PCStats is going to look at the new features which Microsoft plans to bring to the table with Internet Explorer 7, and examine how the underlying unctionality of the browser has changed to better protect your computer.
Microsoft Internet Explorer 7 Preview
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
This review is very bad… and IE7 will still be lacking the standards other browsers supports since years. Even their old bugs will be keeped for “comptatibility”… Sop using that browser !!!
They’ve already made a statement about it.
IE7 is not about supporting new standards, it is about fixing the bugs and such in the current standards they support (though, they will have full support for PNGs)
They’ve already made a statement about it.
IE7 is not about supporting new standards, it is about fixing the bugs and such in the current standards they support (though, they will have full support for PNGs)
And since when PNG and CSS2+ are new technologies? I’d say that these fixes are way overdue. Though I’m happy to hear that they’re finally going to support PNG properly. Hopefully, this will lead to better looking websites without the need to resort to plug-ins…
On the security front, I wouldn’t place my bets on MS. Not yet. We’ve heard this same song what…. A thousand of times before? And the author is nuts. IE is totally insecure. It’s the only browser that can be totally owned by a script-kiddie with little to no effort.
DeadFish Man
And since when PNG and CSS2+ are new technologies?
He didn’t say they were. They fall under “fixing the bugs and such in the current standards they support”.
IE currently supports both standards to some extent. IE 7 will enhance the level of support for these existing standards and fix bugs or limitations in the current level of support (an example of a fixed limitation being support for alpha on 32-bit PNGs).
RE: Securty — Any browser can be owned by a script kiddie under the right circumstances. There have been examples of scripting exploits/vulnerabilities in several browsers on multiple platforms.
Not one word… from that article. CSS 2.X, transparent PNG, XHTML, etc.
http://blogs.msdn.com/ie/search.aspx?q=standards&p=1
I would highly suggest (for those interested in speaking *after* learning) that you bookmark that blog. It’s a very lively and interesting diary of how IE7 is progressing, with some very candid commentary from the PM of the team.
Incidently, the concept of HTML ‘standards’ is pretty laughable. No one seems to know what they really are, really meets them all, or knows where they are going. It’s just more convenient to yell at the browser with the 85% marketshare.
I completely disagree with your final remark. Anyone who has spent any time whatsoever designing web pages using CSS knows that IE is a broken piece of garbage. There is a clearly defined CSS standard, and Microsoft completely missed the boat; pure and simple.
Really? Is it CSS 2.0? 2.1? The latest I see looks like a ‘working draft’ http://www.w3.org/TR/CSS21/ where the standards are not yet fully defined or recommended.
Did you disagree with my initial remarks too? 🙂 In them, I pointed you to the IE team blog where they stated that with CSS, they would be fully standards compliant. They also pointed out that IE 3 was the first mass browser to actually follow CSS standards – long before you were designing web pages, I reckon. They also admit that IE6 is broken with CSS standards – is your solution to that problem that they do not fix it in IE7? Not sure where you are going with this.
Read the blog – it’s refreshingly honest. The dev’s admit multiple times: ‘yes, we know the browser is not as good anymore. That’s why we’re trying to make it better.’
The mention of XHTML in the IE7 blog is, and always has been a “no we will not support it” as the IE mime system is too screwed up. It will continue to be treated as html, in breach of sgml standards.
HTML standards are not laughable. Everyone knows what they really are. They are the recommendations published by the w3c. All those people who read the w3c mailing lists, or represent their companies at the w3c can see where they are going.
quotes from the article:
“The third check compares the website to a Microsoft maintained list of known phishing sites, in much the same way that an anti-virus or anti-spyware application works. Presumably, Internet Explorer 7 will also include a mechanism for reporting such sites.
The Security Status bar will turn yellow if the Phishing filter detects features consistent with a phishing site, and will pop up a message informing the user of the risk they may be taking by entering personal information on the site. If the site matches one on Microsoft’s ‘blacklist’ of known phishing websites, the Security Status Bar will turn red and the browser will automatically bring up an internal page informing the user of the nature of the site and advising them to close the connection.”
This gives a lot of room for speculation. Will Microsoft transmit information about the user’s browsing habits to their own servers when checking for ‘phishing sites’? Can and will this set of features be misused for censorship? I.e., would they block apple.com
“…, Microsoft may have accomplished the difficult task of protecting its users from themselves.”
For my part, I’d prefer to have full control over my own PC. I don’t want to be protected from myself. Btw, hasn’t Microsoft recently bought a spyware company?
Microsoft is not going to own the phising filter server.. from what I have read there will be more than one party providing blacklists. Don’t forget that Konqueror, Firefox, Apple, etc.. have agreed to adopt the same anti-phishing technology.
“Btw, hasn’t Microsoft recently bought a spyware company?”
They were considering buying Gator/Claria but it didnt happen.
Correction: it was rumored that MS was considering buying Claria. Neither Claria, MS, or the Wall Street Journal ever stated any facts on the matter, nor was there ever any corroboration.
Guilty until proven innocent, out on the intarweb…
“Microsoft is not going to own the phising filter server.. from what I have read there will be more than one party providing blacklists. Don’t forget that Konqueror, Firefox, Apple, etc.. have agreed to adopt the same anti-phishing technology.”
I know they have agreed on address bar colors, which should indicate the trustworthyness of certificates. Are they really all planning to identify malicious phishing sites with the help of a central database?
I just can hope this isn’t true. I don’t think this strategy could be very effective, but on the other side such strategies have far too much potential for misuse. It won’t be very effective because it’s a reactive technology like anti-virus software, IDS, … – these technologies don’t solve the underlying problems at their root. It’s like scanning for malicious input in programming – the far better strategy is to do just the opposite, namely to check if the input is sane and to discard everything else.
IE7 is a back door into getting people on to Vista, there is no other reason why they have delayed it for so long. Microsoft are holding back technology and a better “eXPerience”. The game of monopoly will containue.
Except they are releasing it for XP as well….
IE7 is a back door into getting people on to Vista, there is no other reason why they have delayed it for so long. Microsoft are holding back technology and a better “eXPerience”. The game of monopoly will containue.
Actually, I think if it hadn’t have been for the explosive popularity of Firefox, they would’ve delayed even longer. They basically sat on their ass and waited about 5 years for Mozilla/Firefox to catch on. I don’t see as to why they wouldn’t have waited a few more if it had taken that long.
Edited 2005-12-15 04:06
Actually, I think if it hadn’t have been for the explosive popularity of Firefox, they would’ve delayed even longer. They basically sat on their ass and waited about 5 years for Mozilla/Firefox to catch on. I don’t see as to why they wouldn’t have waited a few more if it had taken that long.
IE 7 has always been attached to the release of Vista. You can go back to the original Longhorn roadmap and statements made prior to see this. Firefox has nothing to do with its release.
Firefox and Opera are so far ahead of MS is it’s even worth the wait. Why care when you get tabbed browsing, rss, and XUL now?
What will Vista do that I can’t do right now? Flippy, clear windows won’t help me get work done faster.
Actually if you had followed Vista’s changes you wouldn’t be thinking this.
They’ve practically rewrote the core.
Moved tons of drivers out of kernel space and into user land.
One such thing that comes to mind is the video drivers. If a video driver crashes it now will not take out the kernel
how they plan on doing a backup I have no clue.. just suddenly your dropped into 256 color mode?
Another is Audio drivers
http://www.osnews.com/story.php?news_id=11925
http://www.osnews.com/story.php?news_id=12974
Few new features
http://www.osnews.com/story.php?news_id=12295
new security features
http://www.osnews.com/story.php?news_id=12115
Follows Unix security
http://www.osnews.com/story.php?news_id=11184
Wish I had more links to give you but all of these I know are on osnews someplace.
how they plan on doing a backup I have no clue.. just suddenly your dropped into 256 color mode?
No. In general, they fall back to the standard VGA driver which on most hardware supports true color(same thing happens when you do a driver upgrade so you don’t have to reboot), then the problem driver can be either reset or if it has faulted a certain amount of times previously (or some other metric), the user can be directed to check for a better driver, etc.
“Internet Explorer (despite what the average Linux devotee will tell you) is not inherently insecure. It’s as secure as Microsoft can possibly make it, and is constantly updated to protect against new exploits and malware. It does have the distinction of being the largest and most obvious target for any Internet-based piece of nasty software though, meaning that new vulnerabilities are constantly being discovered. Also, unlike competing browsers, IE is an integral part of the Windows operating system, and thus can compromise the entire computer if its security is defeated. In these respects, claims that browsers like Firefox are inherently more secure than Internet Explorer are correct.”
IE is not inherently insecure…. oh wait.. the fact that it’s part of the OS makes inherently insecure.
Did they just correct themselves or how does that work?
Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha
So uhh…did MS remove IE from being so close to the core of the OS in Vista as it is in XP?!
So uhh…did MS remove IE from being so close to the core of the OS in Vista as it is in XP?!
IE isn’t “close to the core” in any version of Windows.
IE isn’t “close to the core” in any version of Windows.
This is true in the same sense that neurons aren’t close to the core of your brain. Some parts of it exist outside and some parts of it are in the exact middle or wired directly to the middle.
On the other hand you can split a hair into as many pieces as you like and not find any neurons.
This is true in the same sense that neurons aren’t close to the core of your brain.
If “core” implies kernel, then, again, IE isn’t “close to the core” in any version of Windows.
If core implies it provides dlls that the shell and other applications may use, this is true, but most wouldn’t consider this the core of Windows or close to it — a core end-user and applications developer service maybe.
Ok ok lets not split hairs gentlemen. A simple yes or no would suffice. You all know what I am talking about. Did or did not MS remove IE from being so damn close to the inner workings of the OS so that if IE goes down everything goes down with it?
Ok ok lets not split hairs gentlemen. A simple yes or no would suffice. You all know what I am talking about. Did or did not MS remove IE from being so damn close to the inner workings of the OS so that if IE goes down everything goes down with it?
No, because this doesn’t happen in the first place. IE is not now nor has ever been “close to the inner workings of the OS” beyond any other application. IE and the Explorer shell are seperate processes that use the same dlls (that many ISVs also use) for web functionality. Neither of them are part of the core or close to the inner workings of the OS. They are user-mode processes.
If what you’re experiencing by “if IE goes down everything goes down with it” means if one browser instance crashes, other browser instances also close, you should set them up to open in seperate processes (and do the same for the Explorer shell).
Edited 2005-12-15 20:17
Yeah I already have it set like that. So if IE crashes no harm done…but then why is it so easy to bring down an entire system thru IE? If you have a spyware that somehow got in through the browser it screws up the entire machine…does that have to do with the least user privileges thingy that is not deployed well in XP?
Yeah I already have it set like that. So if IE crashes no harm done…but then why is it so easy to bring down an entire system thru IE? If you have a spyware that somehow got in through the browser it screws up the entire machine…does that have to do with the least user privileges thingy that is not deployed well in XP?
If the spyware exploits a vulnerability such as a buffer overrun, it may be able to use this to execute arbitrary code and escalate privilege. This can also occur on any other browser, application, or platform that runs unverifiable code. A lot of spyware and other malicious software don’t even bother to exploit vulnerabilities, relying instead on social engineering techniques. The user manually runs the code themselves and it executes like a normal application.
On most platforms, most applications execute in the context of the logged in user. For most home users running Windows, they are logged in with administrative privileges. In many cases, this negates the need to escalate privilege because they already have necessary privilege.
.NET extended privileges beyond the user to the code itself. Even if your account has full privileges, the code can still be restricted to executing with fewer rights (there are also ways to do this with native code but not to the same extent). In Windows Vista, MS has split the security token between the user and code. Users on Vista will run as regular users by default instead of Admins and require escalation for certain operations, but even in the case where the logged in user is an Admin or other higher-than-user account, applications can still be restricted to running with lower privileges than that of the user. Any app that requires non-default privileges must somehow be trusted by the user to perform such operations (either the app is signed by the admin or the app asks the user to grant it the necessary permissions, etc.). IE 7 (and other applications) makes use of these new services and privilege models in Vista for greater protection beyond the traditional account model. The LUA/UAP account model is just one part of the new security services in Vista.
I think the confusion here is in your description – a usermode process (with 4 specific exceptions – LSASS, CSRSS, WINLOGON, or SMSS) cannot bring down an NT/2K/XP/2K3 system. It’s simply not possible in the memory model. The only reason the four parentheticals above can is that the entire OS rides on top of those subsystems, and losing them forces a restart/BSOD.
Now, spyware on your system can make it pretty well unusable, because you’re effectively running foreign software as yourself, and it can do whatever it wants. In the LUA/UAP/UAC/Whatever it gets called next month model, any application that needs to be installed where spyware usually goes cannot unless you say ‘yes, here are my elevated creds, please F up my machine’. That’s one of the big pluses of LUA- the potential to stop all spyware dead before it can even install.
a core end-user and applications developer service maybe.
No maybe about it. IE functionality is strung throughout the OS user interface (in contrast to the less-generalized program-level user interface). This is what makes an end-user tool useful as an applications development service. Having a tool that can show files, network resources or services and start other programs or processing loops to provide end-user services is what shell programming is all about [nowadays].
GUI shell programming offers a lot more choices about the application’s appearance to the user but underneath you are manipulating data and/or files with a nominally standard set of tools much like running:
type C:Downloadsvideo toolsReadme.txt | more
…except you’re doing so *much* more aesthetically and in a format designed to help you focus on the content and find what you want. At least if it’s done well that could happen.
Since the graphical browser/shell has access to system services and APIs it’s much closer the the “core” than the command line since it has API and system call access built in at the programming level that the command shell doesn’t, some of which may have unintended consequences if they misbehave. You could write your own shell instead of using an IE-based GUI, but why bother unless you have some reason to bypass the existing interface and tools? And since command line shells run other binaries that can be programmed to make any system calls or load any dll-based subroutine [that isn’t already in memory] and run it the differences are more cosmetic than qualitative, but you get my meaning I hope:
Interface(cli|GUI)->loop(Programs|subroutine->loop(data&|files)- >testoutput)->finaloutput
With the new isolation of processes from each other and the OS kernel memory space the effect of program failure on overall system stability is intended to be much less of an issue. The proof is in the output.
I read in that reveiw about IE7.. and it talks about that every browser windows hast to have a address bar right? hhhhmmm this is going to be FUN!!
I know that some apps has browser pop up windows like hhhhhmmm lets say paltalk for one. Now seeing that every browser windows MUST have it’s own address bar, that leads me to belieave that one can block the apps pop up by copying the address and then pasting it into the NEW!~ IE7 block sites dir. if this is true them some people are going o be upset about this.
Hey!~ stay cool dudes
your friend,
HACK!
I know that some apps has browser pop up windows like hhhhhmmm lets say paltalk for one.
Paltalk is an installable client application so it won’t have the same restrictions as the browser places on internet content.
Shoot! I’m sad now!
Why, why why are they putting the menubar *below* the tabs?
The whole layout of the thing looks wrong and unusable.
(Yes, I know you can probably re-order them, but if that’s how it’s gonna come as default it may scare more newbies away than attract them if they don’t know how to adjust the toolbars – which I’d say would be a rather large amount of people)
I can’t help but wonder how many crappy, IE-only websites are going to break under IE7 on Vista. It’s fine that Microsoft is finally understanding the limitations of the “integrate everything” strategy, but they have been cultivating for a long time an environment where developers of both native and web applications can obtain access to any system resources they might want to play with.
Can they find a way to implement a more reasonable security policy without disappointing 3rd parties reliant on legacy software, much of it developed in-house by IT departments worldwide? As much as you might argue that it’s not Microsoft’s fault that there’s so much crappy software and web services, it really is their fault.
Every OS has problems like these, for example gets() on UNIX-like systems. But Windows pretty much takes first prize for encouraging poor software.
Blessed be Microsoft, their coders and the compilers they produce great new features with!
I like the idea that Microsoft had won the browser wars. The fact that IE has served as the largest gate for virii and malware of every ilk, and that people knew this, tells me that users in general are not interested in security and safety.
I’m actually interested to see whether this is going to reduce the number of viruii and malware.
“unctionality”?
Browser: Mozilla/4.0 (MobilePhone PM-8200/US/1.0) NetFront/3.1 MMP/2.0
“IE 7 has always been attached to the release of Vista. You can go back to the original Longhorn roadmap and statements made prior to see this. Firefox has nothing to do with its release.”
Sure it does. As you said yourself, IE7 was always tied to Vista. Except back then the plan was to have it available only for Vista. Now it is going to be available for XP as well, and that surely has something to do with Firefox.
Sure it does. As you said yourself, IE7 was always tied to Vista. Except back then the plan was to have it available only for Vista. Now it is going to be available for XP as well, and that surely has something to do with Firefox.
Availability on XP was driven by the delay in the release of Vista as well as several technologies moving downlevel due to that delay and developer feedback from PDC 2003.
I’m sure you’re right. It most certainly didn’t have anything to do with the fact that Firefox is a better browser than IE and IE is losing marketshare.
In case you can’t tell, I’m being sarcastic.
I’m sure you’re right. It most certainly didn’t have anything to do with the fact that Firefox is a better browser than IE and IE is losing marketshare.
Yes, it certainly didn’t. It may be sarcastic but the text of the first sentence in your post is true.
Rob Caron, one of the PM of the IE7 team at Microsoft said that the protected mode is only applicable when IE7 is running on Vista and stand-alone. The point being, when IE7 is used as an ActiveX, aka web control mode, there is no such thing as a protected mode.
This is quite different then. It means that, as long as you are hosting IE is a random app, you should be able to execute all sorts of malware with no problem.
“Featured additions in the Windows Vista version of IE7 include a ‘protected mode’ which isolates Internet Explorer from the registry and system files, restricting the browser from making changes to the operating system except when manually told to do so by the user. Remote controls and programs will not be able to use Internet Explorer as a gateway to corrupting the operating system, or at least that’s the idea. We’ll have more on this interesting feature later in the article.”
Why the heck should a Web Browser be able to do that in the first place? Who’s bright idea was that? Oh, I think we all know the answer to that one..
Abstract: We’re going to look at the new features which Microsoft plans to bring to the table With Internet Explorer 7, and examine how the “underlying unctionality” of the browser has changed to better protect your computer.
I hope it has a spell check like Safari.
“IE currently supports both standards to some extent. IE 7 will enhance the level of support for these existing standards and fix bugs or limitations in the current level of support (an example of a fixed limitation being support for alpha on 32-bit PNGs).”
Don’t make excuses for the biggest, richest software company on the planet.
The won the browser law and got lazy, just like any anti-monopolist figured would happen.
They’ve failed to keep pace with standards that much small companies like Apple and Opera have done, and open-source teams have done.
Chris Wilson of the IE team in his blog:
“When we shipped IE 6.0, we finally fully supported CSS 1”
What is “support” anyway? A broken implementation that you never bother to fix. Do you consider that full support?
The sad thing is that even when we have IE7, most of us web developers have to support IE6 until it goes away. One major release every who-know-how-many years is not good enough…