Internet Explorer Archive

Microsoft plans to make a key Internet Explorer default change to thwart attackers trying to hack into its Web browser. The software maker will enable DEP/NX by default in IE 8 when the browser is running on Windows Vista and Windows Server 2008, a major tweak aimed at mitigating browser-based vulnerabilities. DEP/NX (Data Execution Prevention/No Execute) is already available in IE 7, but it's turned off by default because of compatibility issues.

Ars takes a closer look at the Internet Explorer 8 beta (released yesterday), and concludes. "Niggles aside, IE8 is shaping up quite well. Clearly, a lot of work has been done on standards compliance, and it looks like it's paying off. If IE8's development continues down the path it's on, it will finally be a version of Internet Explorer fit for the 21st century."

Microsoft decided that due to their new interoperability initiative, they would reverse a previous decision to make IE8 default to the IE7 engine, instead of supporting standards-compliance by default. No article or musing I have yet read has delved into what is increasingly likely, the reason for this sudden change in decision -- and that is this: the mobile web is coming.

"We've decided that IE8 will, by default, interpret web content in the most standards compliant way it can. This decision is a change from what we've posted previously. Microsoft recently published a set of Interoperability Principles. Thinking about IE8's behavior with these principles in mind, interpreting web content in the most standards compliant way possible is a better thing to do. We think that acting in accordance with principles is important, and IE8's default is a demonstration of the interoperability principles in action. While we do not believe any current legal requirements would dictate which rendering mode a browser must use, this step clearly removes this question as a potential legal and regulatory issue. As stated above, we think it's the better choice." Ars has more.

"Internet Explorer 8 is going to be the most standards-compliant IE yet, but it's going about it in a way that has some people scratching their heads. With Internet Explorer 8, you have a choice in standards compliance modes. Sound oxymoronic? Shouldn't there be one standards mode by default? Heck, shouldn't the only mode be standards mode? Ah, idealism." Please note, however, that John Resig of Mozilla Corporation spotted something interesting: "Internet Explorer 8 will support DOCTYPE switching for new DOCTYPEs (like HTML5). This really does change any frustration that someone should have concerning the new meta tag. This means that you can write your web pages in a completely standards-based way (CSS, HTML5, JavaScript) and not have to use a single browser-centric tag in order to do so."

There's been quite the noise on the internet that Microsoft would be supposedly forcing IE7 on customers via Windows Update. Ars dove into the issue, and hands out milk and cookies to everyone while explaining there's nothing to worry about. "They key to understanding what's happening in two weeks is WSUS. WSUS is not synonymous with Windows Update. WSUS is a management tool that works alongside Windows Update to allow IT admins to control how patches and updates are applied across a deployment. If you're an IT shop, run WSUS and have it configured to install update rollups, then you'll be getting IE7 that day. However, by default, WSUS is not set to automatically approve update roll-ups. Equally as important, users who aren't in tightly managed business environments (e.g., most users) will not wake up to find that Internet Explorer has been installed on their Windows XP SP2 systems without their say-so. Fret not: Microsoft isn't making you do it. They're not making anyone do it, not even WSUS users."

"As a team, we've spent the last year heads down working hard on IE8. Last week, we achieved an important milestone that should interest web developers. Internet Explorer 8 now renders the 'Acid2 Face' correctly in IE8 standards mode." Insert freezing and hell joke.

"With the introduction of Windows Vista, Microsoft has added a new form of mandatory access control to the core operating system. Internally known as 'integrity levels', this new addition to the security manager allows security controls to be placed on a per-process basis. This is different from the traditional model of per-user security controls used in all prior versions of Windows NT. In this manner, integrity levels are essentially a bolt-on to the existing Windows NT security architecture. While the idea is theoretically sound, there does exist a great possibility for implementation errors with respect to how integrity levels work in practice. Integrity levels are the core of Internet Explorer Protected Mode, a new 'low-rights' mode where Internet Explorer runs without permission to modify most files or registry keys. This places both Internet Explorer and integrity levels as a whole at the forefront of the computer security battle with respect to Windows Vista."

"It seems Microsoft is putting IE8 development into gear. Participants of the Windows Server 'Longhorn' beta program on Microsoft Connect have just received an email notifying them that a new survey for Internet Explorer 8 has been published on the program site. The survey contains a few questions on the current usability of IE7 and asks the users what new features they would like to see in IE8. The survey also asks users to rank the importance of several planned features. The email mentions that the survey should be completed before Thursday, March 1st, 2007; giving us a vague peak at the timeline for IE8."

A store owner in a bad neighborhood must balance safety against commerce. Too many locks and bars will keep away customers with the crooks. Based on Microsoft Watch reader feedback, Internet Explorer 7 sacrifices too much usability in the interest of safety.

Microsoft's latest release of Internet Explorer will drive demand for internationalized domain names, according to industry experts who are predicting a sharp increase in sales of foreign language domain names. That's because IE 7 has built-in support for IDNs, as does Firefox 2.0, also released in October.

"We've gotten some questions here today about public reports claiming there's a new vulnerability in Internet Explorer 7. These reports are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express." Meanwhile, Adam has published an article on IE7 on his blog: "IE7 is a major plus for anyone who understands the internet and networks, and especially for those who do web development. Read on for a lengthy review."

Microsoft will release the final build of IE7 today to customers. IE7 will be made available via Automatic Updates on the 1st of November. At the moment there is no link on Microsoft.com, but Yahoo has the final build bundled with Yahoo Mail. FlexBeta is currently hosting Internet Explorer 7 Final without the need of downloading Yahoo Mail. My take: Read about my thoughts on IE7's new interface on my blog.

Recent high-profile security problems with Internet Explorer have done little to dent its market share - or maybe not, according to conflicting reports on web browser use. Web analytics firm OneStat.com reckons that IE's global usage share is 85.85 per cent, an increase of 2.8 per cent since July 2006. Mozilla Firefox's open source browser claims second place with a share of 11.49 per cent, a decrease of 1.44 per cent since July 2006. Apple's Safari claimed 1.61 per cent (down 0.23 per cent), and Opera held 0.69 per cent of the market. However, statistics from websites tools firm Net Applications, cited by Ars Technica, paint a contrasting picture.