Roger A. Grimes wrote Friday, October 05, 2007 3:54 PM
I'm asking, with genuine interest and a listening ear, what is the best
long term
solution you envision, to solve the larger problem?
Apparently the long term solution is for third-party apps to point blame at
Microsoft, and for Microsoft to point blame at third-party apps. They are
both right except in absolving themselves.
To start with this problem does not exist under IE6, regardless of
third-party protocol handler vulnerability. So the question is, why did it
open up after installing IE7? This portion is for Microsoft to address -
either it is a required consequence of new functionality that they should
reconsider, or it is a mistake that they should fix.
The individual third-party applications also need to sanitize their input of
course.
