Talk:Internet Explorer/Archive 1
This is an archive of past discussions about Internet Explorer. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Archive 1 | Archive 2 | Archive 3 | → | Archive 5 |
Market Dominance of IE
"On the other hand, the dominance of Internet Explorer in the web browser market has led some web developers to design their sites with IE in mind as the target browser. This means that browsing with Internet Explorer can often be freer of irritation due to other browsers' inability to run IE-specific code."
I'm not sure if this information is accurate. Most web developers write their sites with all the major web browsers in mind. Very few make it "IE-specific." Perhaps delete or re-write this? -- Sasha Slutsker
- Oh, I wish you were right - but I'm afraid people do end up designing based entirely on IE. There are a number of major commercial websites that are in some way broken on other browsers, and the maintainers can simply claim "it works for more than 90% of users". It should be noted that this was once the case for Netscape Navigator, to the extent that the first W3C's standards were largely based on the de facto standards defined by that program's behaviour. The only issue I'd take with the current text is that HTML is not exactly "code" that is "run", although I suppose JavaScript is also a major distinguisher these days. - IMSoP 22:00, 28 Mar 2004 (UTC)
- Can you give me an example of these commercial sites? I use Mozilla Firefox and have not found any sites like that except for a couple free web hosting sites that I probably won't want to look at anyway. Like I said, an example would be nice. Sasha Slutsker 23:23, Mar 28, 2004 (UTC)
- Try looking in Mozilla's Bugzilla Database for bugs against the "Tech Evangelism" product, which are for pestering sites that don't render on Mozilla (in cases where it's the designer's fault, not Mozilla's). For instance, I searched for any of those with "IE" or "Internet Explorer" in comments and the list is so long it has problems loading properly. OK, so not all of these will be because of IE-only testing, but a smarter query would surely turn up plenty of examples.
- Oh, and I just thought of one from personal experience: the grocery shopping system on http://www.asda.com - IE shows a list of aisles where Mozilla (and Firefox) has nothing but empty space. - IMSoP 23:58, 28 Mar 2004 (UTC)
- I think everyone's a bit right here and some things that were said don't even contradict each other necessarily. It is certainly true, that many web developers mainly tested their websites in IE and therefore didn't write valid standard code but code that relies on IE-specific behaviour. On the other hand the other browsers are of course trying to detect when they should fake IE-rendering. (In Mozilla/Firefox right click somewhere on the website and go to "View Page Info" - the "Render Mode" tells you in which mode the current page is being displayed). --217.162.236.92 21:02, 28 Nov 2004 (UTC)
IE for Unix; Konq?
I know Microsoft ported IE (version 5 at least, maybe 4) to Solaris and HP-UX, but I don't know any of the details. The website used to be at http://www.microsoft.com/unix/ie/
Also, why is Konqueror listed as being a competing browser on Windows? I'm guessing this is a mistake or a Konqueror fan just wanted to add it. The win32 port never got off the ground, and running on Cygwin/X doesn't count.
The Konqueror page claims that there is a Windows port -- though it may be through one of the projects you mentioned.
The only IE for Unix released was for Solaris and HP/UX. I was able to confirm that IE v4 and v5 were released for both... not sure about other versions of IE (or other flavors of Unix). See:
MSDN article, MSDN article and Unicode web browsers for Unix and Linux computers
Gecko 00:50, 13 Jul 2004 (UTC)
The repeated mentions of tabbed browsing and popup blocking as features provided by competitors is misleading, especially considering there was no mention of these features being available in alternative browsing interfaces that wrap IE.
I have attempted to mitigate this somewhat with today's edits, clarifying that components of IE are, on Windows, incorporated into various applications, some of which supplement IE's features (e.g. SlimBrowser) and some of which only provide a limited subset thereof (e.g. Winamp's "minibrowser" panel). There's also Windows Explorer, the application that makes use of IE components to supply the default interface for browsing the filesystem as well as rendering the desktop, features which seem to annoy anti-MS folks but which are viewed favorably by many users.
Even edits such as these may not be enough for adequate NPOV; it might be better to avoid implicitly or explicitly qualifying all components as belonging, first and foremost, to MSIE. Rather, many of them are just a subset of all of the components that go into an application. Some of these are shared, some aren't. I'm guessing these issues are discussed at length in some litigation somewhere. - mjb 08:05, 18 Jul 2004 (UTC)
More concerns about possible anti-IE POV
For obvious reasons this page may be more invulnerable to POV due to systematic bias amongst WP editors than nearly all others. Here are are some current potential issues:
- others argue that the browser needs to be removed completely before the system is secure. Instructions about how to remove Internet Explorer [from] Windows XP (http://www.tweakxp.com/tweak1241.aspx).
As that link points out, it is not possible to remove IE from WinXP with any degree of safety. There are literally hundreds of Windows programs that rely on IE (the whole shebang not just components). Deleting the files that that link suggets from your hard drive is a bit like playing russian roulette. Firstly we need to decide whether to link to that site at all (the "tweak" is given the lowest possible score there 1/5, because it basically doesn't work). If we do want to continue link, we will to redo the wording.
- The whole "Competing web browsers" section
There is no equivalent section on the Mozilla/Firefox/etc/etc pages. The comparison between browsers should be at web browser. References to other browsers in this (and other browser-specific articles) should be in passing. e.g. "IE does not provide tabbed browser, unlike Moz-based broswers. Similar functionality can be obtained by using multiple windows." Pcb21| Pete 14:23, 2 Aug 2004 (UTC)
Pcb21| Pete 14:23, 2 Aug 2004 (UTC)
- I am responsible for some of the wordings of the "removing internet explorer" section. Believe me, it was a lot more POV before I re-did it. The original (anon-contributed) section read:
- "Using another browser does does not remove the Internet Explorer files from your computer, nor does it keep other programs from using them. There are a number of other components of the Windows operating system that still default to IE. Also, some other application programs default to IE. This still leaves your system exposed to all of the IE and ActiveX security holes. These additional files need to be removed for better security. Instructions for earlier versions of Windows 95, 98 and ME are available at this site. Microsoft has intentionally made it difficult to remove the IE components from XP. Instructions for the XP version are at this site,"
- I tried to remove the obvious POV from it, without eliminating the crux of it. I kept thinking to myself "why is Wikipedia giving instructions on how to remove Internet Explorer?" - Mark 04:38, 3 Aug 2004 (UTC)
- Removing IE has become an issue in Wikipedea for the same resaon it has become an issue elsewhere on the Internet, because MS has made it an issue. There is no section in other Browser wiki entries because they are removed from a aystem in the same manner any other program is removed. That is not true with IE. MS has intentionally made it difficult. The continuing security issues with IE are real. And they continue unabated. They are costing many people untold grief, and costing business many millions of dollars in restoration and down time. It is most certain up to the users to decide to remove the source of these problems. And it is their right to be able to do so in order to protect their systems and data. In what manner is this information a biased to any POV other than MS's?
- Wikipedia is not a software uninstallation guide. Anyway, the overhype of security problems in IE will soon be mostly quelled with the forthcoming release of XP SP2. People will thenceforth start complaining about how IE doesn't let them do anything that could be insecure. - Mark 02:44, 6 Aug 2004 (UTC)
- "the overhype of security problems in IE will soon be mostly quelled with the forthcoming release of XP SP2." --- hehehe ... right ... now where have I heard that before. My understanding is that Wikipedia is a source of information on any subject of interest. The NPOV policy is designed to limited bias and proselytizing, not to eliminate information considered contrary to someone particluar agenda. Perhaps YOU think IE security problems are overblown and and will be all cured shortly. You are certainly more than welcome to state that you believe that. You are certainly more than welcome to act, or not act, on that belief in your own personal affairs. But you are NOT welcome to eliminate information from the field that in contrary to your beliefs.
- What are you talking about? The only information I removed from the section in question was:
- The almost imperative tense used to describe the removal of Internet Explorer ("These additional files need to be removed for better security"); and
- Thinly veiled (and possibly libellious) criticism of Microsoft ("Microsoft has intentionally made it difficult to remove the IE components from XP")
- If I was intent on pushing my point of view, I would have removed the section entirely. Oh, it's already been removed by someone else. Well all I did was to bring the statement in line with NPOV policy and its text up to a decent literary quality, so stop berating me. - Mark 12:38, 6 Aug 2004 (UTC)
- What are you talking about? The only information I removed from the section in question was:
- I respectfully disagree. "The [NPOV] policy says that we should fairly represent all sides of a dispute, and not make an article state, imply, or insinuate that any one side is correct." To achieve a "true" (rather than "fake") NPOV we must not insinuate that the anti- (or pro-) IE argument is the correct one. - Mark 13:07, 6 Aug 2004 (UTC)
- I know policy. You didn't address my reductio ad absurdum. — Chameleon Main/Talk/Images 13:16, 6 Aug 2004 (UTC)
- Is there something you are trying to say? Or something I am meant to say to you? I am not going to get into a discussion of the merits of the NPOV policy. If you feel that the section in question was better in its original state, feel free to change it back. I've been sick of the constant edit bias in Microsoft-related articles for over two years, but I got over it. Do you think my change to the statement was POV? If so, can you suggest some changes, so I can be more NPOV in future? - Mark 13:34, 6 Aug 2004 (UTC)
- Ah, that's what you were getting at. After a long week, I have latin phrases coming out my ears and I didn't really want to try to figure out another. :-D Anyway, I most certainly don't mind saying "It is difficult to remove Internet Explorer from Windows XP", because that is obviously true enough. It's only when we insinuate that Microsoft did this to stop people changing to other browsers or what not that I feel we enter the realms of POVness. - Mark 14:23, 6 Aug 2004 (UTC)
- I don't want to argue any more. Anyway, I think we are running out of indents. If we went long enough, we could make a nice zigzag pattern. Shall we shake metaphorical hands on the matter? I don't really know what I have been arguing anyway. - Mark 14:41, 6 Aug 2004 (UTC)
- OK. Anyway, check out Reductio ad absurdum — I've added the second section. — Chameleon Main/Talk/Images 15:01, 6 Aug 2004 (UTC)
- Very nice. :) - Mark 15:07, 6 Aug 2004 (UTC)
- Mark, forgive me for acusing you of removing the removing IE materail. It was Pcb21. Sorry.
- Hi, anon. Yes it was me who removed the section, after bringing up the subject here, and having gained one response which was basically in agreement with me and no other responses. The above discussion has, to be honest, only reinforced my view that one area that might be susceptible to systemic bias is proprietary software. No-one, for example, has, for example responded to my point that even linked to site says that removal of IE from WinXP is basically impossible (it is the same lopping off a core part of the OS and expecting it to carry on working). The site voters give the dual OS method 1.0 out of 5.0 the lowest possible mark. Instead of attempt to improve the article, we get some tangential debate about the nature of NPOV. Pcb21| Pete 22:33, 6 Aug 2004 (UTC)
...and Mozilla evangelism
Pcb21 - Resetting the tab for space. In total agreement about fixing the information. We can try to find better info, and certainly include a warning about just how difficult MS has made it to remove IE. - anon
- www.chrisbeach.co.uk - Microsoft are creating an integrated system that is written in native code and well-cached. To separate the browser into a separately installable piece would be to take a step backwards. I don't see anyone complaining about the fact that Apple manufacture their own machines, with their own OS, their own browser and their own machine-specific peripherals. At least MS bothered to make a version of IE for unix, mac, x-windows, smartphones etc. The arguments against IE/Windows integration originate largely from bitter competitors and are evidently self-serving and biased. The POV trash in this article should be removed, but I know as soon as it is, there will be an uproar from the "Mozilla Evangelists" et al. It makes me sick to see the media twisted like this. It's practically the same as when the Bolsheviks used "revolutionary" media to incite a bloody uprising against capitalism in Russia. And didn't the new communists do a service to the country..
- Thanks for your opinion, but could you please not try to pick fights? I also believe the evils of Microsoft are blown out of proportion by evangelists, but starting fights doesn't serve much of a purpose. Rhobite 00:27, Sep 15, 2004 (UTC)
- I hate IE myself and all the nonsense that its regular users (including, at once point, my family) have to deal with. I'll likely never use it again. However, I still think that the anti-IE POV in this article is way too much. We need to neutralize it, and I'm open to everyone's ideas about how best to do this, including the anons here. No other browser article condemns its subject so much, or provides links to uninstallation instructions. The Wikipedia must be an unbiased reporter. --Ardonik.talk() 01:18, Sep 15, 2004 (UTC)
What is the factual basis for "Internet Explorer is by far the most widely-used web browser, making up approximately 95% of all browser usage, mainly because it has been shipped as the default browser in all versions of Microsoft Windows since Windows 95."?
I could not find any objective, conclusive evidence of this. Maybe we could get some data from the access logs of the wikipedia or another general topic website? Or else this could beter be rewritten as "Internet Explorer is one of the most widely-used web browsers, mainly because it has been shipped as the default browser in all versions of Microsoft Windows since Windows 95." Although I doubt that this is the only reason for its popularity.
Also, usage under MacOSX has dropped very quickly since the introduction of Safari, so maybe the references to the Mac IE are not really current anymore imho. -- gmlk 16:23, 6 Aug 2004 (UTC)
- You can pick more or less any survey you like from the dozens online, and they all say the IE average is upwards of 95%. I don't think a re-write is necessary. As a matter of interest the logs for *.wikipedia.org show IE usage as low as 85 or even 80%. This is because Wikipedia is a open source oriented site. (Compare slashdot where IE usage appears lingers as low as 50%). Pcb21| Pete 22:33, 6 Aug 2004 (UTC)
Mac OS X Image Caption
Is it really neccessary to add the word "discontinued" to the image caption for the Mac OS X screenshot? All it does is make the caption longer, and anyone who wants to know that it's discontinued could read the article. — 33451 | Talk 12:20, 1 Sep 2004 (UTC)
Moved from VP
Anyone know why I can only save jpgs I come across on the internet onto my computer in bmp format, and not jpg format, the format which they are in? I can't copy and paste them either. It's bloody annoying. I tried looking in tools/internet options but I can't see it. Alternatively, know anywhere where I can get help? (please respond on my talk page thanks) Dunc_Harris|☺ 19:10, 2 Sep 2004 (UTC)
- Here's a Microsoft Knowledge Base Article on the problem (and it's apparent solution/workaround): Internet Explorer Does Not Save Graphics Files in the Proper Format. Some people have said it doesn't work, though. - 21:36, 2 Sep 2004 (UTC) Lee (talk)
- I absolutely hated this "feature." I would end up converting the gigantic BMPs back to JPEGs, doubling the number of JPEG-related artifacts in otherwise high-quality images. The ultimate solution was to get a clue and stop using Internet Explorer altogether. MSIE has always been an inferior piece of software, but only recently have alternatives become smaller, faster, and easier to use. --[[User:Ardonik|Ardonik(talk)]] 17:20, Sep 3, 2004 (UTC)
Incomplete standards
A recent addition by an anonymous user:
* Incomplete Standards-compliance according to the W3C (see W3.org). Note that the standards themselves (eg CSS3) are also incomplete.
As I said in the edit summary, the statement seems to summarily dismiss or brush off IE's lack of standards compliance. As a web developer, it's not CSS3 that I care about, but CSS2 and CSS1, which are complete, and which people like me have been clamoring for IE 5 and 6 to support for the longest time now. To conflate those issues is misleading.
That said, perhaps we can use this to strengthen the article. Can we get some input as to why Microsoft chose not to support several W3C standards, preferably straight from the mouth (or keyboard, as it were) of an IE developer? I'd love to incorporate that into the article so that people gain insight into why IE is the way it is. --Ardonik.talk() 01:11, Sep 15, 2004 (UTC)
Much as I'd like to agree, from my research it seems IE doesn't even support CSS 2 fully (specifically different types of selectors), let alone CSS 2.1. - as this article says. Match 16:08, Nov 28, 2004 (UTC)
"Negative Features"
I'm curious as to the definition of a "negative feature." In any case it seems irrelevant in an encyclopaedic article. The "negative features" in the IE page appear to be personal criticisms (POV), and comparisons to other browsers, which should be in Comparison of web browsers
- You're right, there's no such thing as a negative feature. The section headings need to be changed or reorganized. However these issues should stay in the IE article, since they are common criticisms. NPOV doesn't mean "remove negative criticism." Rhobite 19:24, Sep 22, 2004 (UTC)
- The "negative features" here appear to be simply the "con" side of a "pros and cons" list. Both sides of any such list will invariably include subjective points, since a feature may be a useful feature to one person and a harmful one to someone else.
- For instance, ActiveX is used by some browser-based applications to do useful work, but disabling it if you don't need it is on many security checklists, because of the problems it can cause. So it is a positive feature to those who use it, and a negative one to those who are harmed by it or have to do extra work to avoid it. These are not simply opinions — they are subjective facts which differ from person to person, depending on needs. However, they militate against listing ActiveX as either a "positive" or "negative" feature — it is simply a function of the browser, turned on by default, which is useful for some and harmful for others.
- One possibility: Avoid listing "features" which are common among IE and other browsers (Firefox, Netscape, Opera, Safari). List differences from the common denominator. For instance, while a pop-up blocking function is new in IE for XP SP2, it is not an uncommon function of a Web browser. Likewise, "element-level alpha" is not an uncommon feature; it is, rather, unusual that IE has only element- and not pixel-level alpha as specified by PNG standards. JavaScript, Flash — these are likewise common among browsers;. Features which should be listed are those that single out IE: like ActiveX, COM, the use of IE for HTML rendering in Outlook, lack of tabbed browsing, better multi-language support, etc. —FOo 22:44, 22 Sep 2004 (UTC)
- "they are subjective facts which differ from person to person, depending on needs" - in other words: opinions. If you want to write an article that compares IE to Firefox then by all means do it in Comparison of web browsers. The problem with listing opinions like this is that all browser wikipedia entries risk being filled with negative points that favour the competition, and as competition grows, so will the articles.
- I disagree with you that subjective facts are opinions. An opinion is a preference, thought, or belief; a subjective fact is a fact that differs from person to person. For instance, some companies find Windows systems cheaper to administer than Unix systems; others find Unix systems cheaper. These are not opinions; they are facts, which contribute directly to the companies' bottom lines. They are "subjective" because they differ from case to case — not because they are dubious, untrue, or based on belief rather than reality. —FOo 16:13, 25 Sep 2004 (UTC)
- Entries like this are meant to be opinion-neutral and objective - NOT subjective at all.
- NPOV does not mean that Wikipedia refrains from describing different people's opinions, or the knowledge of various experts. It certainly does not mean that Wikipedia must avoid mentioning those facts which, when different people interpret them differently, lead to different opinions. We accomplish the goal of being opinion-neutral by describing different opinions, and the facts that inform them — not by slicing out opinions, and never by slicing out the facts that lead people to draw different conclusions. —FOo 16:13, 25 Sep 2004 (UTC)
- "Negative features" aside, I would like to question this article's focus on removing Internet Explorer. It's unbalanced, and out of place. Very few Windows users remove IE, due to its obvious drawbacks. Even if it's technically possible, it does disable Windows Update and forces the user to download updates manually. It is possible to have a secure Windows desktop without removing core features of the OS, and it's silly for this article to imply differently. We should tone down the "remove IE" information, it's of limited interest and a magnet for POV. Rhobite 18:15, Sep 25, 2004 (UTC)
- RE: Positive features, I noticed the list lists features that are only available in XP SP2. For instance, My windows 98 machine cannot use the pop-up blocker feature. I entirely agree with an earlier comment that positive features must list positive features unique to IE and negative features must list negative features unique to IE. Everything else should be taken out. --Will2k 18:23, Sep 28, 2004 (UTC)
Competing web browsers
I totally disagree that this should be taken out. It's highly relevant to the article, and though their is an article talking about various browsers, it's still valid to the article. - Ta bu shi da yu 02:55, 15 Sep 2004 (UTC)
- Why? The Ford Taurus article doesn't list competing midsize sedans, and this is no different. The topic should be IE but the article spends a good deal of time telling readers about why and how they should switch from IE. Anyway if we do keep this section, it should go into every browser article. No reason to assume that if you're reading the Firefox article, you already know the alternatives. Rhobite 03:59, Sep 15, 2004 (UTC)
- I think having Category:Web browsers and Comparison of web browsers is sufficient, and prevents the same information from being duplicated in every browser article. The first link will send our readers to every web browser article, while the second gives them a quick comparison of notable web browsers in a concise and neutral manner. I'd rather the comparison section remain out. --Ardonik.talk() 04:09, Sep 15, 2004 (UTC)
Let me see, if Dr. Evil wins a hundred billion dollors from a slot machine, and he uses the money to make a hundred billion Mozilla discs and give them to every living thing on Earth, I'll keep this part. So far I don't see any compitition even though I personally uses Netscape, Mozilla and Fire Fox.
- Then you won't mind if I put "competing web servers" into Apache HTTP Server and "competing MP3 players" into iPod. Rhobite 13:24, Sep 15, 2004 (UTC)
- I'm truly puzzled why you might think that anyone would object. We aren't here to produce marketing brochures, so if the information is factual and helps place an article into context then what is the problem? Many existing product articles mention comparable products (e.g. Honda Civic and Nissan Altima), and info about competing models is one of the more helpful-to-consumers features of ecommerce sites that aren't affiliated with a manufacturer (as with competing sedans on Carpoint, or competing digital cameras on Amazon). Saucepan 21:36, 25 Sep 2004 (UTC)
- I think the point is not that Wikipedia shouldn't cover the comparisons, but that every single article shouldn't contain comparisons - if we have a paragraph under Internet Explorer discussing Mozilla, we need another one under Mozilla; and another under Safari, and Mozilla Firefox, and Camino, and Konqueror, and so on, and so on. I agree, keep the comparisons to a comparison article, and leave the Internet Explorer article to discuss, well, Internet Explorer. Note that that's exactly what your MSN example does - gives you a link to "competitors"; only difference is, they do some server-side processing to put the one you were looking at when you hit the link at the top of the list. - IMSoP 01:30, 26 Sep 2004 (UTC)
- Entire paragraphs promoting or describing features of unrelated products don't belong here, but a simple phrase like "On the X platform, browser Y competes with browser A and browser B." couldn't hurt. IMO this is even more appropriate here given the historical context of IE's birth in the cauldron of the Browser Wars and subsequent role in the historic antitrust trial. Saucepan 07:44, 26 Sep 2004 (UTC)
Who recommends IE removal?
I echo Beachy's challenge: Are there real security experts who recommend removing IE from Windows PCs? I've been developing Windows software for years and I say it causes more harm than good. It could interfere with Windows Update, shell functions, future service packs, third party software, etc. And it provides no real security benefit over simply using another browser.
Let's be frank. People who recommend removing IE aren't "cynics" or "security experts." They're just Internet users. They do exist, this article even cites them. Let's not make up titles for them. Very few users actually remove IE, and I don't know a single computer professional who would recommend it. Rhobite 17:09, Sep 28, 2004 (UTC)
- Agreed. I made my edit to show how stupid the whole edit war really was. Besides which, the following "Some Internet users have suggested removing Internet Explorer from computers in order to decrease exposure to security risks on the Internet." is a weasel term. If people recommend this, then we must cite them. Until the original authors can do this, I have commented out the section. Incidently, the section is not bad in itself. It just needs clarifying. I would ask that the section not be uncommented until the section can be clarified. - Ta bu shi da yu 13:33, 30 Sep 2004 (UTC)
- I do believe I am responsible for the "some internet users..." phrasing. Before I changed it to that, it pretty much said "you must remove Internet Explorer from your system for it to be completely secure". I toned it down a lot in lieu of actually reverting the user, which I assumed would attract an angry response. - Mark 06:43, 5 Oct 2004 (UTC)
- Please understand that I know this. I am well aware that you did the best of a bad job, and I think that as a compromise it was most likely the only way that this bit could be improved. However, now we need the original author to back up his original argument (which I think you effectively summarised) with statements of fact. - Ta bu shi da yu 11:09, 5 Oct 2004 (UTC)
Where are you anonymous users coming from? Would one of you mind letting me know which message board is instructing its users to revert this page? Rhobite 02:53, Oct 5, 2004 (UTC)
- This is where tracking the referer string would be useful. - Ta bu shi da yu 03:43, 5 Oct 2004 (UTC)
Fred Vorck
OK, here's the story. I received an e-mail from Fred Vorck, who has a page about removing IE from Windows. This page has a blurb about Wikipedia: http://www.vorck.com/remove-ie.html#wiki . Quote: "stop making edits to a topic that you know nothing about. Leave the editing to the experts." Fred also says that the MSFN forums have been talking about this. I couldn't find the thread on MSFN, but I suspect that there's some name-calling going on.
- A little bit. See http://www.msfn.org/board/index.php?showtopic=29162 - it seems they think I work for Microsoft (I'm one of the people who commented out the section). - Ta bu shi da yu 12:52, 15 Oct 2004 (UTC)
- OK, I took a moment to respond to the board. Not sure if anyone will see this, but there's no harm in trying to explain our actions. - Ta bu shi da yu 13:18, 15 Oct 2004 (UTC)
- Wow, how do we find the time to be wikiholics in between our duties as Microsoft employees? Thanks for finding the thread, it's not as bad as I thought. I think the section is better now, although it needs to be moved out of history. I don't want to pester Fred but if he has anything to add I hope he'll continue to contribute here. Removing the link to nLite was unintentional and I'm glad he noticed it. Rhobite 13:36, Oct 15, 2004 (UTC)
I replied to Fred's e-mail and asked him to join us here. I think the people from Fred's page and MSFN can make a positive contribution here. I ask that they read Wikipedia:Neutral point of view and Wikipedia:Avoid weasel terms, and help us fix up the section on IE removal. They should understand that it is a small minority of people who feel that it is in Windows users best interests to remove IE. I make a living working with Microsoft products and I don't appreciate the suggestion that I'm not an expert on this topic. There is nothing wrong with linking to nLite, by the way. If this section gets killed we should put it in external links.
Also, Fred, regarding this: Wikipedia editors: "who says IE is insecure?" This is a mischaracterization of what we're asking. What I actually asked is, "are there real security experts who recommend removing IE from Windows PCs?" There is a difference between the two. Even if IE is insecure, it doesn't necessarily follow that it should be removed from PCs. Rhobite 13:17, Oct 5, 2004 (UTC)
For the record, here is what Fred wrote:
The Wikipedia Controversy
This is a strange one. It would seem that there are editors (to be fair, not all of them) at Wikipedia that would like to restrict your access to this information by censoring it, continually deleting the section on removing Internet Explorer from Windows from the IE Wiki entry. The question we all need to be asking is "why?" There was even a huge debate about whether the IE removal information should be included at all! Actually, in the article, as it stands in September 2004, there is a reference to XPLite that is not deleted. The only text that gets deleted continually is text that links to my site and to Nuhi's nLite site. I'd say IE removal from Windows is something readers deserve to know about, considering that the U.S. Government got involved. Editors at Wikipedia don't seem to agree on standards. First, they wanted the passage on removing IE to say exactly who recommends it -- a minority of IT professionals, because most won't actually read my process (be honest, guys; if you did, you wouldn't print half the things you post on messageboards about Windows being "unstable." First, you couldn't do it at all, the MCSE's said. Now, it'll make it unstable, the MCSE's say. Yawn). Then, the Wikipedia editors wanted the entry to have a Neutral Point of View. Then, when the post met these criteria, some Wikipedia editors asked what computer "security experts" recommend IE removal. When's it going to end? How many criteria must someone meet to make this information freely accessible? Stop making edits to a topic that you know nothing about. Leave the editing to the experts.
Revised text on Fred's site
- Fred here, several days later. I revised the text on my site a few days ago; it now starts "This matter has been dealt with in a fair manner and I consider it settled satisfactorily." See the rest here: http://www.vorck.com/remove-ie.html#wiki
- It's cool :-) in a weird way, we kind of like external criticism, because this gives us a chance to revise the text in better manner! Incidently, I wouldn't worry about fair use. The text is licensed under the GFDL. - Ta bu shi da yu 22:28, 21 Oct 2004 (UTC)
- Fred here, several days later. I revised the text on my site a few days ago; it now starts "This matter has been dealt with in a fair manner and I consider it settled satisfactorily." See the rest here: http://www.vorck.com/remove-ie.html#wiki
FDV. None of this is meant to be disrespectful or inflammatory, especially #3. I am not questioning anyone's general expertise. The particular topic at hand, however, is _IE removal_.
1. I've read Avoid weasel terms. The wording has been altered several times (variously several users, some users, internet users, windows users, disgruntled users, etc etc). Why does a security expert have to endorse removal? Isn't the Wikipedia about information? As is pointed out, "[People like me, Fred] should understand that it is a small minority of people who feel that it is in Windows users best interests to remove IE." That's an excellent way to put it! Why not just say that? "A minority (omit small as redundant) feels that it is in Windows' users best interests to remove IE." Maybe even "Fred Vorck, Dino Nuhagic, and Shane Brooks suggest..." That is Neutral point of view compliant, isn't it?
- Well, then that is what we need to write in there! That's ALL I was asking for! Now I can remove a weasel term, something I was hoping to do. You know, you could have modified this yourself you know - you do have permission to do this! - Ta bu shi da yu 12:37, 15 Oct 2004 (UTC)
2. If the Wikipedia guidelines require an imprimatur from a security expert rather than an IE removal expert, what does it take? Self-apellation? An MCSE? Kevin Mitnick? Just _who is it_ that you're looking for to give the removal process their blessing? What, in essence, is a "security expert?" This went from requiring that the Weasel and NPOV criteria be satisfied to requiring the blessing of a security expert, which AFAI can see has no Wikipedia entry.
- Well, that's a whole can of worms I'm not going into, except perhaps I agree with your point below that you and others are "experts" in IE removal. Incidently, I like your site. I only use Linux at home, and try to use Firefox only at work but can't because of some vendor lockin issues. - Ta bu shi da yu 12:37, 15 Oct 2004 (UTC)
3. "I make a living working with Microsoft products and I don't appreciate the suggestion that I'm not an expert on this topic." I'm not only suggesting it, I'm saying it now explicitly: you are not an expert on the topic of removing IE (which is this topic). It's NOT personal, it's all about information! You may be an expert in the use of several Microsoft products; no doubt that's the reason you are editing the entry on IE. I don't know what constitutes expertise on IE removal, but I'm certain there are no formal certifications, and I'm also certain that if there is any such person as an expert on IE removal, I'm one.
"I've been developing Windows software for years and I say it causes more harm than good."
- Good point. - Ta bu shi da yu 12:37, 15 Oct 2004 (UTC)
Haven't read (never mind tried) the actual process, huh? I have not had any problems to date. I haven't had any users e-mail me with problems. If the HTML subsystem is left in, that's different from IE removal. It all depends on how the files are edited. IE can be removed. If by "harm" you mean "reduces the potential for DDOS and Port 135 attacks and security issues related to IE and MSOE, among other things," then yes, it will do these things, and will therefore "harm" your machine.
4. "...I don't know a single computer professional who would recommend it." Pleased to meet you! I work in IT and have since 1993. I unreservedly recommend reading my guide and removing IE. ;-) When I used NT 4 and my users had 95 and 98, there was no such thing as Automatic Update. I used the MS website. That hasn't changed; updates are available there. There is a classic rhetorical device called "begging the question." Many IE users make a conclusion about something (say, Automatic Update) as proof that users need IE. The basis for this proof is itself in need of proof. In other words, we first have to determine if Automatic Update is the only route to updating Windows (it isn't).
I see messageboard posts in Slashdot every time an IE topic comes up that say IE is needed for "many / all sorts of / several" programs (one recent reply to a post of mine claimed it's needed for "piles" of software). This issue has nothing to do with security. As for security, my files harden TCP/IP in Windows according to guidelines I read at csrc.nist.gov. My files will close Port 135 by default, shut off DCOM, prevent several ActiveX exploits from running... One big issue is that Windows File Protection would need to be restored, which fortunately is easily done and mentioned in my process.
But I'm addressing security again, when originally, the Weasel-NPOV dual criteria were asked to be met.
- And now they are, largely thanks to your suggestions. - Ta bu shi da yu 12:37, 15 Oct 2004 (UTC)
5. "Even if IE is insecure, it doesn't necessarily follow that it should be removed from PCs." And perhasps if removing IE does not improve security or creates insecurities, it doesn't necessarily follow that it shouldn't be done. Wikipedia is about information. A minority of users proved it can be done, but if it is now about the recommendations of security experts, perhaps some indication should be made. Mark already redacted the assertion that it will make a system more secure, and I never changed the text saying it did so. The removal issue, as I note, is one that the U.S. Government stepped into, so I'd deem it both relevant and significant to the Wikipedia entry, even if it cannot be proved that anyone other than three individuals in the U.S., Croatia, and Australia have used their own software to do it.
- Which is why I firstly only commented out the information, then retracted this and placed {{dubious}} tags around the comments until we could sort out attribution issues - Ta bu shi da yu 12:37, 15 Oct 2004 (UTC)
Analogy with Firefox
User:138.38.32.84 removed the "Removing Internet Explorer" section with the comment:
- (Irrelevent and distinctly POV (see discussion). Consider - Due to recent vulnerabilities found in Firefox by US-CERT and Secunia, should we not be providing an equivalent section for Firefox?)
The section certainly needs work, and will hopefully be discussed and improved, but I don't see how it could be called irrelevant or POV. The information is factual and at least one person (me) found it helpful. As for an equivalent section for Firefox, that depends what you mean. If you are suggesting a "Removing Firefox" section, it would be pretty short since the package includes an uninstaller (forced integration with the OS just isn't an issue for most programs). If you mean a section listing security vulnerabilities in different versions, I personally would find that helpful: it would be useful to be able to look up whether some program version has outstanding security issues, and this is precisely the kind of fast-moving information Wikipedia offers that a conventional encyclopedia never could. Saucepan 03:09, 19 Oct 2004 (UTC)
Disputed
- "Many security analysts attribute IE's exploitation to its popularity, since its market dominance makes it the most obvious target." please attribute which security analysts say this. - Ta bu shi da yu 12:02, 5 Oct 2004 (UTC)
"Some Internet users have suggested removing Internet Explorer from computers in order to decrease exposure to security risks on the Internet. Simply installing and using another browser does not prevent third party programs and core operating system components from using IE, however removing Internet Explorer libraries that Microsoft has closely integrated into their operating system may result in unpredictable results." Please attribute which Internet users have suggested removing Internet Explorer from their computer to decrease exposure to security risks on the Internet. - Ta bu shi da yu 12:02, 5 Oct 2004 (UTC)Thanks to Fred Vorck this is now resolved. - Ta bu shi da yu 12:39, 15 Oct 2004 (UTC)"Much of the web was designed before the latest W3C recommendations existed. In addition, some web developers do not produce W3C compliant code. Due to wide fault tolerance, Internet Explorer can render pages that were coded with or without W3C compliance in mind. Some rendering bugs exist that cause standard-compliant pages to be displayed incorrectly, particularly if the site uses CSS version 2." What has this got to do with security? - Ta bu shi da yu 12:05, 5 Oct 2004 (UTC)- Totally removed from this area of discussion as I was correct: it has nothing to do with security. Standards compliance, yes. Security, no. - Ta bu shi da yu 12:39, 15 Oct 2004 (UTC)- Removed
"Thus, IE and Windows will be kept more in sync: it will be less likely that people will use a relatively old version of IE on a newer version of Windows, and newer versions of IE will not be usable without an OS upgrade. Reactions to this tethering are mixed; some see requiring users to upgrade the OS and browser simultaneously as a benefit for application developers and for the Internet at large, as it will help cut down on the number of outdated, exploitable operating systems and browsers in widespread use, while others see it as unnecessary and as a reflection of what they consider to be Microsoft's questionable business practices." Please give examples of who holds the position that IE updates sync'ed with OS upgrades are questionable business practices, and who holds the position that this will reduce the amount of outdated, exploitable operating systems and browsers in widespread use.- Ta bu shi da yu 12:10, 5 Oct 2004 (UTC)- What, you want individual names? Be reasonable. That's not a requirement for NPOV in any article. Go to Slashdot and ask there; you'll get plenty of names, even though you don't need them in order to acknowledge that their POV exists. - mjb 00:09, 6 Oct 2004 (UTC)
- I am being reasonable. If the opinion has an credibility, some sort of well-recognised figure will have said it. The words "some see" is considered a weasel word. We do not take this sort of phrase very lightly, and most people on Wikipedia take a very dim view of it. - Ta bu shi da yu 12:14, 15 Oct 2004 (UTC)
- Actually attributing opinions is at the very heart of NPOV. Kinda of amusing you want to use the slashdot comments pages as reliable source of information about Internet Explorer though :). Pcb21| Pete 12:04, 6 Oct 2004 (UTC)
- OK, as noone has been able to clarify this section, I'm removing the parts that are original research. If someone can clarify this, then by all means readd it to the article with the clarification. Until then, it's gone. - Ta bu shi da yu 07:03, 11 Dec 2004 (UTC)
- I don't know if this qualifies as a "credible" source, but the user in this newsgroup exchange known as Sponge has the opinion that forcing people to upgrade is a questionable business practice. Sponge appears to be involved in security and spyware-issue newsgroups and runs a site on spyware. --Tubedogg 20:47, 23 Dec 2004 (UTC)
- What, you want individual names? Be reasonable. That's not a requirement for NPOV in any article. Go to Slashdot and ask there; you'll get plenty of names, even though you don't need them in order to acknowledge that their POV exists. - mjb 00:09, 6 Oct 2004 (UTC)
- As an aside, I removed the multiple {{dubious}} templates because they were causing Category:Dubious to appear multiple times in the "category bar" at the bottom of the article. For cases like this, a generic {{disputed}} works better.
I'd also like to point out that, in my opinion, between the editors detracting IE and those defending it, this article has become worse over the past few weeks. It needs to be shortened by 50% or more. --Ardonik.talk()* 21:29, Oct 24, 2004 (UTC)- OK, I see what you mean now. I've rolled back my revert. Now, in what way has the article become worse? Please give specific examples of what needs to be changed. - Ta bu shi da yu 23:44, 24 Oct 2004 (UTC)
- Not sure why we would need to shorten the article by 50%? It seems quite informative, presents a pretty balanced (quantity-wise) view of the advantages/disadvantages of IE, presents history, current versions, platforms, etc. Which of this information would you suggest removing? Pruning articles is not usually something that we'd get into unless it's very POV (and it's not _clearly_ pov as of the current revision) or some such. I'd be against any pruning on a length-basis. --ABQCat 03:55, 25 Oct 2004 (UTC)
"Critics have claimed that security fixes take too long to be released after discovery of the problems, and that the problems are not always completely fixed. After Microsoft released patches to close 20 holes in their general operating system in February 2003, Marc Maifrett of eEye Digital Security stated that "If it really took them that long technically to make (and test) the fix, then they have other problems. That's not a way to run a software company." [1] Microsoft attributes these delays to thorough testing to ensure that bug fixes do not lead to problems elsewhere." Why is this even in the article? This is talking about general security issues, not just about security issues with Internet Explorer! Shouldn't it go somewhere else? - Ta bu shi da yu 07:01, 11 Dec 2004 (UTC)
- Maybe it should be reworded slightly, but I think it should be included as according to the original eEye advisory, software affected includes MSIE. --Tubedogg 20:47, 23 Dec 2004 (UTC)
Removed Critics charge that this rigorous testing is required in large part because Microsoft has failed to make IE sufficiently modular and separable from the rest of the operating system. These critics state that other browsers, because they are designed as a separable module from the operating system, can be tested far more efficiently. Some browsers, such as Firefox and Opera, run on a far more diverse set of installations than IE, supporting a large number of truly different CPU architectures and operating systems (including Microsoft Windows and also MacOS, various Unixes, and various Linux distributions), yet changes to them are released far more rapidly.
- Which critics? I'm sure this should be pretty easy to verify, but we keep introducing weasel words into this article! - Ta bu shi da yu 07:55, 17 Dec 2004 (UTC)
- There is so much crap written about Internet Explorer available on the intarweb. Finding useful quotes about Internet Explorer is like finding a needle in a haystack.
- "Any browser tied in so close to the OS will always be a slightly higher security risk than the others. IE proves this when I remove everyone but administrator from even reading, let alone executing, iexplorer.exe. But I can still use it by opening My Computer and typing a URL in the address bar," said Jacob Bresciani, systems analyst at the University of Alberta, in Edmonton. [2]
- Anyway close, but not exact. AlistairMcMillan 09:36, 17 Dec 2004 (UTC)
- I think I've seen that, but I can't find it. I agree with the earlier comment, finding useful quotes is a lot like finding needles in a haystack. I'm going to remove the text (and the "disputed" tag along with it), so that the material is at least NPOV for current readers. I'll leave the text here in the Discussion page so it's not lost -- anyone who CAN find the reference, please do so!! Dwheeler 17:23, 2004 Dec 18 (UTC)
"Many security analysts attribute IE's frequency of exploitation in part to its popularity, since its market dominance makes it the most obvious target. However, many others argue that this is not the full story; the Apache web server has a much larger market share than Microsoft IIS, yet Apache has had fewer (and generally less serious) security vulnerabilities than IIS."
- Which security analysts might that be?
- Which others argue that this is not the full story? - Ta bu shi da yu 05:29, 7 Jan 2005 (UTC)
positive features
AlistairMcMillan removal summary: "Remove invalid points. Please point to a browser in talk that does not have an easy to use interface and an integrated search facility (with multiple engines).)". I just wanted to point out that there ARE in fact browsers, and have historically been browsers, which did not have easy-to use interfaces and integrated search. The first that springs to mind is lynx (as it's text based). If we're talking about graphical browsers only, old versions of IE, netscape, and mosaic did not have interfaces which were always easy to use, and certainly didn't have integrated search engines (as current engines like google didn't even exist). Just wanted to point out that it's not necessarily obvious/invalid. --ABQCat 07:42, 1 Nov 2004 (UTC)
- Well that is just fan-diddly-tastic. If you take a second to look at my User page, do you think there is even the teeniest tiniest remotest chance that I've not heard of Lynx? Since 99.9% of people are likely to be using a modern graphical browser how about we limit the comparisons to modern graphics browsers? Including stuff like "easy to use interface" and "integrated search" stinks of desperation. Should we include "color pictures" too??? AlistairMcMillan 08:21, 1 Nov 2004 (UTC)
- I did actually look at your user page before I posted, but I do think there's room here for some mention of "comparable user interface to... including such features as... " if you get my point? Clearly yes, the wording as it was was a bit "desperate" if you like, but it could be useful to include some of that information in a manner less like an advertisement and more like a comparison or feature overview. My 2 cents, anyway. Notice I didn't put the text back in as I think it's fine to leave out, but as I said, it could still be modified to be informative and useful. --ABQCat 09:23, 1 Nov 2004 (UTC)
- I have no problem talking about listing actual user interface features that make IE stand out, for example the recent pop-up window notification bar (or whatever they call it) (and before anyone points it out I know some other browsers have them too), but just saying "easy to use interface" is a joke. AlistairMcMillan 09:47, 1 Nov 2004 (UTC)
- Ease of use is not a joke when talking about software, although to the layman it may seem a "gimme". Some people make a career out of making software "easy-to-use," and Microsoft have done a vast amount of research on the topic. IE is different from most of the other browser offerings since it is well integrated into the OS, and is 100% native to Windows. This makes its look-and-feel immediately intuitive to anyone who's used Windows software. Firefox has made a good effort with its XUL based interface, but the components used are non-native and differ in colour, size etc. Additionally, when it comes to more "complex" functions of the browser like security and privacy controls, IE is easier to use for the average consumer because of its setting of simple "security levels" --Beachy 02:13, 2 Nov 2004 (UTC)
Did you just call me a "layman"? :-)
Lets get specific. Ignoring non-graphical, or ancient browsers that have 0.x% of the browser market.
- Back and Forward buttons -- everyone has them.
- URL bar -- everyone has one.
- Stop button -- everyone has one.
- Refresh button -- everyone has one.
- Status bar -- everyone has one.
- Little BUSY widget -- everyone has one.
- Home button -- everyone has one.
- Scroll bars -- everyone has them.
I'm drawing a blank here, where are the easy-to-use interface features that make IE stand out.
"non-native and differ in colour, size etc" IE uses a picture of a little house to represent HOME. Firefox uses... a picture of a little house to represent HOME. IE uses a picture of a green left-pointing arrow to represent BACK and Firefox uses... a picture of a green left-pointing arrow to represent BACK. I detect a pattern here. I can see where users could get confused. AlistairMcMillan 05:51, 2 Nov 2004 (UTC)
- These are opinions. Some people find it easier to use; others do not. As it happens there is a branch of engineering which studies usability. One of the findings of usability researchers seems to be that usability is not always intuitive. That is, what seems to one person to be "easy to use" because it is simplistic may well be "hard to use" for other people, or in other ways — for instance, a tool may be very fun to use, but lead to a high rate of mistakes. (Children's safety scissors are easy to use safely, but not easy to cut a straight line with.) Unless we have usability studies in hand, Wikipedia should probably refrain from making editorial comments about "usability" in articles — it is almost certain to reflect the idiosyncratic point of view of the writer rather than anything reality-based. —FOo 05:34, 2 Nov 2004 (UTC)
- Edit summary:"Compromise on Native widgets. Please point to a relevant browser (i.e. not Lynx) that doesn't have search engine integration before restoring search assistants." AlistairMcMillan, I was wondering if a comparison to PREVIOUS versions of IE would be appropriate, if you're looking for comparable browsers. Old versions of IE (before that damned MSN default search, ~version 4.0) had high browser-share, also, similar widgets, etc. The thing they lacked was integrated search. So perhaps something like "since verion xx, IE has had easy-to-use integrated search capabilities, similar to other modern browsers"? --ABQCat 07:44, 2 Nov 2004 (UTC)
- I was assuming the Pro/Con comparison was with other competing browsers. My preference would be to add listings of the feature additions/changes to the Internet Explorer#Release History .28Windows.29 section. AlistairMcMillan 11:51, 2 Nov 2004 (UTC)
- "Useability" is opinions (unless we can come up with some research on the topic). As for the controls being 100% Windows native (and therefore immediately intuitive), the feature stands. If you want to make comparisions, they go in Browser Comparison. Personally I think all the "negative features" should be removed as they are subjective and circumstantial. --Beachy 16:57, 2 Nov 2004 (UTC)
- Subjectivity ain't the best thing, I agree, but what's your objection to circumstance based on? A circumstatial fact is still a fact, & thus deserving of mention in a NPOV article (though I agree about that there's a difference between features & unique features). Besides, non- or only partial support of CSS2, MIME, PNG, etc. is most definately not circumstantial, and nor is tabbed browsing, though that's not really a valid point anyway - just a comparison to alternatives which should be on the appropriate page. On another note, the bit about W3C vs. defacto standards is quite POV in itself - so's this statment, I guess - because standards are important, & the note makes light of that. If IE twists standards, that's bad for the internet itself. --SirPavlova 15:34, 16 Nov 2004 (UTC)
Disputed IE removal section
Are there still editors disputing the IE removal section? It may need some flow work but it's certainly NPOV'd. If there are no objections in the next few days, I'd like to remove the disputed notice. Rhobite 19:48, Nov 4, 2004 (UTC)
The section should be removed. IE components are needed for so many Windows native applications that it is foolish to removed it. VERY few people put forth the effort so do so. It is NOT possible to remove IE from modern Windows version without third party software. Pmsyyz 03:35, 5 Nov 2004 (UTC)
- Oh puhleeze. We've covered this already. Check out the links. - Ta bu shi da yu 05:22, 8 Nov 2004 (UTC)
- There are a lot of things that I consider to be foolish, but that other people not only do, but recommend to one another — extreme sports for instance. The fact that we consider an act to be foolish does not change the fact that some people do it, and recommend it to one another. "I consider removing IE to be foolish" is no justification for removing a description of the process. —FOo 03:50, 5 Nov 2004 (UTC)
- The section is very much disputed. It is doing little other than advertising third-party hack tools that serve no purpose to the everyday IE user. Removing IE, for better or worse, is a non-recommended technique that is likely to lead to system instability and vulnerability, in part due to disabling Windows Update. Either leave the notice, or remove the section entirely
- Hardly advertising. I didn't get paid to put this and I am not affiliated with any of these products/companies. This is merely putting forward others stated POV, good or bad. We aren't endorsing this in any way, we merely mention it. - Ta bu shi da yu 05:22, 8 Nov 2004 (UTC)
- That isn't a valid criticism of the section. The fact that you (and I) disagree with Fred Vorck et al is not justification to remove their opinions. Rhobite 14:21, Nov 5, 2004 (UTC)
- "Non-recommended" by whom? It clearly is recommended by a number of people, a few of whom seem to have pretty sturdy security credentials. So these people disagree with Microsoft's party line; Wikipedia is not supposed to favor anyone's party line. Nor is it limited in its purposes to the "everyday" or the perfectly safe — otherwise we would not have an article on BASE jumping, an unsafe and crazy thing to do if ever I heard of one.
- What's more, it's clear from the article that if one removes Internet Explorer, one needs a different method (such as the linked program Daisy) to install Windows updates. —FOo 14:47, 5 Nov 2004 (UTC)
- Daisy is a simple hack of a utility, something which becomes obvious when you read its homepage and discover it is not compatible with SP2. Therefore IE _is_ required for Windows Updates --Beachy 00:49, 6 Nov 2004 (UTC)
- Ugh, I'm beginning to dispute that section. It's starting to read like a back and forth argument... Rhobite 01:04, Nov 6, 2004 (UTC)
Another major vulnerability was exposed in Internet Explorer this past week. Since the program IS so tightly integrated into Windows, and is demonstrably buggy and unreliable, those who advocate it's complete removal are sounding more and more sane all the time. I began removing Internet Explorer from Windows with ME, and found that it alone was almost completely responsible for ME's quirkiness and instability. The argument that removing it makes Windows less stable is simply uninformed: IE is responsible for many of the problems in certain versions of Windows. Yes, you can access Windows Update without it, and since about 98% of Windows Update consists of patches for both IE and Outlook Express (another buggy hacker delight) simply eliminating these 2 programs from Windows eliminates most of the need for Windows Update.
In order to be fair and to maintain the NPOV, the removal option should at least be mentioned. Leaving it out or deleting it seems to swing to a very Microsoft positive POV, which I see echoed all up and down this thread. It seems to me that some sore toes have been stepped on.
Marc Maiffret
- Marc quoted by CNN: http://archives.cnn.com/2001/TECH/internet/07/30/code.red/
- Marc quoted by BBC: http://news.bbc.co.uk/2/hi/business/3477899.stm
- Marc quoted by CBS: http://www.cbsnews.com/stories/2004/02/03/tech/main597695.shtml
- Marc's testimony before Congress: http://www.iwar.org.uk/comsec/resources/house-aug-29-01/0829_maiffret.htm
- And about another 25,700 results for Marc Maiffret: http://www.google.com/search?q=%22marc+maiffret%22
Yep Chris is right, the guy is obviously a nobody. AlistairMcMillan 01:28, 25 Nov 2004 (UTC)
- --Beachy 00:30, 3 Dec 2004 (UTC) - The first article on Alistair's Google list (by CBC news) tells us all we need to know about Marc Maiffret:
- Even eEye 'Chief Hacking Officer' Marc Maiffret bit the FUD-baited hook: "the Internet is about to shut down and you're bickering about nonsense," he told us yesterday, finishing off an e-mail exchange in which we tried to assure him that our previous (admittedly negative) coverage of eEye's vulnerability publicity machine was in no way personal.
- eEye makes several good security products for Windows and IIS, and has been responsible for finding and aggressively publicizing a number of holes in Microsoft products, especially IIS.
- But the business of searching for and publicizing security holes while at the same time selling the solutions is a tricky and controversial business, not unlike the model pursued by anti-virus companies. We note, for example, that eEye has yet to publicize an IIS hole that its SecureIIS product won't defeat. Their discoveries inevitably support the claim that SecureIIS is a very wise investment.
- Now they're facing an intriguing irony. Had they not made such a grand public fuss over their .ida hole discovery and their SecureIIS product's ability to defeat it, it's a safe bet that Code Red would not have infected thousands of systems.
- First that article is by DuhRegister. Anyone who is familiar with their reporting will know they usually have a colourful way of approaching the news. These are the guys who inferred that Microsoft had cancelled the Windows98 project in late 97 or early 98 after Microsoft moved a small group of developers to the Windows2000 team. There is a scandal waiting behind every corner in the Register offices.
- Anyway... poor widdle Micwosoft. Just out trying to make a few bucks. Trying to feed their starving children and all those callous evil people like eEye out there. Maliciously pointing out Micwosoft's little code faux-pas, so that they can exploit them for their own financial gain. Evil evil people. Actually I bet Maiffret sneaks into Microsoft's office once a week and sneaks all these exploits into Micwosoft's code himself. It just a darn tragedy, I tells ya'. AlistairMcMillan 02:19, 3 Dec 2004 (UTC)
- From vmyths.com
- MARC MAIFFRET, THE 21yr-old "chief hacking officer" of eEye (his actual job title), got his fifteen nanominutes of congressional fame in July 2002. Finally.
- Credit where due: lyrics from the "?nema" album show up in almost every sen?tence from this point forward.
ITAA lobbyist Harris Miller (the real power behind the congressional cyber-throne) okay'd Maiffret to testify at a D.C. hearing. Only then could congress meet a boy wearing Vans, 501s, a Hello Kittie tee, nipple rings, and new tattoos that claimed that he was OHT from 1998 and eEye's cutest VP.
- Now, I want you to realize we know very little about Marc Maiffret. In fact all we really know about him is what he's sold us. He claims he sold his soul at age 17 to a computer security firm -- and the media bought it! All you read or see or hear on TV is an eEye product begging for your dollars.
- Standing out on C-SPAN, Maiffret had hair so green and loud that congress swallowed his fac,ade. (For the record: some other guy with green hair plays bass for Good Charlotte.) Not all computer security martyrs self-proclaim their divinity -- but Maiffret certainly tried.
- And in between fits of testimony he told congress about a band named Tool.
- Don't get me wrong! Maiffret had a lot to say. He had a lot of nothing to say. The code-toting hip hacker wannabee took a stand on every little thing from SCADA to the Chinese national security threat. I half-expected him to brief congress on the plight of midwestern farm women and perhaps even the health risks of Alar-coated apples.
I don't get your point. Ros is saying that Maifrett has green hair and a bad understanding of Tool's lyrics? What the hell does that have to do with Internet Explorer? BTW Please remember to sign your comments. AlistairMcMillan 23:14, 12 Dec 2004 (UTC)
Another idea on the "features" list
I've recently become convinced (see Talk:Plural of virus) that "pro & con" lists are a fundamentally Bad Thing for Wikipedia articles. All they do is give people a place to stack up ranting-points in favor of their POV. They actively discourage real exposition or exploration of issues, since they're so prone to arms-race between the "pro" and "con" sides.
And here, on this article, we have yet another example: a pro & con list that has been the focus of escalation, deleting, "pruning" by folks on both sides of an issue, and which doesn't seem to actually expose or explore the issues that it hints at. I'd like to propose a different way to describe IE's "features":
- Distinguishing features. These are features that any browser could (legally and technically) support, but IE stands out from other browsers because it does support them today. Examples: Ruby characters; .NET (other browsers could support it via Mono).
- Proprietary features. These are Microsoft-proprietary features; things that no other browser can support, because the technology is either legally encumbered by Microsoft or relies on compatibility with another Microsoft part. Examples: Outlook integration; ActiveX.
- Common features. These are (non-obvious) features that both IE and other browsers support, but that not all common browsers do support. Example: cookie and pop-up controls; being distributed free of charge.
- Missing features. These are features that most other common browsers do support, but IE does not. Examples: tabbed browsing; PNG and CSS standards.
- Concerns and problems. These are ongoing concerns and difficulties that are specific to IE. This doesn't include each individual security problem, but does include general categories of problems that affect IE users and not users of other browsers. Example: Spyware.
I think this might be a way to describe the "positive and negative features" more neutrally, to invite further description of them -- while at the same time excluding vague and subjective "pros" and "cons". Thoughts? --FOo 02:26, 2 Dec 2004 (UTC)
- Nobody seems to hate this idea right away, so I'm implementing it. Feel free to revert me if you think it's awfully terrible, but I do think it's an improvement over a "pros & cons" list. I haven't rewritten any of the "features" previously listed -- I've just regrouped them. --FOo 23:30, 2 Dec 2004 (UTC)
- I think it's an improvement. Good work. - Ta bu shi da yu 03:23, 3 Dec 2004 (UTC)
Microsoft's detailed bug database
Chris, could you please give us a link to Microsoft's bug database where we can see them discuss in detail each bug as they are working to figure out how it works and how to develop a patch? Thank you. AlistairMcMillan 02:32, 3 Dec 2004 (UTC)
- Let's be clear again.
- Microsoft keep their bug database completely hidden behind their corporate firewalls. They publish reports about their security bugs when they are either (a) there is an imminent risk of the bug affecting customers or (b) Microsoft decide to release a patch.
- Mozilla publish their bug database for all to see. Aside from security bugs which they keep closed access to that are through to be real risks. Once the security bugs are fixed, the pages detailing them are opened up.
- For all we know Microsoft and Mozilla both have hundreds of security bugs registered in their database that they haven't found the time to deal with and are keeping secret until forced to act upon. AlistairMcMillan 02:49, 3 Dec 2004 (UTC)
- Microsoft's Tech-Net security pages --83.245.18.40 12:13, 4 Dec 2004 (UTC)
- Let's be clear again - Mozilla deliberately makes security holes confidential from the public, and from security agencies, sometimes for up to five years, in the knowledge that exploits exist. Microsoft detail their bugs online, communicate with security agencies like secunia, and patch not just for IE6 in XPSP2 but for many past versions of IE on several different Windows platforms.
- 1 - We know Mozilla keeps serious security issues from the public, because they have an open bug database. We don't have the first clue what Microsoft do, because they keep their bug database closed. For all we know they have a bug database with hundreds of thousands of serious security bugs listed, or maybe a bug database with zero security bugs. Until they open (which they will never do) their bug database we can't comment.
- 2 - Microsoft, like Raraoul says, only publish details about their bugs on TechNet after they are patched or someone else has published details (i.e. when they are forced to).
- 3 - Everyone communicates with security agencies when the agencies find bugs in their products.
- 4 - Microsoft have to patch multiple versions of IE because they don't release the latest version of IE for all platforms, in an effort to force people to update to the latest version of their operating system.
- If your goal is really to make this article more NPOV then great. But right now, you are introducing a hell of a bias towards IE. AlistairMcMillan 16:11, 4 Dec 2004 (UTC)
- I'm not introducing bias towards IE. I am attempting to remove the bias towards Firefox that has been introduced into this article. Unfortunately I appear to be outnumbered by Firefox advocates on this article. It's no mystery - since Firefox will only take off when the public have lost their faith in IE, the agenda is pretty clear. --Beachy 17:23, 4 Dec 2004 (UTC)
- Removed the comments about Mozilla's bugzilla listings. Until Microsoft open up their bug database we can't make a comparison. If you want to compare with Microsoft's listings on TechNet, where is the equivalent page from Mozilla. http://www.mozilla.org/security/ AlistairMcMillan 16:15, 4 Dec 2004 (UTC)
Microsoft detail their bugs online Only some bugs that are already publicly known (see the public bugtraq mailing list). Not their private security bug database ! Raraoul
How to put back IN weasel words in one easy edit
You basically do the following [3] Change:
- Critics have claimed that security fixes take too long to be released after discovery of the problems, and that the problems are not always completely fixed. After Microsoft released patches to close 20 holes in their general operating system in February 2003, Marc Maifrett of eEye Digital Security stated that "If it really took them that long technically to make (and test) the fix, then they have other problems. That's not a way to run a software company." [4] Microsoft attributes these delays to thorough testing to ensure that bug fixes do not lead to problems elsewhere.
to
- Critics have claimed that security fixes take too long to be released after discovery of the problems, and that the problems are not always completely fixed. Microsoft attributes these delays to thorough testing to ensure that bug fixes do not lead to problems elsewhere.
Never mind that we never note who those critics might be. Never mind that Maifret is actually a critic. C'mon people, of course he's a critic. Words like "If it really took them that long technically to make (and test) the fix, then they have other problems. That's not a way to run a software company." sounds exactly like criticism to me. And oh look. We have a source! So what if he's not an "outside observer" (whatever that means). He remains a critic of Microsoft.
Now if you were going to attack that phrase, surely you'd have a go at the fact that it should be in the Microsoft article and not the Internet Explorer article?! hint hint.
Ta bu shi da yu 13:56, 10 Dec 2004 (UTC)
- Well if it's a problem then let's just take out that paragraph altogether. "Critics have claimed" etc etc - It's just opinion for goodness sake. Imagine if this were a real encyclopedia - would you really expect to see quotes like "that's not the way to run a software company." Come off it! --Beachy 22:43, 10 Dec 2004 (UTC)
- Yes, that's right Beachy. It's an opinion. And whose is it again? Why, it's Mark Maifret of eEye! In which case, we note who the critic is. Oh, incidently. This is a Real Encyclopedia. And we include the opinions of others, even if we don't agree with them ourselves. In this case, Mark Maifret happens to be the critic, and he's notable enough to quote. Even if he isn't polite. You still haven't addressed the issue that this whole paragraph isn't specifically about Internet Explorer (you know, the topic at hand?) but about Microsoft's general security reputation! And yet... exploring this point might help us clarify the topic or even explain why it should be removed from the article. Sheesh. Do I have to hand this to you on a platter? - Ta bu shi da yu 06:53, 11 Dec 2004 (UTC)
- As it happens, experts in the computer security field are not as polite in their published statements as experts in (say) medicine or physics. (Computer security happens to be what I do for a living. Vulnerability notices and such have the word "fuck" in them even more often than the Linux kernel source code.) That's just something we've got to deal with if we're committed to citing opinions to experts rather than just weaseling "critics say ..." --FOo 23:13, 10 Dec 2004 (UTC)
- Alistair - I'll do you a deal - Maifrett's quote goes in if I can have this in the anti-trust section: "Separate markets exist for shirts and buttons, cars and tires, cars and rustproofing, yet few people would object to these integrations." —Stephen Margolis, Professor of Economics at North Carolina State University, writing for the Independent Institute think tank [5] --Beachy 23:37, 10 Dec 2004 (UTC)
- We're doing deals about content now? Like a bartering market? wtf?! That is not the way we do things here. Those two things aren't related. Please argue each point on its merits!!! - Ta bu shi da yu 06:53, 11 Dec 2004 (UTC)
- Oh for goodness sake, I have already argued the merits of Marc Maifrett's opinion (see earlier in the page). I think it is perfectly fair for the Stephen Margolis quote to be included, by the very same logic that you guys believe it is fair for Maifrett's opinions to be included. "I'll do you a deal" is merely an expression. Next you'll be tearing my ideas to shreds because of a spelling mistake. --Beachy 20:07, 11 Dec 2004 (UTC)
- Look, you said what you said. If you meant something else, then either clarify or don't say it. My point is that we don't agree to put one bit of info in if another bit goes in. - Ta bu shi da yu 12:54, 14 Dec 2004 (UTC)
- Oh, hey, I recognize that quote! It's the one that was being passed off as part of the opinion of the anti-trust court, until I dug up a citation for it. Wow, I wondered where that quote went. :) --FOo 02:54, 11 Dec 2004 (UTC)
- I'm sorry Chris, but people ARE critical of Internet Explorer. That has to be in a page about Internet Explorer. If you were objecting to the Maiffret quote simply because he has a financial involvement, then I'd put serious effort into finding a quote from someone who doesn't, but the reason you are objecting to the quote is simply because it is critical of Microsoft. If someone had stuck a quote in from Maiffret, saying that he thought Internet Explorer was the single most impressive example of software development in the history of personal computing, you would not be complaining that he had a financial involvement and tearing the quote out. Would you? AlistairMcMillan 03:16, 11 Dec 2004 (UTC)
- I'm sorry Alistair, but not everyone is so cynical about IE. If you're going to remove any quotes I put in then don't get worked up when I remove (or "tear out") your own. And to reiterate - Maifrett makes a business out of finding holes in IE (and has been criticised for doing so, see above). If you want to explain Microsoft's perceived slowness in patching take it from the people who really know, not some money-grabbing opportunist who spreads FUD about MS to peddle his own products!
- Oh wow. Testing takes ages because they've tightly coupled a webbrowser to their operating system. Boo hoo. I feel so sad for them. I mean, really, perhaps if they hadn't tried to get rid of Netscape by integrating their web browser with the operating system then they wouldn't be in such a mess. It doesn't take Mozilla that long to release security upgrades. - Ta bu shi da yu 13:09, 14 Dec 2004 (UTC)
- The time taken for testing has nothing to do with integration with the operating system. This is misconstrued just as people misconstrue that the integration allows hackers "full access to the OS" (when a compromised Firefox would have equal access to system resources including registry, system files etc). Anyway, my point was that Microsoft is thorough in its testing of patches. The evidence is pretty inescapable on this. Not only are they testing the various different versions of IE, but they are also testing on a number of platforms, in a number of languages, and with a number of different websites. It must seem incredibly insulting to MS's testing teams to see competitors tear shreds out of MS's reputation for allegedly "not testing" their patches, or criticising the time it takes, suggesting that MS are "sitting on their bugs." Equally I'd be sad to see such mis-enlightened opinion crop up on this Wikipedia article too --Beachy 13:42, 14 Dec 2004 (UTC)
- Have you considered actually adding this information (properly referenced, of course) instead of just removing the whole thing? - Ta bu shi da yu 12:54, 14 Dec 2004 (UTC)
- I had added this information about MS's testing matrix to the Security section. Unfortunately you may not notice it under the weight of dubious cynical rubbish in that section. By the way, thanks for adding that comment on Maifrett - it needed to be noted. --Beachy 13:46, 14 Dec 2004 (UTC)
- Just trying to make the article NPOV :-) Ta bu shi da yu 04:32, 15 Dec 2004 (UTC)
- That seems a little disingenuous. Maifrett is a security consultant. He makes money not "by finding holes in IE" but rather by helping his clients avoid costly security incidents. Your accusation seems comparable to saying that evolutionary biologists "make a business out of contradicting the Bible" -- it suggests that you care more about elevating the status of IE than about being fair or accurate. --FOo 01:21, 12 Dec 2004 (UTC)
- I would tend to agree with FOo on this one. - Ta bu shi da yu 12:54, 14 Dec 2004 (UTC)
- Who suggested he was a heroic altruist? Not me -- I said his job is to help his clients. You know, the people who pay him. If you are actually interested in contributing to Wikipedia rather than harming it, ethically questionable practices such as setting up straw men do not help your goals. --FOo 16:53, 12 Dec 2004 (UTC)
- You inserted a pro-Microsoft quote from a "think tank" whose largest sponsor is Microsoft, and instead of explaining where the quote came from, tried to suggest that it came from the Department of Justice? How the hell can you compare that to me RESTORING a quote that you are determined to remove simply because it is critical of Internet Explorer? I don't object to your quote (although I think it is better suited to an article on DOJ v MS). I object to the fact that the way it was inserted was deliberately mis-representing the quote, the source AND the DOJ case as a whole. [6]
- Firstly you have no evidence that MS is the "biggest sponsor" of the Independent Institute, and secondly I never suggested it came from the DoJ - I mentioned it in relation to the case because it was the input of hundreds of economists that helped bring some rationality to the anti-trust case and resulted in it being settled in MS's favour. The case could not prove that MS had in any way hurt the interests of consumers. In fact, by out-competing the rival Netscape, it saved consumers having to PAY for their browser as a separate product!
- It's no secret who the sponsors of the "Independent Institute" are. It was even published in the New York Times. See this page, which has the cite to the NYT article. Moreover, it is false to imply that the case was resolved in Microsoft's favor -- Microsoft was found to have committed wrongdoing in findings of fact that could not be disputed on appeal. With the change in U.S. administration, the DOJ ceased to pursue strong remedies. That's politics, not law. --FOo 16:53, 12 Dec 2004 (UTC)
- Since the time of the press conference for our Open Letter to President Clinton on Antitrust Protectionism, in early June, in Washington, D.C., there has been no “secret” about the support we receive from Microsoft. At that time, I clearly stated that the total funding we received from Microsoft was approximately 7% of our total revenues, a best-estimate based on preliminary projections; it now appears the final figure is about 8%, a statistically insignificant difference, and far less than the 20% figure Mr. Brinkley claimed in his article. Also, and contrary to Mr. Brinkley’s assertions, Microsoft is not and never has been “the largest supporter” of the Institute.
- Lastly about the deal and Microsoft's explanation. That is a nice excuse and everything, but in the end it is just an excuse. They could simplify the process if they choose to (release the latest version of IE for ALL platforms), they simply don't because security isn't a priority (no matter how many times they say it is). AlistairMcMillan 03:13, 12 Dec 2004 (UTC)
- Oops. I meant to say "isn't high on their list of priorities". AlistairMcMillan 23:24, 12 Dec 2004 (UTC)
- Oh for goodness sake - you look at the testing matrix and call it an 'excuse'? What planet are you on? Have you ever worked for a commercial software outfit with scores of high profile clients relying on the stability of your product?? You claim for Microsoft "Security isn't a priority" - how do you know this? Have you ever worked for them? The evidence is pretty unambiguous - they have spent over $1BN on SP2, and a year of comprehensive testing. If you think this is an just a mere 'excuse' then you're more ridiculously anti-Microsoft than most! --Beachy 15:06, 12 Dec 2004 (UTC)
- I agree with Beachy, Microsoft, has spent alot of money securing it's products, in particular testing. Testing isn't easy, when I worked in dedicated hosting, we had an entire testing lab with one server of each configuration, and we would test each patch that we would apply for our customers, to make sure that it didn't have any side effects. No imagine at Microsoft, where they don't just have 10 different configuration, but hundreds it's going to take weeks of testing for just a simple patch. PPGMD
- Right now they have hundreds of configurations to test patches against. If they simply made their current version available to ALL platforms, they could simply patch the current one, instead of having to release patches for the nine different versions of IE listed on the IEBlog. They would still have to test patches against multiple platforms, but it would at the very least simplify the process a little. However they won't do that because trying to force people to upgrade (by tying their browser into Windows) is a higher priority. AlistairMcMillan 23:24, 12 Dec 2004 (UTC)
- Your argument makes absolutely no sense and the conspiracy-theorist speculation about 'forcing users to upgrade' is well off the mark. It is precisely because they _don't_ force users to upgrade that they still support old versions of IE. "Making a current version available to all platforms" is a massively complicated task for any software product and is completely infeasible for Internet Explorer, since its architecture is likely to be very different on each platform (particularly the 64-bit environments). In addition, if like Mozilla Firefox, the user interface was abstracted from behaviour, the performance would suffer. IE performs well because it appears to use as much native code as possible on each platform.
- I'm tired of this argument. You think we should never say anything critical of Microsoft. Well I'm sorry but that isn't how this place is supposed to work.
- You have worked diligently to get rid of that Maifrett quote because it is critical of Microsoft. Removing it at least four times. [7] [8] [9] [10] And now that you see that you are the only one who wants rid of it, aside from User:Ta bu shi da yu who thinks it should be in Microsoft, you are trying to discredit the quote by inserting the guys admittedly juvenile l33t hax0r job title. Come on, honestly, if his job title was "Chief Executive Officer" or "Chief Technology Officer" or anything else would you be trying to insert it? AlistairMcMillan 03:03, 13 Dec 2004 (UTC)
- I'm _not_ removing things simply because they are critical of Microsoft. I have already explained my reasons for removing that quote. Since you agree to leave the job title, I will leave the quote. There is a very obvious systematic bias against Microsoft amongst many Wikipedians on this page. I will not allow the supposed NPOV article to become one big rant just because some people don't like the fact that IE doesn't support certain parts of CSS2.1, or because of some spyware targetted at SP1, or because someone thinks tabbed browsing should be built into the browser. In many of these cases there are reasons which are out of MS's control, or MS is working on the solution. If you think it's too slow then use another product - in fact tell your friends to, as well. However, do not denigrate MS as if they have some over-arching obligation to your needs and they have let down society. If we're to move forward we need to understand the reasons why IE has been developed the way it has, and we need to help MS address the concerns (through posting on the various IE developer blogs) rather than bitching against the "Corporation" like angsty teenagers. I have no affiliation with MS. In fact I use Macs more than I do PC's these days. Apple's practises (for better or worse) are more monopolistic than Microsoft, what with them bundling their own hardware with their own OS and their own browser.. but for me it's great - everything just _works_ - and I'm willing to pay for that. --Beachy 19:48, 13 Dec 2004 (UTC)
In evaluating anything, such as Microsoft's testing and security practices, one can resort to any number of criteria for evaluation. Two such criteria are to grade the attempt on the effort expended, or to grade it on its yield or results. Let us stipulate that Microsoft expends a tremendous effort on testing and security practices. If one accepts the first criterion -- sometimes manifest as the labor theory of value, or the modern schoolroom practice of giving credit for "showing your work" rather than for getting the right answer -- then it is clear that Microsoft deserves excellent credit. If, however, one rejects this criterion and judges work based on its yield or result rather than the effort expended, then the credit earned is not so easily clear. Nonetheless, it seems that the choice between these two criteria is subjective, and that as many people do choose to grade on the basis of effort rather than result, the article should reflect both points of view -- as well as other, less well-spoken forms of evaluation, such as conformity to a majority or to a perceived elite.
Yet still, Wikipedia policy shuns "original research". It is not, therefore, our place here to come up with our own research on the quality of Microsoft's security efforts. It is, rather, left to us to document the facts as they lay, out there in the world. Some of those facts include: Internet Explorer remains the most popular Web browser; many security experts do recommend against its use; security holes have been found in all browsers; spyware today afflicts IE and Windows users to the exclusion of users of other browsers and operating systems; security is only one of many considerations that go into a cost-benefit analysis of which software to use. --FOo 20:07, 12 Dec 2004 (UTC)
Please stop edit warring
Beachy and Alistair, please quit edit-warring over the Maiffret quote. It doesn't matter that the guy's title is "Chief Hacking Officer" (if, indeed, it still is). It's a tongue-in-cheek title anyhow; that's the whole point -- it's intended to play with both the "street cred" of being a "hacker" and the "business cred" of a CXO-level title. --FOo 03:34, 13 Dec 2004 (UTC)
Not free of charge
If you read the EULA you will see that you need a Windows OS license to install Internet Explorer. This means it's illegal for non-Windows users to install it under Wine.
- But it's still free of charge because you don't have to pay anything to obtain it. If we applied your logic to every other free product then you could also argue that "freeware" isn't freeware because you need to pay for a PC to run it. So in my opinion it is of course completely free of charge, subject to the user being bound by the terms of the licence. -- Smoothy 17:15, 13 Dec 2004 (UTC)
- Wrong. The difference is the fact that you are perfectly able to obtain freeware whether you have a computer or not. It would be illogical to do so, but you are allowed to. You are not allowed to use IE without a Windows license.
- Yeah but you can OBTAIN IE whether you have a computer or not WITHOUT CHARGE but as you say you are not allowed to use it without a Windows licence so Internet Explorer IS free of charge. I think we should define what exactly a "charge" is when it comes to software, either for obtaining it or for using it. For me, I'd define a "charge" as something you need to hand over to obtain the software, regardless of whether you are going to install and use it. Smoothy 12:30, 14 Dec 2004 (UTC)
- I think it makes sense for the article to say that Internet Explorer is sold as a component of Windows. This gives reasonable faith and credit to Microsoft's anti-trust position that IE is not a separate product, while also reflecting the fact that IE is not disseminated as freeware. --FOo 23:52, 13 Dec 2004 (UTC)
- Okay, I think that makes the best sense - it's actually a statement that both Microsoft and others can agree with. Sounds NPOV to me! I've made the change, hopefully that helps. Dwheeler 17:31, 2004 Dec 18 (UTC)
References
Can someone add references? See Wikipedia:Cite your sources for info on how to do it. - Ta bu shi da yu 13:02, 14 Dec 2004 (UTC)
Factually accuracy
I'm going to take the liberty of removing the tag because I think that all concerns over fact have been addressed. - Ta bu shi da yu 13:27, 14 Dec 2004 (UTC)
CERT not use use IE
The CERT advisory was specific in nature to that one particular vulnerability the one linked, and has not been seen in any future advisories. PPGMD
- There is no general recommendation from US-CERT against using Internet Explorer. This note (one of seven solutions to a patched vulnerability) has simply been over-hyped by Mozilla Evangelists and other nay-sayers. It dates back to June, pre-dating SP2. Sorry guys but the excitement's over. --Beachy 17:37, 14 Dec 2004 (UTC)
- "IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system. It is possible to reduce exposure to these vulnerabilities by using a different web browser..." [11]
- "THESE vulnerabilities" Plural. Note how they use the term "this vulnerability" to refer to "Microsoft Internet Explorer does not properly validate source of redirected frame". Do you see the difference? Do you understand that they are making a blanket recommendation, not a recommendation specific to "this vulnerability"? AlistairMcMillan 17:54, 14 Dec 2004 (UTC)
- Yes, and since SP2, the other vulnerabilities are largely obsolete. Not that it really matters since US-CERT have NEVER issued a general recommendation against IE. The closest thing I have seen to a CERT recommendation against one browser is RUS-CERT's report about Mozilla's secretive security policy details here. I know how much you anti-IE guys would love it to have US-CERT to officially warn against IE - it would be a massive win for Firefox. However, the truth is there is no report that is entitled 'A Recommendation For Browser Usage.' There is no 'Use Alternative Browsers' directive. There is only Art Manion's note in the solutions of an isolated vulnerability report that has since been patched. ~~----
Here I'll make it easier for you, please point to the bit that says temporary... Please note the use of the word "vulnerabilities". He is not just talking about the one vulnerability.
- Use a different web browser
- There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model, local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular, proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI), and ActiveX. These technologies are implemented in operating system libraries that are used by IE and many other programs to provide web browser functionality. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an attacker significant access to the operating system.
- It is possible to reduce exposure to these vulnerabilities by using a different web browser, especially when viewing untrusted HTML documents (e.g., web sites, HTML email messages). Such a decision may, however, reduce the functionality of sites that require IE-specific features such as proprietary DHTML, VBScript, and ActiveX. Note that using a different web browser will not remove IE from a Windows system, and other programs may invoke IE, the WebBrowser ActiveX control (WebOC), or the HTML rendering engine (MSHTML). [12]
Try actually reading the passage you keep reverting. Nowhere does it say they issued a report condemning IE. AlistairMcMillan 19:46, 14 Dec 2004 (UTC)
- Something else to note in this controversy: This Wikipedia article is entitled "Internet Explorer". It is not entitled "Internet Explorer in Windows XP Service Pack 2". Beachy has implied or stated several times now that security deficiencies present in other current (supported) versions of MSIE are unimportant. However, clearly Microsoft does not agree with Beachy, since it continues to treat MSIE in Windows 2000 (and, IIRC, a few other versions) as supported products.
- (Indeed, it is not clear to me that a software vendor can abandon moral responsibility for the quality of widely-deployed products simply by declaring the most widely-used versions "unsupported". I certainly think less of Red Hat for its ill-treatment of its users in this regard -- though the Fedora Legacy effort has helped somewhat.)
- Yes you're right, and by that logic we ought to write more about the many security vulnerabilities in the previous versions of Firefox. Since it didn't have an auto-update feature there's likely to be many people still using it. I could write a whole essay on the 5-year old XUL spoofing vulnerability. What do you reckon guys - do I have your blessings on this? --Beachy 11:53, 15 Dec 2004 (UTC)
- The vast majority of users prior to Firefox 1.0 were by their very nature technically-adept users who kept up to date on security patches and bug fixes; auto-update was implemented in 0.9. (I should also point out here that Firefox only had thirteen total security vulnerability advisories lodged against it from inception through October 2004, none of them rated as "extremely critical" by Secunia, vs MSIE's 44 in the same time period, despite Firefox being beta software during that entire time period. Your comparing beta releases of a project to a mature product that is several years old is a bit disingenious.) I don't have a problem with discussing the (already fixed) security issues in Firefox, so long as context is maintained regarding their seriousness and the state of the product at the time. --Tubedogg 21:42, 23 Dec 2004 (UTC)
- We should note that other Wikipedia articles dealing with software do not make the ahistorical mistake of considering only the latest version. For instance, our (rather short) article on Sendmail repeatedly notes its somewhat unfortunate security history, and our article on Mac OS X discusses a number of different releases. Insisting on the same treatment for Internet Explorer is not anti-Microsoft bias; it is anti-whitewashing-of-the-facts bias. --FOo 23:06, 14 Dec 2004 (UTC)
- If we mentioned the Security issue, using the example of Sendmail article, it would be one sentence, IE runs under the user account, which is often an administrator by the default settings, and has had compromises in the past which are allowed to run wild due to the high level of privileges. Sendmail has had severe compromises, particularly when you consider that it takes no action by the user to get compromised other than turning an unpatched release loose on the net. While the IE compromises generally require the user to surf to an unsafe or compromised site. The Sendmail article whitewashes what are major compromises, and why I have moved all my clients *nix MTAs to Postfix when applicable.
- Now if users got as in depth in the sendmail article as we are in the IE article I would consider it an example. Anyways I feel that we could mention the CERT advisory in it's context, that it was just one of 7 options, and was considered the most severe, and was fairly specific as it has not been mentioned since them. IE is in no way perfect, but it boggles the mind how some users get infected while others that use a little intelligence don't. PPGMD
"Concerns and problems"
The edit summary says: "Restore ActiveX to list. ActiveX's trust model is a concern for many users and it is a problem, which is why IE SP2 asks before installing any." Alistair, could we expand on this? Maybe with some references :) thanks! - Ta bu shi da yu 14:40, 23 Dec 2004 (UTC)
- Added one reference. A year or two ago, Microsoft told people to turn off the "accept everything from Microsoft" check box because of a problem with something they had released. I can't remember right now (a) what specifically this component was or (b) if it was definitely related to ActiveX. If anyone else can remember, that would be a perfect example of the problems with the trust model. AlistairMcMillan 14:57, 23 Dec 2004 (UTC)
- Added another source. We may also want to include the 1996 quote from Charles Fitzgerald on the ActiveX page... "We never made the claim up front that ActiveX is intrinsically secure." AlistairMcMillan 15:14, 23 Dec 2004 (UTC)
- I'm not sure -- that's kind of a null statement. What is "intrinsically secure" meant to mean, and what software could be accurately given that label? (If no software can be called "intrinsically secure", then stating that ActiveX is not "intrinsically secure" is semantically empty or even misleading -- like saying, "Among elephants, the Indian elephant is not green.")
- The problems that many people have with ActiveX don't have to do with lacking "intrinsic security", as I see it. The two big problems I've seen described in the security literature are the inappropriateness of an all-or-nothing security model for browser-based "controls"; and the conflation of identification of a code-signer with trustworthiness of the signed code. (Basically, what users care about is not "This code was signed by FooCorp, who bought a certificate from Verisign" but rather "This code is not going to delete my porn collection and send my credit card number to the Russian Mafia.")
- Another issue is whether the ritual of code-signing and verification amounts to security theater; that is, the promulgation of highly visible rituals that do not actually accomplish an operational improvement in security. -- FOo 16:23, 23 Dec 2004 (UTC)
- Sorry. About the quote from Fitzgerald. I was kinda being facetious. If I thought that quote was at all useful here, I would have inserted it myself. AlistairMcMillan 20:08, 23 Dec 2004 (UTC)
- Heh, you guys really are enjoying all this toying with the reputation of ActiveX aren't you! Must be fun imagining all the things you could do. But have you or anyone you know had their computer "taken over," or hard drives wiped by a rogue ActiveX control? Ever? Or any of your friends? --Beachy 00:29, 24 Dec 2004 (UTC)
- Have you or anyone you know been covered in lava and killed? Me either. But that doesn't mean that the people in Pompeii weren't covered with lava and killed. Nor does your statement mean that someone hasn't lost a hard drive or computer taken over it can't or hasn't happened; the fact that you personally don't know anyone does not make the fact that ActiveX can be exploited for that purpose either illogical or untrue. And, just for the record, I do know someone who had their computer taken over due to ActiveX security problems. (My sister, just for the record.) --Tubedogg 00:48, 24 Dec 2004 (UTC)
- Chris, two things. First of all our personal experiences are irrelevant. Please read the comments in Help about original research. Second, having said that, I just want to say for the record, I fix Windows PCs for a living. That is what I do. I spend every single day either building new machines or fixing old ones. I've seen computers so infected with crap you would not believe it. Two fairly recent examples. This week I cleaned a eight month old computer that was acting strangely and found numerous viruses/trojans/worms/whatever, including one virus that had duplicated itself all over the guys hard drive. Six thousand copies of the one virus. SIX THOUSAND. Another time a few months ago I went to a house to fix a computer where "the internet is not working". Turned out his machine was fine, except for about thirty different little pieces of crap that had attached themselves to Internet Explorer, so every time he opened IE his whole machine would immediately lock up hard. You may choose to believe the publicity that Microsoft have turned over a new leaf, I'm still waiting for evidence. The list of post-SP2 exploits on my Talk page does not speak positively in Microsoft's favour. AlistairMcMillan 03:51, 24 Dec 2004 (UTC)
- Alistair, if personal experiences are irrelevant, then you shouldn't let your bad experiences colour your edits on this page. You only see compromised PC's, day in, day out - you don't see the vast majority of Microsoft PC's that are fine, and not crippled by spyware, and are not crawling with virii, and are getting along just fine with SP2. Embittered as you probably are, I should think you mistrust Microsoft in general, and will look straight for any minor flaw in SP2 in order to support your sentiment. The fact is, short of incorporating a virus-checker into SP2 (which would immediately land MS in trouble with Sophos, Norton, Symantech et al), Microsoft have made an unprecedented and significant lock-down within IE. It is a ridiculous to put FUD in this article suggesting (with no evidence) that the registry may have to be edited before SP2 can be installed.
- I know SP2 removes many of Firefox's main selling points but the bottom line is that it is a WIN for consumers. I don't care if some obscure little holes have been found in a post-SP2 Internet Explorer. Until you can prove that the dangers of these holes outweighs the benefits of the firewall, the AV-integration, the popup-blocker, the fault-tolerant addon manager, the binary/script/ActiveX lockdown, we NEED to encourage people to install this update, and not sit back and criticise it. --Beachy 12:05, 24 Dec 2004 (UTC)
- Whether SP2 "removes many of Firefox's main selling points" is both irrelevant and debatable (are there still major open security flaws in IE? Yes, yes there are) but the facts are quite simple: there IS spyware that requires editing the registry to remove it; people SHOULD install SP2; people NEED to be aware that installing SP2 on a spyware-compromised computer can cause irrepable damage to their OS. This article is supposed to be NPOV, not "NPOV until we decide there's something we should push", as you seem to be doing. ("[W]e NEED to encourage people to install this update...") That means 1] including information on why and how to install the update and 2] including information on what needs to be done prior to installing the update, including the fact that there IS spyware that requires editing of the registry to remove it. (What is it about that one sentence that has you so teed off? One gets the feeling you would be less upset if we made disparaging comments about your family than the above statement...) --Tubedogg 16:47, 24 Dec 2004 (UTC)
- I agree with your points (although regarding your second point, one may demonstrate POV by choosing which information to include). My only concern is that there are people out there with a vested interest to disparage SP2. It's a shame people can't give MS a bit of credit for spending $1BN and a year of development on major security enhancements. Of course, SP2 will not be the magic bullet that prevents all future exploits, but it's a step in the right direction for the Corporation. They have shown that they are responding to criticisms such as those aired in this page. But what's the response? Well, it seems the same people that demanded a security lock-down are now trying to rip it to shreds. Think how the developers at Microsoft (who are human beings) must feel when they read this page and most others from the grass-roots media. They must be fed up with trying to address people's concerns and getting it thrown back in their faces. I despair at the anti-MS POV that seems engrained in the psyche of most editors here. It's desperately negative and acheives nothing, unless you guys are simply here to present a case for competing browsers. --Beachy 21:42, 24 Dec 2004 (UTC)
- I don't think Alistair is arguing against encouraging people to install SP2. And I am certainly not doing so. (The funny thing is, if you knew me, I am one of Microsoft's biggest cheerleaders amongst my friends/colleagues, save for IE.) But it is not unreasonable (or unexpected in this forum) to provide both viewpoints, not just the "go ahead and install SP2, everything will suddenly turn up roses" viewpoint that you seem to be espousing. (Another side point: Microsoft *bought* both an AV developer and spyware-removal software developer and is widely expected to offer the next iterations of both their products either free or at a reduced cost to Windows owners...MS could give a flip less about pissing off Symantec etc., and 10 to 1 the only reason there's no AV in SP2 was the company wasn't bought soon enough.) --Tubedogg 16:47, 24 Dec 2004 (UTC)
Chris some people, who IMHO should know better, never manage to rid their machine of crap and simply decide to wipe them and start from scratch:
- "On Sunday night, while preparing for a trip Monday to New York, the notebook I had planned to bring was suddenly struck by the most malicious software (malware) I've ever encountered. This Trojan horse got through my defenses despite the fact that I was running the Release Candidate 1 (RC1) version of Windows XP Service Pack 2 (SP2) with the firewall turned on. It was infuriating, and after hours of investigating, deep cleaning with various antivirus and spyware products, and consulting with my technical guru (Storage UPDATE's Keith Furman, a lifesaver), I finally gave up. As I write this commentary, I'm heading to New York by train, using a different machine, and my infected laptop is home, awaiting a complete wipeout. I never did completely clean up the machine, and I'm still frustrated by the defeat." [13]
Chris, if you could put down your "I <3 BILL" banner and your pom-poms for just a second. It is not uncommon to find that you need to use all kinds of software to rid a machine of spyware/viruses/etc. I find spyware all the time that AdAware won't clean but SpyBot will. Or viruses that Norton won't remove but McAfee will, and vice versa. And now and again, by the time AdAware/SpyBot/whatever has cleaned entries from the Registry and is scanning through a hard drive, after having skipped various things it can't kill and delete, the spyware that is still running has already written the entries back in. So now and again yes, it is necessary to go in and empty HKEY_LOCAL_MACHINE/.../Run, HKEY_CURRENT_USER/.../Run, etc yourself. AlistairMcMillan 12:20, 24 Dec 2004 (UTC)
- I'm sorry to hear about your experience, and that of your friend with the laptop. However, please don't let your annecdotes colour the fact that SP2 is a very important step for Windows / IE users to take in prevent future problems like those that you have described. A firewall, popup-blocker and lockdowns on scripts/binaries/ActiveX are all significant steps to take to combat the spread of spyware. I don't care if you can find 10 snippets from people who still have spyware after installing SP2, this is NOT conclusive evidence to support your anti-SP2 attitude to the extent that you can FUD against it on the Internet Explorer page. Trust me, I will not give up on this edit - "information" like the paragraph I removed is coloured by POV and very counter-productive. --Beachy 12:28, 24 Dec 2004 (UTC)
- At long last, Service Pack 2 for XP has arrived. Like many in the security community, I'm excited about this, as it represents real, true progress for Microsoft and their commitment to security. This is not just a Service Pack - it really includes functionality, usability, and core changes in the underlying code extensive enough to be called "XP2". In fact, I think I'll just call it that from here on out.
- Now, even with these tremendous advancements in XP, some people are going out of their way to find fault with it, as they seem to do with all things Microsoft. In fact, some of this is just downright hypocritical. Security researchers and analysts continually blast Microsoft for security issues, and have done so forever (I've even done it.) But now that the company has responded in a significant way, it gets bad press for releasing a Service Pack that might break ISV applications.
- The truth here is that if an application breaks, it really did need fixing anyway. And it's not like XP2 snuck up on us, either: most development documentation has been around since last year. Its just that some are waiting until now to get on board. We as a security community have to embrace and support XP2 if we want to continue to make headway in this space. [WinXP SP2: stop moaning and get downloading Tim Mullen, SecurityFocus
- FUD is usually untrue...can you prove, to a high degree of certainty, that there is NO spyware that requires editing the Registry to remove? The fact is, I have personally experienced it, and I presume Alistair in his line of work has too. The fact that you have not, and therefore seem hellbent on concluding that no one has, is not only illogical but completely against NPOV. --Tubedogg 16:47, 24 Dec 2004 (UTC)
- I can prove that at least one Firefox user (me) has had to rename their 'chrome' directory to solve a crippling error which prevented the browser starting up, even after a reinstall. Now, should I write this on the Firefox Wikipedia article in a section called "Concerns and Problems"? What do you think people would say? Shall I try it? Such annecdotal evidence against Firefox would be equivalent to what Alistair is using to FUD about IE6 SP2. Might be fun to see what revoke-edit responses I get. --Beachy 18:40, 24 Dec 2004 (UTC)
- If you can find evidence that your error that forces a user to rename their chrome directory is a widespread problem, by all means, please edit away on Firefox. By the same token, spyware is a widespread problem, as acknowledged by nearly everyone except those that actually make the stuff, and there is spyware that is persistent to the point where manual registry editing is required. This has nothing to do with SP2, and you claiming that is does is FUD of your own. The way it relates is simply this: Microsoft says you must rid your system of spyware prior to SP2 installation, some spyware requires manual registry editing, therefore you may need to edit your registry manually prior to SP2 installation. It's a simple cause-and-effect, has nothing to do with POV and whether you should or shouldn't install SP2, and I still can see no reason why you are so determined to hide the facts. --Tubedogg 20:14, 24 Dec 2004 (UTC)
- So I have to find evidence that the chrome renaming issue is a widespread problem before editing the Firefox page, fair enough. But why is it then that Alistair doesn't have to find evidence that registry-hacking pre-SP2 upgrade is a wide-spread problem?
- I also don't understand your point about introducing FUD by linking SP2 to spyware?? Surely SP2 is all about combatting spyware? And besides, it wasn't even me that made the link between registry editing / SP2 and spyware - I'm simply trying to NPOV what someone else added. I'm not 'determined to hide the facts' - I'm concerned that certain people are responsible for selecting information that suggests that SP2 is technically difficult, or even dangerous to install when the reality appears completely the opposite. --Beachy 00:04, 25 Dec 2004 (UTC)
- I had a whole long response typed out here but I'm just going to point down below and ask again if we can't just compromise on the language. Maybe even add "Either way, most security experts recommend that you install SP2". Would that make you happy? --Tubedogg 01:06, 25 Dec 2004 (UTC)
- Aww, why did you delete your long response? --Beachy 02:07, 25 Dec 2004 (UTC)
- Primarily cause I was the one writing it and it wasn't even making sense to me. Heh. The gist of it was I don't think SP2 is a bad thing and I think that the general consensus is to install it, but you have to remove spyware first, and (again) since you might have to modify the registry, it follows that you would include that sentence with the word "can" (as opposed to "must" or some other similar absolute)...but I feel like it was mostly just a rehash of my prior arguments. I don't think people are going to really be swayed into believing that SP2 is "dangerous to install" based on the registry-hacking sentence. (After all, there are bugs/"issues" in some MS products that require people to edit their Registrys to fix, but that doesn't stop MS from publishing the info saying "edit this", albeit with a disclaimer.)
- Either way I can live with the text you added in the last edit. --Tubedogg 02:21, 25 Dec 2004 (UTC)
- Can we agree to disagree about the registry and just restate it as "Depending on the type of spyware installed, removing it in preparation for an SP2 upgrade can be as simple as running an anti-spyware tool, or it may require more extensive actions." and move on? --Tubedogg 20:14, 24 Dec 2004 (UTC)
- There's no reason to avoid mentioning the Registry, since that is the means by which people have to remove some types of spyware. The woman in the office next door to mine at work is our best Windows technician, and she regularly has to spend many hours digging spyware out from the Registry by its roots, after normal spyware-removal programs have exhausted themselves. Mentioning the Registry has a major accuracy advantage: it makes it clear that removing spyware is not a 100% automatic process like running Windows Update; it is (often enough that it matters) a substantially manual process. --FOo 05:33, 26 Dec 2004 (UTC)
- How many people have had to hack their registries to successfully install SP2? Can any one of you chaps can find some real statistics on this to back up your argument. There seems little case for the paragraph suggesting that people need to hack spyware out of their registry manually before installing SP2. If this is not a widespread issue (which I don't believe it is), then it needs to be rephrased, perhaps to the version that Tubedogg conceded --Beachy 18:06, 26 Dec 2004 (UTC)
Permission to use quote from Tim Mullen
Comments from a Reg reader: Feel free to use the quote. And thanks for asking!
Merry XMas! t
----- Original Message -----
From: Chris Beach To: Tim Mullen, SecurityFocus Sent: Saturday, December 25, 2004 8:44 AM Subject: Reg reader comment: WinXP SP2: stop moaning and get downloading
A Reg reader has the following comments to make on the story WinXP SP2: stop moaning and get downloading:
Tim, I thoroughly agree with your article on SP2 ("Stop moaning and get downloading"). I'd like to quote the first paragraph on the Wikipedia article on Internet Explorer, but another editor has reminded me that your article is copyright. I'd really appreciate if you'd give me permission to use your quote on this page, since it contains a lot of anti-MS and even some anti-SP2 sentiment, which needs to be balanced http://en.wikipedia.org/wiki/Internet_Explorer Regards Chris Beach
- Good work Chris, but can we move it out of the lead section and into the security section? Lead sections shouldn't have long quotes, they should summarise facts with detail staying in the main article. - Ta bu shi da yu 00:18, 26 Dec 2004 (UTC)
- Done --Beachy 00:46, 26 Dec 2004 (UTC)
On the purpose of Wikipedia articles
I see a number of comments above which suggest that the purpose (or one purpose) of this Wikipedia article is to convince people to take some action -- for instance, to install Windows XP Service Pack 2. This is not what Wikipedia articles are for. We are not here to be technical consultants, recommending to people our opinions of they should do, any more than we are here to be technical evangelists.
Lines like "we NEED to encourage people to install this update, and not sit back and criticise it" suggest that the purpose of this Wikipedia article is to "sell" XP SP2 to readers. (Take "sell" out of scare-quotes for readers currently running Windows 2000 -- for them, it really would be a sale and not just a free download.) This is thoroughly inappropriate, as inappropriate as if we were to write this article from the perspective that readers should immediately delete IE and run only Lynx.
We are here to write accurate articles about what is, not what people should do. Here's an example: Wikipedia's article on Abortion states what an abortion is, and what people's beliefs are about it -- it does not abuse Wikipedia's voice to claim that people should or should not have one. We should do the same. The claim, "Everyone who's using Windows should upgrade to XP SP2" is every bit as much an opinion as "Everyone who has an unwanted pregnancy should be able to get a free abortion."
The purpose of a Wikipedia article entitled Internet Explorer is to describe what a thing called "Internet Explorer" is: in all versions (especially all those currently widely used); throughout its history; its technical features and its social effects; and so forth.
As much as I agree that XP SP2 is a major improvement for IE security, we are not writing sales materials for XP SP2. We are not writing an article that deals only with the XP SP2 version of IE -- so we cannot drop descriptions of problems that exist in the widely deployed W2k version simply because they are "fixed in XP SP2".
And we certainly would be unjustified in deleting any true statement on the basis that it would discourage people from installing SP2. Our purpose here is true statements -- not encouraging people to run SP2 or anything else.--FOo 05:33, 26 Dec 2004 (UTC)
- Then by the same logic we should remove all the information about removing Internet Explorer, even though security experts allegedly recommend that, too. But, oh, wait a minute, that contradicts your agenda doesn't it... --Beachy 10:45, 26 Dec 2004 (UTC)
- That's right dude, accuse an editor of having an agenda when he has almost 1900 edits across a wide range of articles. When you have only 166 edits, and they are basically concentrated on two pages, Internet Explorer and Mozilla Firefox (140+ edits including talk pages). That is of course when you are not adding pictures of yourself to Windsurfing or adding links to your own websites to University of Bath. Yep, I can sure see who has an agenda here. I mean, get serious... you state your pro-IE, anti-Firefox agenda right there on your user page. AlistairMcMillan 14:46, 26 Dec 2004 (UTC)
- Throughout your edits you have made things very personal and rather grating toward me Alistair. But I will try to address your points and help you understand, as I always do. Firstly, even someone who has made 1900 edits may still have an agenda. To assume editors are completely neutral is naive. At least I am honest when I describe my feelings on my Wikipedia page and my homepage:
- I've recently helped make some corrections and additions in order to make the Internet_Explorer page more NPOV. I'm getting rather tired of the constant and disinformative attacks coming from the open-source / Mozilla community. They have a giant to topple for their own gain. (User page)
- Disclaimer: This tech journal does not follow the blogging tradition of Microsoft-bashing and worship of open-source. As an unaffiliated developer, I'd like to present the case for Microsoft's IE6 SP2 in the face of competitors that use evangelism to dominate the grass-roots media. (Home page)
- Just like you have demonstrated your bias against IE, attacking various aspects of its innovation, security, legality etc, I have presented the other side of the argument, attempted to balance this article. Things are not always as black-and-white as you portray. One of the major discussions on this page has described the systematic anti-MS/anti-IE bias amongst editors. You are criticising the nature of my edits and relentlessly reverting them - therefore I think it's pretty obvious that you're on the extreme end of the anti-IE camp.
- Secondly, regarding the windsurfing page, I read the discussion page, found that the editors were looking for a more exciting (non-copyrighted) picture to replace the old Lead section photo. I obliged with a photo from my personal collection. If you have a problem with that perhaps you could try raising it with the Wikipedia admin, and see if they share your concern.
- Thirdly regarding your problem with my link on the University of Bath website. Well, I thought it was rather innocuous, since it is a site built at the university, for uni students and perhaps prospective students (I know I'd have been interested to see it before starting!), featuring photos taken at the University of Bath. Again, if you take issue with this perhaps you could try raising it with the Wikipedia admin, and see if they share your concern.
- I understand you feel personally against me Alistair, which is a shame. I have made a couple of recent edits (which you have reverted) based solely on the result of discussions in the Talk page of this article. Hence I shall be reverting them back. If you want to contest that, I suggest you find a logical argument, present it on the talk page and once agreed or compromised, make the changes. What you seem to be making a habit of is reverting my changes, and then using personal (and irrelevant) attacks in an attempt to discredit me and draw attention from what you are doing. --Beachy 17:31, 26 Dec 2004 (UTC)
- I have no personal problem with you. I just question some of your edits. Such as your constant suggestion that the release of SP2 makes IE security problems a thing of the past, your suggestion that ActiveX uses a sandbox security model similar to Java (which it doesn't), that the court's decision that Microsoft abused its monopoly was over-turned (which it wasn't). And I thought it was funny for you to accuse other editors of an agenda when almost all of your edits are about your pro-Microsoft, anti-Firefox agenda. AlistairMcMillan 19:08, 26 Dec 2004 (UTC)
- Though I'm getting rather tired of reiterating this, I do NOT claim that SP2 is a magic bullet that makes security problems a thing of the past. I just want there to be at least one mention of the significance of the updates that MS have made through SP2, and I thought it was pertinent to include the commentary of a security expert, just like you did with Maifrett. I didn't expect such a quote to last long on here because of the anti-MS feeling amongst several of the regular editors. I think it's sad that the Wikipedia will always fall victim to systematic biases like this. And about the anti-trust case, I think you'll find that the original case was over-turned since noone could prove that Microsoft had harmed the interests of consumers. Indeed, in out-competing Netscape, it saved consumers paying for their browser as a separate product. Moreover, Microsoft was recognised for its contribution to the explosive growth of Internet in the 90's --Beachy 02:17, 27 Dec 2004 (UTC)
- Dude seriously. The Judge's decision was not over-turned. The Judge said they abused their monopoly position and that decision still stands. However instead of the company being broken up as he recommended, Microsoft settled with the DOJ and all the states (except for one that is still holding out if I remember correctly). AlistairMcMillan 02:41, 27 Dec 2004 (UTC)
- As far as I know, the judge's basic decision (that Microsoft was a monopoly) was never overturned. (Otherwise, what impetus would Microsoft have had to settle with the DOJ and states?) What was overturned was his proposed remedy (breaking the company into two), and subsequently Microsoft and the DOJ and attornies general created the settlement. --Tubedogg 03:24, Dec 27, 2004 (UTC)
- In its en banc, Per Curiam decision, the appeals court wrote harshly of Judge Jackson’s media activities, in which he was said to have called Microsoft a "murderous street gang," and allegedly compared the company to drug traffickers. The appeals court found "the line has been crossed" and Jackson’s actions had "seriously tainted the proceedings," and "Public confidence in judicial impartiality cannot survive if judges, in disregard of their ethical obligations, pander to the press." According to the court, disqualification is mandatory for "conduct that calls a judge’s impartiality into question." The court also faulted Judge Jackson for not holding an evidentiary hearing during the remedy phase of the case to give the parties a chance to dispute the facts they disagreed with, which is a "basic procedural right."
- The appeals court reversed Judge Jackson’s finding that Microsoft had illegally tried to monopolize the Internet browser market. And, the court remanded the lower court’s finding that Microsoft had violated federal antitrust law by tying its browser to its operating system.
- The case will now await reassignment to a new trial judge. House Majority Leader Richard Armey (R-Texas) is already calling the decision a victory. "Our antitrust laws should not be used to hold our most successful companies back to give the competition a chance to catch up. That kind of tired economic thinking is exactly what our new economy does not need."
- According to Microsoft antitrust case, Judge Jackson's findings-of-fact were not reversed, validating Tubedogg's assertion. "Only the remedy was rejected; Jackson's findings of fact remained substantially unchanged." If you don't believe the article, look at the DOJ website, which states the following:
- We upheld the district court's ruling that Microsoft violated § 2 of the Sherman Act by the ways in which it maintained its monopoly, but we reversed the district court's finding of liability for attempted monopolization, and we remanded the tying claim to the district court to apply the rule of reason rather than the rule of per se illegality.
- The law that Microsoft violated, according to the appeals court, reads,
- Every person who shall monopolize, or attempt to monopolize, or combine or conspire with any other person or persons, to monopolize any part of the trade or commerce among the several States, or with foreign nations, shall be deemed guilty of a felony, and, on conviction thereof, shall be punished...
- -- MIT Trekkie 14:28, Dec 27, 2004 (UTC)
- The bottom line is that we are not "selling" SP2 -- as you well know, it is free. As you also ought to know, we should not be FUD'ing about it since it makes serious improvements to the security of consumers. Furthermore, since it is a significant update, and highly recommended by all security experts I have encountered, we should reflect that on this page. Goodness, if you started dwelling on the beta versions of Firefox and ignored the 1.0 release you'd get a battering ... --Beachy 10:48, 26 Dec 2004 (UTC)
- As Fubar points out, it is not free if you are not already running Windows XP (which is actually irrelevant; something doesn't have to cost money to "sell" it in the sense being used here, which is not the sense that corresponds to "buy"). Windows 2000 is not a beta version, it is a widely-deployed (especially in corporate settings, who are the least likely to be able to upgrade even if they can afford it) prior version of a mature product. There is a rather large difference between FUDing about something, and not merely glossing over problems that still exist (in a stable, mature release of a product) for a large percentage of users. --Tubedogg 18:29, Dec 26, 2004 (UTC)
To clarify, there is nothing wrong with reporting accurately that some important figure (like a security expert, or US-CERT, or Microsoft) recommends a particular course of action (like uninstalling IE, or upgrading to Windows XP SP2). However, there is a difference between writing an article that reports that Joe Bloggs recommends X, and writing an article that itself recommends X.
Again, we are not in the consultancy business here, nor the advocacy business. We are in the encyclopedia business. Beachy's claim above that "we NEED to encourage people" to buy or install Windows XP SP2 is the diametrical opposite of what Wikipedia articles are for. We are not here to push SP2, nor to push Linux or Mac OS X or Mozilla Firefox for that matter. We are here (in this article and talk page) to describe Internet Explorer.
If an accurate description of Internet Explorer (including accurate & attributed reporting of opinions about it) leads some readers to choose and continue to use Internet Explorer, fine. If it leads people to install SP2, fine too. If it leads them to ditch IE and Windows and run Mozilla on Solaris/x86, that's also fine. However, none of these is the goal of the article. The only legitimate goal of a Wikipedia article entitled "Internet Explorer" is to describe Internet Explorer. Any other goal is a contravention of Wikipedia's charter.
As for Beachy's accusations of bias on my part -- I would like to think that my edits stand for themselves. I think I've done a good deal to make this article adhere closer to Wikipedia's NPOV policy, for instance breaking up the irredeemably biased "positive and negative features" list into neutral categories of present and absent features. (See Wikipedia:Pro & con lists for some proposed guidelines I wrote on why pro & con lists are anti-NPOV.) By the way, I'd like to extend thanks to Beachy for helping improve the new form of that list after I created it.
For what it's worth, my background is as follows: I work as an in-house security technician for a well-known scientific research institution. I have worked in system administration for seven years and security specifically for four years. I have in the past held the SANS GSEC certification, which covers Windows and Unix security. (It is not a very high-ranking certification, and I let it lapse this October. I don't think too much of certifications.)
At my workplace, we have about 60% Windows systems on our network, with the remainder pretty evenly split among Mac OS X, Linux, and commercial Unix. I spend a lot of time working with our Windows technicians to understand and control problems such as viruses and spyware, and to help encourage Windows users to patch their system. I have written custom software for the purpose of scanning Windows systems rapidly for known remote vulnerabilities, so as to help Windows users understand and secure their systems from attack.
While I am not a Windows user myself (I personally use Debian, Red Hat, and Solaris at work, and Mac OS X at home), I have a great deal of exposure to it and plenty of hands-on knowledge of the threats that inconvenience and harm Windows users. I freely admit that (like any other "security guy") I have more knowledge of the "negative" aspects of a lot of software than the "positive" ones, simply because my work concerns itself more with how software fails rather than how it succeeds.
I am not the kind of person who hates Windows or IE and wishes to see harm come to its users. I want everyone to have secure computing. I also want this article to be an encyclopedia article, and not to be anyone's advocacy. I am not here to push Mozilla Firefox, open-source software, or any sort of "agenda" other than the one that Wikipedia itself is here to push -- the agenda of knowledge. --FOo 18:40, 27 Dec 2004 (UTC)
- Fubar, I appreciate your mature response to my criticisms, and apologise for accusing you directly of bias. It's not fair to single out anyone on grounds of 'bias' since we all have our opinions on various things, and that's what makes this interesting.
- I do still think the Tim Mullen quote should be in the article, just as Maifrett's quote has been left in, since both are from security experts and are relevant to IE. However, I will not have another edit war on this, and in fact I really ought to get back to my degree work to be honest, otherwise I will be in trouble in the finals! --Beachy 17:34, 28 Dec 2004 (UTC)