|
Authored by: Anonymous on Friday, September 21 2012 @ 07:32 PM EDT |
They "can't" (won't) remove IE from windows because it's what windows
relies on to render html help/various shell stuff etc. There's no reason
another browser couldn't implement the interface
But none of that has anything to do with the standalone browser or security in
general. The damage a win32 process can do is pretty much solely dependent on
the privileges it has, which in IE's case is actually less than the user that
launched it (it's pretty common to check the user token associated with the
process and throw out stuff you don't need now). There's really nothing special
about the process - security holes in IE are no worse than in firefox or chrome
(although some might argue they're more likely :p).
The OS integration side of it is no more a security issue for IE than notepad
being "integrated" is a security issue for notepad. It's potentially
an attack vector for *windows*, but that's not what's being discussed here.
[ Reply to This | Parent | # ]
|
|
|
|
|