IE8 Released As Critical Update For XP

Binestar was one of several readers writing in to note that Microsoft is listing IE8 as a critical update to Windows XP. CNet reported a couple of weeks back that Microsoft would be rolling our IE8 to users in a gradual fashion, and requiring an opt-in before installing it. Opinion has been split as to whether IE8 is worth installing or not. Binestar notes delicately, "For those not interested in upgrading to IE8 at this time, the MSDN released information back in January on how to keep IE8 off your machine."

what's so critical about a web browser?

[DragonTHC]

shouldn't they patch the version XP shipped with instead?

IE8 on XP

[colinrichardday]

I didn't even know that IE8 would be available for XP. I wonder how well it renders MathML.

So what

[rossdee]

I use Firefox as my default browser. Should I care what version of IE is on my (XP) system?

Good for web developers?

[Verdagon]

So this means that more of the browser market will be standards compliant?

And by critical they mean?

[erroneus]

What exactly? I don't know. I am a bit confused though.

So MSIE8 is more standards compliant in a significant way. Is this still the case? Is the "default" mode standards mode or compatible mode? I ask this because I want to understand what Microsoft's expectations are going to be.

If the default mode will be standards mode, then I have to say that this is a courageous move on Microsoft's part.

If the compatible mode will be default, then I still have to applaud Microsoft for taking some initiative on this. Even if it doesn't break everything or anything, it's still a gutsy move and is clearly a step in moving in the direction of standards compliance. While this move might potentially slow the growth in use of alternative browsers, Microsoft will potentially lose their edge when it comes to maintaining their lock-in status in IT. And potentially losing some of that edge is a really gutsy move.

Microsoft can lose me and I am sure quite a few others here as Microsoft-haters if they were to just straighten up and fly right. I am hopeful that they will. I once loved Microsoft and all they did when it was still an exciting time... I know... but I speak the truth.

WMP11 Media Sharing and IE8

[shird]

I was hoping they would fix the issue where WMP11 Media Sharing stops working after installing IE8 on Vista before rolling it out like this.

I've reported it myself, and so have many others. I guess they will wait until the masses have it via automatic updates and they get a significant number of complaints the next day before they do anything about it.

Re:And by critical they mean?

[GF678]

I once loved Microsoft and all they did when it was still an exciting time... I know... but I speak the truth.

Offtopic: The funny thing is, you say this as if people used to be excited with what Microsoft had done but are tired of them now, but I believe this level of excitement with MS is cyclic. Go to a place like Neowin.net to see this in action. You might be tired of MS now, but the next generation of geeks seem to be excited with their products like Windows Live/Mesh, Windows 7, Office, etc. Maybe the golden years for Microsoft are back?

Heck I can't explain why they're so excited, but they are. As a side note, it does mean that if you hate Microsoft for valid reasons you can't bring them up at a place like Neowin though, cos people will immedaitely consider you a basher for popularity sake and a Linux lover who can't run Photoshop (not like they would be running legit copies either, but that's another topic). The inverse is true for this place of course. God I hate all tech sites these days. What am I doing here anyway? :)

do i have to allow wga?

[zonker]

Not being a fan of DRM I've so far avoided installing WGA on my system. Can I install IE8 without installing WGA or does it force it on you?

Wow.

[vistapwns]

Good move, getting all those XP users to a standards compliant browser that's reasonably secure will be a Good Thing. Even if you completely jock FF, at least this improves standards support, so you should support this. Hopefully, it won't take as long for IE8 to get the majority of the market as it took IE7, too. I can't remember if IE7 was ever released as a critical update or not, but we really need to get rid of IE6, pronto. They need to release this as critical for Vista as well, Vista + IE8 = very secure browsing, which is what most people need, just basic and secure browsing.

Netbooks also?

[Anonymous Coward]

Does this include the XP version shipped on netbooks? I have enough space problems without worrying about how much IE8 will consume - especially since I will never actively use it. ...A Firefox using Anonymous Coward

Re:Using older versions of IE?

[cbhacking]

IE8 has the ability to render using IE7's engine (either with a meta tag in the site, or via the "Comaptibility Mode" button, or - with greater granularity - through the development tools). For testing stuff older than 7, I really can't say. Incidentally, for web dev, the develpment tools are pretty sweet. A couple things in there Firebug could learn from.

Re: Still using IE6

[MemoryDragon]

You might laugh, but there are even users of IE 5.5 we had recently such a case where a customer complained loudly that something did not work on his browser (which turned out to be IE 5.5)

Speaking of making others life hard, my personal preference would be to violently enforce an update towards Firefox or Chrome onto those people. With violently I mean by using all physical means necessary!

standards compliance is not about exception markup

[Onymous Coward]

Does anyone know if this is still in effect?

1. When a user has a problem with a website in IE8, they can click the "Compatibility View" button to revert to IE7 rendering.
2. The URL is sent to Microsoft who compile a list of IE8-incompatible websites.
3. This list is sent to IE8 users so the site can automatically switch to IE7-mode for everyone.
4. If your website is fixed or is accidentally added to the list, you can add a meta tag to disable compatibility mode!

http://www.sitepoint.com/blogs/2009/02/19/ie8-standards-mode-opt-in/ [sitepoint.com]
http://blogs.msdn.com/ie/archive/2008/12/03/compatibility-view-improvements-to-come-in-ie8.aspx [msdn.com]

Does this seem like a way for Microsoft to require people to mark their pages as "standards compliant" in a Microsoft-specified syntax?

It seems like IE8 users would click the compatibility mode button not because they think the site should render better in IE7, but because it doesn't look right. Won't this populate Microsoft's "render as IE7" list with sites that are just poorly rendered in IE8? Surely this can't be what's going on. It'd be a train wreck in progress. Any good, standards-compliant pages IE8 can't render very well get rendered even more poorly unless you put MS markup in them?

Can't be.

My guess is that MS are engaged in some kind of gambit to pollute the existing DOCTYPE standard somehow, by requiring browser-specifying markup, but it's not clear to me exactly how. Well, IE8 is here. We'll see what happens.

It's Called Lying

[DynaSoar]

It is not critical.

It is not an OS update. It claims to be an integral part of the OS, but as the result of lawsuits, as well as the many available "stand alone" versions of previous "integral parts of the operating system", it has been proven that IE was written to make it appear to be so but in fact was not.

It's release via automatic update is not, as they claim, more convenient. It is more convenient to initiate your own download when you choose to that to have to start to download this fairly "required" software when abd because you're told to, then cancel or delay that download.

That process is the normal one for refusing an automatic update download. It is not, as the headline states (with an exclamation mark no less) an IE8 Blocker Toolkit.

Simply put, Microsoft is lying about these things. If they're lying about these, what else are they lying about? Anything?

Well, for one, they're faking the popularity of related searches/links on IEBlog. The "Tags" box lists related items with different sizes of fonts. Elsewhere these are usually generated by user searches, the larger the font, the more often requested. However, the links from these are hard coded to constant items which frequently have nothing to do with IE. Some of them contain a single line blurb such as a statement from an IE development team member saying they're going to tell you something, but haven't posted that promised nugget in months since their first statement.

Let's say I'm your car's mechanic. I've been been charging you for your car's muffler bearing. I keep telling you it's a necessary part of the motor, even though there are plenty of people driving around with no muffler bearing, but rather an entirely different and optional piece of equipment, like a Kentucky Gofaster (that's a raccoon tail on the radio antenna) that does the same thing better. But I'm also insisting that it's my muffler bearing, not yours, and you're only paying for my permission for you to use it. Now I tell you that for your convenience I'm going to put your car up on the rack, start to replace your muffler bearing with a new, chrome plated muffler bearing, which you can then choose not to have installed. What would you do? Nod your head and say "uuuuuuuh, yep, uh huh, put her on up there bub", or find a mechanic who doesn't lie to you and try to sell you a "required" piece of equipment that's not required?

But wait! There's more! With this new chrome plated muffler bearing you will only be able to have certain things done at my garage, unlike your old muffler bearing which allowed you to have anything done at my garage. Last I checked, there were parts of msn.com that wouldn't work with IE8.

NOW how much would you pay? Call in the next 15 minutes and we won't charge you anything, except you'll have to have our Genuine Advantage mechanic take a look at it monthly to make sure you haven't fiddled with it to make it look like you own it rather than it still being our property installed on your car. And if you don't call in the next 15 minutes, we'll call you and make the same offer again, because it's for your own good. We promise.

Re:Didn't XP ship with 6?

[OutOfMyTree]

Can't do that, it's against the Geneva Convention.

You do know the story from Iraq, right? Saddam's people were setting up anti-aircraft posts just under the walls of culturally important sites, so that attacking the posts would damage the mosques etc. The mean RAF (and I guess USAF) took to dropping training bombs on them. These were non-explosive and made of concrete but could take out an anti-aircraft post nicely. Iraq complained under the Geneva Convention which bans the use of "unconventional weapons".

Re:what's so critical about a web browser?

[benjymouse]

You haven't been paying attention to the way Microsoft works, have you? This has been typical for .... ummm .... as far as I can remember. Ship first, patch later and frequently.

Erm. Then you haven't been paying attention to the way Microsoft have worked for the past 5-6 years, have you? They have seriously pulled themselves together since the code red, nimda and initial IE6 days. I know that it's a popular myth that Microsoft software is swiss cheese, but security analysts are starting to point at Microsoft SDL (Secure Development Lifecycle) as an example on how to do it. Independent analysts, i.e. IBM, researching vulnerability reports, have for the past 3 years pointed out how Windows XP and Windows Vista are actually the operating systems hit with the fewest vulnerabilities (but still most exploits).

Looking at vulnerability stats at secunia shows that Microsoft QC have improved drastically across their entire product portfolio:

• IE7 was released at roughly the same time as FF2. IE7 has had half (77) of the vulnerabilities of FF2 (154). And those vulnerabilities stopped counting last year when FF2 was EOLed. And FF3 is already at 68 - about to overtake the 3 year old IE7. Of course there are still browsers out there with much fewer vulns than all of these.
• The .NET Framework 2.0 is roughly as old as JRE 1.5, and although the former also has "enterprise" stacks such as ASP.NET etc, the .NET Framework 2.x has been hit by 10 vulns whereas JRE 1.5 has had 111 vulns in the same period.
• IIS6 was released with Windows Server 2003. Since then it has had 4 (four) vulnerabilities. IIS7 was released with Vista/Server 2008. It has experienced 1 (one!) less critical vulnerability. In comparison Apache 2.x has experienced 23 vulnerabilities. Considering what they had to work with, I'd say that's pretty impressive.
• Silverlight 1 and 2 both have clean sheets. Zero vulnerabilities so far. Compared to Flash Player 9&10 with 37 and 5 vulnerabilities respectively , Microsoft is certainly doing allright there as well. Especially considering that some of those Flash vulns were high-profile potent vulns which were featured in pwn2own.
• On the database front, SQL Server 2005 has registered 10 vulnerabilities. Oracle Database 10.x comes in with a staggering 828 vulnerabilities.

On the whole Microsoft seems to do pretty well and considerably better than their competitors in all of the above areas. And no, Microsoft does not hide vulnerabilities. They may delay publication in a responsible disclosure, but any MS admin will tell you that they are very specific about each vuln in their patch bulletins. Microsoft cannot slip a "fix" through, as they have to provide enough information for admins to take a decision whether to block or allow a given patch based on security against stability (like in fewer changes). And Microsoft does not patch "frequently". They patch 12 times a year + emergency patches. This schedule has in general been well received by admins and several other vendors are now following the same schedule.

Re:what's so critical about a web browser?

[thsths]

>Looking at vulnerability stats at secunia shows that Microsoft QC have improved drastically across their entire product portfolio:

You have to read these with caution, though. Microsoft has been trying to get the vulnerability count down, and one way of doing this is merging several vulnerabilities into one. It looks good on paper, but it does not make the product any more secure.

That being said, the recent product certainly show improvements. They absolutely beat Java and Acrobat, when it comes to security. I think the comparison with Firefox may be uneven, though, because the Firefox guys class just about anything as a potential security issue, just to be on the safe side.

Re:what's so critical about a web browser?

[subreality]

That's what IE8 is.

No, by design, IE8 isn't backward compatible with crappy corporate intranet sites that were coded up for IE6's crappy eccentricities. That's a good thing for most people, but bad for companies that don't want to spend millions revamping their internal apps at MicroSoft's whim.

Yes, of course they shouldn't have gotten into that situation in the first place, but once they're there, you at least expect them to make good on their support commitments (which they are; see the other subthread).

Anyway, my complaint is mainly long-held bitterness over their claim that IE was integral to Windows. It was / is monopoly abuse of the most blatant sort.

Re:The sooner the insecure, poor-rendering IE6 die

[Jason Levine]

My company falls in the "outdated intranet software" category. Some software that is critical for us to run won't work with IE7 or IE8. So our users are stuck with IE6. Since they're using IE6, I'm forced to remain on IE6 to test out our Intranet (different intranet site, this one I designed with IE6/7/8 & FF compatibility) on IE6. However, my problem is that I still need to test out our public website on IE7 and IE8 (which outside users use). Thank goodness for http://www.xenocode.com/browsers/ [xenocode.com] . It lets me run IE7 and IE8 while still having IE6 on my computer.

I love how Firefox gets a pass on this....

[Anonymous Coward]

While all the Two Minute Hate attenders are busy bashing MS for this move it seems that none of them, even those who were vocal in their support of Firefox, care to point out that Firefox is set to automatically update out of the box.

At least with Windows you're forced into making a decision on the hows and whens of your updating process on set up. No such luck with Firefox. Infact, I'm having a hard time thinking of any other software package that handles updating as poorly as Firefox does. Even Java is nice enough to ask permission first.

Compliant mode is darn handy

[Anonymous Coward]

and a very useful feature this is too.
i recently hit an extremely badly coded website.
it was an online test (verbal & numerical reasoning) for a prospective employer (so i couldn't just move on and ignore)
i filled out all the forms and hit the 'start test' button and received an error giving the list of supported browsers.
i knew i was in trouble when the list started with netscape navigator 4.78 to 6.2 (i'm on ff3) and ended with ie5.5 or ie6 (i'm on ie8)
i have a second laptop with ie7, that wouldn't work either
however ie8 compliant mode worked a treat

i honestly believe that those still using ie6 (for whatever mis-guided application reason) need to take a good look at and properly test ie8 compliant mode.

Re:Any Web Developers Here?

[BurzumNazgul]

I'm a Microsoft fan boy (MCPD for web development). I usually stick to a three step process. 1. Start by writing with a focus on IE7 and try to keep everything up to XHTML standards. Test locally for FF and Chrome. 2. For public facing websites that focus more on displaying information than providing interaction I use browsershots.org to see how the pages render on common browsers. A VM machine with lots of browsers (including IE6) is used for local debugging. 3. With web applications functionality is the most critical. Clients will usually have a handful of browsers that they expect their users to be running. Each browser they request support for needs to pass unit testing. For some projects compatibility testing goes smooth and for some it's the biggest hangup in the SDLC.

Definitely...

[alien9]

...no.

The beta version pulled out bizarre layout and coding issues already.

It seems another MS try to establish their own standards. They are relying on prevalence of Windows / IE to take over some businesses' environments (as IE4 did back in the 90's) thus weakening other platform's appliances... and messing up developers' life.

We maintain a JavaScript / php / googlemaps mashup pplication, and unless switched to 'compatibility mode' the CSS layout simply breaks (in strange and undocumented ways) . We use Prototypejs 1.6.... and its code breaks too.

The application was developed targeting IE6 / FF2. Since then it has evolved through Safari, FF3, and IE7 with relative ease. At the first glance this move is going to be tough.

For those developing complex AJAX-style applications, these are pretty bad news.

Re:what's so critical about a web browser?

[shutdown -p now]

The finance company I consult at has its entire sales platform built on VB6/IIS5 and (shock horror) VBScript so it only works on IE6.

There's no logic here. A site built using VB6/IIS5 doesn't have to be IE6-specific (why would browser care about the server platform used?). Using VBScript for client-side scripts is a stupid thing to do, but it's still supported in all later IE versions (including IE8).

If the site works only in IE6, it's because the developers specifically did something that only works in IE6. None of the things you've listed fall into that category.