CQuirke’s Long View

Long lead times need long forward planning

Archive for May, 2008

IE Needs True "Blank" Page

Posted by cquirke on 19 May 2008

Technorati tags: , , , ,

In a malware-aware 21st century, IE really needs a true “NO home page” option, and not load an infectable .HTM file from a known filespec.

After all, if one wants to load a local .HTM as “home page”, perhaps to effect some scripting at the start of a browser session, then one can point to such a file as “home page”.  That is far clearer (“principle of least surprise”) than creating the impression of a “blank” home page that is not certain to be “blank”.

In other words, the “blank home page” option in IE8 should show nothing, and not load any file as the “home page”.  If IE8’s code requires something to chew on, then IE8 could spawn a fresh blank .HTM of random name from boilerplate code, and load that.

Please not let’s hear a lot of “mitigation noise” such as “an attacker would have to…” or “blah blah permissions” this, or “blah blah reduced user rights” that.  Non-existence trumps “security”!

Posted in IE8 | Leave a Comment »