ugh, silverlight...

Warning - For the time being, DO NOT INSTALL SILVERLIGHT! There are some fantastically huge security complications you open yourself up to by doing so.

My 2 cents: Suvega, building a website which requires the installation of any uncommon software component, insecure silverlight or not, isn't a good idea.

WTF are you talking about. A) sivlerlight is not uncommon. B) L2windows update.

Furthermore, Link the security article or stop spreading FUD.

WTF are you talking about.

Link the security article or stop spreading FUD.

Google.com

still waiting.

Warning - For the time being, DO NOT INSTALL SILVERLIGHT! There are some fantastically huge security complications you open yourself up to by doing so.

My 2 cents: Suvega, building a website which requires the installation of any uncommon software component, insecure silverlight or not, isn't a good idea.

Furthermore, before speaking its a good idea to look/research things. I mean a) Security update was done end of october (if you aren't an idiot windows update autopatched your system a bit ago), and b) the website is not designed around silverlight.. ONE component (the wrath guide) has it. Seriously dude, foot + mouth.

And what you were probably refering to (which was old news 2 weeks ago: http://www.microsoft.com/technet/security/bulletin/MS08-067.mspx

Hell at least I fucking linked an article. Better then FUD and "google.com"

still waiting.

http://Google.com ('http://Google.com')

In all seriousness, it isn't hard to research. Silverlight has had an ongoing history of security issues which are easily found by Googling. In addition, it is known to the more 'informed' that Microsoft is discounting multiple exploits current in existence (though not widespread, as with anything powerful, initially only a few will posses it).

Either way, you can err on the side of informed caution or not, the choice is yours. My comments on this thread are at an end. Have a nice day.

still waiting.

http://Google.com ('http://Google.com')

In all seriousness, it isn't hard to research. Silverlight has had an ongoing history of security issues which are easily found by Googling. In addition, it is known to the more 'informed' that Microsoft is discounting multiple exploits current in existence (though not widespread, as with anything powerful, initially only a few will posses it).

Either way, you can err on the side of informed caution or not, the choice is yours. My comments on this thread are at an end. Have a nice day.

Google does not equal a security article. Furthermore searching for "Silverlight vulnerability" comes up with nothing relevant.... So? basically you have no basis for your ZOMG WORLD ENDING BAAAAHHH!

This is like saying "ZOMG DON'T GET FLASH BECAUSE OF IT HAVING A HUGE VULNERABILITY A WHILE AGO THAT WAS PATCHED AND ISN'T AN ISSUE ANYMORE, BUT SINCE I'M WORRIED AND MORE INFORMED, BUT YET TOO LAZY TO LINK ANYTHING WORTH NOTE OTHER THEN A SEARCH ENGINE YOU SHOULD BELIEVE ME."

come on man, either link something of note, or kindly gtfo with your F(ear) U(ncertanity) and D(oubt) spreading.

Moved the off-topic posts to the off-topic forum where they belong.

As a side note -- imho, if you're using Flash, installing DirectX plugins, Java and you're not concerned with "undocumented security vulnerabilities", then you're biased, and throwing one specific baby out with the bathwater.

You're welcome to be paranoid -- nobody is going to stop you. But to ignore the risk of other not-so-well-supported and not-so-highly-critized software (which leaves more "holes" left to the unknown), that's bias.


Some things to ponder...

Microsoft, as a whole, is a vast company. The team who developed silverlight probably never touched Windows. I should know. I work on Visual Studio and have little to no experience in Windows. I worked in Windows Live and had little to know experience with Office. I'd imagine the team who works on, say, Communicator has vastly different opinions on software security models compared to... say... Excel. I'd think the team who works on Windows Live probably has totally different development priorities and schedules as say... Windows. Do you think the people working on Xbox have the same security issues to face as the people in Word, or Silverlight, or Messenger? Things might overlap here and there, but I laugh when people cry "Microsoft is evil!" because they lack 1) perspective, 2) open-mindedness (after all, it's the cool thing to do to mock Windows -- see the Mojave campaign ('http://www.youtube.com/watch?v=BWQTCI7aacU')?), and 3) even criticism of competing products.

http://en.wikipedia.org/wiki/Mojave_experiment

The Mojave Experiment is a technological opposite of a blind taste test, in which rather than removing a product's branding, it instead changed the product's branding to sway the outcome. The point of the campaign is to see what people liked based on the merit of the product "Mojave" alone, misleading the participants by removing the original name; "Vista" from the product. This would prevent the participants from creating bias about the product before using it. The participants were guided through the experiment, allowing them to "test" the new product.

Why do you think it is that an open-source product (such as Linux) gets far fewer targeted viruses? Because the target is so small, the effort of delving in and finding those vulnerabilities doesn't result in much gain (mass hysteria). Linux is open-source, and as a programmer I'd feel much better about trying to find a vulnerability in open-source code rather than try and reverse engineer the inner workings of Windows. But, if I honestly wanted to write a virus -- I'd do it the hard way and target Windows. Why? Not because windows is any less secure -- even if both operating systems were completely identical in security -- more users (especially the "dumb" ma and pa home pc user who will click on any link and download/install whatever gets e-mailed to them) use Windows. I'd have a larger "market" for my virus. So yes, more hubbub happens around Windows. But, like I said -- the devs who wrote Windows are probably not the devs who wrote Silverlight, or Office, or Messenger, or Xbox.

If you can say "Don't install Silverlight! It has VULNERABILITIES that were fixed which means there are MORE!!!" and honestly feel good about installing flash ('http://forums.worldofwarcraft.com/thread.html?topicId=6864426402&sid=1'), then your bias has clouded your better judgement. Flash had past vulnerabilities that were fixed. Wouldn't it logically follow that flash would, therefore, be dangerous to install? I mean, flash is far more prevalent than silverlight at the moment -- so if I were to write a virus targeted at media websites, I'd target it towards the larger market.

And if Flash is good, Silverlight is bad -- but both had (and fixed) vulnerabilities... Are you honestly judging the security of a product by its merits, or by its brand name?

Nobody is saying Silverlight is perfect. Just like nobody is saying that Flash is perfect. But, we also don't see people hijacking the multiboxing video threads screaming about flash vulnerabilities whenever someone links youtube -- but we see people screaming the moment Silverlight is mentioned.... Coinkydink?

WTF are you talking about. A) sivlerlight is not uncommon. B) L2windows update.

A) It appears to be uncommon on Linux - the microsoft page indicated my browser/OS is incompatible, which I can't say I'm surprised about, but I would be happy to learn otherwise.

B) .. on linux? ... :S

Guess I can't view your guide for now, which is a shame - I was looking forward to taking a look.

Whats all this fuzz?
id trust suvega w/ my life <3

I saw no objective reason for silverlight to be made - besides putting a Microsoft alternative up being good from a Microsoft point of view.
Instead of everyone using flash, now for some people it's gotta be silverlight. Horray! One more ATI vs Nvidia, Intel vs AMD, Windows vs Unix-derivate battle that will never be decided to the satisfaction of the believers in the one or other camp.

That being said, I see no difference in risk between using flash or silverlight. I installed Silverlight to check out Suvega's guide.

I see the uses of a feature rich website, such as a video player, a showcase, a 3d product view or many other things. When it comes to flash&co being used for what is essentially print("hello world") with the inevitable loading screen, I can not help but feel that someone started the wrong application to generate their web content and therefore got non-html content that they need to use.

/sigh

I thought this was going to be about beer for some strange reason.. :S

gui's are for pansies.

Yeah, no love for Silverlight here and it's not because I fear security vulnerabilities or that I have a hate on Microsoft. It's because I believe that the web is the ultimate cross-platform media and Silverlight is for one OS only. I work on a variety of linux distributions (Gentoo, Suse, CentOS) at work as well as Microsoft everyday and the fact is they both have problems and issues that drive me buggy. They also both have features that I really like and I simply try to use the right platform for the right job.

The one thing I do have against Microsoft is the exclusionary practices. They seem to constantly be trying to hedge out Linux on one hand, but then in the press try to portray that they're working towards better interoperability. Buying Novell was a rat-b*$%tard move and my guess is they'll tap the company for all the knowledge possible, cripple Suse, and then ditch em using their new found knowledge to somehow try and crush linux. Silverlight is just another example of exclusion and for that reason I won't support it. So long as enough people refuse to download the plugin and therefore not be able to surf those sites and be advertised to, then we can keep Silverlight at bay and eventually it will die off. Much like Microsoft's last flash competitor they had back in '98 (which I actually supported along with Frontpage 98).

Now on the flipside if Microsoft releases plugins for Safari and FIrefox which work on Mac and Linux, then sure I'll install it if needed and all is well. Like I said, I'm no pro/con for MS, Linux or OSX. I'm pro for interoperability and the freedom to make the right choice for the business (sometimes that means spending money, sometimes that means spending hours).

First Suvega, thanks for doing this guide.

But I have to chime in here too on not liking the Silverlight requirement. I'm primarily a Mac user (and yes I know there's a client for the Mac), but more to the point I avoid installing add-ons like flash, anything ActiveX (when I'm using my Windows box at work), etc., just as a general rule. And wouldn't straight up HTML have been just as easy to author this in?

I did go ahead and install Silverlight (I have numerous computers at work I can experiment on) to check out the guide and I notice a few issues with the player:

- It's not possible to copy the text from it -- was this the main reason for using Silverlight? I had planned to email the text of the guide to myself so I wouldn't have to have a Silverlight install at home, where I actually play WoW. I don't see a copyright message anywhere, I could understand if you want to reserve the rights on anything you write so if that's the intent you should add a copyright (probably a good idea in any case).

- Silverlight player doesn't support the mouse scroll wheel -- my primary method of scrolling text. Argh! This makes reading it kind of frustrating, and speaks to my preference for the use of an open standard. I don't really have a choice of using a different Silverlight player that does support using the mouse wheel.

Anyway, thanks again for doing this guide, I know it must be quite annoying to get the Silverlight hate when you were just trying to help everyone out.

As a side note, I'm a software engineer and used to work at Microsoft too, so I know that it can seem puzzling that people in the outside world aren't in tune with using all the latest stuff out of Redmond. Most people really aren't all that excited to install yet another plug-in, from any source.

I think it's a good thing that Microsoft made Silverlight. Microsoft has a long history of making proprietary products. This always annoys people because it creates incompatibility. But innovation is more important than compatibility. I'm grateful for the innovation. For those products that turn out to be successful, over time, the incompatibilities become relatively unimportant because the products get integrated one way or another into the overall software ecosystem. Sometimes they even become a sort of standard on their own.

End users see only functional features. If you see software through that narrow lens, then Silverlight looks pointless next to Flash. But Silverlight (like every piece of software) has other dimensions that are visible only to developers. I haven't used Silverlight so I can't name specifics, but I've been using Microsoft products as a professional programmer for 25 years and so far as I can remember, every single one of them had interesting technical innovations in it. It's almost a hallmark of Microsoft products. You only see this if you use the products as a programmer. But you benefit from it (without realizing it) even if you use the products as a consumer.

Security implications aside... (I haven't seen any articles/posts that reveal anything more shocking than the holes that show up in Adobe products now and again - clickjacking anyone?)

After two training courses paid for by M$ and several projects over the last year all I can say is: as a developer, I sincerely hope to not ever have to touch the current incarnation of silverlight ever again! Silverlight V2 is much much better overall than v1.0, so I am not writing off future releases at this point.

Random aside - One of the things that I have to admit that I do like about Silverlight is that Flash and Silverlight can coexist very well on the same page, and even better - you can get them talking to each other :thumbup: Silverlight for video content and Flash for everything else has worked well so far!

And wouldn't straight up HTML have been just as easy to author this in?

I think Suvega's primary concern is to protect his hard work. HTML can be as simple as copy/paste. He's giving it out for free but alot of times people abuse the word "free" and start charging for their copy/paste job and profiting off of his hours putting this together on the beta.

Well, that and he already purchased Expression Suite. ;)


I know he was considering doing this in .pdf form, but Adobe products cost more for us to purchase licenses for than MS products. :P

And wouldn't straight up HTML have been just as easy to author this in?I think Suvega's primary concern is to protect his hard work. HTML can be as simple as copy/paste. He's giving it out for free but alot of times people abuse the word "free" and start charging for their copy/paste job and profiting off of his hours putting this together on the beta.

Well, that and he already purchased Expression Suite. ;)
Ah got it, I did mention the inability to copy the text as well, and if that's part of the reason he used Silverlight than I see what he did thar.

Edit: and he really should add a copyright notice to it.

How the hell did this get here?

Wasn't it a reply to a post that used silverlight?

gui's are for pansies.

heh

Doesn't WoW use a gui? Didn't think you could play from command line alone. :0

WTF are you talking about. A) sivlerlight is not uncommon. B) L2windows update.Silverlight is only "not uncommon" because Windows likes to set itself back to unattended "install everything" mode, and most people aren't technically competent to judge what they should and shouldn't install anyway. Learn to not install everything Microsoft shoves down the pipe, with their track record it's actually a pretty dumb idea.

Also, who uses that stuff anyway? It's just another me-too web scripting platform that requires user-side installation. Whoop-de-doo. Intelligent web design means you usually want to stick to things most people will have - the only thing going for Silverlight is that a large number of users had it shoved down their throats by Windows Update automatic-if-you-like-it-or-not mode without knowing they were even having it added to their system. Very few people aware of what Silverlight is want anything to do with it, even aside from any stability or security issues.

And yes...it also follows the Microsoft-centric philosophy instead of the "web" philosophy. If it needs more marks against it.

Went and installed silverlight. Loaded up the site. First off Suvega let me thank you for compiling this information. But no thank you for making me install a program i don't need. I figured loading a program there would be some slick gui with all kinds of wiz bang things going on. This is a text list. Not sure why Silverlight installation was needed.

OMG!! The man makes a guide for FREE and all you can bitch about is the silverlight. Jesus christ people grow the fuck up and just say thank you.


Thanks Suvega.

WTF are you talking about. A) sivlerlight is not uncommon. B) L2windows update.Silverlight is only "not uncommon" because Windows likes to set itself back to unattended "install everything" mode, and most people aren't technically competent to judge what they should and shouldn't install anyway. Learn to not install everything Microsoft shoves down the pipe, with their track record it's actually a pretty dumb idea.

Also, who uses that stuff anyway? It's just another me-too web scripting platform that requires user-side installation. Whoop-de-doo. Intelligent web design means you usually want to stick to things most people will have - the only thing going for Silverlight is that a large number of users had it shoved down their throats by Windows Update automatic-if-you-like-it-or-not mode without knowing they were even having it added to their system. Very few people aware of what Silverlight is want anything to do with it, even aside from any stability or security issues.

And yes...it also follows the Microsoft-centric philosophy instead of the "web" philosophy. If it needs more marks against it.
I'm guessing you missed the part where it was said:




I think Suvega's primary concern is to protect his hard work. HTML can be as simple as copy/paste. He's giving it out for free but alot of times people abuse the word "free" and start charging for their copy/paste job and profiting off of his hours putting this together on the beta.

Well, that and he already purchased Expression Suite. ;)


I know he was considering doing this in .pdf form, but Adobe products cost more for us to purchase licenses for than MS products. :P
It's free..don't like it?..don't use it!

gui's are for pansies.*currently RDP'd into a Windows 2008 Core install*

What gui? ../forum/images/smilies/cool.png

Silverlight is only "not uncommon" because Windows likes to set itself back to unattended "install everything" mode, and most people aren't technically competent to judge what they should and shouldn't install anyway.That's odd, out of my 20+ Microsoft systems I manage here on my VM server none of them have Silverlight on them other than the one station that I went and installed it out of my own prompting.

Maybe L2Configure?

BTW: Most people are not technically competent to take care of themselves medically, but we still let people buy medication over the counter. I could say the same thing about cars, pets, painting, drywalling, using power tools (do they even come with instructions???), setting up a home theater system, running a phone line, paying their taxes, or a multitude of other things. I'd hate to live in a world where people who manufacture something are not allowed to configure it to be safer "out-of-the-box" for the average user who won't understand everything than leave it up to getting a professional to do it for you.

I agree -- until Suvega had his guide, I didn't visit any websites that needed Silverlight, so I never installed it. I only just installed silverlight yesterday, in fact. I opened the page and it prompted me with a "Install Silverlight" button. Nothing shady or pushy.

I have straight-out-of-the-box Vista on 4 of my "alt" computers (and XP on my shuttle PC) and don't do any fussing with it. None of them have Silverlight auto-installed, and they are all using Windows Update.



I believe (though I could be mistaken -- I don't work in the Windows group) that Windows Update only installs either major security issues (already present on your system) or patches for products that you have already installed on your system. Although, if you manually poked and prodded Windows Update to do more than that, I'd imagine you could make it auto-install optional patches, or perhaps even products, too -- but I've never really felt the need to stray from the default.

That's odd, out of my 20+ Microsoft systems I manage here on my VM server none of them have Silverlight on them other than the one station that I went and installed it out of my own prompting.I'm confused. Are you agreeing with me, or trying to somehow argue that you're incompetent and don't know how to manage your systems? I would assume that if you don't have it installed, it's not because it's odd - it's because you told it not to.

As to the copy/paste issue - if it's in clear text, it's almost trivial to feed it into an OCR program. Doesn't even need retyping. You can protect information, or make it available. You can very rarely do both, and forcing the use of Silverlight to view plain text makes no sense to me at all.

Also confused over some people saying/implying it's pushed through Windows Update (starting with Suvega) and others saying it isn't. I don't see how both can be true.

I'm confused. Are you agreeing with me, or trying to somehow argue that you're incompetent and don't know how to manage your systems? I would assume that if you don't have it installed, it's not because it's odd - it's because you told it not to.


I have straight-out-of-the-box Vista on 4 of my "alt" computers (and XP on my shuttle PC) and don't do any fussing with it. None of them have Silverlight auto-installed, and they are all using Windows Update.

I tend to post incrementally, sorry. See third paragraph.

I do know Windows Update misbehaves and that Microsoft will exploit a number of events (like installing Office) to stealth-reset Windows into full auto mode. And that there have been many occasions where Windows Update was used to push patches that then killed installations, opened new security holes, etc, such that a cautious person might want to wait a little bit when possible before installing anything, and avoid installing non-critical updates entirely if they don't affect anything important (e.g. one that adds a proprietary non-OS-portable Flash clone). I'm only taking Suvega's word for it that this has anything to do with Silverlight.

The whole discussion started with the SECURITY of silverlight.

Suvega was merely pointing out that security updates of silverlight are pushed down via Windows Update. The initial install is, of course, up to the user.

I believe the same thing goes for office -- Security patches are delivered via windows update when you have office installed on that computer. Basically -- Windows won't patch a security hole if you don't already have it on your system. That would be like forcing all XP users to download all Vista patches even though they didn't even need it.

http://img525.imageshack.us/img525/5783/winupdateuu9.th.jpg (http://img525.imageshack.us/my.php?image=winupdateuu9.jpg)http://img525.imageshack.us/images/thpix.gif (http://g.imageshack.us/thpix.php)
My Configuration (the default vista install):
Note: Optional Updates are not installed since I did not intervene and specifically tell Win Update to install them.
Note: Windows update will always install SECURITY and PERFORMANCE updates.
Note: I receive updates for Microsoft products. This includes office, though I do not have it installed. Silverlight is also a Microsoft product (and I installed it yesterday)

Let's check to see if my computer auto-installed any office-related updates when I 1) do not have office installed and 2) did not tell it to install non-security/performance patches without my permission.
http://img525.imageshack.us/img525/6130/winupdate1ix3.th.jpg (http://img525.imageshack.us/my.php?image=winupdate1ix3.jpg)http://img525.imageshack.us/images/thpix.gif (http://g.imageshack.us/thpix.php)http://img525.imageshack.us/img525/4126/winupdate2vh2.th.jpg (http://img525.imageshack.us/my.php?image=winupdate2vh2.jpg)http://img525.imageshack.us/images/thpix.gif (http://g.imageshack.us/thpix.php)
Hmm.... nope.

Any patch -- Flash, Windows, Apple, etc -- can bring down more flaws than it fixes. That's up to the test team in question to exercise. Look at WoW -- some patches brought down more issues than they resolved -- have you ever looked at the bug history for Surge of Light (priest talent)? Sometimes bugs are big enough and important enough to fix that test does not always have adequate time to perform a full test pass before the thing goes out the door, and that's always a problem no matter what company has to face that sort of thing. Do you think WoW testers had time to do a full 100% test pass on the database used for in-game mails before that fix went out the door? It was too large of a scale to 'waste time" on. I work in QA myself, and I don't necessarily like it -- but sometimes there is more at stake and the cost for a full test run is too great.

Anyway, back on topic...

Unless specifically told to -- Windows Update will only install CRITICAL security patches. If you actually poke around in windows update or manually update, you'll see all the optional material in a seperate group.

If your settings for Windows Update are not what you want (and you don't want security/performance patches auto-installed), check your settings to see if you've changed anything. If you find that Windows Update has installed something without your express permission (through security settings or whatnot), then you'd probably want to raise that up as an issue, or, alternately, get some legal advice depending on the severity of the issue.

The whole discussion started with the SECURITY of silverlight.Okay, that makes much more sense in context. Splitting threads, yay. O_o

Although that does rather do away with the one thing I mentioned it might have going for it - wide adoption - since that means it really does have very, very few users in comparison to what it's competing with. Unless Microsoft starts buying off sites the way they did developers to get the Xbox some market share (which turned out to be a very sound move looking at the present console market!), I don't see any point to Silverlight. Maybe Microsoft's people have some plan for it, but I'm a little clueless as to why they even devoted resources to developing it over other projects. Embedded devices, maybe?

Yea, as you could see I didn't even install Silverlight until Suvega used it for his guide.

It has some great features -- but I like my comfy salary and my comfy salary means the products I help generate have to cover that salary. ;) Suvega used Silverlight because it's accessible for us (more accessible than Flash). For others, it might not be the case. But just because someone has a monopoly on a software genre doesn't mean others should stop trying. I mean, I'd be pretty miffed if Linux and Mac stopped development because more users (at the moment) use Windows. Competition breeds quality.

I'm sure each (flash and silverlight) has its benefits and flaws. *shrug* As a user, as long as they're easy to use from the consumer's perspective I could care less. :)

True - at the least, maybe it'll get Macromedia to improve Flash. I guess the other main thing I have against Silverlight is that it is Microsoft releasing it, and that they inherently are motivated against making it cross-platform, which the web implicitly is. It's a little like trying to give kids spinach-flavored chocolates for Halloween - maybe it's good for you, but people aren't necessarily going to appreciate it in that setting. Although there are cases where Microsoft has dropped the Windows-only absolute-competition stance...I guess what I'm saying is, maybe Silverlight has potential, but I'll be more inclined to believe it when and if Microsoft releases an RPM for it.

Saw expression web and just wanted to mention I love that software :D

I guess the other main thing I have against Silverlight is that it is Microsoft releasing it, and that they inherently are motivated against making it cross-platform, which the web implicitly is.

Well, the most I can tell you is that I have to jump through a MILLION hoops just to LOOK at anything close to source code for something that isn't Microsoft's -- for fear that it somehow inspires some future code of mine and gets MS into some sort of copyright legal battle. If those sort of hoops apply to things like Mac/Linux teams then I can only imagine how hard it is to develop for those platforms.

MS does make products for other platforms, but (like anything) it's always cost vs gain. For (example) Mac developers, even with a high cost to port a product to Windows results in a high gain (high userbase). For Windows developers, porting a Windows product to Mac is the same high cost, with less of a gain.

While I appreciate all that the two (or one) of you have done for the community, submitting this, making us install silverlight (ok, maybe fine) but not telling us that the only zone in it is Borean Tundra?

I went through the trouble of doing it because I was led to believe that there was a "Wrath leveling guide," when in fact, it's just borean tundra...



With regards to security - printscreen?

It's all text anyhow so it would take somebody 10? minutes to retype it?

Is it me, or does it seem like there are a lot of WoW forum posters that have found their way to this site?

Is it me, or does it seem like there are a lot of WoW forum posters that have found their way to this site?



I'ma go with yes on that one

Moonlight ('http://tech.slashdot.org/tech/08/11/21/0343245.shtml'), aka Silverlight for Linux.

Now what was I saying about how they needed to do that? :D

Is it me, or does it seem like there are a lot of WoW forum posters that have found their way to this site?not just the wow forum, the things you see over there and "spreading" is an accurate depiction of internet in general nowadays

Warning - For the time being, DO NOT INSTALL SILVERLIGHT! There are some fantastically huge security complications you open yourself up to by doing so.

My 2 cents: Suvega, building a website which requires the installation of any uncommon software component, insecure silverlight or not, isn't a good idea.

I was not able to find a single reported vulnerability in Silverlight. I searched Securityfocus.com and Secunia. As far as I can tell there isn't one known vulnerability in it. Where did you get your information from?

Warning - For the time being, DO NOT INSTALL SILVERLIGHT! There are some fantastically huge security complications you open yourself up to by doing so.

My 2 cents: Suvega, building a website which requires the installation of any uncommon software component, insecure silverlight or not, isn't a good idea.

I was not able to find a single reported vulnerability in Silverlight. I searched Securityfocus.com and Secunia. As far as I can tell there isn't one known vulnerability in it. Where did you get your information from?It was a chain letter...but it's ok, because if you forward it to 10 other people, Bill Gates will pay you $10k!!! :P

concerns with silverlight aside, if you are looking to make a patronizing reference to the ease of finding something via google, may i suggest this handy site? it's proving applicable to all sorts of inane discussions for me.

http://letmegooglethatforyou.com/?q=Silverlight+vulnerability

though i'd also suggest that you actually succeed as said search attempt first, else you end up looking the fool.

and as another slightly less tangential aside, i used to drink the microsoft haterade myself until i got into game dev, and now i want to kiss them in the manner preferred by the french. coding for sony hardware makes my brain bleed, while MS actually tries to HELP developers create software for their machines. what a crazy fucking notion.

but like the nice lady said, its a big ass company. plenty to love and hate in there for all of us, i'm sure.