March 24, 2005
Microsoft Employee on IE Security
There was one part of the piece that I wanted to comment on though:
Part of Firefox's better security profile comes from how it is developed, compared with Internet Explorer, she said. "Not being in the operating system is a phenomenal advantage for us," Baker said.
Now I'm pretty confident that Mitchell doesn't actually know the details of how IE is developed so I don't fully understand the basis of the statement. As we develop IE we go through very thorough and stringent security reviews to ensure that every change is secure and does not expose the user to attack. The issue of not being part of the Operating System is an interesting one though that is frequently the subject of misunderstanding. IE is part of the Windows Operating System so that parts of the OS and other applicaitons can rely on the functionality and APIs being present. IE in turn relies on Operating System functionality to do it's job. To be clear there are no Operating System APIs that IE uses that are not documented on MSDN as part of the platform SDK and available to other browsers and any other software that runs on Windows. The security of any browser is irrelevant to if it is part of the operating system.
Read more from this blogger: