August 19, 1996
What you don't know might hurt you
By Bob O'Donnell
Web browsers have established themselves so quickly and defiantly in the corporate
software landscape that a number of critical issues surrounding their use haven't been
given the attention they deserve. Security and privacy problems, in particular, keep
popping up as potential holes in the gold-lined fabric of the Internet.
Even more important than the actual holes, however, is the surprising dearth of
information as to what the issues actually are. Many people didn't (or still don't)
realize that there was anything to worry about. They used their browsers happily,
completely oblivious to possible invasions of privacy or computer virus threats. And only
after Web browsers started to gain widespread acceptance did we hear about Internet
technologies such as Web pages that could extract your e-mail address without your
knowledge. Only recently have we learned what cookie files were and what they were capable
of doing. I don't have a problem with these technologies in and of themselves (in fact, I
recently wrote a column
supporting the use of cookies), but I do take issue with third-hand, roundabout, backdoor
ways of learning about their existence and what they actually do.
Similarly, security concerns regarding Java applets and JavaScript didn't get much
attention until people starting looking for holes in shipping versions of Netscape
Communications Corp.'s Navigator. With last week's release of Microsoft Corp.'s Internet
Explorer 3.0 and its support of ActiveX controls, security issues should be on the minds
of users and the media alike, yet very little information is available. I find this
particularly ironic because ActiveX controls are potentially much more destructive than
Java applets due to ActiveX's inherent ability to write to disk or perform virtually any
other operation within a user's machine.
In some ways, we, the users, are to blame, because we haven't really pushed the issues
with the major browser vendors. Even though many people are now aware that there are
possible problems, we've acted like the medical patient who's afraid he or she might be
very ill, and doesn't want to take the tests to find out. The computer media, too (of
which I'm obviously a member), has failed to elucidate the issues in a coherent,
meaningful manner. Most of the blame, however, rests with the major browser vendors. They
have clearly not made the process of explaining these issues a priority. Instead of laying
out the possible privacy and security concerns that users need to be aware of when they
use their products, the browser vendors react to news about possible problems only after
enterprising users have already discovered them. I understand the vendors' reticence to
dampen the enthusiasm of all the new and existing browser users by warning them of
potential threats on the Internet, but ignoring the issue is not the answer.
Whether the solution to the problem is a disclaimer that succinctly explains possible
security and privacy concerns when a user first installs a browser, or a more active
preference setting process that clearly explains the ramifications of a user's choices,
I'm not sure. But I do know that the amount and quality of information regarding privacy
and security issues when using browsers needs to be greatly improved.
©
Copyright 1996, by InfoWorld Publishing Corp., a
subsidiary of IDG Communications, Inc. Reprinted from InfoWorld,
155 Bovet Road, San Mateo, CA 94402. Further reproduction is prohibited.
