A couple of browser security and vulnerability articles posted today. "The False Promise of Browser Security" was a good read (yours truly quoted), but something from Computer World's got my attention, "What if I don't want IE7?". Isn't that the age old question I thought to myself. At the end the author says..
"I'm torn on this issue: IE7 is more secure than IE6 (how could it not be?) and I think the majority of home users do need to upgrade. But making it a mandatory upgrade as soon as it's publicly available strikes me as draconian and premature. I don't like having major upgrades to something as fundamental as my browser forced on me. Especially when I know IE7 is going to break things."
Forcing the update of "fundamental" software. That's an important point since people will be unable to do their testing to make sure their day to day productivity won't be impacted. Let me stop there. I'll take a wild guess and say I think people are tired of listening to me bag on Internet Explorer. In fact, I'm tired on hearing myself speak talk about it. What I would like to speak about is the difficulty of building a web browser.
Consider what web browser developers have to put up with ever day. The stupid non-compliant HTTP web servers do with the protocol. Must support half a dozen client-side programming languages, with several variants each, all potentially harboring malicious code. Developers clamoring for standards compliance, then ticked off when you do. The environment is completely hostile and browser vendors have to make the best of it. Billions in revenue depends on it.
Is there any wonder web browsers are a top target for malicious hackers?