“IE Shines on Broken Code” Story on Slashdot


The information published in this post is now out-of-date and one or more links are invalid.

—IEBlog Editor, 20 August 2012

Slashdot picked up a story from Bugtraq entitled Web browsers – a mini-farce in which Michael Zalewski talks about feeding a variety of browsers a healthy dose of bad content over 2 hours and seeing what happened.  The story also includes pointers to the tools he used for hammering the browsers.  

Here is a bit of his report:

6) Pointless rants
 
  It appears that the overall quality of code, and more importantly, the
  amount of QA, on various browsers touted as “secure”, is not up to par
  with MSIE; the type of a test I performed requires no human interaction
  and involves nearly no effort. Only MSIE appears to be able to
  consistently handle [*] malformed input well, suggesting this is the
  only program that underwent rudimentary security QA testing with a
  similar fuzz utility.
 
  This is of course not to say MSIE is more secure; it does have a number
  of problems, mostly related to its security architecture and various
  features absent in other browsers. But the quality of core code appears
  to be far better than of its “secure” competitors.

 
I cannot speak for the other browsers talked about in this report, but I can speak to the IE portion of this report.  It is no accident that IE is responding this way to the tests that were run against it because we intentionally take a number of steps to make IE resilient. 

At the end of the product cycle for Windows 2000 and as part of the Secure Windows Initiative, Microsoft developed a set of tools called Prefix and Prefast to do dynamic source code inspection, which helps scour the source code for bad code and bad coding practices such as null pointer dereferences.  These tools help us find obscure crashing code paths that manual code inspection may miss.  For XPSP2, we recompiled with the  –GS flag to help mitigate certain classes of buffer overruns.  For more information on the Windows Secure Windows Initiative see Michael Howard’s Technet article. 

These tools are publicly available as well.  Prefast is part of the Windows Server 2003 Device Driver Kit [DDK].  There is a code quality tool for managed code called FxCop available on http://www.gotdotnet.com.  

In addition to code quality initiatives, there is a very healthy suite of stress or load run against IE that we still use and extend today when we test.  We throw a variety of things at the browser, including good HTML, bad HTML, variety of media, and “the kitchen sink” to see if we can get it to hang or crash. 

We also utilize the Windows Error Reporting to help understand the causes of IE crashes or hangs in the field.  For more information the Windows Error Reporting, see the Windows Quality Online Services web site. 

However, despite Zalewski’s results and our continued effort with Windows Error Reporting, stress testing and code quality tools I know we can do better as there places where you can crash IE with certain images or HTML.  But this is what I relish about my job – continually driving quality up and up over time. 

Scott

Comments (77)

  1. Anonymous says:

    There’s a long thread about this on Channel9:

    http://channel9.msdn.com/ShowPost.aspx?PostID=26013#26013

  2. Anonymous says:

    Oh well, it seems Microsoft really got this right. However, one might argue, it isn’t any wonder because the evolution of IE has contributed to quite a lot of the bad HTML out there.

    This browser is quite well-known for its tolerance for almost everything while having great difficulty to get standard-compliant sites right. Maybe IE did not crash because it’s sort of "used to" and "designed for" bad HTML – with all the good and all the bad side effects.

    Nevertheless, getting PNG and CSS right and adding tabbed browsing might still be a good idea, and please, make this browser stop displaying Office documents by default – this is so annoying to fix on a large amount of machines…

  3. Anonymous says:

    Wow Ralph, that was nearly a compliment 😉

  4. Anonymous says:

    Get Mozilla Firefox.

    http://www.getfirefox.com

    DUMP THAT TRASH THAT IS INTERNET EXPLORER.

  5. Anonymous says:

    Another classy Firefox fan.

  6. Anonymous says:

    Reggie, This specific vulnerability requires a lot of user interaction (Drag & Drop that will show an HTML file instead of image file created on local computer, plus a click on a strange looking button).

    I think I’ll take a trojan Alex after 20 action (that you need to be really stupid to do them) over a site hijacking (Bank site or any other password protected site) with one click.

    http://secunia.com/advisories/12712/

    Each browser has his own weaknesses. You just need to go find and fix them. Microsoft did that with XPSP2, and now creating an automated exploitation of vulnerabilities in IE is harder than ever.

    Mozilla still suffers from great spoofing vulnerabilities (Until someone will find the weakness considering the XPInstall feature that will cause the automatic remote file execution vulnerabilities be a piece of cake to exploit).

  7. Anonymous says:

    Too bad IE doesn’t shine on Standard-Compliant Code.

  8. Anonymous says:

    As I accidentiaolly posted in the wrong thread earlier, it’s amazing how you normally consider anything posted on slashdot as irrelavant but when the slightest positive aspect shows up then you’re linking to their stories.

    So, you’ve got one up over the rivals? You’ve still got miles to go.

  9. Anonymous says:

    Come on web-developers. What are your own experiences? If you build web sites then you test on both platforms right? Now you tell me which browser crashes the most…

  10. Anonymous says:

    InternetExplorer + OutlookExpress combo used to crash constantly on my PC, every day. And I got spyware&dialers because of it. The worst software ever.

  11. Anonymous says:

    IE shines on broken code

    would be good except:

    IE breaks on shiny code!

  12. Anonymous says:

    If you had actually read that Slashdot story, you would have noticed that there were loads of people saying that the non-Internet Explorer browser results were inaccurate – i.e. they couldn’t reproduce the crashes.

    So where it says "Internet Explorer shines", replace that with "Internet Explorer manages to keep up with everyone else in one aspect". Doesn’t sound so impressive now, does it?

    > Only MSIE appears to be able to consistently handle [*] malformed input well

    It’s such a shame it can’t handle well-formed input well. I don’t give a damn about contrived code attempting to crash things, I write well-formed code and want it to work according to spec. Other browsers can handle this well, you’d think the world’s biggest software company would be able to get a little thing like a web browser right.

  13. Anonymous says:

    Very very true Jim.

  14. Anonymous says:

    To tell the truth, I’ve never had IE, Opera or Firefox crash on my PC while developing. When surfing, though, Opera sometimes goes down in flames (about twice a month; I hibernate my PC, so it tends to run for a couple of weeks), though it’s no biggie since it can continue where it left off after restarting it.

  15. Anonymous says:

    I use firefox, mainly because of the security. I have yet to experience a problem with firefox, although I realize there are some they have mainly seemed to be problems that could be fixed by tweaking my registry to turn off protocols etc. I suppose however that attacks could be managed against firefox that would be every bit as devastating as against IE. As for IE’s standards compliance I can remember a time when it was basically the most standards compliant, but that time is long since. That there is a quality to the browser that is superior to others I don’t doubt, it is, however, a quality that does not interest me and I would suppose would not interest most anyone that was informed of it.

    that said: people claiming Firefox is faster than IE? Come on, your IE must just be loaded down with spyware for you to make that assertion.

  16. Anonymous says:

    When it comes to startup, Firefox is gdamnawfully slow. IE starts up the fastest, Opera is a close second. As for rendering speed, I can’t really tell, though Opera seems the fastest (not on JS heavy pages, though).

  17. Anonymous says:

    Isn’t it a normal reaction when after only complaints and negative press, these devs want to use a positive newsitems in there blog? And also, they are not boosting about it, they explain what the reason is that IE doesn’t crash. Good info and good for them to hear something positive for a change.

    Firefox is my main browser, but I know for sure that the IE browser will come with a new version in the not to distant future that will have all the extra features Firefox has and problably better. Has IE won again when this happens? Ofcourse. But even then we all should be extremely grateful of Firefox because they have caused Microsoft to change it’s plans about IE

    Why will IE win again? Because IE is part of the OS and the non-technical people don’t know about browsers, they know about "the internet". When I changed my icons on my desktop at home and deleted the icon of IE, so there was only a Firefox icon, my sister called me at my work to tell me that the internet was deleted from our computer.

    Also, Firefox startup time is much slower then IE, but isn’t that logical when IE is part of the OS? When they are in memory IE takes 1 second to start up and Firefox 2 seconds. But Firefox has a lot of plugins loaded in my case, so the 1 second extra gives me 500% extra functionality compared to IE.

  18. Anonymous says:

    > Firefox is my main browser, but I know for sure that the IE browser will come with a new version in the not to distant future that will have all the extra features Firefox has and problably better.

    Care to explain why you are so sure when even Microsoft says otherwise?

  19. Anonymous says:

    Jim, I don’t know what you mean when you say "even Microsoft says otherwise".

    Unfortunately we’re not yet able to discuss on this blog anything specific about the next IE but certainly the feedback here and elsewhere is driving a lot of our work.

  20. Anonymous says:

    I deleted an earlier post because it did not comply with our blog posting policy.

    if you have a security issue in IE you would like to report, please submit it the Microsoft Security Response Center https://s.microsoft.com/technet/security/bulletin/alertus.aspx

  21. Anonymous says:

    @Jim

    Scobleizer (http://scoble.weblogs.com/) has said that he saw a new prototype, he couldn’t say anything about it, but he said that he would delete firefox when half of it would come to the release version

  22. Anonymous says:

    Quote: Unfortunately we’re not yet able to discuss on this blog anything specific about the next IE but certainly the feedback here and elsewhere is driving a lot of our work.

    But I think this silence is what loses your developers. It’s not a silence in anticipation for the next latest and greatest Halo, or an upcoming marketing product that has a buzz of quality. It’s about wanting to see if we can support IE, or we should jump off that wagon… and much like our presidential debates, you’ve covered the general topic of concern (security) but ignored the specifics that are driving the real issues at hand.

    This is the very reason why many of us in the web community view this blog as simply cosmetic — rather than a heartfelt attempt to address our issues and improve your product. As a designer, I want things to move forward; I would assume so should you, but there has been nothing on this blog but touting the MS party line. The code alone of this site, whether it be the blame of your CMS system, seems to contradict a vision of moving forward.

  23. Anonymous says:

    > Jim, I don’t know what you mean when you say "even Microsoft says otherwise".

    There have been a number of news articles and statements from Microsoft saying that there will be no more standalone versions of Internet Explorer and that the next version will be in Longhorn.

    I haven’t seen any clear statement either here or elsewhere to contradict that, which is why I asked how Martin "knows for sure" that a feature-packed new version of Internet Explorer is just around the corner.

    I can spend some time digging around Google if you need the references, but they were fairly well-publicised at the time. I obviously don’t know better than you what you are doing, but it’s not idle speculation to listen to what your co-workers say to the press.

    > Scobleizer (http://scoble.weblogs.com/) has said that he saw a new prototype

    Well a prototype is a long way from a released product. I’d be *extremely* happy to see a new version released, but I don’t have much faith in it happening any time soon.

  24. Anonymous says:

    > But I think this silence is what loses your developers.

    Speaking personally, every time I develop a new web admin tool, I’m close to dropping Internet Explorer workarounds.

    Telling a general web audience to use another browser to view a website isn’t feasible. Telling an established partner to use another browser for a web application is feasible.

    Right now, I’m still spending time working around Internet Explorer bugs, but I’m getting more and more fed up with it. I’m sure I’m not the only person that feels that way. The longer I see no movement in Internet Explorer development, and the more people I see switching away from it, the harder it is to justify spending valuable time on Internet Explorer workarounds.

  25. Anonymous says:

    Jim, a new IE, even if availble only with Longhorn, is still a new IE.

  26. Anonymous says:

    Scobleizer has a horrible visually designed website, with poor semantic code, and a significant amount of CMS errors — not to mention the quality of the content on that site is a step up above the Directors meeting I’m about to step into for work here.

    The point of that rant is, I don’t value his opinion as to wether IE 7 is worth it’s weight in gold. As much as that is interesting — I would love to hear a quality profession web-developer outside of MS who can prove he creates solid work, boast the quality of IE 7, and that would probably get me thinking.

  27. Anonymous says:

    IE doesn’t crash as much as FireFox, or Mozilla, or Safari in my experience… plus IE loads faster, mostly because it is part of the OS, so it doesn’t need to load from scratch….

    But the fact remains that IE doesn’t support CSS well enough to be my #1

  28. Anonymous says:

    Good points but you kinda added in a few more clicks?? BTW the Microsoft dude Bruce Morgan [MSFT] doesn’t seem to agree with you, he deleted the message trying to hide it lol. Says its against policy. Which policy is that Bruce Morgan [MSFT]

    http://blogs.msdn.com/ie/archive/2004/07/22/191629.aspx

    Funny he left in links to the fuzzer that breaks the compeditor products

    Let’s put the story back eh Aziz, see how long it last this time since its all over the news

    http://www.eweek.com/article2/0,1759,1681218,00.asp

    http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1017934,00.html

    http://secunia.com/advisories/12889/

    http://www.securitytracker.com/id?1011851

    Bruce Morgan [MSFT] you gonna delete something play fair and delete the head story dude point to the compeditor fuzzer otherwise we all must conclude your hiding something

  29. Anonymous says:

    "I don’t give a damn about contrived code attempting to crash things, I write well-formed code and want it to work according to spec."

    Security is far and away a much bigger issue to the user than standards compliance. IE can still do anything (with js "hacks") that Firefox can do, it just requires some effort on the web developer’s part. So to the end-user, there isn’t much of an advantage. However, you very much should be worried that Firefox’s code-base is prone to buffer overflows and filled with null dereferencing. These can be at the least very annoying, but potentially dangerous, things.

  30. Anonymous says:

    Quote – Security is far and away a much bigger issue to the user than standards compliance. IE can still do anything (with js "hacks") that Firefox can do, it just requires some effort on the web developer’s part. So to the end-user, there isn’t much of an advantage. However, you very much should be worried that Firefox’s code-base is prone to buffer overflows and filled with null dereferencing. These can be at the least very annoying, but potentially dangerous, things.

    First off, I’m a little tired of the anonymous — doing that only makes you look like you’re not willing to back up your statements.

    The large amount of hacks for IE needed significantly outweighs any other browser hacks… but much less, all the other browsers have updated these errors rather timely with the exception of a random few, major ones in IE have been there for years.

    Security is a signifigant issues, and if you had read some of the posted articles, or spoken with other end users, victims of hacks, and developers — the linked OS/IE issues have been extremely more drastic than Firefox’s code-base bugs.

    Again, the next time you post, I’d like to see if you’re brave enough to show us who you are, rather than a fly by weak arguement — typical of a user unable to debate.

  31. Anonymous says:

    Nobody has been able to show my how to use a PNG with an 8-bit alpha channel as a background image in IE.

  32. Anonymous says:

    Reggie, you posted a link directly to what appeared to be an exploit page, rather than to an article about an exploit. We appreciate people not doing that.

  33. Anonymous says:

    @Bruce

    IE only for Longhorn will loose us devs, because for a long time Longhorn will only be a minor percentage of the browsing world (0% for the next 2 to 3 years)

    When IE had 95% of the browsing world, web applications for IE only where no problem. When it will take 2 to 3 years more to put out a standard compliant browser, it most definitely will mean that more and more devs will make web applications for starndards compliant browsers only.

    So I totally agree with Jim that there will come a time very soon that we webdevs stop working around the problems in IE. (I’m working on a personal project in my spare time for 2 years now, where I’m making a windowing system in DHTML. When I started, I used IE only, because I thought that it was the only browser capable to do all the nice tricks and do it fast. Firebird/Firefox was nowhere to be found and the mozilla package was horibly slow and a lot of the pages where still from our infant internet years, so broken code, so no go in mozilla.

    Then came Firebird, a lean mean browsing machine that had no problem to run my windowing system very fast.

    At first I thought that I could develop in Firebird and later do some workaraounds for IE. But now that I’m almost ready to show humanity my windowing system, and Firefox is gaining momentum every day and it will be a lot of work to make it work in IE, I’m thinking just to drop IE as a target. (My main problem is the non standard event system in IE and only thinking about making it work in IE makes me an unhappy developer)

    But then came Scobleizer, and I thought that Microsoft had dropped it’s plan to do a longhorn only IE, I was having second thoughts. And then you make your remark about longhorn IE also being a new IE, wich translates in IE7 will still be a longhorn only IE, so now I know for sure: my windowing system will be an standards compliant browsers only system (It works on apple, linux and windows in Mozilla, Firefox and Opera).

    Should you care? Not about my amateur windowing system, you will probably never hear from it again. But the fact that I as a webdev, just like Jim see it as feasable to drop IE as a target for web apps is something you should care about.

    And please, if there are plans to do something before Longhorn, for your own sake, make a buzz, because this blog doesn’t give us hope and hope is what we need at a minimum to still give IE a serious thought in our daily developing work. IE in Longhorn is no hope at all

  34. Anonymous says:

    Bruce, the web developers are sick and tired of waiting for a new IE. Longhorn will come out in 2006 (probably in H2) and won’t be widespread until H2 2007. This basically means SEVEN YEARS for a new browser! And I’ll be damned if IE’s market share doesn’t drop below 50% by that time… In fact, more and more people are sick of IE6, and the trend will continue up to the point that even bundling IE10 in Longhorn won’t help as much – IE will still be seen as "that nasty security hole".

  35. Anonymous says:

    > a new IE, even if availble only with Longhorn, is still a new IE.

    Consider the context. I was responding to:

    > I know for sure that the IE browser will come with a new version in the not to distant future that will have all the extra features Firefox has and problably better.

    Note "not too distant future". I don’t consider the web browser that will come with Longhorn to be in the near future. I don’t think many people do.

    > Security is far and away a much bigger issue to the user than standards compliance.

    I agree. I’m a developer that has to deal with Internet Explorer. As a user, I am free to use whatever browser I like, so I am obviously more concerned with Internet Explorer’s ability to deal with correct code than its security.

    > IE can still do anything (with js "hacks") that Firefox can do, it just requires some effort on the web developer’s part.

    That’s not true. The dependence on JScript is a deal-breaker in many situations.

    > However, you very much should be worried that Firefox’s code-base is prone to buffer overflows and filled with null dereferencing.

    I agree that it’s a cause for concern, but given the relative security records of the various codebases, I’m much more comfortable using Firefox than Internet Explorer.

  36. Anonymous says:

    No one who reads this blog really cares how well IE does on bad code. We want to know when it will work with good code.

    You don’t have to commit to a specific feature set or release date right now, but throw us a bone here. This blog is currently little more than a place for IE devs to high-five each other over SP2. It’s nice that IE is finally relatively secure (on Windows XP), but this should have happened years ago. If all you can talk about is SP2 then there really isn’t any reason for this blog to exist.

  37. Anonymous says:

    @[unknOwn]

    2007 – 2004 = 3 years. You might want to get a better calculator.

  38. Anonymous says:

    I don’t see a new IE in 2004. The last version came out in 2000. The SP2 release is NOT a new IE, it’s just a small security update for WinXP users only. And you might want to get a better browser 🙂

  39. Anonymous says:

    If the "real" next IE comes out with Longhorn, which I consider to be not unlikely, I do hope that MS will at least have the good sense to release a version for Windows XP.

    If MS is intent on the "no standalone IE" thing, they could still release an XP Service Pack that has the new IE.

  40. Anonymous says:

    If they release it *just* for Longhorn, it’s another reason for people to upgrade.

    Dirty tricks like that are the reason that M$ has the monopoly.

  41. Anonymous says:

    Sven, by the time Longhorn comes out, there’ll still be more than plenty Windows 2000 users, and I reckon some 9x ones, too.

  42. Anonymous says:

    I’m sorry to be the one to report this (though I’m sure you already know this but there was an updated mail on Bugtraq today

    To all those who considered my original post to be a great propaganda ammunition for praising MSIE, bad news – although it did take a longer while for it to give up – three hours – (impressive by comparison to competitors), it eventually did:

    http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html

  43. Anonymous says:

    Sriram, I assume that is a link to a document that crashes Internet Explorer? Linking directly to a proof-of-concept without any warning is only going to get your comment deleted. Link to a press release, discussion, etc instead if you want to do more than just crash peoples browsers.

  44. Anonymous says:

    That link didn’t crash my main home system right now (IE6, XPSP2, fully patched) and it looks like benign enough malformed HTML.

  45. Anonymous says:

    There really is little reason for the IE team to be ‘pleased’ with their creation, it does not and has not ever performed particularly well with most Web Standards and this is a primary reason that I have dropped IE completely as a target browser for my applications. Perhaps its time to throw the IE code in the trash and start again?

  46. Anonymous says:

    > If they release it *just* for Longhorn, it’s another reason for people to upgrade.

    WHAT??! Upgrade a browser by spending another 400$? No… it’s another reason for people to choose another browser. Opera, and FireFox are OS-independent.

  47. Anonymous says:

    Sorry – should have been sensible. How do I delete the comment? Or could you do it for me? But it crashed my IE (with SP2 and fully patched – I’ve sent the error report too)

  48. Anonymous says:

    Here’s the BugTraq article that discusses this

    http://www.securityfocus.com/archive/1/379207/2004-10-21/2004-10-27/0

    His browser seems to be of an earlier build but mine is 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

  49. Anonymous says:

    Sriram, you may know that the the fault bucket number of your report is recorded in the event log when you send a report.

    Right click My Computer, choose Manage, expand "Event Viewer", in the "Application" node. The fault number is recorded in the "Error" type event with event number 1001.

    Can you tell me what that number is?

    Thanks

  50. Anonymous says:

    > WHAT??! Upgrade a browser by spending another 400$? No… it’s another reason for people to choose another browser. Opera, and FireFox are OS-independent.

    Yes, but you’re forgetting most users think that IE is "The Internet", and don’t have a clue. Microsoft will tout it as "Longhorn is the best choice for you, with a brand new version of Internet Explorer giving you an amazing new web browsing experience. With support for the latest technologies like transparent PNGs and CSS2, along with our new tabbed browsing interface, you don’t want to miss this great new browser that comes only with Windows(R) Longhorn(TM)."

  51. Anonymous says:

    Turnip, that’s a long shot. Right now, Mozilla’s market share even goes up to 20% on some sites, and it’s creeping up further as we speak. There will be Firefox ads in newspapers, even. The community is growing, and by the time Longhorn comes out (late 2006), Mozilla will be around the 50% mark. Do you really think people will switch back to IE after all the pain and grief it has caused them? Do you really think people will upgrade to Longhorn, a beast that will need top-of-the-line hardware with four gigs of RAM? Longhorn won’t be starting to spread until H2 2007, and won’t be widespread until 2009. In 2009, what do you think Mozilla’s marketshare will be? I’m guessing 75%.

    Don’t underestimate the common users – place a FF icon on their desktop, name it "The Internet" and everything will be the same for them.

    Not that I like Firefox in its current state, though – Opera is a vastly superior browser and will probably continue to be.

  52. Anonymous says:

    So IE can do anything FireFox can do with some JS? How about a tabbed IRC client? Be real. FireFox does with JavaScript what IE needs visual studio to accomplish.

  53. Anonymous says:

    Fault bucket 144888907.

  54. Anonymous says:

    Well, from your words, instead of writing good code, you just fixed bad code ny using automated tools and new compiler options. I don’t see how this make IE "better". Mozilla guys could use those compiler tricks too – that technology has been available in GCC for years

  55. Anonymous says:

    Really Diego? Then what stops the Firefox team from using those extensions? And besides, Firefox builds on Visual Studio too – so they could make use of the /GS protection too (which they’re probably getting if they’re using the default settings).

    Do remember good coding is not about writing code alone – and hats off to the IE team for the improvements in security and quality over the years. From a time when I used to ask friends to use Opera and Mozilla to visit *dangerous* sites, I can now happily recommend IE to them.

  56. Anonymous says:

    FireFox will never reach 50% market share, especially in only a few years. Why? The average user doesn’t care what browser they use. The average user doesn’t even know what a browser is. The ad in the NY Times? That’s not going to generate that much market share. All the downloads that have been recoreded since are from all the techies who know what a browsers is, or techies who force their friends / relatives to use it.

  57. Anonymous says:

    You think it won’t? For most users, the browser of choice is whatever sits on their desktop with the words "THE INTERNET, CLICK HERE" written below the icon. Many (MANY) sysadmins are deploying FF on their networks; hence, people will start using FF from work more and more often. Their kids will install it at home, etc.

    More than half of FF downloads come from current IE users.

  58. Anonymous says:

    I posted a comment on Dave Massy’s blog last week about this story, but it didn’t attract any comments. As it probably is relevant to this disussion too, I’ll briefly repeat myself.

    In the slashdot thread there was a link to an IE-crashing page, and what I’m asking is which browser is going to fix it’s respective problems first? My money is on the open-source ones…

    The ie-crashing html is at http://www.diplo.nildram.co.uk/crashie.html (ob. warning – this will crash IE, but only when you mouse over the link on this page)

    My original post is at http://blogs.msdn.com/dmassy/archive/2004/10/15/243115.aspx#244627 and as an update to that, I have now tried it with SP2, and it wasn’t fixed…

  59. Anonymous says:

    >Do remember good coding is not about writing code alone – and hats off to the IE team for the improvements in security and quality over the years. From a time when I used to ask friends to use Opera and Mozilla to visit *dangerous* sites, I can now happily recommend IE to them.

    Is that me Sriram, or did you just write a completely contradictory statement? Good coding is not about writing code alone — wether you’re fitting intelligience or technique, in the end good coding IS about writing code.

    How can you now happily recommend your friends to IE? How can you praise their security/quality efforts? I don’t blame these developers, they’re taking orders after all… but we have seen the same browser stagnate for years now, with drastically more vulnerabilities day in and day out. What then are you thankful for?

  60. Anonymous says:

    He meant "good software engineering is not about writing code alone".

  61. Anonymous says:

    IE’s resilience to broken code is a GOOD thing?? Then IE must also accept that their resilience is also encouragement.

  62. Anonymous says:

    Yes it is a good thing for users. And 9 times out of ten user’s needs are more important than developers, no matter how much developers moan in this blog’s comments.

  63. Anonymous says:

    Yeah, IE’s resiliance to broken code is a good thing. No browser should crash on broken code.

    What’s bad is IE’s rendering of broken code.

  64. Anonymous says:

    Users are more important than moaning developers? Hmm… without the developers, what exactly is there for the users to view/use and be happy with?

    I don’t know of anyone who "forces" anyone else to use an alternative browser. I DO know of a certain large company that goes to great lengths to force me to use IE, however… as well as many websites that would try to force me to IE. Personally, people come to me with Windows problems (viruses, spyware, etc). I point them to the Firefox page. They thank me later.

  65. Anonymous says:

    Speaking of crashing, any chance of stomping on the mshtml.dll crash that I get almost daily? It has something to do with the phpBB forum software, but it crashes about 10% of the time when I submit a new post. It crashes the browser and then I lose my post. Very frustrating. 🙁

    I used Firefox for a while, then gave up on it because of wonky rendering problems – I found myself having to fire up IE 5-8 times a day, then I asked myself why I didn’t just go back to IE. I’ve never had any problems with viruses, spyware, or anything else from using IE.

  66. Anonymous says:

    Jason, I might be able to help you resolve the crash. If you’ve reported that crash via Windows Error reporting, you can then tell me which fault bucket it is via.

    Right click My Computer, choose Manage, expand "Event Viewer", in the "Application" node. The fault number is recorded in the "Error" type event with event number 1001.

    Send me that number via the contact link way up at the top of the page.

  67. Anonymous says:

    FYI I’ve deleted some comments that violated our posting policy.

  68. Anonymous says:

    I’m a relatively new web designer. And a total noob to the web standards movement. But over the last 6 months I’ve learned a lot about valid html/xhtml and CSS and the bugs of IE.

    I hate IE.

    Almost every site I’ve done this year I’ve done from start to finish using firefox, opera, and safari. Lay out my div’s and css id’s and position them and call it a day. Beautiful.

    Then, waste my weekends at home trying to figure out these damned IE bug workarounds. I have to figure them out at home because if I were on the clock at work trying to fix them we’d have to charge the clients outrageous sums of money for all the time spent.

    See where I’m coming from.

  69. Anonymous says:

    Thats where other browsers shine – Firefox and Opera have already fixed problems.

    In the meantime Michael Zalewski has found a similar hole in IE – not fixed.

    http://lcamtuf.coredump.cx/mangleme/gallery/ie_die1.html

    So there you go again – IE can be crashed and others not.

  70. Anonymous says:

    My IE 6 on XP crashes regularly on one of the web pages I’ve made, giving an error in mshtml.dll. I have all service packs and updates installed, all the way up to XP SP2 this seems to happen. There is only one recent KB article about mshtml.dll, but it provides no link to the hotfix! They say, just call support and pay…

    🙁