Wednesday, January 19, 2005

The High Price of High Coupling

I read an interesting quote today in the latest Newsweek (January 14th issue, page 14). In the article "A Fox in Bill's Henhouse", Bill Gates is quoted as saying to the author last October: "Explorer is going to be the primary browser used on Windows, and for anyone to suggest otherwise is just irresponsible".

Irresponsible. What an interesting choice of words, given that Internet Explorer is such an abysmal piece of software. I generally try to avoid militancy on software and tools, because, after all, they are just tools. However, at some point, I think that geeks must start weaning their friends off this particular tool. Would you let your friends and family use a bank that has a security record as stellar as IE on Windows? Most of my non-technical friends and family don't understand what a browser is -- they just think that the way to get to the Internet is click on the blue "e". I've started taking the time to explain to them that they have a choice and that they should stop using the dangerous choice.

What really galls me is the clear choice of high-coupling as a business decision by Microsoft. Software developers know that high coupling is a bad idea for lots of reasons. The developers at Microsoft are smart guys, so the only conclusion I can make is that the decision to snake IE code throughout the operating system was a business decision. Thus, you cannot actually uninstall IE even if you try. If you type a URI in the address bar in Explorer, it will launch (in place) an IE window to view the site. How often have you crashed IE and therefore the entire shell? Even if IE were as secure as Fort Knox, the high coupling to the underlying OS would still be bad. Given its myriad security problems, it compromises the integrity of the entire operating system, and there is nothing you can do to fix it except wait for the steady stream of service packs and new vulnerabilities.

Of course, other software has security problems, including other browsers and operating systems. It is the deadly embrace between Windows and IE that makes it such a dangerous combination. This is the high price of allowing a business decision (i.e., IE cannot be removed from Windows to allow a competing browser) to create a compromised architecture for the whole operating system.

No comments: