'Lower Rights' IE 7.0 Coming 378
blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."
So basically ... (Score:4, Insightful)
Re:So basically ... (Score:4, Informative)
Marvellous!
Re:So basically ... (Score:5, Insightful)
Re:So basically ... (Score:3, Funny)
Re:So basically ... (Score:2)
Re:So basically ... (Score:4, Insightful)
Re:So basically ... (Score:5, Insightful)
Re:So basically ... (Score:5, Insightful)
What are you talking about? When you run Firefox under an Administrator account, it runs as an Administrator. In linux if you run Firefox as root, it runs as root. Neither provide any sort of explicit protection against this environment. Or am I missing something here? If you run your windows desktop account as a limited user (not an Administrator), then IE6/5/4 and all other browsers on the market today run as a least priviledged process.
Re:So basically ... (Score:3, Insightful)
I have to disagree, firefox never runs as root because linux users almost without exception do not browse the best when they log in as root. Linux programs are designed you can get all features without being root. Windows programs are not.
Thus in theory you are right. In practice though, Linux users are never logged in as root, while Windows users always are.
Re:So basically ... (Score:3, Insightful)
E.g. you could make it impossible to execute files downloaded by your browser if you did it as root (or any other user you want to limit).
That means that in fact, the root user could be given less permissions when running their browser than an ordinary user running the same program.
The SELinux security
Re:So basically ... (Score:3, Insightful)
Re:So basically ... (Score:5, Insightful)
a) They can not do anything, and get blamed for not keeping up.
b) They can catch up, and get blamed for just doing stuff everyone else already does.
c) They can "innovate" ahead of the others, and really piss everyone off.
They're adding IDN support NOW??? (Score:5, Funny)
I was wondering when IE would be able to support the Unicode URL spoofing attacks! [slashdot.org]
Re:They're adding IDN support NOW??? (Score:2, Informative)
So no
Re:They're adding IDN support NOW??? (Score:3, Insightful)
Anyone heard if Firefox is going to implement a true solution? Turning it off is just not acceptable.
The only thing that turning it off does, is remove chances of spoofing a URL that has not international characters at the cost of increasing the spoofing risk of those that genuinely use international characters in their domain name (and YES those are needed. Not everybody speaks, nor wishes to speak, English).
The result of the current solution is that pages with genuine foreign characters show up as
Re:They're adding IDN support NOW??? (Score:3, Informative)
This is incorrect. We turned them off while working on a long-term fix, which is basically the same thing as Opera's.
WHAT?? (Score:3, Informative)
architect IS NOT [m-w.com] a verb!!
great laugh to start the day though.
Re:WHAT?? (Score:3, Funny)
Re:WHAT?? (Score:3, Funny)
architect IS NOT a verb!
It's a perfectly cromulent word.
Re:WHAT?? (Score:5, Funny)
It's customary to identify source, even in humour (Score:5, Informative)
Re:WHAT?? (Score:4, Insightful)
What's with the language curmudgeon? Words get verbed all the time. There's nothing wrong with it; it's been happening for at least as long as people have been speaking English.
Consider these nouns which got verbed (or perhaps they're verbs which got nouned?):
Walk, run, shop, sleep, look, smell, call, visit, drive, kill, drink....
Are all of these bad as well?
Appropriate for the largest audience (Score:5, Insightful)
Microsoft may be a bit slow to get there, but they'll get there in the end.
Re:Appropriate for the largest audience (Score:5, Insightful)
Regardless of who wins in the battle of open-closed ideologies, the ultimate winner shall be the consumer. Which is exactly how it should be.
Re:Appropriate for the largest audience (Score:5, Funny)
Just a second.
Greedy M$ is making another foolish move. Hopefully they'll be bankrupt soon. All corporations are inherently evil. Linux forever!
Was that better?
Will only work if ActiveX is disabled by default (Score:5, Interesting)
The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.
Re:Will only work if ActiveX is disabled by defaul (Score:2)
Re:Will only work if ActiveX is disabled by defaul (Score:2)
There's really two very different applications for IE -- the primary one is as an Internet Browser where it should simply be impossible to break out of the sandbox. The "Zones" tried to do this but were a massive technical failure. When you say "ActiveX is the problem", you really mean "Those stoopid broken Security Zones that let ActiveX rape the system are the problem".
The secondary applicaiton is as a local library that
Re:Will only work if ActiveX is disabled by defaul (Score:5, Insightful)
Re:Will only work if ActiveX is disabled by defaul (Score:3, Insightful)
But you have to realize there's always going to be some "sharing". Look at Firefox -- XUL, Java Applets, Flash or custom plugins -- all of these have been used to "break out" of the browser and infect the local machine. You could gimp your browser, but the real answer is probably some better form of OS access controls.
Re:Will only work if ActiveX is disabled by defaul (Score:5, Insightful)
Integration may be scary, but it isn't something you should intellectially shy away from. Convenience and security have always been at odds, and I don't see that changing any time soon. The balance beteween them isn't a zero-sum-game, however, and the solution, IMO, isn't to discard all notions of integrated solutions, even if they are less secure in the short term. We need to keep moving forward, not idolize some rose-colored past that never existed.
Re:Will only work if ActiveX is disabled by defaul (Score:3, Informative)
I am not trolling here, but exactly which mainstream sites (which I assume you meant by "Joe SixPack") rely on ActiveX? In my personal experience, the vast majority of websites I have visited now work perfectly fine in Firefox and Safari. It seems a lot of sites of moved to the slightly-less-annoying Flash-based interfaces if they want to do some things.
Porn si
Re:Will only work if ActiveX is disabled by defaul (Score:2)
Ewan
Re:Will only work if ActiveX is disabled by defaul (Score:2)
Assuming you use IE at all, go to Tools > Internet Options > Security, define a custom level for the Internet zone if you haven't already, and set all of the ActiveX settings to "prompt." You'd probably be surprised how many of the sites you visit on a day to day basis start throwing up dialogs asking whether or not it's okay to run this or that.
I'm not saying that the sites don't
Re:Appropriate for the largest audience (Score:5, Insightful)
Re:Appropriate for the largest audience (Score:5, Insightful)
Microsoft: Stop writing buggy software with "accidental" hooks that let you install device drivers from a god-damn active X control! THEN you won't need crutches like "Security levels".
I agree with the parent 100%: this won't be effective.
Re:Appropriate for the largest audience (Score:2)
yes, let's lower the security settings on my server so I can go read Yahoo! and check my email.
The only "browsing" you should be doing from the server is to Windows Updates. And you can usually skip that, since most of the really important patches and service packs aren't even listed there.
Re:Appropriate for the largest audience (Score:3, Insightful)
Microsoft is damned if they do... (Score:3, Insightful)
See, Microsoft started by creating "features" (like ActiveX on the web) that are horrible security ideas. Now they are trying to fix things. But they can't make it really secure (remove the feature), because too many web sites depend on it. So they have to try to fix the security without removing the features, and are coming
Re:Appropriate for the largest audience (Score:2, Informative)
Re:Appropriate for the largest audience (Score:2)
maybe better by not announcing.... (Score:2)
Then execute a "silent" release (ala Google style) as beta. There are enough MS zealots that would download, try and report bugs and problems. Then when they reach an acceptably low level of bugs they can make a public announcement with all the fanfare.
By making an announcement before the product is available, they take a bigger risk when the product doesn't live up to the hype.
just my $0.02
Re:Appropriate for the largest audience (Score:2, Funny)
I'm hoping you are talking about Chapter 11 here.
New Features? (Score:4, Insightful)
It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?
Why would people move back to IE even after the release of IE7? I'm guessing they won't and this is for those that won't or can't move from IE.
Re:New Features? (Score:2)
1/ MS will offer this as a 'critical' update.
2/ Sheeple will install it
3/ IE7 automagically becomes the new default browser
4/ Profit!! (sorry I couldn't resist)
Re:New Features? (Score:2)
Re:New Features? (Score:5, Insightful)
It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?
To be fair, Firefox has taken many (most?) of its features from other browsers as well.
Let MS copy what they want. If IE improves, so much the better. Firefox et al will have a reason to find new ways to improve and I'll have a better browser when I'm stuck on a Windows box at work/school/whatever.
Re:New Features? (Score:3, Informative)
Microsoft has largely been playing catchup throughout its entire existance. Before there was ever Windows, there was Apple's OS. Before there was IE, Netscape was king of the browser world. Spam Blocking and Security? Been around for a long time before Microsoft built it in to their products. Almost everywhere you look, Microsoft is trying to make up lost ground. Almost any inovation in computing has been "borrowe
Re:New Features? (Score:2, Redundant)
You're assuming that they ever had the ability to innovate there.
DOS was bought for them and given to them. Windows is because of Xerox PARC and because Jobs never believed Gates would decompile the Macs. IE was based on Mosaic and Netscape. The Office suite comes from any number of word processors, Lotus 1-2-3, and Harvard Graphics. SQL Server was based on Sybase (they had a joint venture for a while).
They ha
Re:New Features? (Score:2)
Not to troll, but has it ever lived? Try and list the things that have been "invented" in Redmond, and you'll find there are a lot less than you think.
Multiple search engines! (Score:5, Funny)
Or, if those two options don't suit you, you can use MSN!
One of these days... (Score:4, Insightful)
Re:One of these days... (Score:2)
One of these days, people will notice OSS.
Possible MS logic? (Score:5, Insightful)
Idiot #1: I want to install these smile-themes and weather app, but IE won't let me. It says that these "plug-ins" are unsafe and operate at a higher priviledge level. I don't know what that means BUT I WANT MY SMILES!
no no no (Score:5, Funny)
Re:Possible MS logic? (Score:2)
No wait, that was the wrong OS...
But seriously, even l337 hackers do these "I know better" mistakes now and then.
Nothing new, nothing specific to Microsoft.
Is it worth the switch? (Score:5, Insightful)
Lately, having switched to Firefox to avoid rampant security issues, I feel fairly comfortable with this browser. There are some things that I wish were better like better Googlebar and better plug-in handling, but am pretty happy with it.
So with IE7, what's the draw? What features will it have that will encourage me to jump ship again? The feature list doesn't impress me as much as the jump from Netscape 3 to IE 4 did. And security is not an issue with Firefox, so that's not a good enough reason.
I guess I'll just have to download the mandatory Critical Update and try out the browser for myself.
Re:Is it worth the switch? (Score:2)
The feature where Windows Update complains that you haven't updated to it yet, over and over and over and over...
Re:Is it worth the switch? (Score:2)
Re:Is it worth the switch? (Score:4, Insightful)
I don't believe that Microsoft are intending IE 7 to draw people from Firefox, but rather encourage users not to consider switching. Remember, they still have 90%+ of the market share so getting back those 10% isn't going to be a priority. However keeping the 90% is.
And security is not an issue with Firefox, so that's not a good enough reason.
Funny, I've been seeing rather a lot of security related alerts regarding Firefox recently. Granted it's not as wideopen as IE - but saying that security isn't an issue is a tad off the mark.
Re:Is it worth the switch? (Score:5, Insightful)
Nothing. In short, IE7 is there to 1) stop people from installing a 3rd party browser and 2) when you get a new machine with IE7 installed, be too lazy to install a 3rd party browser again.
It is quite simple really, let Firefox/Opera do all the R&D and find out what the "must-haves" are and what is fluff, then tag along. Having a Windows monopoly is the ultimate way to "unconvert" people. If people had to actively choose to install IE over other browsers, things would be different. But for each time, you have to actively do something NOT to use IE. From there it is all about laziness.
Kjella
Re:Is it worth the switch? (Score:3, Informative)
Interesting argument because it took Mozilla Firefox & Opera about 5 years to match the functionality of Internet Explorer 5.0. Things like CSS support and a solid DHTML implementation are "must-haves" and IE had them long before anyone else. (of course since then it's been surpassed).
If MS starts taking the development of IE seriously, they could easily lap the competition again. Starting a standards-fight with a monopoly i
Re:Is it worth the switch? (Score:2)
IE won't run on three of those machines (they're running Linux) so my experience is exactly the opposite of yours.
Re:Is it worth the switch? (Score:2)
I had firefox 1.0.x installed with some extensions in either/both of the browers extension dir or my profile. I uninstalled 1.0.x then installed 1.0.y (y > x), following which Firefox wouldn't start.
The same problem has afflicted thunderbird migrations for me as well before. The answer, unfortunately, is to remove the product and profile extension directories and reinstall. After reinstalling I've always been able to reacquire the problematic plugins from mozdev and use them witho
Interesting (Score:4, Interesting)
The other way that this will be fun is watching all of the *really* bad ISVs who assume that IE is a complete solution for their apps and will of course be able to alter the system config when they use it as a component.
And you thought SP2 broke things? *laughs evily*
All of this and more... (Score:2, Insightful)
This is the problem with Microsoft. They're capable of making a good product when they want to, but they throw their weight around and make it the only product on the market. After this, what incentive do they have to continue to make their product better or keep it up to date? IE hadn't changed forever and didn't look like it ever would until people started using Firefo
Slow ears (Score:5, Funny)
Hmm, let's see. (5 years-9 months) times the speed of sound... this means that Dell's headquarters are 46 million kilometers from Redmond.
Re:Slow ears (Score:2)
Re:Slow ears (Score:4, Funny)
I always knew that Redmond was on another planet...
Prolonged?! (Score:4, Insightful)
Yes, I admit it, I used to be an IE user...but now, I will never go back. For once when you see the great bird that showers fire and thunder at the masses, then you know that the forces of Mammon will never succeed at world domination.
about:mozilla
Re:Prolonged?! (Score:2)
Not that I'm in favor of supporting MS but saying that you will never go back to a particular vendor isn't exactly a reasonable statement to make. Always look for the appropriate tool for a job. Maybe you'll have a bias when evaluating the tools, but don't limit your research for an application.
IDN or IDNA (Score:3, Interesting)
I apologize in advance for my anti-Slashdot action of reading a little before commenting.
Re:IDN or IDNA (Score:2)
if it comes with flash and such too (Score:4, Insightful)
Of course, simply never allowing write-access to anything but
And it will default to.... (Score:2)
"and seamless search that will include choices of search providers"
And while 80 % of internet users have NO idea whatsoever how to change their settings, so it will stay as such forever.
IDN (Score:2)
the real problem with IDN (Score:3, Interesting)
until those who run the major domain registries can come up with sensible rules for IDN (which imo means no international stuff in
of course the regsitries don't care because all they care about is selling as many domains as possible which the current don't care policy promotes.
if i were running a dns server i'd be very very inclined to
Lower Rights For Everyone! (Score:4, Funny)
Not to interrupt your anti-MS rant, but... (Score:2)
And how does MS's opinion on any bill "lower the rights of gays and lesbians"?
If you'd spent any time on the MS Redmond campus you'd know it's one of the most gay-friendly work environments on the planet.
Google is getting ready to learn something (Score:2, Insightful)
to default to msn search and nobody is going to change it. If google was going be a leader and remain a leader it should have as I said all along been pushing firefox like a mad man. Instead they are about to learn the same lesson Netscape did the hard way. If the market share of the users have a msn search start page and I am a advertiser where am I going to spend my dollars.
I love google, it is going to be sad to see them go.
Ok... (Score:3, Interesting)
If MS is adding support for IDN, I'm really going to stick with Mozilla. Does anyone remember the IDN spoofing exploit from Firefox on February 7, 2005? http://secunia.com/multiple_browsers_idn_spoofing
Let's hope MS caps this hole before it happens. Unfortunately, MS has a reputation for adding bugs along with new features.
true for most processes in LH (Score:2)
Another user? (Score:2)
Enhanced Security mode or Restricted User mode? (Score:2, Insightful)
If they're thinking of running IE as a less-priv user, then that's closer to the mark. When people are tricked, an exploit is used, or they outright say, "install this, yes I agree to have you screw with me," then you better hope that app doesn't have rights to HKLM\Software\Microsoft\Run and C:\WINDOWS\SYSTEM32.
Of course if IE7 doe
Re:Enhanced Security mode or Restricted User mode? (Score:3, Informative)
Restricted tokens are a feature available in Windows 2000 and later that allows any user to create a new process with less privileges
But it will have tabs! (Score:2, Funny)
I can picture the yellow tooltip now.
ObMSBash (Score:2)
Thank you! I'm here all week.
odd (Score:2)
30%, Try 80% (Score:5, Informative)
80% [pcworld.com]
8 out of 10 [com.com]
88% [tomshardware.com]
Or, just search [google.com] it.
So, 5 years to admit to the problem as it was 3-ish years ago.
"International domains" crap returns (Score:2)
MS should ship Windows with Lower Rights (Score:3, Interesting)
"Integration" Rears its Ugly Head (Score:3, Insightful)
Remember how Microsoft said that Internet Explorer is a fundamental part of the operating system and cannot be removed? Well, this is what happens when you integrate the most security-vulnerable software on any OS (the browser) directly with the OS, then have everyone run as a full-privilege account by default.
See, what makes it so bad is that IE has such deep hooks into the OS that cracking into IE is effectively the same as getting a root shell. Now we've seen that Microsoft's insistence on forcing a web browser into the OS at any cost is having detrimental effects on security.
There are, of course, security exploits for lots of other browsers, but since IE has such tight integration with the rest of the OS, the stakes are much higher. Breaking into IE is to breaking into Firefox as breaking into a house is to breaking into a tool shed.
Search choice? (Score:5, Funny)
MSN.com
MSN.co.uk
MSN.co.fr
MSN.co.de
MSN.co.kr
MSN.co.ie
MSN.co.jp
and so on...
Re:Cool (Score:2, Insightful)
There is a patch for W2K users...(see link) (Score:2)
Re:And yet, no W2K support :-( (Score:2)
What is this "Internet Explorer" of which you speak? In all seriousness, my windows box has been fine running windows2000 and it's a shame they're putting it out to pasture. feh.
Re:Re-architected it? (Score:2, Funny)
Re:Re-architected it? (Score:2)
Re:Re-architected it? (Score:3, Informative)
Had to have been ;-)
Re:XP Only (Score:2)
It's related to, you know, like Windows 2000 going into extended support and not having ever benefited from the whole XPSP2 features thingies while it wasn't.