IE 8 To Include New Security Tools 177
Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."
Better security for ActiveX controls (Score:5, Insightful)
Or scrap ActiveX controls?
Good (Score:1, Insightful)
I think the IE7 solution to ActiveX sandboxing was well done. It's still a problem, but a lesser one I guess. I always thought that was the most serious issue with IE.
It just feels like it's taking forever to make IE a good browser. All those years in a stagnant pond where the order of the day was fighting little fires instead of improving the product beget Firefox, and now Microsoft is really feeling the heat. Competition is good, but Microsoft seems to still be moving at a glacial pace.
Re:Was I the only one to misread the title? (Score:5, Insightful)
Was I the only one to misread the title as: "IE 8 To Include New Security Holes" ?
That's true for almost everything new. As complexity rises, so does the chance of a problem, and browsers are surprisingly complex nowadays.
Sandbox javascript, flash etc ... (Score:4, Insightful)
There isn't any good reason why the javascript engine should run with the same privileges as the browser, and there certainly isn't any good reason why plugins like flash should have as many privileges as they do. Sandboxing those bits should help a lot.
Re:Better security for ActiveX controls (Score:5, Insightful)
ActiveX is a critical technology in (South) Korea - you can't do any online banking, online shopping, etc. without ActiveX support. MS can't drop ActiveX or it would lose the Korean market.
Re:Let me guess... (Score:3, Insightful)
As bad as they've been about IE security in the past, they're actually trying this time.
Because they say they are, right? They've said that it'll be more secure than before everytime they've done this and nothing really changes.
Re:Better security for ActiveX controls (Score:5, Insightful)
> MS can't drop ActiveX or it would lose the Korean market.
Lose it to whom? There aren't any other ActiveX providers, so if MS dropped ActiveX, South Korea would have no choice but to use whatever MS would provide as replacement.
Re:Better security for ActiveX controls (Score:5, Insightful)
ActiveX is the only thing keeping large businesses TIED to IE. The last thing MS would do is scrap them. And to be honest, within a corporate intranet (where users don't have the rights to install activex controls), ActiveX is a pretty solid technology.
Re:Better security for ActiveX controls (Score:1, Insightful)
Cause Korea doesn't have anti-trust laws? The problem is thus: There was a window between the Mosaic project winding down and closing up shop and the plethera of what became opensource browsers and standards. In that window, Microsoft was inventing the standards very quickly and with little consideration. Well in exactly the way the free-market had been doing a good job since Adam Smith's time. But the problem is that kind of thing isn't particularly helpful at a networking technology, be it roads/railroads/POTS/or lolcat infused intarwebz.
That has created a world of multiple standards which have unintended and undesirable consequences, but none-the-less have a tremendous amount of invested capital behind them. You might as well advocate the taking of an axe to any machine (or host of a virtualized machine) running legacy COBOL code. It's just not always convienent to rebuild the world from scratch, even if it's a GLOB of 1's and 0's.
The money isn't there to run two platforms sidebyside into the future, elegantly and mercifully letting the legacy cudgles fade away. The downtime for a do-over is so comically idiotic that standards zealots even speak to the idea at all is practically an indictment of their whole position. So we'll get to enjoy the interaction of a million (million-million?) poorly considered decisions for decades to come.
Re:Better security for ActiveX controls (Score:4, Insightful)
It isn't.
But yet every single modern browser has a way of running 3rd party binary 'plug-ins' or 'add-on' because its too damn useful. Therefore the only real distinction here between browsers that support ActiveX and browsers that don't is marketing.
Re:This is a simple job (Score:3, Insightful)
Right, because only nimrod programmers have bugs in their software.
Comment removed (Score:2, Insightful)
whatever (Score:2, Insightful)
year after year after year after year after year after year after year......
all we ever hear is how MS is making their next OS/Browser/Apps more secure. Have they ever succeeded? Not once... all I have witnessed is bug patches and more complexity. Its very tiring to hear the same garbage over and over again.... ...and for any site that only runs activex - get with the rest of the world and learn something....
Re:Better security for ActiveX controls (Score:5, Insightful)
Actually, I'm not. If you look at that Firefox plug-in I linked above, it uses a site whitelist which makes it considerably more secure than IE. Just because IE has/had poor ActiveX security doesn't mean another browser would have the same policies.
Look at the posts in this thread. Everyone's convinced that "ActiveX==BAD" while they probably have 50 Firefox add-ins and plug-ins installed. They're the basically the same damn thing, so I'll maintain this is almost entirely a perception issue (which exists for valid, but historical reasons).
Re:Nope, just the best one to date. (Score:5, Insightful)
Technically, if they break the use of the product it is THEM that broke it. For example, if you take a car to a dealership for an oil change, and they break your transmission, the auto company/dealership is NOT immune to a lawsuit because "hey, you got usage out of the transmission".
In fact, they will have to get you the FULL value of the transmission / replace it with a fully working one. See the whole issue is that a remedy to a broken contract is supposed to set you off AS WELL OR BETTER THAN BEFORE THE DAMAGE WAS INCURRED!
Pay attention to the caps... there's a reason for them. That was originally the whole point of contracts, fulfillments and remedies in case of broken contracts. Seems that companies that deal in software are permitted to break the product and the client is to blame. Strange that. Nowhere nearly as strange as the fact that you seem to think that such things are perfectly fine. Amazing. Nothing short thereof.
Not that I care. It was one more reason why I stopped using XP period. Guess what. Unless they give me a copy of Vista FREE, I don't plan to ever go back either. Hell, since I stopped gaming I've had more spare time than I've been able to waste with a conscious effort :)
Re:Better security for ActiveX controls (Score:4, Insightful)
Or maybe South Korea could pull their collective head out and stop supporting lock-in and using crap technologies.