InsideMicrosoft

part of the Blog News Channel

Microsoft: Firefox, Come On Down; Firefox: IE7′s IDN Sucks

Two stories out there regarding Internet Explorer and Firefox.

Microsoft has set aside office space for Firefox and Thunderbird coders to come down and prepare their software for Windows Vista. The offer is for them to attend a Windows Vista Readiness Lab and assure full compatibility for their applications in the next version of Windows. This represents an expanding of the purpose of these labs beyond commercial developers to include open source development, and not just any open source team, but one of Microsoft’s most dangerous open source competitors.
(via Microsoft Watch)

On the other side of the coin, Mozilla programmer Gervase Markham has blogged that Internet Explorer 7′s IDN handling will have a “serious detrimental effect”. IE7 handles Internation Domain Names by displaying them in “punycode”, showing their literal programming equivelants, instead of as the letters they represent.

This is done for a very good reason: Phishers use IDN names that look similar to the names of famous companies to fool surfers, and Microsoft is putting a stop to that. Thanks to IDN, a phisher can buy a domain that uses a foreign language character that resembles an “a” to make his site look like paypal.com, and IE6 users will see what appears to be PayPal’s website. Meanwhile, IE7 users see something far stranger, like http://pxn--caypxn--cal.com/.

As far as I’m concerned, IE7′s method is the way to go. Phishers have ruined the IDN system, making it more of a problem than something useful. If we aren’t going to get rid of it entirely, we should at least protect users from getting robbed because of it. IE7 handles it well, displaying punycode unless you have the language being used on your allowed languages list (something you’d only do if you commonly visit sites in that particular language).

I’m not sure what Markham would prefer. Certainly you can’t trust users, otherwise we wouldn’t have a phishing problem, and security warnings only go so far. Firefox vs. IE is a clash of philosophies, and this is no different. IE7 uses punycode, Firefox has a whitelist. In the long run, it should prove obvious which method is more effective.
(Found on Findory)

August 22nd, 2006 Posted by | Applications, Firefox, General, Internet Explorer | no comments



Hosting sponsored by GoDaddy

No Comments »

No comments yet.

Leave a comment