Thunderbird is go!

I decided it was time to make some changes to my own network and to the day-to-day methods of working. I would come to rely on certain pieces of essential software, but with the arrival of the new year it seemed like an appropriate time to hop out of the rut and try some new products. As well as this, I thought it would be a good time to take stock of the corporate computing world, its needs and pressures, away from the needs of the SoHo marketplace. To challenge the way you have been working for years and discard the software you habitually use is a big step to take, a bit like taking a leap into the dark. I was somewhat fortified by the knowledge that whatever catastrophe I might bring on myself, it was always retrievable, and sometimes a change is a good thing.

The first thing to go was Internet Explorer (IE). I have never held much love for this browser despite its overwhelming market dominance. The way Microsoft tied it into the operating system was – from both a marketing and programmer’s perspective of the 1990s – a brilliant move. Reusing its HTML rendering engine within various other applications like Word was a classic example of how to recycle common code. The downside of this brilliance, however, was that in the Nasty Naughties it became clear that Microsoft had underestimated the sheer intensity and persistence of malevolent attacks that would come to be launched against even the humblest laptop. I remember with amazement that back in the late 1990s I didn’t even bother running a firewall, as there was just no need. Nowadays, we have retreated behind a battlement of NAT with no incoming routes, and then decided that wasn’t enough on its own and so have firewalls in place behind it as well, just in case.

Once IE had reached versions 5 and 6, it was clear that Microsoft regarded HTML rendering as being a done deal: the whole world used IE6, it worked pretty well and the developers decided it was time to move on to more interesting things. Unfortunately, it was at precisely that time the cracks started to become visible, offering the programming underworld an opportunity to jump through with boot-clad feet. With the release of SP 2, Microsoft has plugged most of these holes, but the explosion in spyware, adware and other malware still leaves me wondering whether IE is now worth the effort, and my answer is that no, it is not. IE6 may do some great things within the Windows environment, but browsing the Internet is no longer one of them.

I have therefore taken the decision to lock IE down as hard as possible, using the technology and mindset from the server product. On Windows Server 2003, IE is locked down so hard that you cannot browse the Internet with it at all; exceptions include a handful of trusted websites, such as Microsoft’s own site for updates and downloads. I have basically just adopted that whole security mindset from Server 2003 and applied it to XP SP 2, which is a bit of a pain, but I can always unlock it for specific websites where it proves necessary to still use IE6. For example, navigating around the MSDN website for developer content can be done using other browsers, but it is perfectly clear that Microsoft intends you to use IE6 for this task. That’s okay, as I’m pretty sure that the MSDN website is a trusted space, so I do not mind using IE6 for that.

Given that I have locked down IE6, I obviously now needed a web browser for my day-to-day use, and the one I have chosen is Firefox, both on the Macintosh and on Windows. This is an exceptionally good web browser – solid, reliable and straightforward – and, most importantly, I’m happy that there aren’t any known nasty OS vulnerabilities being exposed by its use. Firefox works just fine for me on all the websites I regularly visit, so I can do my day-to-day banking, shop on eBay and the supermarket sites, and it is a rare site that still contains IE6-dependent code nowadays (and where there is, it is usually simply a matter of sloppy or lack of testing by the site’s developers rather than by intention). For such sites, I can fire up a Virtual PC and bring up a naked copy of IE6 to complete my browsing. Shutting down that Virtual PC session and discarding any changes made while it was running is a great way of ensuring that nothing nasty has managed to creep into the machine and get its claws in.