Thursday, February 14, 2002 |
08:58 - Oh that's right, everything is a web page now!
http://slashdot.org/comments.pl?sid=27946&cid=3004066
|
(top) |
Someone on Slashdot has posted the source for a Windows Instant Messenger virus that's been running around the net.
... Instant messenger virus? Hmm... this code looks like... HTML and VBScript. Almost as if... as if... the Instant Messenger thing parsed HTML and VBScript.
But of course it does. Just like everything else in Windows, the Instant Messenger is just another modified IE window. Meaning, just off the top of my head, that people can send you messages out of the blue containing code that will execute as though opened voluntarily in a browser window.
Do I have to explain how monumentally stupid this is?
Instant Messenger clients have pretty much standardized. They have a certain feature set and nothing more. The text window is for TEXT, not for formatted HTML and JavaScript and popup ads and what-have-you. This is exactly the kind of "Oh, let's add features because it's easy, regardless of risks they might introduce" thinking that has pervaded Microsoft for the past seven years. Allowing IE to open BMP images. Putting lots of half-assed checkbox features and pretty colors into Pocket PC. Making everything in the OS into a web page and every application into a browser.
Some have talked about software developers needing to be licensed. If they were, I doubt many people at Microsoft would pass the exam.
|
|