IE 7 Beta 2 Takes a Beating

Posted on February 2, 2006
Filed Under /dev/null/ | 49 views |

Yesterday Microsoft released Beta 2 of Internet Explorer 7, the much-anticipated and hyped next version of their venerable web browser. This Slashdot post, made today: “IE7 Bug Reports Flooding In” takes a slightly taunting, haughty tone regarding the bug reports that early-adopters of IE 7 have been sending in to Microsoft, including one of a possibly exploitable buffer overflow issue.

This will undoubtedly lead to yet another chorus of “Microsoft suX0Rs”, but it shouldn’t. This is exactly what a public testing phase is for. Instead we should be impressed that so much is being found so quickly and that the IE team is obviously taking it all pretty seriously.

Finding a lot of bugs in a piece of software during the testing phase is not necessarily a sign of bad software or weakness, particularly in an application as complex as IE (I’ve come to believe that web browsers are now some of the most complex applications running on personal computers in general use these days). Finding a lot of bugs in released software is. The more bugs reported now, and the more duplicate reports received from different testers, the bettera chance the deve team has of making the software solid when it does go live.

My suggestion regarding beta software: if you’re not willing to beta test the software, don’t install this version of IE. Wait for the release. A beta version is by its nature not complete, it is thought to be complete. The beta testing process is for weeding out the hidden remaining issues. If you install beta software, expect it to crash. Expect it not to work properly. Expect issues. To expect otherwise is to not be testing, it is to be using. And beta software should not be used (no matter what Google would have everyone believe).

My only issue with Microsoft in all of this is the same one I’ve had with them for a long time: their insistence on calling knowingly-incomplete software “beta”. In my world beta means feature complete with all known bugs that will be fixed, fixed. In their word it seems to mean “whatever we want to throw out into the wind”. After all, this is the company that managed to get suckers users to pony up cash for beta versions of their operating system. Ballsy, I’ll give ‘em that one.

On a side note, the post I linked to above mentions this neat little feature put into XP SP2 that I hadn’t heard of before:

We do not believe this bug is easily exploitable, and as an extra defense, the /GS flag also catches the overrun. This is a compiler flag that tells Windows to watch for some classes of buffer overflows. If Windows sees a problem, it kills the application, in this case IE, instead of running the exploit code.

I like that. Finally buffer overflows are being killed where they live.

Comments

Leave a Reply