Tony pointed me to an interesting article on Charles Wright’s Bleeblog about “Zero-Day holes” — security flaws that may have been in products forever, with not even the manufacturer knowing. Not entirely surprising I suppose. From time to time we hear of some research company telling us about the latest problem they’ve found in Windows or Internet Explorer, and that Microsoft has issued a patch. But it’s not always the white hats that find the flaws.

Some are dumping IE and moving over to Firefox for their web browsing. I’ve certainly considered it too, since the kids hit some games web site last week that installed some horrible Gator/Gain adware. Bleuch. Firefox looks pretty good, with only a couple of gotchas evident from my experimenting.

• it continually asks to confirm the proxy password at work (though it’s fine in this regard at home)
• some foolish web sites the kids like (eg Nick Jr) use weird-arse plug-ins that are only IE compatible.
• it only displays the first few words in title attributes

What every web browser needs is some kind of lockdown mode, where you tell it “You’ve got all the plug-ins you’re getting” (eg Flash, Shockwave, PDF, maybe RealPlayer at a pinch). “You can display Java applets, run Javascript, play movies and sounds, and that’s your lot mate. No file downloads, no popups, no ActiveX, no fucking Gain time and password sychronising bullshit, nothing else. Ever.” Firefox may come close, or I suppose I could go fiddling with browser and Windows permissions to attain that level of safety under a “kids” logon, but I haven’t got around to investigating it yet.