ie8 fix
Ad: Read more on Cloud Computing

March 17, 1997 12:15 PM PST

Developers: Bugs ahead

Related Stories

IE patch isn't stitched tight

March 12, 1997

IE 4.0 being double-checked

March 10, 1997

Third bug strikes IE 3.0

March 7, 1997

Microsoft scrambles to plug IE hole

March 4, 1997
LOS ANGELES--The recent spurt of security bugs in Internet Explorer is merely a prelude to other holes that will affect software from Microsoft, Netscape Communications, and other companies that are rushing to release Internet products.

That's the prediction from developers at the Internet World trade show last week, and it already appears to be coming true. Last week, a programmer discovered a security hole in Macromedia's Shockwave plug-in that could allow a hacker to retrieve personal email from a user's computer. The problem affects users of Navigator, but not Internet Explorer, according to David de Vitry, the programmer who discovered the hole.

Still, even as more bugs continue to creep out of browsers, developers are comforted by the fact that the glitches are being discovered by responsible programmers and not unscrupulous hackers bent on mayhem--for now. The bugs discovered last week in Explorer were all found by university students who posted information on the Internet warning users of the potential security risks of the bugs.

"People are finding bugs so they're getting fixed faster," said Scott Barnett, a systems engineer at Java developer Novera.

"You can't be too cautious about security," said Rob Martell, director of product development at Digital Renaissance. "But I also think that any good programmer can find a hole with anything."

Programmers have done just that with the Shockwave security hole. According to a Web site posted by de Vitry, a malicious programmer could create a Shockwave movie that scans a user's emails and uploads them to a server. Shockwave is a plug-in for Navigator or Explorer that plays multimedia files created in Macromedia's Director authoring tool.

Norm Meyrowitz, chief technology officer at Macromedia, said the company is evaluating the release of a patch to Shockwave users. He also said that users of its new Shockwave 6.0 and Communicator are not affected.

Many developers believe that the hypercompetitive atmosphere in Internet software is increasingly leading companies to ship products before they are ready. At the same time, they seem willing to accept some security risks as the cost of rapid rollout of new technologies.

"If we slow down, maybe we would stop innovation," Novera's Barnett said.

Some developers welcome the intense scrutiny of Internet programmers, saying that it ultimately results in stronger products. "As a developer, there is no way that I can predict all bugs," said Ron Moritz, technical director of Finjan, which makes security products for Explorer and Navigator. "I rely on academia and Chaos Computer Club alike."

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

ie8 fix

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

ie8 fix
  • Recently Viewed Products
  • My Lists
  • My Software Updates
  • Promo
  • Log In | Join CNET