[equal time] Internet Explorer most stable browser

Just for the curiosity of it. Michal Zalewski, a well-known security expert, has examined the behavior of web browsers, when confronted with "bad" HTML code (not CSS etc. , plain HTML). The result is rather surprising: Mozilla, Netscape, Firefox, Opera and Lynx all crashed, while the IE did not mind at all.
To make things worse, he was able to produce (possibly exploitable) Buffer Overflows in Mozilla.

http://www.securityfocus.com/archive/1/378632

I've been using Firefox and it is more than stable. I don't even remember a carash to date since I have been using it.

.

Zalewski never declared IE the most stable. He just said that IE is better at handling a barrage of malformed HTML. His tests indicate that his contention is true.

Although, I have to admit, entirely by accident.

anyway:
--snipo
All browsers but Microsoft Internet Explorer kept crashing on a regular
basis due to NULL pointer references, memory corruption, buffer
overflows, sometimes memory exhaustion; taking several minutes on
average to encounter a tag they couldn't parse.
--snap

Going through an anonymous proxy to get to DU. In Mozilla I would get an error (sporadically) about bad html code when I navigate to other links within DU. The odd thing is that it would work fine for a while, then I would start getting the errors on whatever page I navigated to. And then I couldn't use the proxy at all for any pages. I went to IE using the same proxy, and didn't get any errors at all. Seems to me that it actually reported bad HTML when it wasn't really bad html at all, but probably an overflow. :shrug:

I still like Firefox much better than IE overall. I have ONLY gotten those errors when I was going through an anonymous proxy.

Yes, I do get that ocassionally, but I have a Firefox plug-in that allows to view such pages in IE temporarily thus minimizing the aggravation a bit. Overall, though, Firefox is a fine free browser.

I have used Netscape / Mozilla exclusively (except when checking HTML viability is needed) and it hasn't crashed in years.

Worst case, better that a browser crash than that it silently expose your system like Internet Explorer does.

MicroVirusSoft would have you believe that standards don't count unless they support MicroVirusSoft's monopoly-based take-no-prisoners business model.

Years after Gates loudly said that security was MicroVirusSoft's main focus ("trusted computing") they still fail.

macs rule!

But he invites any and all to use his script to check browsers. Maybe you can be the first to see how Safari fares :hi:

.... is an annoyance, not a security problem.

This is typical MS-speak - just reframe the question.

I ran that script about a dozen times, and it just showed a different bunch of gibberish each time. I wonder what version he used, perhaps a early one choked.

Did I just invent a word?

C'mon, put em' up, put em' up!

Your results strongly suggest Sinclair-like impartiality on the part of those testers.

There's a reason IE was made to handle crappy coding, while other browsers read the code as it is written.

MS's Front Page program is known for outputting broken, crappy HTML. MS, in their infinite wisdom decided that rather than taking the time to make their web development program actually WORK and not mangle the crap out of HTML code they would instead make IE display the broken code output as if the coding were done properly.

This maneuver had the added benefit of giving consumers that don't know any better the impression that IE is "superior" to other browsers because it "works" while other browsers choke on the bad code that should have been created properly in the first place.

Smoke and Mirrors.

Hmmmm... I see a GWB analogy in there somewhere.

thing is Mozilla will fix any exploitable weaknesses ASAP, while MSIE engineers will need several months to masturbate before considering any solution to an exploitable weakness in their hole-ridden system. IMHO.

and it's *never* crashed. i haven't detected any *real* security problems, either.