The Mac Sucks!

According to Computerworld, Microsoft confirmed today that hackers are exploiting an unpatched bug in DirectX via Internet Explorer versions 6 and 7. A Microsoft representative quoted in the article says that “A user needs to be lured to navigate to a malicious web site or a compromised legitimate web site to be affected” but no further action is needed.

However, only users on Windows XP and Windows Server 2003 are vulnerable. Windows Vista and Windows Server 2008 are immune. Users running Internet Explorer 8 are also not vulnerable.

If you read many of the Windows and Internet Explorer security bulletins Microsoft has published since the release of Windows Vista, you’ll see that a lot of those vulnerabilities do not apply to Windows Vista and Windows Server 2008 (which incorporate the same security model). It should be clear from this that while Microsoft Windows is by no means immune to attack, great strides have been made in Windows security since the XP days.

Microsoft worked with security experts to improve the Windows security model for Vista. The result of this work is a reduced level of vulnerability to exploits like the one described above. While Vista security (and by extension, Windows 7) is by no means hacker-proof or invulnerable, it does seem to be more resilient than Windows XP to attack. Microsoft continues to take a proverbial beating in the media because the majority of Windows desktops are still running Windows XP (or earlier). Combine the number of XP systems with its weaker security, and you have a perfect recipe to make Microsoft products as a whole seem to “still” be insecure.

It will be interesting to see what happens in the Windows security space if Microsoft is successful in convincing most customers to upgrade to Windows 7 when it’s released. While I would not be so stupid as to suggest that Windows 7 will be a panacea and eliminate all the security problems in the Windows space, I do believe it will make the kinds of attacks that are commonplace in Windows XP far more difficult to pull off… and hopefully far less numerous.

Since this is a site that discusses multiple desktop operating systems, it might appear to be implied that I’m suggesting Windows 7 and Windows Vista are “more secure” than other desktop operating systems such as Linux or Mac OS X. That is not the case. The point I am attempting to make is merely that Microsoft has improved security in Vista and 7 relative to earlier Windows releases. Whether this security is “better” than that of OS X or Linux (or not) is not the point.

A little while back, Apple caused a stir in the technical community by alleging that its Safari 4 browser was the fastest browser available for Macintosh and Windows. Since then, a lot of articles have been written comparing the Safari browser to various others. The June 2009 PC World issue (on page 10 for those following along at home) is an article entitled “Browser Speed Showdown: Chrome is Golden” in which the page rendering speed of the Google Chrome 2 Beta, Mozilla Firefox 3.0.7, Microsoft Internet Explorer 8, and Apple Safari 4 Beta are compared.

In the comparison, the page load time for each browser is timed for several popular web sites, such as amazon.com, apple.com, and others. An average page load time is computed as well. The results of the comparison appear below:

According to the article, for each test they cleared the browser’s cache and then loaded each page 10 times per site, per browser, to factor out fluctuations in network traffic and to build a sample size large enough to identify trends. In addition, they threw out the two best and two worst scores for each test to reduce the influence of fluctuations and provide more consistent results. The measurements did not rely on the browser’s indication that it was finished rendering the page, but waited until all visual elements were loaded and ready to use.

The fastest result for each site appears in bold in the table, and the fastest overall average also appears in bold. As you can see, for the web sites tested, the Chrome 2 Beta beat all the other browsers in every test except one. It was also interesting to note that Firefox and Safari, which are normally considered “faster” browsers by many users, actually tied for last place in this particular test.

However, as PC World noted in the conclusion to its article “Many users won’t notice any performance difference in the browsers we evaluated. With fast broadband service, you likely spend little time waiting for pages to load anyway… All four of the browser we tested are pretty fast, so you should focus on which one seems most compatible.” It might also be useful to examine the feature sets of the browsers to find one that works most like the way you do, since page rendering speed isn’t that different among them.

According to an article by Ina Fried on Download.com, Microsoft has announced that it won’t be finished with Internet Explorer 8 until 2009.  They plan to offer one more public test version of IE 8 before releasing the final version.  That public test version is expected to be released in the first quarter of 2009, meaning that Microsoft will miss its goal of finishing IE 8 in 2008.

It’s good to see that Microsoft is taking its time getting IE 8 to market, which implies that they’re taking the extra time to squash bugs and collect user feedback.  (In fact, Fried makes a note of this at the end of the article, saying that Microsoft’s “Hachamovitch also called on technical users to download the current beta 2 version and let Microsoft know how that goes.”)  I suppose that’s the advantage of working on a product that doesn’t (at least directly) generate revenue for Microsoft…

BusinessWeek poses the question “Will Google’s Browser Hurt Firefox?” on their site. I would say the short answer is “yes” but that doesn’t tell the whole story.

Google’s “Chrome” browser will get attention if for no other reason than it’s from Google, a company that’s perhaps second only to Apple in its ability to capture the attention of the media when it produces something new. Even that statement short-changes the impact that Chrome is likely to have on the browser marketplace. If you read Google’s description of Chrome, it will minimize (though it can’t eliminate) the potential for browser-based malware attacks to do any significant damage to a system. It will (likely very drastically) improve the performance of Javascript-heavy browsing, such as Google’s own browser-based apps. More perhaps than Firefox and IE, Chrome is in a position to be heavily tested, since Google can rely on its huge database of web sites to find flaws in Chrome – perhaps even before the users see them.

This is not to say that Chrome will be the be-all and end-all of browsers. Its future market share will depend, in large part, on the quality of the software and the browsing experience. In its early days, FireFox was praised for its speed, but jeered for its lack of compatibility with many popular web sites (which were largely optimized for Internet Explorer). It seems to have largely overcome that today. I suspect that Chrome may have similar issues “out of the gate” in that it’s based on WebKit, the same technology behind Safari and Konqueror. We already know from existing reports that Safari’s compatibility with IE-optimized sites is far from perfect. By borrowing the same code base, Chrome will very likely inherit the same issues.

Perhaps the greatest benefit from the development of Chrome, however, won’t be the browser itself. Even if Chrome is a complete failure in the market, there is a very real chance that the work done on its open source core will improve the compatibility of Safari, FireFox, and other open-source browsers. And, as Google suggests in its comic book, Chrome might be taken over by a third party and improved in ways that Google couldn’t dream of. So Chrome’s real benefit is the effect it should have on WebKit-based and open source web browsing. It represents a new way for Mozilla and Microsoft to look at the browser itself. While it’s probably too late to do anything for Internet Explorer 8, it could inspire Microsoft to do good things with IE 9 (or whatever follows IE8).