from the victim).

In an interesting article, Interview with a Malware creator, at Softcity, Miguel Esquirol, a Montreal writer, blogger and journalist, delves into the shadowy world of the computer hacker.

The quote above is one of several pieces of advice the hacker offered on keeping safe online. I highlighted that one for two reasons:

First, because Internet Explorer is notoriously prone to hack attack. Recent versions are better, but it’s still the browser most likely to be exploited as a way into your computer. Of course, historically it has been the most used browser—but that’s only part of the story. It took years for Microsoft to acknowledge IE’s shortcomings, and even now they still often take longer to fix vulnerabilities than other browser developers. Yet, because of its ubiquitous distribution around the world, web developers go out of their way to make websites work properly with Internet Explorer.

This brings me to the second reason—Microsoft’s lack of commitment to web standards. As far as I’m aware no browser embraces the standards completely, but Microsoft has been consistently reluctant to embrace them, insisting instead on developing their own specifications (which, of course are unique to IE, and won’t work in any other browser unless the other developers choose to include Microsoft’s ideas in their own browsers). Web developers are more or less forced to put a lot of time and effort into getting their sites to work properly in IE simply because it is so universal—a situation due more to Microsoft’s marketing and captive market than to IE’s suitability or competence as a browser.

When you use a less common—but more standards-compliant—browser, as I do, it’s galling when you come across a site that says “your browser is unsupported, please update to a more modern browser.” I shout at them, “My browser is modern. It’s your web design that’s out of date!”

If web designers refused to jump through hoops to get their sites working in IE Microsoft would be forced to get their act together and build a standards-compliant browser. IE6, released in 2001 as the standard browser in Windows XP, is a particularly cantankerous browser, and it’s often difficult to get it to render sites properly. Sadly, many corporate users were tied to it because their IT departments were committed to Microsoft and Internet Explorer wasn’t updated for five years. At its peak, Microsoft had over 85% (IE6 71% and IE5 14%) of the market. Last month Microsoft’s share of the market had dropped to 21.2% (IE6 1.2%, IE7 3.4%, IE8 11.5%, IE9 5.1%). It has been overtaken by Google Chrome (33.4%) and Mozilla Firefox (38.1).

Since both Mozilla and Google pay more attention to standards, perhaps my days of seeing that dreaded “browser unsupported” message are limited. I’m not holding my breath, though!