IE 8 To Include New Security Tools

Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."

Please say..

[wellingtonsteve]

..that they will be more usable than the current 'security tools' we get with IE7 which serve the purpose of securing IE by making it so annoying that no-one wants to use it..

I mean that security bar thing that appears below the address bar for example when you want to download something. "Are you sure you want to download this file? It may contain viruses, malware, zombies, ghosts, or even the mother-in-law amongst other Scary Things (tm)?" YES! Why no "Don't ask me again, I'm smart enough to know what I'm downloading thanks" option....

Ahem, rant over sorry.. But please MS, try harder this time..

I only have one comment.....

[zappepcs]

Since IE7 and Vista, I am no longer qualified to comment on the user experience of Windows products. These two products killed off *any* thoughts I might have of using MS products at my personal expense. Still on XP with FF/OOo et al at work. It might^H^H^H^H^H^H will take more to get me to try another MS product than it did to get me to try Ubunutu.

New security tools sounds like a good idea. Hope they do well with that. Everyone has to work to keep the bar high on secure computing development, but I won't be trying it. Yeah, don't bother telling me about how F/OSS has problems too... everything does. I just prefer my problems not be served to me without the lubricant.

I do hope they achieve something good, it will be good for the Internet as a whole.

Re:Good

[MightyMartian]

I certainly hope they make IE8 faster. My (admittedly very anecdotal) experience is that IE7 is an absolute dog on startup and in browsing. There's a real lag there, that Firefox simply does not have.

Re:Please say..

[ConceptJunkie]

It would be nice if Microsoft's biggest security "feature" is asking the user to confirm any operation that could conceivably cause a problem. Oh, well, at least they can blame the user now... after all HE allowed it.

The one time I tried to use IE7 and MSN search (to look up TV remote control codes) MSN search returned a link that hijacked IE7 to a site trying to play porno movies and because of the constant message boxes claiming "Microsoft" found security problems and should I let it install a "fix" (probably Javascript trying to get me to install malware). The message boxes wouldn't go away and I couldn't even shut down the browser without killing the whole app from the task manager. (By the way, I checked the first several pages of Google's results to see if that fake link showed up, and it wasn't there. MSN is useless, too.)

I would have never in a million years thought that IE7 would be that horrible. It's like it's 1998 all over again. Microsoft does nothing but FAIL. I've been using Firefox (with NoScript, AdBlock+, etc) since it was Phoenix 0.4 or so and I had literally forgotten how horrible IE used to be... and still is. In all those years nothing like that has ever happened to me with Firefox.

I'm convinced Microsoft just needs to give up. They have become completely worthless and literally have nothing else to offer.

More details and ranting if you're interested: http://conceptjunkie.blogspot.com/2008/04/microsoft-needs-to-die.html [blogspot.com]

Re:Better security for ActiveX controls

[TheNetAvenger]

Or scrap ActiveX controls?

Too much legacy, best thing to do is continue to sandbox them as much as possible.

MS is shoving devlopers to either Silverlight or XBAP that have extensive sandboxing/security in comparison. MS has been in the process of killing ActiveX for several years now, next trick is to smack the developers around by making non-internal deployment really freaking hard.

Even Win32/64 has been being killed off slowly, but developers are slow moving creatures sometimes. (This is the biggest reason even people that hate Vista should be rooting for it to replace XP at the very least, as the non-Win32 APIs are its bread and butter, even working directly inside the vector composer of Vista, that XP can't do even if you try running .NET 3.x on it.)

Re:Security, hah.

[Antique Geekmeister]

And more DRM to wade through. Much of Microsoft's current 'security' development is aimed squarely at DRM and protecting the control by businesses, not at protecting users.

Re:Security.. Thats all Microsoft knows how to upd

[metallic]

I'm a Mac user also and it seems like I install a security update about once a month. OS X is good but it's not that good. Hell, it's a few weeks after details of the huge gaping exploit in ARD was announced and there still isnt a security update. The best you can do is remove ARD.

Technically, IE7 is the most secure browser out...

[Toreo asesino]

it's the only one I know that runs with only the following privileges (Vista only)...

"RO to File System"
"RW to user IE temp dir (explicit DENY on execute)"

Everything other browser runs as logged in user I believe.

So even if IE7 gets hosed into the floor, nothing will happen.

That said, it still sucks compared to FireFox 3 in terms of useful functionality, but that's another story.

Re:Nope, just the best one to date.

[GigaplexNZ]

You paid $300 for use of software, I assume you got some use out of it, and later on after the shelf life of the product you want a refund not only for the full amount, but an amount higher than you initially paid for it? That's some serious optimism there. For the sake of argument, let's assume you are entitled to a refund. If you got any use out of the product at all, you are not entitled to a full refund, as you would be getting something for nothing. Even if you never were successfully able to activate (thus being entitled to a full refund), you made a conscious decision to buy the software at that price at that time, forgoing any interest you might have made on the money. If the software did work, you still wouldn't have got that interest.

Re:Please say..

[ConceptJunkie]

Maybe you could, but it's never happened to me... even before NoScript came along.

That's the irony about the Web. It started out as a document display technology and eventually morphed into an application platform, taking about 15 years too long and going down too many dead ends on the way. I read somewhere that someone suggested the Web should have simply been X from the start. It surely would have saved them reinventing the wheel a dozen times in the last 20 years, that's for sure.

We've almost come full circle. The browser is _almost_ the OS which runs your applications. In fact, Microsoft's biggest problem was that they hooked the browser directly into the OS (in fact, their problem has always been that they hook everything directly into the OS). ActiveX was just a shortcut to run native code via the Web, and it suffered all the obvious problems from being so. "Hello, world,, run anything you want on my computer. I trust you." Java was better, but it's just too darn bureaucratic. I can't imagine having to actually develop in Java... from everything I've seen it's worse than dealing with the government and insurance companies combined.

So where will it all end up? Starting around 1991, we reverted back some 15 years in UI development and had to go through the 80's again, but in browsers. I figure in another couple years Web apps and native apps will essentially be indistinguishable, especially from the non-techie's point of view. That's not bad except all the good UI standards and conventions developed by Xerox, IBM, Microsoft, Apple backed with decades of research have been almost completely abandoned. I can't even imagine what the average computer experience will be like in 10 years, but if the past 20 is an example, some things will advance more than I could have ever guessed and others will barely change, and it will still take an expert to solve all but the most basic problems.

The term "bleeding edge" was a play on the term "leading edge" but at the rate things change, there is no more "leading edge" any more. With Vista and recent releases of OSX, the "bleeding edge" is the mainstream, and we've come to not only not be surprised that systems aren't even remotely complete when shipped, in fact, we expect a "dot oh" product to be essentially a late alpha. I don't recall what product it was, but it was a "release candidate" and at the same time the release notes said in effect, "but we haven't documented all the features yet because we don't have a firm list of what will be included". That's not a "release candidate" by any definition... not even Microsoft's. That's an alpha release, by the original definitions. But these days (and Google is a perfect example, even though many of their products are very good), most software never really gets out of "beta" any more. There are Google products that were literally labelled "beta" for years. It's always possible there was some legal reason for this, but the idea of a "test version" vs. a "release version" barely exists any more. Often the only distinction is the size of the group of users who have access to it. Microsoft does this, even though they still pretend to adhere to the gigantic monolithic release after years of development apparently because that's the only way they can justify charging people for the same old crap, but shinier and slower. I think the Ubuntu concept works well. They seem to have an attitude of "We'll take what we've got and make sure it installs and works together" every six months. Each release isn't always a huge change, that depends on the state of things like Gnome, KDE or the Linux kernel or who knows what, but this "evolutionary release cycle", where each subsequent upgrade is relatively small, seems to work a whole lot better than Microsoft's "revolutionary release cycle" where it's a major IT undertaking that is so massive most companies these days would rather not bother.

Hmmm... I seem that have digressed a bit.

Re:This is a simple job

[Anonymous Coward]

MS hires some of the best coders in the world

Agreed, but they don't know what to do with us. I currently work as an on-site contractor for Microsoft in Redmond.

When left to my own devices, I'm several times as productive as the next best person I've ever met. If they'd let me, I would could our product's defect rate by an order of magnitude in a couple of weeks, but they're too damn afraid of change to let me do that. There's always a new release around the corner, and they're always in "OMG we can't change anything!!1" mode. The only changes they'll approve are cosmetic fixes for things reported by customers, despite the fact that you can't look at 100 lines of code without seeing an obvious bug. It's the least productive environment I've ever seen. I could literally replace 20-30 people in my department and nobody would notice a difference in output level.

p.s. Yes, I am looking for a new job outside Microsoft. I'm fed up with the BS.

Re:Better security for ActiveX controls

[man_of_mr_e]

Ahh yes, whitelisting. You know what would happen if Microsoft did the same thing, they'd be accused of monopolizing the ActiveX market and using their power to control who is allowed to install controls and who isn't.

There is no solution there.