Safe browsers don’t exist. True.


According to David Sheets they don’t. He has written a column about the safety of browsers. And I think he’s right. Partialy…

Safe browsers do NOT exist. Agreed. Just as bug-free software doesn’t exist. How hard you try, there is always a funny/strange/malicious kind of input possible, putting your normal day of business off. Due to a novel way of using your software. Be it ‘code’ injection, buffer overflow, social engineering, … As a developer of any kind, you’ll never, EVER, quite anticipate your user’s actions. And that’s just your users. (You don’t design a hammer to kill people do you?) I’m not even talking about the evil hacker dude. You can test your baby till death, but you can never be fail-safe enough.

Or can you? There are many methods of testing your software (web or desktop). I personally like the ‘Berzerk’ testing. 🙂 But basically, let your software be tested by end-users. Or if they aren’t available by some third party. NEVER your client. Do not try to attempt to test your baby yourself. Well, maybe only during initial development. Because? You know your click-paths, your feedback, ‘oh well, that will be fixed during launch’, ‘who on earth will do THAT!’. Subconsiencely we all have a tendency to avoid pittfalls and short-term memory. As does your client. They only want to see what happens what they initially invented (read paid for).

What I’m trying to say. You’ll never know what some person at some time is going to do with your product. Surely enough any good designer will try to anticipate abuse. But that can never be fail-safe. As for software, wouldn’t it be nice that the platform it runs on could jump in where the software failed? Something like SoftX has a buffer overflow, trying to take control over the OS and install this spyware thingy, and the OS would just reject the overflow of the application? Along the lines “Your lack of security, doesn’t mean I will let you!”

Now to the real world: Firefox has a problem on may 9. May 11 there’s a fix. That’s just 2 days. 3 for the general public, OK. But that’s just quick isn’t it? IE patches generaly are released weeks after. So it’s quite a record. Oh no, I’m sorry, that record is held by Netscape 8.

Lesson learned:
try {
fnTest(myBaby) {
bResult = fnRunTestRound(myBaby, aUsers, nTestRounds);
if (bResult == 'OK') {
return bReadyForRelease = True;
} else {
fnReleasePatchASAP(myBaby);
return bReadyForRelease = False;
}
} catch {
fnReworkApp();
}


2 responses to “Safe browsers don’t exist. True.”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.