SP2 vs. the plug-ins

TalkBack 43 of 63:

Next »

« Previous

• Thread View
• Flat View

Is it just a Service Pack Fix ?

"If Microsoft had really wanted to solve security issues they would have dumped Active-X rather then the standard everyone else was using"

On July 1st 2001, a small Software Developer with 20 years experience of producing high quality educational software, completed a 2 year project to take their unique testing software from a desktop platform to the World Wide Web in the form of a Netscape style Plug-in. Plug-ins add functionality to web browsers beyond normal static web pages. The Plug-in technology was chosen for it's cross-platform, cross-browser compatibility and because many other large software companies like Apple, RealMedia, and Macromedia used the same technology for their products. Put simply, plug-ins worked everywhere, and looked safe for the future web development.

The Software Developer and their Publisher were ecstatic to offer this innovative product which could revolutionize web based on-line testing, particularly in the field of Mathematics. They made a major sales effort to get the product in Colleges and Universities and integrate it with many Web based course management systems. The result was a success!! Many schools adopted the software, had it installed on their systems, tested and functioning for the beginning of the school year.

On August 28th, 2001 Microsoft released a service patch for their Internet Explorer Web Browser to solve several major security issues where their browser had allowed Internet Explorer users to get viruses. Known as IE5.5 Service Patch 2. Most all University IT departments installed this patch to avoid these security issues.

In early September, as Universities began their first round of testing, The Software Company was inundated with irate technical support calls, "YOUR SOFTWARE DOES NOT WORK!" In a three day fury and all night vigils, the Software Company was able to duplicate the conditions and see the problem, but were unable to solve it. Searches of Microsoft's developer network (MSDN) had no information on this issue. The documentation for Microsoft's service patch had no information. Then the news came out: Microsoft's software update to fix bugs, also disabled Netscape style plug-ins - WITH NO WARNING . Three days later, Microsofts documentation for the service patch, redirected folks to a new web page where they had the following note appended to the documentation :

"Netscape-style plug-ins are not supported on Internet Explorer 5.5 SP2 (ref: KB article: Q303401 ). Internet Explorer 5.5 SP2 still supports the Netscape Embed tag, which enables you to use components that achieve the same functionality as when they were built as Netscape-style plug-ins, but that are now built on ActiveX technologies. If you want to continue to use existing Netscape-style plug-ins on Internet Explorer 5.5 SP2 you should:

"*Contact the manufacturer of your Netscape-style plug-in to inquire whether the manufacturer has a version of the component available that is built on ActiveX technologies.

"*Rewrite existing Netscape-style plug-ins using ActiveX (or dual author to support both Netscape-style plug-ins and ActiveX controls)."

What makes matters worse, is that even though the Software Company knew the problem, there was no quick fix. Most all software updates you can un-install, but not Microsoft's. Once you update there is no turning back unless you have a previously backed up system and then you would need to do a complete restore. Microsoft also offered NO help or examples to resolve the issue.

Now the software company had to spend the next months of development supporting ActiveX rather than on the planned product enhancements and R & D. What's worse is that ActiveX technology is only supported by Internet Explorer on Windows, so now they had to support 2 different products. One for IE using Windows and one for every other browser platform including IE on the Macintosh which still used Netscape style plugins.

By now the company had lost the marketing window of their new flagship product, and had lost future business due to their software failure which was not in any way in their control. Not only that, but consider how it affected the Colleges and Universities using the product. Students not being able to take tests on-line, IT departments scrambling, teachers forced to give paper tests and grade them by hand. All this extra work and lost productivity at the whim of Microsoft that held a 90% share of the browser market. Fortunately most schools at the time still had versions of Netscape installed on their workstations, so they could use that browser for testing.

Microsoft claimed that they removed support for Netscape Plug-ins for security reasons. They would not explain why, however. In fact, Microsoft's ActiveX technology is even less secure then Netscape Plug-ins. Netscape Plug-ins require users to install them, ActiveX plugins can be installed on the users machine without warning.

Later, it was discovered (un-documented by Microsoft) that Microsoft did not really remove support for Netscape Plug-ins, but only disabled it in the Windows Registry. The Registry is a huge collection of often undocumented configuration information, often in excess of 25 megabytes. The Registry is unique to Microsoft's operating system and it is often a point of failure to point where users need to re-install the whole operating system. Microsoft had left all the code that supports Netscape Plug-ins enact in their operating system in a file called "plugin.ocx". This file still exists on Windows XP. This was the Quick Fix, add a Registry entry and everything works again. But why did Microsoft leave the file in their system? The software company was reluctant to take this quick fix based on Microsoft's control and instead opted to spend the dollars and time necessary to resolve the problem with ActiveX. The final solution, was to write their own version of Microsoft's "plugin.ocx" file.

It is also interesting to note that the plug-in project was completed for the Netscape browser in a little over one year . To develop support for the Microsoft Internet Explorer browser took almost another full (unplanned) year due to Microsofts very poor quality release and documentation (issues below).

1) Microsoft did such a poor job of implementing the Netscape Plug-in API (Application Programmers Interface used by software developers) that most of the communication code had to be written from scratch. 2) Testing the Plug-in with Microsoft's Internet Explorer browser was difficult since, unlike all other software, you can only have one single version of IE on a machine and you cannot un-install versions. Add to that four different versions of IE, service patches, and the fact IE did not even behave the same even on different operating systems, testing quickly became overwhelming. Often it was even impossible to locate an installer for a specific version since Microsoft removed them from their site claiming they were no longer supported. By the end of the development in IE 5.5 the installer was not complete and required you to be connected to the internet for the installation. Sometimes it literally took days to setup a machine for testing one version of IE. 3) Installing custom fonts was also very difficult and was different between platforms. Microsoft would often lock fonts for no reason so they could not be removed or updated. Microsoft has a documented API (Application Programmers Interface) for building and installing custom fonts with bitmaps to render a nice looking font on screen. However, it took weeks before it was concluded that the API and documentation did not work.


END

Posted by: rreeder   Posted on: 09/03/04 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
• Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
• Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now