A week has passed since Judge Thomas Penfield Jackson ruled against Microsoft, and the roof hasn't fallen in (unless you were over-invested in the dot-com market). Several readers wrote to question my logic in last week's column, in which I suggested that Microsoft break out the Internet Explorer (IE) browser as a separate program, in part because administrators might want to limit (or eliminate) Java support.
Having Java support enabled on a system presents a security risk because programs can execute in the context of the user's system. IE 5.0 has several settings that let you limit or disable the use of Java. (Open Internet Options in the Windows 2000—Win2K—Control Panel, click the Security tab, select Custom Level, Microsoft VM, and you'll see the options). But that still leaves Java installed on the user's system when it isn't really needed. For IT departments that don't allow end-user connection to the Internet, having the Java Virtual Machine (VM) installed is not necessary. But VM is part of IE, which is part of Win2K, so you're stuck with it. I don't mean to pick on Java alone—the same situation exists for Microsoft's ActiveX technology, which presents an even greater security risk (just wait until some hacker writes an ActiveX virus!).
I'm not arguing that we should return to the days when browser and OS operated in ignorance of one another, but users and administrators ought to have the option to leave the browser out—or replace it with another browser. That's just my opinion, for what it's worth!
