Using IE 8 or 9 on a Mac

vansmith · Aug 17, 2011

chscag said:
And... Opera for Windows is even better. ;P

It's nice to see Opera getting some love around here!

chas_m said:
Not disputing that, just saying that it's still an MS product and ergo gets routine security patches.

As it, and all other software, should (remember, Apple patches its software frequently as well).

chas_m · Aug 17, 2011

Very different definitions of "frequently" there, Van.

Microsoft, for example has a dedicated day of the week for it. I'm just sayin'.

vansmith · Aug 17, 2011

chas_m said:
Very different definitions of "frequently" there, Van.

Microsoft, for example has a dedicated day of the week for it. I'm just sayin'.

Perhaps it is a different understanding of frequently.

Patch Tuesday (which I think you're referring to) happens once a month, not every week. That's no more than Apple pushes out updates - they've pushed out a few in the last month for instance (source).

Discerptor · Aug 17, 2011

I'm genuinely confused - is someone actually arguing that frequent security patches are a bad thing? I'd think one would appreciate heightened attention to security in the browser, especially a Safari user.

chas_m · Aug 18, 2011

vansmith said:
That's no more than Apple pushes out updates - they've pushed out a few in the last month for instance (source).

Uh, no.

I guarantee you that Microsoft has issued more security updates this year (or, indeed, any year) than Apple has. I'd bet very large sums of money on this.

vansmith · Aug 18, 2011

Doesn't negate my original argument - both push out updates and do so a 'regular' basis. And number of updates is irrelevant. If MS pushed out ten small updates and Apple one large one, would you say that Apple has patched less? Probably not. If that were the case, one could make the argument that the glacial update progress of Safari would signify that it is leagues ahead of every other browser in terms of security which is contestable at best (I'm not saying that it's insecure but rather that it's not many times more secure).

If we do go by update count, pushing out more can be a sign of vigilance as much as it can incompetence. Publishing more updates for a products doesn't signify that a product is inherently more insecure than other products.

Let's also not forget that Apple has a record of delaying updates which could be easily solved by more regular updates. In 2008 for instance, OS X had a critical DNS related bug and nearly three months later, it was still unpatched (source). In 2009, a security related bug was found in Java which was patched by Sun in Dec. of 2008. As of May of 2009 (nearly six months later), it was still unpatched by Apple (source). In 2003 (an old example but still illustrative of my point), a researcher found a flaw that went unpatched by Apple for at least two months (source). This article perhaps sums all of this up nicely (emphasis added):

Apple has a poor history here, often failing to provide OS X security fixes for flaws fixed on other platforms days, weeks, or even months earlier. We’ve seen Mac users exposed to known vulnerabilities in WebKit (Safari), Samba (Windows file sharing), DNS (networking), MDNS (Bonjour), Apache (web server), Java, and more. This is an extremely serious problem, and one Apple is rightly criticized for.

My issue here is not the lack of promptness on Apple's part or a supposed poor quality of security (which I don't believe) but rather to suggest that OS X could benefit from more regular updates. Having things unpatched for so long could be solved by more frequent and smaller updates instead of rolling everything into larger and more infrequent ones. Therefore, MS getting "routine security patches" is, I would argue, a good thing.

osxx · Aug 18, 2011

I got to go with vansmith on this one instead of Apple waiting to group several fixes in one update critical ones should be addressed ASAP.

dmccloud · Aug 21, 2011

osxx said:
I got to go with vansmith on this one instead of Apple waiting to group several fixes in one update critical ones should be addressed ASAP.

So then why does Microsoft get credit for doing the same thing with "Patch Tuesday"? The only difference is that a) you know when they are dumping the patches, and b) each patch is separate instead of a combo update. (Microsoft calls their combo updates Service Packs). The issue on Microsoft's end is the delay between when they know of an exploit and which Patch Tuesday they release a fix on.

Microsoft has sat on critical zero-day exploits for weeks (even months in some cases), and then dumped a bunch of updates on Patch Tuesday. What makes it worse, is that Microsoft is now attempting to force security researchers to remain silent on the vulnerability until they have released a patch (usually six weeks - three months from when they first learned of the issue). Microsoft won't even announce what the upcoming patches will be until the Thursday/Friday before Patch Tuesday, so you never know for sure which vulnerabilities they're working on. The most recent Patch Tuesday fixed some issues that were first uncovered in March and April of this year, only one within the last six weeks.

But one thing you have to keep in mind is that not all security issues can be patched quickly. Sometimes it is going to take weeks if not months because of the nature of the issue and how deep in the code you have to dig in order to fix it. This applies to Apple and Microsoft equally. Even on the software side, Adobe has had to spend months patching certain vulnerabilities in its software because it required a significant change at the underlying codebase.

Cdoimne · Aug 21, 2011

Just thinking aloud here but I highly suggest you forget the old IE. Though it performs pretty well it doesn't support a lot of the things supported by the other major browsers. Also Safari, Chrome, Firefox and Opera are very good browsers. If you can find one other than IE that you like I suggest you use that.

It really isn't worth it to try and run IE on a Mac. Conclusive Evidence. Though that may seem like it isn't true as it comes from firefox a "competitor" browser from my personal experience it is true. IE9 offers almost no support for CSS3 and offers very little for HTML5. Hope my opinions help to sway you toward using another browser.

chas_m · Aug 22, 2011

osxx said:
I got to go with vansmith on this one instead of Apple waiting to group several fixes in one update critical ones should be addressed ASAP.

I agree that Apple does this, but wouldn't your contention that "critical" updates need to be addressed "ASAP" require evidence that said vulnerabilities were in fact widely exploited?

Or is it just possible that Apple is a better judge of what's "critical" than the average joe? So far, they are either the luckiest company on the face of the earth, or the "critical" updates weren't all that "critical" after all.

As it happens, Apple actually has a "silent update" system already in place ... so you wouldn't actually know about some of their updates, or how timely they may or may not be.

I'm not saying Apple has a perfect track record on getting updates out. I'm saying that so far, their judgement on timing has been far better (judging by results) than anyone else's. It's not like MS, despite the near-constant flow of updates, doesn't do the exact same thing (wait longer than "security experts" would like to release patches/updates for issues).

TattooedMac · Aug 22, 2011

Would be nice if the OP dropped back in to get us back on track.

Using IE 8 or 9 on a Mac

vansmith

Senior Member

chas_m

Guest

vansmith

Senior Member

Discerptor

chas_m

Guest

vansmith

Senior Member

osxx

dmccloud

Cdoimne

chas_m

Guest

TattooedMac

Shop Amazon