A First Look At Internet Explorer 8 RC1

bogaboga writes "TG Daily reports that Microsoft quietly released the first update to its IE8 beta 2 to its closest partners last week. This new version only scores a dismal 12/100 on the Acid 3 test, though the score improves significantly if one leaves the [browser] window open for at least a minute. It is marked as 'Release Candidate 1.'"

But does it fix the critical vulnerability?

[Van Cutter Romney]

Does it fix this [slashdot.org]?

Re:

[v1]

of course it fixes it. why do you think they put it in there to begin with? To get you to stampede to 8 to get away from it. It just got discovered a little earlier than anticipated...

Re:

[Paaskonijn]

FTF Link:

Update: 12/16 21:11 GMT by KD : Microsoft will issue an emergency critical update for IE tomorrow.

If it's fixed in IE 7, why wouldn't it be in IE 8?

Re:

[mixmatch]

Maybe because they are different branches of development? I don't think it is uncommon for software developers to have to backport security fixes to non-development versions of their software.

Re:But does it fix the critical vulnerability?

[Atti K.]

Oh yeah. IE lets you browse the internet, and vice versa.

Re:But does it fix the critical vulnerability?

[BasharTeg]

Actually it does mitigate that vulnerability. Internet Explorer 7 and 8 both have the ability to enable DEP/NX heap protection. Unfortunately, due to certain extensions like Adobe Flash being written like shi... written in such a way that they weren't compatible with DEP/NX (I won't even get into them dodging protected mode, just see: http://keznews.com/4244_Vista_hacked_on_3rd_day_thru_Adobe_Flash__Linux_Undefeated_ [keznews.com]), but anyway, because of extensions like Flash and Java which weren't compatible with DEP/NX, Microsoft was unable to enable by default the DEP/NX protection in Internet Explorer 7 at release. However, you can enable it now since most plugins have been modified to work with DEP/NX.

To enable this protection in IE7 right now, go to Tools, Internet Options, Advanced, and check the check box next to "Enable memory protection to help mitigate online attacks". If you're running IE8 beta 2, you should notice that this check box is checked by default. This change should mitigate a significant number of future remote attacks against Internet Explorer 8.

If you check the advisory, one of the work arounds is enabling the DEP/NX protection in IE7.

Re:

[LingNoi]

Just the other day I was modded troll [slashdot.org] for saying Microsoft doesn't keep to standards in the new IE and invent their own standards.

Looks like I win Micro-mods. Pathetic that you need to mod down the truth.

Why It Takes an Extra Minute

[eldavojohn]

This new version only scores a dismal 12/100 on the Acid 3 test, though the score improves significantly if one leaves the [browser] window open for at least a minute.

It's true, it improves to 100/100! The reason you need to leave the browser open for at least a minute is because that's how long it takes to download this extension [opera.com], install it, run the extension and put the acid 3 URL into the extension's address bar.

I recommend anyone who loves IE to do this!

Re:

[docgiggles]

Does anybody really love IE anymore. There are so many more secure open source browsers that using the Microsoft utility that came with the computer seems like it cannot possibly be the best choice

Re:

[plague3106]

i never liked IE in the past, but 7 was ok, and I find myself actually liking IE 8. I've never looked at the source code to Firefox, so I could care less about my browser being open source. As far as security holes go... well I have vista with UAC enabled, so I'm not too worried. All browsers have security holes.

Re:

[aztracker1]

I liked IE4/5 compared to NN at that time. I've been less inclined to like IE since around Firebird/fox 0.6 or so, when I switched. It's the plugins that sway me to FF over Opera. IE7/8 isn't so bad, but still has some quirks to it. IE6 in today's web world is an abomination that must die. If people are using older windows, Opera 9 is a far better option. For people on at least Win2k/XP they have very little excuse for the older IE.

At this point it's nowhere near a fav. but the IE8 version is a vas

Re:

[gnick]

IE8 version is a vast improvement, even if passing ACID3 wasn't as high of a priority.

Well-phrased. I'm a FF user, but stray to IE occasionally depending on what I'm doing. I have Opera & Chrome installed too, but I have run them very few times since install.

For me, like (I suspect) the vast majority of web users, a good report card on ACID3 isn't a big selling point. The question is, "Will the pages I use the most render quickly and look nice?" NOT "Is the browser standards-compliant and will it make web development easy for people that I never see or care about?" For right or wron

Re:

[Eskarel]

Acid 3 is not a web-standards test because the "standards"(html 5, css 3) that it tests are not yet standard.

If Microsoft sits on IE and doesn't continue to upgrade it then IE 8 failing ACID 3 is a problem, but as to the best of my knowledge neither of the proposed specifications has been ratified yet and very little of it is actually going to make it into web pages in the next year or so it's not that big a deal.

Passing ACID 2 is a big deal, passing ACID 3 is only a big deal if IE 9 doesn't do it.

Opera and

Re:Why It Takes an Extra Minute

[FriendOfBagu]

So if I blow of a college exam and only get 12% because I don't care, I didn't fail it?

Sure, if you didn't sign up for the course in the first place.

Re:

[gnick]

Exactly. Do you have any idea how many college exams I blow off every year? I haven't taken a course in nearly 7 years, so I typically blow off all of them.

Does that imply that I failed hundreds and hundreds of times?

You're [sic] logic is amazing.

Re:Why It Takes an Extra Minute

[Kalriath]

However, it passes ACID 2 with flying colours.

If I were a conspiracy theorist, I might find something interesting about a new ACID test which IE fails miserably the instant Microsoft releases a browser which passes the old one.

Re:

[darkpixel2k]

well I have vista with UAC enabled, so I'm not too worried. All browsers have security holes.

Yeah--Just like every car has it's problems, that why I choose to drive a Yugo. I mean--why go with a quality car that has fewer problems, when you could get a POS Yugo? All cars break eventually, so why not get one that will break within 5 minutes of owning it?

Even better, get one with no door locks, or even doors themselves--because all cars have security weaknesses...

Re:

[Amouth]

i just go with the best of both worlds.. i own a volvo and an MG.. one is basicly maintence free for 120k miles.. the other required me to bring my tools to get it running so i could drive it home (well half way.. the other half i used a tow truck)

Re:

[not already in use]

I wouldn't expect slashdot to look at this objectively, but the GP is correct. The only reason exploits are such a big deal with IE is because of the sheer size of the installed base.

No hacker worth his salt is going to go looking for exploits in a browser with 10% market share. Also contributing to the viability of IE exploits is the fact that if you're running IE, you're running Windows so you know the target OS.

It's not defective by design, it's defective by popular demand. This is hardly Microso

Re:Why It Takes an Extra Minute

[sexconker]

You COULDN'T care less.
You could not care any less, because you absolutely do not care.

If you COULD care less, then you care some non-minimal amount.

Re:Why It Takes an Extra Minute

[mrdoogee]

It's a whole nuther thing here if you could care less. It makes me nauseous at how this nukeular power supposably is illiterate for all intensive purposes. I hate it, irregardless.

__________
__________
Now my head hurts.

Re:

[Mister Whirly]

As long as the page I want to see loads in my browser, no I don't. I don't do any web developing or anything related, so why should I care? Oh wait, then I would have yet another reason to bash Microsoft on Slashdot. Ok, I care a lot now!

I also don't know all the inner workings of a combustible engine, yet I still manage to get where I am going in my car. Amazing isn't it?

Re:

[AmberBlackCat]

It's not that anybody loves Internet Explorer. It's just that nobody outside of geekdom loves any browser at all. Arguing over browser popularity is like arguing over gas station popularity. Most people don't care, and don't see any real difference. They're just going to the first one they see.

Re:Why It Takes an Extra Minute

[causality]

It's not that anybody loves Internet Explorer. It's just that nobody outside of geekdom loves any browser at all. Arguing over browser popularity is like arguing over gas station popularity.

Sometimes I think that the only real definition of "geekdom" is "a solid understanding of cause and effect".

Most people don't care, and don't see any real difference. They're just going to the first one they see.

That's why when they get a compromised system or otherwise suffer, I don't see them as victims even though I'd rather they not get compromised and I'd rather they not suffer.

They are making a trade-off and are taking a risk of experiencing security flaws for the sake of convenience as the browser is already installed and knowledge of its quality and security history is not needed to use it. They have set their priorities and made their choices and now they experience the results. Really, what rational person (technical or non-technical) expects to have good results when operating an extremely complex machine that they don't understand? Is there anywhere else in life where you can take the very first option to come along without ever looking at your other options and then consider yourself to have made a good choice? That the average person can routinely use a computer this way and have everything work out as well as it does is amazing, but rather than appreciate this we instead scratch our heads and wonder why certain problems (like botnets) just aren't going away.

Maybe this makes me unusual, but I am happy with both Linux and FireFox even if both of them never become anything like mainstream. They are actively developed and have enough of a userbase to ensure this for some time to come, they do what I need them to do, and they run the way I want them to run. I can't say with any certainty that I'd derive any direct benefit from the sort of ubiquity that Windows and IE currently enjoy and I see a certain risk of stagnation if that ever did happen.

Re:

[hAckz0r]

Gee, and I though 'the delay' was due to all the malware BHO's fighting over who gets to control your system 'this time'. Ultimately the BHO who gets control of the OS first is likely to win. Once they all stop thrashing each other for the top spot in the chain then the html rendering engine finally gets a chance to receive some precious cpu resources.

And for any IE die-hards out there, the best remedy to keeping your system safe is to make the "Windows Update" site your home page. That extra minute is

Re:Why It Takes an Extra Minute

[giafly]

No! One minute is just enough time for your computer to get zombie'd, which improves the average code quality.

IE needs a new slogan...

[Anonymous Coward]

How about:

Internet Explorer: Holding the Web Back Since 2001!

Re:IE needs a new slogan...

[v1]

I prefer the older standby - empowering 0wners since 2001

Re:

[darkpixel2k]

How about:

Internet Explorer: Holding the Web Back Since 2001!

*tap tap*
(sounds of hard disk seeking like crazy)
(IE 8 splash screen appears)
Wow. This is a nice preview of IE 8.
It looks nice and flashy--sorta reminds me of Vista. Let's go look at a web site.
*click, clickity, tap, tap, click*
rooted [slashdot.org]

Re:

[6Yankee]

Sure, Firefox can "take back the Web", but only the might of IE can *hold* it back...

Re:

[PinkyDead]

How about:

Internet Explorer: Everything will be fine if you just wait a minute!

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Ethanol-fueled]

It'll be IE X, not IE 10. Get with the times, man.

Re:

[Gilmoure]

iX?

Re:IE 10

[ianare]

That would be IE 9

Re:

[owlnation]

iX?

More likely... "eX"

Re:

[sexconker]

Xplorer

Re:IE 10

[AKAImBatman]

By the time IE 10 comes out, it will look like what Netscape 2.0 looks like to today's market. Even today, users hanging on to IE are reminiscent of the die hard users of Netscape 4. Netscape 4 was awful in comparison to IE5, but since it was the only viable alternative to IE, it hung around for quite a while. Life got a lot better when the Internet purged NS4, and it will get a lot better when it purges Internet Explorer.

The only difference between the Netscape 4 debacle and Internet Explorer is that Netscape didn't have the resources to develop a better browser. They ended up needing to spin off browser development, thus resulting in Firefox in the long term. Microsoft has no such constraints. They have nearly everything they need to make IE a better browser, but they don't want to give up their stranglehold on the web.

Well too damn bad. It's only a matter of time before IE loses its majority market share. The more the IE percentages drop, the faster the uptake of alternative browsers.

Re:

[encoderer]

The only difference between the Netscape 4 debacle and Internet Explorer is that Netscape didn't have the resources to develop a better browser.

A little revisionism there. Netscape did have the resources to develop a better browser. That browser could've been NS5 and it could've changed the course of browsers to this very day.

So much hay about MS killing NS. They certainly hurt them, but NS killed NS.

Instead of incrementally improving NS with a release-early, release-often strategy, they decided to complete

Re:

[Bert64]

The netscape codebase was old and crufty, they open sourced it and people pretty much decided to abandon it and start again...
I would imagine the ie codebase is in a similarly crufty state.

Re:

[encoderer]

Of course it was. Show me any mature product that isn't.

But i cannot imagine any circumstances where the best strategy is to scrap and replace everything.

This isn't about purity of codebase, which is what the OSS adopters you mentioned concerned themselves with.

This is about a commerical software company who chose to cease shipping their flagship product while they redeveloped it.

If they had to do it, they should've maintained and upgraded the NS4 base with 4.x releases while the new product was in developm

Re:

[sexconker]

"But i cannot imagine any circumstances where the best strategy is to scrap and replace everything."

How about when a house burns down?

Seriously?

[DarrenBaker]

Surely you can't be serious - It scores higher if you leave the browser window open for a minute?

What is it, an Oldsmobile?

Re:Seriously?

[IceCreamGuy]

Holy crap I miss my 1990 Oldsmobile Cutlass Supreme. Thanks for bringing that up. :'-(

Re:

[EIHoppe]

I've heard of car engines running on diesel, but browsers?!

Now I really have seen everything...

~EI

Re:

[Anonymous Coward]

There is a timed component to the ACID test. Some of the tests can take a while to run, so they have a limit set if you want to pass validation. Something IE can do apparently takes a while.

Re:

[sir_eccles]

It's like high end Hi-Fi equipment you have to let the browser window burn in before you can get that richer and warmer internet experience. I always leave my browser to burn in overnight the first time I install it and find pages load quicker when I use oxygen free unidirectional tubes.

Re:

[denttford]

Don't you know? It takes a minute for the tubes to warm up...

Re:Seriously?

[jbeaupre]

You must not be in marketing. That's "A 75% performance improvement over time."

Re:

[j79zlr]

I just spent 5 minutes trying to read your sig and still haven't done so successfully. I guess my boss is right, those lunch beers are affecting my productivity. Damn.

Some people STILL think they should use IE

[theaveng]

Like this guy: http://www.highdefforum.com/768120-post19.html [highdefforum.com]

I don't know how someone can say "IE is not any more vulnerable" with a straight face. And it only scored 12/100 on compatibility tests? RUN from IE.

Re:Some people STILL think they should use IE

[gzipped_tar]

The best (worst) argument for IE I've ever heard was "to save disk space".

Re:

[aliquis]

It's obvious he didn't knew shit, what is it what works better in IE? His borked websites?

Speaking of bork, what's your signature all about? Fastest in what way? From your location?

Re:

[electrictroy]

Okay.

Well I used to think like you, no problems with IE, but what changed my mind was when my homepage kept randomly changing to various sites. Then I started getting weird images on my desktop. That's when I realized that IE is basically a giant hole for hackers.

Damn, did I really not know?

[IceCreamGuy]

Is a release candidate still considered a beta? I was always under the impression that release candidates were past the "beta" moniker and were part of the next phase of deployment. But I'm an admin, not a programmer, and really have no clue when it comes to that kind of stuff.
Coincidentally, I just watched Blade Runner on my Sony Superbeta hi-fi, still looks fantastic after all these years. Suck it, Blu-ray.

Re:Damn, did I really not know?

[will_die]

In Microsoft speak a RC is a feature complete product, parts are still buggy but the capabilities are in, they still reservice the right to add features but will not remove them.
Now that is not to say that things still will not change for instance with the release of parts of Office 2007 some products would work in the RC phase on Windows 2000 but come release they stopped working. However at that phase you can usally start developing for the new product and it will work on the release with at most minor changes.

Re:Damn, did I really not know?

[lloydchristmas759]

In Microsoft speak a RC is a feature complete product, parts are still buggy but the capabilities are in, they still reservice the right to add features but will not remove them.

Really? I thought that was the definition of "service pack 8".

Re:

[poetmatt]

Whoever labeled lloyd troll obviously is a Microsoftie.

I'd be surprised if Microsoft ever decided to release a well tested and thoroughly prepared release. It seems to not be a priority to them at all.

Re:

[IceCreamGuy]

I think it's pretty difficult to argue that Windows Server 2008 was not well tested and thoroughly prepared. Can you name something that was seriously wrong with that release? In my opinion (keep in mind I run Ubuntu Server LTS for most of my new deployments), Server 2008 is a truly fantastic OS; it's rock solid, got great features, has full-fledged CLI, and is polished out of the box. Even the licensing is now easy. Or how about Office 2007? Aside from the initial shock at the UI change, it went very well

Re:

[poetmatt]

Well, it was better done than many of their other products but if you are running it I'm sure you know that HyperV was their big selling point and barely works. So, kinda same thing there.
Office 2007 still has an excess of problems, and visual studio is probably the one product people are happy with.

I'm not denying that I did make an excess of a blanket statement (I agree, I did) and on rare occasions they release things well tested, but it doesn't seem to be exactly consistent.

Re:

[sik0fewl]

In Microsoft speak a RC is a feature complete product, parts are still buggy but the capabilities are in, they still reservice the right to add features but will not remove them.

Ohhh... so it's a beta!

Re:

[WhatAmIDoingHere]

Just like a pre-beta isn't an alpha anymore?

I'm afraid of Windows 7 if it's supposed to come out in about 6 months and we haven't even seen a beta yet...

Re:

[sexconker]

Who says it's coming in 6 months?
The same people who were talking about MinWin?

Offtopic, but it needs to be said:

MinWin was (recently) mentioned by one guy during a demo of some virtualization stuff. He was running Windows 1.0 and such. He was clearly a very intelligent employee, and while he said they've been working on MinWin, he ALSO said that it's just the COMMON CORE of future Windows releases.

From Shitipedia:

In October 2007, Eric Traut, a developer at Microsoft, demonstrated a self-contained MinWin

Re:

[WhatAmIDoingHere]

No, by Microsoft PR when they said "Windows 7 will be out during the first half of 2009."

Re:

[nine-times]

Yeah, you'd think that a "release candidate" meant that it was a candidate for the "release" version if no huge problems popped up. That was what the term was invented to mean, AFAIK.

But people abuse these terms pretty heavily, and you have to know how each developer is using them. It seems like Microsoft considers "release candidate" to mean "late beta". They never have any intention of releasing RC1, and they usually have a roadmap includes multiple "release candidates" be released for testing purpose

Re:

[sukotto]

If only you had the even more advanced Sony SuperReleaseCandidate :-D

Re:

[aliquis]

When it comes to Google several betas actually come after the RC :D

Could have fooled me

[JoeCommodore]

I actually saw an IE8 ad earlier this week on-line (geared for enterprise computing firms) I thought it was final and out already.

Yep, MS even has a slick site already up for it:
http://www.microsoft.com/windows/Internet-explorer/beta/default.aspx [microsoft.com]

IE

[ionix5891]

is like a bad smell that wont go away

Good

[spinkham]

As someone who does both web security and some web design, I couldn't be happier.
Yes, IE 8 still sucks, but it sucks less then IE 7, which sucks less then IE 6.
IE 8 has some decent rendering improvements, a built in XSS filter, and lots of other changes.
In standards compliance it still sucks versus all the compition, but as long as it helps kill off IE 6, I'm happy.

Re:

[Kokuyo]

Just don't add a usability POV to that mix. IE7 and 8 give me nightmares.

Re:Good

[Leafheart]

In standards compliance it still sucks versus all the compition, but as long as it helps kill off IE 6, I'm happy.

As someone doing web design for a living for the past 10 years I can tell you that I'm really not happy. At all. I put standards compliance much higher than any gimmick like XSS. If firefox still had all the Extensions (which is hard to live without) but was not standards compliant, I would hate it, a lot.

Another IE that is not standards compliant, means or a new set of rules I cannot use on my code, or another set of hacks (already ahve one for 5, 5.5, 6 and 7

Re:

[Blakey Rat]

Standards compliance is a non-feature. Give end-users a list of browser features, ask them to rank them, and I can guarantee standards compliance will come in last. The ONLY people who care are web developers, because it makes their job slightly easier. Cry me a river. (And web developers have to QA their page anyway.) Microsoft's time is much better spent on features users actually care about.

Demanding that browser makers drop everything and work only on standards compliance is like telling Toyota they sho

Re:

[Grey_14]

Here's a challenge for Slashdot: explain to me how standards compliance benefits the end-user of the browser.

Standards compliance allows web developers to spend less time in QA and more time developing new features in THEIR applications. So rather than Microsoft developing one or two new features per year in their browser, Every web developer on the planet can develop one or two new features for their site per year. (Those numbers are obviously terrible and asspulled, but you get my meaning I'm sure).

It's similar to being able to write in higher level languages, (Java, Python) over lower level (C, Assembly). Once

Re:

[nine-times]

I agree completely. It's been a while since I've done any significant web design (Safari was still new the last time I designed a web page), but IE's rendering was the most painful part of the job. I was never that great at web design (it was never my primary job), but the process was always:

1. Come up with a design
2. Figure out how to code it according to how HTML/CSS works
3. Write the markup according to the standards
4. Now it probably works fine in Firefox, Opera, Safari, Konqueror, and pretty much every web

Re:

[poetmatt]

XSS affects 50% of the websites geared for IE. Not 50% of all websites. Significant difference there.

I agree with the rest though, IE6 is bad and IE7 is worse, so hopefully IE8 won't be too broken. From everything I have seen so far unfortunately, it will be. I seem to recall some controversy with IE8 a few months back too, something about putting it on an XP service pack or something.

Re:Good

[spinkham]

Actually, ~50 % of websites tested in the past year by WhiteHat Security. It's the best metric we currently have for security flaws, as WhiteHat has many customers across quite a few industries, and they are all automatically retested over time. It has little to do with the browser targeted, and everything to do with the web frameworks used, the knowledge of the programmers, and the testing or lack thereof most websites get before deployment.

If you check xssed.com [xssed.com] you'll see that near 100% of websites have had XSS vulnerabilities in the past.

Re:

[Qzukk]

XSS affects 50% of the websites geared for IE

XSS has nothing to do with the browser unless the hacker is an idiot and uses vbscript instead of javascript. Misconfigured bulletin boards, search boxes that print out whatever you searched for without escaping entities, and scripts that use redirects to move from page to page with messages in the URL are probably the top causes.

Re:Good

[Rearden82]

IE6 is still very popular despite the fact that 7 came out over two years ago. If users haven't upgraded by now, I see no reason why they would when 8 is released.

I'm sure IE8 will be broken in slightly different ways from 6 and 7. So all this really means is we will have to implement hacks for three different versions of a shitty, non-standards-compliant browser for the foreseeable future, instead of two.

Re:Good

[spinkham]

IE8 gives a number of mechanisms for either you or Microsoft to request the legacy IE7 renderer for your website. <meta http-equiv="X-UA-Compatible" content="IE=7"> is all it takes to not have to add IE 8 specific version of your website.

Re:

[Amazing Quantum Man]

If you're on Win2K (and many users will only drop it when someone pries it out of their cold dead hands), you *can't* use IE7 or later.

Re:

[foniksonik]

I won't be happy until they retire IE6 and somehow all the corporations out there upgrade their standard browser to at least IE7.

IE6 is the bane of my existence as a web developer and yet one of my biggest clients uses it by default as their corporate standard, so I have no choice but to develop for it.

Re:

[Tatsh]

Problem: IE >= 7 is for XP and Vista only. There are still a bunch of users out there using IE 5.5 (or worse yet 4 or 3) because they do not want/know how to update. Maybe they are on dial-up and updating is too slow (although I would update on dial-up). Then there are the IE 6 users on Windows 2000. That is the highest they can go, and for a lot of these computers, it makes no sense to upgrade to XP.

When I develop a page, I develop a whole different sheet (that tries its best to look like the original f

Re:

[spinkham]

Problem: IE >= 7 is for XP and Vista only. There are still a bunch of users out there using IE 5.5 (or worse yet 4 or 3) because they do not want/know how to update.

Where "bunch" is less then 0.1% for all versions lower then 6 combined. IE versions less then 6 are dead, dead, dead, and no one should feel like they need to care about them.
In my experience, the IE 6 problem is caused more by corporate users who have some IE 6 only internal app that keeps them from upgrading their browser. My day job is security testing websites, so I have to keep a copy of IE 6 around also. There are a few people using win2k or earlier out there, but they are by far the minority(est

Re:

[Ed Avis]

If users haven't got the sense to move from IE to Firefox or Chrome, what makes you think that they will upgrade from IE6 or IE7 to IE8? It'll be quite some time before Microsoft pushes out the IE8 update automatically.

Re:

[Chaos Incarnate]

Or is still running Windows 2000.

Even simple HTML can crash IE8

[VJTod]

This simple HTML still crashes Beta2.  It will probably still crash the RTM.  This was a trick I found back in 2002.  I had reported it somewhere, but obviously nowhere important.

<table>
<tr>
<td><div style="width:100%;height:100%"/></td>
<td>
<div>
<span style="height:100%;width:50%">></td>
<span style="height:100%;width:50%">></td>
</div>
</td>
<td><div style="width:100%;height:100%"/></td>
</tr>
</table>

Re:

[guruevi]

Simple question: wouldn't the reason for the crash (whether it is accessing memory out of boundaries or doing an illegal instruction), allow for a potential exploit.

Re:Even simple HTML can crash IE8

[TeXMaster]

Poorly written HTML should NOT crash a browser.

Re:Even simple HTML can crash IE8

[Fastolfe]

Nothing should crash anything.

Re:Even simple HTML can crash IE8

[twistah]

This is a highly ignorant comment. A browser should never crash due to poorly written HTML, or due to anything. From the security angle, this is at least a DoS, but likely something more. Take a look at the IE7 0-day which is affecting millions of users. It is not a buffer overflow; it's a simple crash. However, because of JavaScript, one is able to manipulate ("spray") the heap enough to a point where even a simple crash can be used for code execution. ANY crash in a browser should be taken seriously.

Not following standards costs us

[MazzThePianoman]

As a web designer it really pisses me off to see Microsoft continuing to write their own standards and not follow the conventions set forth so that web pages could look the same across browsers. Passing the acid test should be mandatory and doing so would likely save millions if not billions in lost productivity time between broken websites and the extra hours of work web designers have to put in to work around IE's bugs.

Re:Not following standards costs us

[jc364]

Actually, IE 8 passes the Acid 2 test (yes, they are last, but its an improvement). Not to mention that Microsoft contributed 2524 test cases [gotdotnet.com] to the CSS 2.1 test suite. I'm a web developer, and I know the horrors of developing for multiple browsers (especially IE), but I have to give Microsoft some credit for their interest in standards in this coming IE version.

Also, the acid tests are just one indicator of how well a browser does standards. To make it the defining standards test would not be completely fair. More info on that here [webstandards.org].

The real patch...

[Tatsh]

...should be a drastic change to Windows, removing Internet Explorer, all Windows dependencies on it; minimalising the DLLs needed for old dumb applications that used IE's rendering engine, and installing a new browser out of a few, namely: Firefox, Opera, Safari, and others that are free and web-standards compliant.

IANA Coding Guru, but....

[penguin_dance]

Being that M$ tied their browser to their OS to avoid a court judgment of having an illegal monopoly the main reason they're in this pickle in the first place? You can't nimbly fix bugs or create features if what you do on that level ends up crashing your OS on another level.

Seems to me they've screwed themselves in the long run. They avoided having to removed Internet Explorer from Windows, but now their browser sucks on ice, is bloated, slow and filled with bugs that affect the OS. All of this could have been avoided (not to mention the continued $ hemorrhage of having to pay programmers to work on this) had they just concentrated on a decent OS and let others create the browsers. Instead they have (and still) pig-headedly insist on taking over or competing with every bit of software that touches their computers.

 

Re:

[Shados]

IE7 isn't tied to the OS anymore. Heck, in Vista its not even used for updates or anything of the sort anymore. The catch is the rendering engine IS used by a lot of third parties. A lot of things that "render" something, let say reports, even if they don't look like HTML, often use the IE rendering engine. They're still breaking compatibility with IE8 and redoing it from scratch... its just not something that happens overnight.

12/100?

[Masami Eiri]

IE6.5 gets a 12/100 on the Acid3 test if you let it sit for a few moments. No, seriously. I wish I was kidding.

Why not rename it?

[Sloppy]

One of the reasons I've heard for MS is not fixing all their rendering bugs, is that there are so many web pages out there that already work around the bugs, with user-agent sniffing. i.e. If the user-agent contains "MSIE", then use a different stylesheet, or embed a style attribute in the HTML to override the stylesheet.

But couldn't they fix the bugs if they just changed the user-agent string to not include "MSIE?" Internet Explorer is already a brand name with so much infamy and negative goodwill anyway, that renaming the product makes sense even if they don't fix any of the bugs. But if they do that, then they could fix the bugs too, without triggering all the world's websites' MSIE workarounds.

Still Beta

[Alvare]

Isn't IE 7 still Beta?

--
#!/bin/python

IE8 doesn't need that much more to be useful

[Tumbleweed]

Add some common stuff from CSS2 and 3 and I'd be relatively happy with it:

border-radius
multiple background images
border images
good opacity support (on a par with FF, so I can specify background opacity and not force the same opacity on child objects).
CSS3 columns

There are some selector issues people want that would be great, too.

At the least, turn on some things that would allow js/css libraries to overcome the shortcomings they KNOW they're gonna leave in there. At least make a way for others to work around the limitations.

But, all those things would be *useful* and good for developers, so we know what's gonna happen, don't we?