Slashdot Mirror
'Lower Rights' IE 7.0 Coming
blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."
...just some of the key features of Firefox and Safari?
Butthead Vendor
Reads - Mozilla Firefox
...all that and it still won't work on 2K. Impressive!
I was wondering when IE would be able to support the Unicode URL spoofing attacks!
I'm a leaf on the wind. Watch how I soar.
"We've re-architected it to defend against exploits," Mangione said
architect IS NOT a verb!!
great laugh to start the day though.
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
Microsoft may be a bit slow to get there, but they'll get there in the end.
We can still turn of reduced privelaged mode though, right?
So what will Microsoft be offering in IE7 that is new, and not just a take on Mozilla/Firefox/Opera?
It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?
Why would people move back to IE even after the release of IE7? I'm guessing they won't and this is for those that won't or can't move from IE.
You can use msn! Or, maybe you'd prefer msn!
Or, if those two options don't suit you, you can use MSN!
Mod me down with all of your hatred and your journey towards the dark side will be complete!
People will notice that all of MS's "New Features" have been in OSS for years.
In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN
Huh ? Didn't we have a story not a long time ago about IDN being a target for phishing ?
I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
Hmm let me guess, this 'less-priviledged' IE "user" will be unable to install 3d party apps & addons (let's call them "plug-ins").
...... you guys know the rest of the story.
Idiot #1: I want to install these smile-themes and weather app, but IE won't let me. It says that these "plug-ins" are unsafe and operate at a higher priviledge level. I don't know what that means BUT I WANT MY SMILES!
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
I remember about 6 or 7 years ago when I was switching from Netscape 3 to IE 4 that there was a huge argument over whether Netscape 4 or IE 4 was the better product. The step up from versions 3 was significant.
Lately, having switched to Firefox to avoid rampant security issues, I feel fairly comfortable with this browser. There are some things that I wish were better like better Googlebar and better plug-in handling, but am pretty happy with it.
So with IE7, what's the draw? What features will it have that will encourage me to jump ship again? The feature list doesn't impress me as much as the jump from Netscape 3 to IE 4 did. And security is not an issue with Firefox, so that's not a good enough reason.
I guess I'll just have to download the mandatory Critical Update and try out the browser for myself.
I used IE for a long time - I'm glad they are starting actually develop it again - and put in features that people actually use - not like that media button in the tool bar
The other way that this will be fun is watching all of the *really* bad ISVs who assume that IE is a complete solution for their apps and will of course be able to alter the system config when they use it as a component.
And you thought SP2 broke things? *laughs evily*
"To any truly impartial person, it would be obvious that I am right."
I wonder if they will include Google...
This is the problem with Microsoft. They're capable of making a good product when they want to, but they throw their weight around and make it the only product on the market. After this, what incentive do they have to continue to make their product better or keep it up to date? IE hadn't changed forever and didn't look like it ever would until people started using Firefox.
I don't mind MS trying to make a product for every single aspect of the computer world (and occasionally beyond) but when they use their huge bank account and the huge Windows customer base to become monopolistic and the only product out there, it really hurts the consumers more than anyone else in the end.
From TFA: "Nine months ago, we started hearing from partners like Dell that spyware was a major issue."
Hmm, let's see. (5 years-9 months) times the speed of sound... this means that Dell's headquarters are 46 million kilometers from Redmond.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
I wonder if now that IE 7 has lower rights version, will they be able to remove it from the OS?
Too little, too late, perhaps? Why has it taken Microsoft over 5 years (and counting) to release an upgraded version of IE? Oh well, I want to thank Microsoft, because the only browser I used on my WinXP boxes was IE...then FireFox came out.
Yes, I admit it, I used to be an IE user...but now, I will never go back. For once when you see the great bird that showers fire and thunder at the masses, then you know that the forces of Mammon will never succeed at world domination.
about:mozilla
IGB: More fun than eating oatmeal!
All these new security features, and Oh, lets not bother to support our "old" W2K users...
So why bother at all?
After checking information on IDN, I noticed that there are two variations of international domain names. Anyone know whether Microsoft will actually be using IDN or Internationalizing Domain Names in Applications (IDNA)?
:)
I apologize in advance for my anti-Slashdot action of reading a little before commenting.
Hopefully this will be copied (a la the yellow information strip) into Firefox pretty soon. I'm fed up of printing a page only to find that the rightmost 20% is missing.
Avantslash - View Slashdot cleanly on your mobile phone.
when you type in "google" Clippy pops up and asks you "It looks like you want to do a search, we will take you to a far superior search engine" and will redirect you
If IE came pre-loaded with the most popular plugins (Flash, Quicktime), so that the majority of people would have no reason to ever turn off the reduced privledge mode, as opposed to turning it off several times soon after they have gotten their initial installation, it may work. If people are immediately conditioned that turning off reduced privledge mode is something that you need to do in order to get your browser to work right, then this will do nothing.
/cookies-and-bookmarks on a kernel-level might help too
Of course, simply never allowing write-access to anything but
-- 'The' Lord and Master Bitman On High, Master Of All
MSN , of course as in the ,
"and seamless search that will include choices of search providers"
And while 80 % of internet users have NO idea whatsoever how to change their settings, so it will stay as such forever.
If Microsoft Windows shipped with this configuration for IE from the beginning, then it wouldn't have been such a nuisance to so many people as it is today. Most of the people that this has caused problems to are the average under-educated people that expect to view websites only. Why would all the browser features be active, including the dreadfull ActiveX related automatic font and related download vulnerabilities? It was a web-browser. I've already been hearing advertisements over local radio on FireFox and Mozilla use over IE use.
IE is in shambles. IE is the only Microsoft application adhered the underlying operating system that has not been rewritten like the Operating System itself. It should be heaped with the next-door developers where Microsoft~2 Works and Offices its tasks. Alternatives to IE are already the GNU crack that people wanted to use.
without prejudice
The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
"We've re-architected it to defend against exploits"
Ok, I'm not an English major, but there had to of been a better way of stating this.
Hope they do IDN right, otherwise it will make phishing and spoofing easier.
[Insert pithy quote here]
"We've had 17 million downloads, and it's been great, from a consumer point of view. It's the number one download among all our products," Mangione said.
So something finally beat the Windows 2000 torrent?
Recently, Microsoft already lowered the rights of gays and lesbians by dropping support for a major state anti-discrimination bill. Based on that wildly popular success (with right wingers at least) we'll be dropping the rights for everyone in the next release of Internet Explorer; trust us, we know what's good for you. And for those anxious about what the future holds, worry no more; coming with Longhorn, we'll offer new digital rights management features. Just remember, all your rights are belong to us.
Yes lets make it "more secure" by removing all functionality, and having 500 prompts coming up just to run a flash enabled site.....good job Microsoft, kudos on the tabbed browsing (original idea)....Cant Wait for this new browser :o)
You know damn well the default start page is going
to default to msn search and nobody is going to change it. If google was going be a leader and remain a leader it should have as I said all along been pushing firefox like a mad man. Instead they are about to learn the same lesson Netscape did the hard way. If the market share of the users have a msn search start page and I am a advertiser where am I going to spend my dollars.
I love google, it is going to be sad to see them go.
Got Code?
I think this is a point that should have precedence
in this forum. thanks for the good point, Ill make
sure to use it in an argument... although my windows
friends are all lamers hehehehehe oh and their not best of either, coincidence?
I tip toe like rats on vouge runnways.
Who the hell titles these articles? Lower rights and Lower permissions mean completely different things...
_ test/
If MS is adding support for IDN, I'm really going to stick with Mozilla. Does anyone remember the IDN spoofing exploit from Firefox on February 7, 2005? http://secunia.com/multiple_browsers_idn_spoofing
Let's hope MS caps this hole before it happens. Unfortunately, MS has a reputation for adding bugs along with new features.
-- Game Developers: Stop porting badly-textured games from crappy console systems!
We've all experienced Microsoft doing bad (patents) and doing good (giving millions to buy underprivileged families computers). While this situation isn't as extreme as either of those examples, I believe that Microsoft has a real chance to do good here by stepping up to the plate and simply eschewing ActiveX. Then all the websites that rely on it instead of better choices would be forced to get rid of it. Maybe Joe 6er's sites wouldn't work right away, but the big ActiveX offenders (Yahoo) would fix themselves up.
I wish it would happen. I don't know if Microsoft has the motivation to do so (ie, money or image)...but it sure would be nice to see spyware take that kind of hit.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
While LH will default to setting up accounts as limited users and not administrator, for those who run as Administrator, most applications will run as lower priviledged processes anyway, unless the priviledges are explicitly elevated by the user.
People will notice that all of OSS's "New Features" have been in OSX for years.
I still debate the issue that ActiveX is a bug and not a feature. If code is introduced (whether it's the browser, application or OS) that allows unknown programs (good or bad) to be installed without the user's knowledge and consent, then it's a bug. Then again, the PEBCAK when users just click "OK" without understanding the ramifications of their actions, until it's too late.
It's all fun and games until someone loses the key to the handcuffs.
I am guessing that IE 7 will be a XP release only. If that is true, I guess they don't care if Windows 2000/98 users switch to Firefox.
Firefox = no user left behind.
Hopefully this is just marketing-speak for eliminating the "zone" system altogether.
There's really two very different applications for IE -- the primary one is as an Internet Browser where it should simply be impossible to break out of the sandbox. The "Zones" tried to do this but were a massive technical failure. When you say "ActiveX is the problem", you really mean "Those stoopid broken Security Zones that let ActiveX rape the system are the problem".
The secondary applicaiton is as a local library that's used for Windows applications. This needs full access to system APIs so that one can use DHTML as a GUI toolkit. There's nothing wrong with this idea at all -- Apple and Mozilla have adopted similar systems -- it's all in the implementation details.
The ideal solution would be to just create two seperate binaries -- IE-Internet and IE-Local, and make damn sure that it's virtually impossible to break the sandbox in IE-Internet. Then just include the proper magic to make sure the right binary is used at the right time. (The only downside is that Plugin installation will probably be more difficult, but I think Firefox shows that's not a horrendous problem.)
Whenever I hear the word 'Innovation', I reach for my pistol.
Lest not forget: Netscape Behind?
is money grabbing registries.
.com/.org/.net and only stuff appropriate to the language in question in the cctlds) then IDN is just going to be a paradise for troublemakers
until those who run the major domain registries can come up with sensible rules for IDN (which imo means no international stuff in
of course the regsitries don't care because all they care about is selling as many domains as possible which the current don't care policy promotes.
if i were running a dns server i'd be very very inclined to set it up to simply block requests to IDN urls.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
So are they going to run IE as a different user like we run Apache (as user apache). I don't think Firefox does that.
Sounds to me like ActiveX will still be enabled by default, they're just going to improve on the ability to block it on a per-domain basis instead of a per-zone basis. This isn't enough. IMO, ActiveX is the biggest (non-bug) avenue by which users become infected with all sorts of shit. It needs to be outright disabled out of the box if IE is going to get serious about security.
:(
100% agree with you. Alas I have no mod points. And I really really hope they do rely on the old "Put a dialog box up with a Yes and No option when mysterious stuff is being downloaded from some unknown site"
Like many a geek I am a part time Windows sysadmin for friends and family. My sister in law to be is one of them... tho its remote admin(shes in US Im in UK... I got her on Skype!). She is otherwise a "savvy" net user and has her own web site... which she maintains... has taken some low level web design courses etc. But whenever a mysterious dialog box come along she has this habit of clicking on Yes. Just discovred her XP box was owned and was a nice little spammer box
www.getfirefox.com :)
If they're thinking of running IE as a less-priv user, then that's closer to the mark. When people are tricked, an exploit is used, or they outright say, "install this, yes I agree to have you screw with me," then you better hope that app doesn't have rights to HKLM\Software\Microsoft\Run and C:\WINDOWS\SYSTEM32.
Of course if IE7 does run with a less-priv user, there's the risk that all of us in the well-oiled IT shops, already running as less-priv users, will have more and more spyware developed to target us, rather than all the truckloads of spyware that just assume they have full access to the system once they start executing.
I don't really care if a seamless user experience is lost. There's no distinction between seamless installation of a helpfull plugin or seamless installation of spyware.
I can picture the yellow tooltip now.
That "Lower Rights" IE should go really well with the lower rights Longhorn will enforce. *rimshot*
Thank you! I'm here all week.
IE Takes the Lead?
Hompages get changed! micro-gap won't make it easy to change the search provider or plugins like firefox. AGREED?
I tip toe like rats on vouge runnways.
I refuse to use a browser developed by an American company that can't speak English.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
A story about Microsoft removing rights that isn't designed to screw over the consumers.... odd week indeed
The only things certain in war are Propaganda and Death. You can never be sure which is which though
I am not trolling here, but exactly which mainstream sites (which I assume you meant by "Joe SixPack") rely on ActiveX? In my personal experience, the vast majority of websites I have visited now work perfectly fine in Firefox and Safari. It seems a lot of sites of moved to the slightly-less-annoying Flash-based interfaces if they want to do some things.
Porn sites seem to be the exception, but primarily to install spyware. Err ... I mean ... this is what I have heard.
I think we can all agree there is almost no technical reason to use ActiveX versus other solutions which are both more secure and less tied to only one platform. The driving force between more standards-based web development is not, however, a concern out of security but more out of the increasing desire to support mobile devices.
Maybe Microsoft would be better by not announcing this before its released.
Then execute a "silent" release (ala Google style) as beta. There are enough MS zealots that would download, try and report bugs and problems. Then when they reach an acceptably low level of bugs they can make a public announcement with all the fanfare.
By making an announcement before the product is available, they take a bigger risk when the product doesn't live up to the hype.
just my $0.02
----- If communism is a system where the government owns business, what do you call a system where business owns govern
microsoft.com relies on activex, especially the windowsupdate section, but also the genuine advantage section and others.
Ewan
Here are just a few references pointing out the real percentage of computers infected with spyware:
80%
8 out of 10
88%
Or, just search it.
So, 5 years to admit to the problem as it was 3-ish years ago.
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
It's the only way to be safe and secure. Disallow its execution altogether, or better yet, remove it with LitePC.
9 months? 30%? That was their threshold for thinking to "do something"? Uhm... Okay, I understand that rewriting (reenigineering?) IE is a huge task, so nine months might be correct. However, I find that if 30% (that's about 1 in 3 computers!) is a bit late to think that "we need to do something". 10% should have been enough to make them realise that.
Not that I care: I've never been an Internet Explorer user. Netscape, then Mozilla (pre 1.0) and now Firefox.
Slashdot related issue:
Slashdot requires you to wait 2 minutes between each successful posting of a comment to allow everyone a fair chance at posting a comment.
It's been 59 minutes since you last successfully posted a comment
WTF?
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Shoulda, woulda, coulda ... I agree.
But you have to realize there's always going to be some "sharing". Look at Firefox -- XUL, Java Applets, Flash or custom plugins -- all of these have been used to "break out" of the browser and infect the local machine. You could gimp your browser, but the real answer is probably some better form of OS access controls.
Whenever I hear the word 'Innovation', I reach for my pistol.
Didn't they recant and support that bill in the end?
And how does MS's opinion on any bill "lower the rights of gays and lesbians"?
If you'd spent any time on the MS Redmond campus you'd know it's one of the most gay-friendly work environments on the planet.
Damn! It's a big problem and it would be a 1. godsend for scum to catch legitimate domains and 2. lots of unnececary expenses. For example many russian characters look like english, but they aren't. So there are many words that could be spelled both in cyrillic and english, and now suppose you see an url printed in paper journal "http://www.poca.ru" -- what's that? "Dew" in russian and I have to type this in cyrillic or just an abbreviation and should be typed with english letters? As result sites with well known english names will be forced to spend bucks to register all alikes in other languages, and if they don't there is a lot of space for cheating.
Better disable java and file downloads while you're at it... People who just click 'yes' to whatever pops up will get something bad installed eventually, no matter how it's delivered.
I'm not saying that the sites don't function when you hit the "No" button on the "Do you want to allow software such as ActiveX controls and plug-ins to run?" dialog. And, to Microsoft's credit, when you go to the trouble of setting the ActiveX preferences to "prompt," the default button on the dialog is "No" so it's easy to hit the space bar to kill the modal and view the page without any junk.
But so much of what Joe Sixpack comes to expect from the websites he uses - stock tickers, sports score displays, interactive this or that, etc. - depends on ActiveX. For a lot of users, the sites just aren't the same without all of the ActiveX controls. I agree with you that it would be much better to use Java, or perhaps Flash (though it has its own issues) to make these features work. But the site developers have gone with ActiveX and likely won't change without a serious reason.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
When I installed Debian for the first time, it really urged me to have a regular user account, and to only use super user for things that require it, but otherwise I would just log in regularly. In Windows when you install it, you're an administrator automatically. How about they ship Windows with lower rights as well? I'm not being a troll or anything, but damn it - they need to do this for the greater good (i.e. internet).
Sometimes it hurts if you forget to miss.
Exam 4/C again. Maybe I'll do better this time.
Remember how Microsoft said that Internet Explorer is a fundamental part of the operating system and cannot be removed? Well, this is what happens when you integrate the most security-vulnerable software on any OS (the browser) directly with the OS, then have everyone run as a full-privilege account by default.
See, what makes it so bad is that IE has such deep hooks into the OS that cracking into IE is effectively the same as getting a root shell. Now we've seen that Microsoft's insistence on forcing a web browser into the OS at any cost is having detrimental effects on security.
There are, of course, security exploits for lots of other browsers, but since IE has such tight integration with the rest of the OS, the stakes are much higher. Breaking into IE is to breaking into Firefox as breaking into a house is to breaking into a tool shed.
If it's not one thing it's your mother.
I bet MS is just pissed that they didn't think of all these browser innovations first so they could patent them. If everyone is so worried about having their favorite browser's features ripped off, complain to that group to patent the features. It's how we do things in America it seems. So yes, patent tabbed browsing, rss feeds, and whatever else, so your browser actually stays unique!! I know we can do it!!
Its about time IE is getting proper PNG and CSS support but will IE7 work on Win95/98/NT/2K? I doubt it. So the IE problem is still going to be a problem for a good couple of years until those generations of Windows are phased out and replaced with upgrades (or switch OS).
As for IE7's features well they are just what Firefox and all the other browsers have had for years. I think if MS wants to stay ahead of this market they need to do annual updates to IE to keep it current and updated to the latest standards. And most important of all is to untie it from the core OS and make it a standard app.
the big ActiveX offenders (Yahoo) would fix themselves up
Any site attempting to use "AJAX" is now a big offender because XMLHttpRequest is implemented as an ActiveX control in IE. For example, turn off ActiveX and try using Google Maps in IE and you get.. "ActiveX is not enabled in your browser. If your browser is Internet Explorer, you must have ActiveX enabled to use Google Maps."
Anybody know how they will handle ActiveX controls? Right now they are downloaded to a certain directory and DllRegisterServer is called on them. If IE is running with reduced privs then DLL/OCX registration might fail (limited users can't write to HKLM). Or, will they force it under HKCU\Software\Classes? I realise they're taking steps to prevent rogue ActiveX objects on remote sites running. But how far are they going to go? Will it be a continuation/evolution of the current XP SP2 approach where the user sees an active content warning, and then has the choice to run? Also, what about MSHTML embedded in other apps, and HTAs - will the beefed up security model also be applied there too (unlike XP SP2)?
/.).
(Please: this is a technical post, so no replies on the pros or cons of ActiveX. I know about them and I've seen enough of it here on
A microsoft Offical disclosed that the rotating blue e icon will be replaced by a globe wrapped with a weasel. Ballmer: "We'll eventually be changing the name to WetWeasel in the process of upgrading". Already, Microsoft registered domains like getwetweasel.com and spreadwetweasel.com."
rearchitecturializeredishness
Exam 4/C again. Maybe I'll do better this time.
What constitutes "gay-friendly"? Is MS also "hetero-friendly"? While promoting one thing doesn't necessarily diminish another, it often does. Even if it doesn't, there can be a reasonable perception of such. For example, on-site child care. If employees don't have children or it is impractical for them to use the child care facilities, they could feel that benefit could be better used for something that would benefit all employees.
It just seems to me that best policy would be preference-neutral.
I always thought it was PEBKAC
Maybe you're right.
Then again, maybe MS will continue raking in the billions that the have for the past couple of decades by using the same marketing they have used for the past couple of decades.
MS products are all so overhyped, I don't think that people really expect them to live up to the hype. It's just this kind of forlorn hope, not real expectation.
Exam 4/C again. Maybe I'll do better this time.
Why don't they just un-integrate the browser from the OS, disable the admin user, stick to their security model, etc., etc., etc..
The list could go on and on and on...
"We are all geniuses when we dream"
- E.M. Cioran
Marketing. MS is VERY VERY good at marketing.
Exam 4/C again. Maybe I'll do better this time.
Yep, it's funny. But it's Bill Watterson. Give credit where credit is due.
MSIE on my old Win2k box would 'encounter a problem' at least twice per day, and on no particular site.
Sending an error report would just redirect me to a microsoft page, telling me to check for spyware - which, of course - I had done. Spybot/Giant/AdAware didn't find anything, neither did BHOdemon, there were no suspicious processes, services or registry keys - but MS seemed to be insisting that spyware was the problem. I got rid of my google toolbar, but to no effect.
It wasn't spyware, just bug-ridden software.
...will pay more and more for M$ software,
and be able to do less and less!?
Ya gotta love that monopoly how it has cornered the market on stupid people.
and damned if they don't. It doesn't really matter one way or the other, because they're already in hell. And (as is true of humans), they are there because they chose to go there.
See, Microsoft started by creating "features" (like ActiveX on the web) that are horrible security ideas. Now they are trying to fix things. But they can't make it really secure (remove the feature), because too many web sites depend on it. So they have to try to fix the security without removing the features, and are coming up with all these layers of band-aids.
Moral to the story: Don't create "features" that are gaping security holes in the first place.
Firefox's response ot this is to grey out the box for 5 seconds. It's bound to annoy some people, but I love it everytime someone's using my mahcine at home. Give me time to yell at them before they click. :)
The eternal struggle of good vs. evil begins within one's self.
I already browse exactly like this in IE (which I use intensively at work) along with requiring all cookies to be manually allowed (which probably does more to save me annoyance than anything else). So other than Microsoft - which I expect to use ActiveX - I cannot remember seeing a single other mainstream site that is using it.
I do often see examples of the functionality you mention like stock tickets, sports scores, and various other interactive pages but inevitably they either use Javascript / DHTML now or Flash.
Again, this isn't a troll but a serious question asking for some examples. My impression is that ActiveX is simply a dying (if not dead) technology that is not used by mainstream websites and that it is overstating things to say it is so heavily used.
And this concept of running at a reduced priviledge didn't happen in Microsoft Internet Explorer version 3... why?
"Microsoft's vision for the Internet involves tearing down any wall between the Internet and your computer. Can we say security?" - A Linux fortune cookie.
Oh. Right. How silly of me to forget.
It must be Windows. It needs half a gig of RAM and a hardware-accelerated graphics card just to run Solitaire.
If you lend someone some money and they don't pay you back, would you lend again when they come back for more?
...) chance. Not everyone has that much patience. Even though, theoretically, he should re-evaluate all of Microsoft's products at each new upgrade to see if it has improved, I can understand his feelings after being disappointed so many times.
Trust is hard to win back.
Your point is correct though, if you are willing to give everyone a second (third, fourth,
I'll probably be modded down for this...
Yeah it's easy to say that.. but you need to take into account it isn't THAT easy for them.. remember, they currently rely on activex to do windows updates.
They should rewrite Windows Updates to be part of the OS and seperate it from the browser..
By the way, active x controls ARE blocked for new websites by default with Windows XP sp2.. so I don't see your point really.
Lower Rights for EVERYONE --- It's the American Way!
I think it will probably be MSIDN
----- If communism is a system where the government owns business, what do you call a system where business owns govern
Let me guess: which defaults to MSN Search and is a pita to change :-(
Perl Programmer for hire
This just in: "IE 7.0 will provide built-in blocking mechanisms to block dangerous sites like slashdot.org." --IE 7.0 Development Team.
As much of a pos as IE is, how would you browse to a 3rd party website to download your preferred browser without having a browser installed with the OS? (unless you already went to the website and bought an install cd... oh wait...)
Maybe M$ should just dump IE and offer to put the Firefox, Mozilla, Netscape, and Opera installers on the windows install cd and let the user pick what they like. (as if that would ever happen)
These are not sharings, you don't have to embed java applets or flash in your local computer browser while you more or less need them to be runnable in the web browser.
But these are hooks to the innards of the computer, or may be because of security issues indeed.
I'm not talking about gimping the browser, i'm talking about starting by separating the web browsing and the computer browsing, because the access levels of both tasks to the local machine are completely different. IE and windows explorer sharing most of their parts means that IE has access to things it doesn't need, but external attackers can still use. IE and windows explorer being basically the same program mean that IE is rooted deep into the OS itself, and therefore extremely dangerous, while it has no need to be that rooted in the OS. That's the very first step towards making IE a more or less secure browser.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Now what was Internet Explorer again?
Dell Laptops come shipped with SpyWare installed. No kidding. Were I work we got a few new Dells and we had to manually go in and uninstall Gator and some other nasties that had been put on there by Dell itself. Disgusting.
click me
Hey, the last thing anti-MS folks want is to have less to complain about. That's why they still love to talk about BSODs as if everybody was still running Win9x versions of Windows.
If there are 30% crash reports out of 80% of all
computers, it means some spyware
actually patches or otherwise fixes the infested machines...
So far the main advantage of Firefox over IE6 is its improved security model. So, if IE does get secure, what will be the reason for the average Joe User to switch?
Like, "IE is safe now, why should I switch? It's what I use, and look! It has tabbed browsing".
Ideas, anyone?
....just kill ActiveX. That's all you gotta do. That's it. 99% of adware, malware, spyware, gone.
But they never ever will.
Seriously, I want Microsoft to bring it on. You see I don't care if anyone else is running their stuff, I don't want to care. However I have to care everytime I try to write a nice web site, because IE can't get things right. If Microsoft were competing a on a W3C checklist, at least their browser would work.
At work we have concluded it would be cheaper to port Konqueror to Windows than to work around all the IE bugs! (Konqueror seems to support the CSS we are using better than firefox, though it isn't much work to make our site work with firefox)
The Internet Explorer development cycle has always interested me. It usually ends coming and going like waves hitting a shore. Someone else (Netscape before, Mozilla now) creates a browser that's got an edge up on everyone else. Then IE comes along and makes an almost identical browser with a few enhancements over the other guys, frequently "borrowing" feature ideas from them. Then it goes away for years, stagnating, becoming more and more insecure and featureless compared to everyone else. Rinse, and repeat.
I'm wondering when they will get a clue that you have to keep on enhancing a product like web browsers, after unleashing it to the hordes.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
Let me guess: you're an American?
;)
.com, .org and .net are supposed to exist for international sites.
.us but when did you last see anyone using it?
i'm english actually
if a site wants to appeal to an international audiance they are going to want a url that everyone can actually type! that means basic latin letters, numeric digits and a few other charactors that are availible on almost every computer keyboard. nothing more.
maybe the fix is to introduce some kind of language tlds for say sites named in chineese that aren't specific to china.
There is a top level domain
seen it a few times but it isn't used a great deal.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
Tell her to set her Internet Zone to Default.
Then choose custom and scroll down to Script ActiveX controls marked safe for scripting and disable that one item only.
The way IE works is if you disable that one setting it also disables all the others, with the added benefit that she'll never see another mysterious yes or no dialog box. She'll never be given a choice of running a script or not, they just won't run at all, unless she adds the domain to her trusted zone.
Have her scroll on down to the bottom and disable Active Scripting and Allow paste operations via script.
She's now safe from all ActiveX scripts.
Every site supports Firefox/Mozilla, except Windows Update. Turning off ActiveX would only block spyware.
By extension, you should have a separate computer that is connected to the internet with no hooks whatsoever to the computer you use to run your tax form preparation program, write your letters, balance your checkbook, etc. Oh, what's that? You want to e-file? You want to send e-mail? You want to bank online?
Integration may be scary, but it isn't something you should intellectially shy away from. Convenience and security have always been at odds, and I don't see that changing any time soon. The balance beteween them isn't a zero-sum-game, however, and the solution, IMO, isn't to discard all notions of integrated solutions, even if they are less secure in the short term. We need to keep moving forward, not idolize some rose-colored past that never existed.
This Sig Kills Fascists
http://www.ipix.com/photo_support/download/plugin. shtml
iPix (360 degree views of real estate) is one I ran into quite regularly on a number of estate agent web sites when I was property hunting.
Surur
Information is the location of things. Computation is moving things around.
The problem is that most sites are coded for a variety of browser and use the browsers User Agent to determine how to display that site.
Visit it with Firefox and your browser will run an entirely different set of instructions than would be ran when using IE.
On another note, last I new scripts can't read picture files at all so quite obfuscating those damned images with scribbly crap so they can barely be read by a human.
The real estate multiple listing service website in our state requires IE and ActiveX. It's the only reason IE is installed on my wife's computer at all, (she's a realtor). For all other browsing, I have her using Firefox with no trouble.
Every time I have to help her with IE, I end up murmuring, "motherfucking shit, motherfucking shit, motherfucking shit...", over and over under my breath...
--
"...and seamless search that will include choices of search providers."
MSN.com
MSN.co.uk
MSN.co.fr
MSN.co.de
MSN.co.kr
MSN.co.ie
MSN.co.jp
and so on...
Slashdot... All Anti-Microsoft Trolls in one place and on one forum.
They always think they know best and they always think they can do better, but never do.
The same tired old gripes and FUD and you never see any better software (open source or not) from them. The only thing you will hear is bitching about Microsoft.
Slashdot will never change, it's like a house for cockroaches.
> What features will it have that will encourage me to jump ship again?
IE7 will have world domination.
Not yours in the future timeframe, but Microsoft's in the present timeframe.
choose not a better browser for your OS
choose a better OS for your browser
exactly which mainstream sites (which I assume you meant by "Joe SixPack") rely on ActiveX?
Gmail. Except for Basic HTML view.
It seems a lot of sites of moved to the slightly-less-annoying Flash-based interfaces if they want to do some things.
Just what do you think Flash is anyway? (its an ActiveX control)
Shouldn't the entire operating system suse a reduced privilege mode by default? I thought that was why they yelled at me in #debian on FreeNode when I logged in as root.
Stasis is death. Embrace change.
To be fair, your first two links are really the same story.
Also, a sample size of 329 PCs seems to me to be far too small to be truly representative of the tens (hundreds?) of millions of PCs currently in use world-wide.
It's official. Most of you are morons.
Do you realize you just admitted you are a mother f**ker?
ActiveX is the plugin architecture. If you disable it altogether, no plugins will work (QuickTime, Adobe Acrobat, Flash, and even Java (IE loads the JVM as an ActiveX component). Disabling automatic downloading of ActiveX binaries is a good idea, but disabling ActiveX altogether would be equivalent to disabling plugins altogether in other browsers. Do you advocate such?
-- "I never gave these stories much credence." - HAL 9000
"For a lot of users, the sites just aren't the same without all of the ActiveX controls. I agree with you that it would be much better to use Java, or perhaps Flash (though it has its own issues) to make these features work."
Except that both Flash and the JVM are loaded as ActiveX controls in IE. As are plugins such as QuickTime, Acrobat, WMP, etc. ActiveX is the plugin architecture if IE. Microsoft should disallow the automatic downloading of ActiveX controls by default, but not disable plugins altogether.
-- "I never gave these stories much credence." - HAL 9000
four hours today trying to circumvent various internet explorer bugs, I really dont want to see new features, but more bugfixes, and a decent CSS...
Microsoft competes with Oracle, what a shock that an update broke their application.
I remember way back when Windows 98 came out, there was an article that listed the top five applications broken by the upgrade from Windows 95. The number one broken application (by number of reports) was Lotus Notes. Very shocking that they were battling Lotus with Exchange.
The article didn't even point it out as being possibly intentional, just printed the list. No one even made a stink about it, which I thought was interesting at the time.
You can call me a foilhat conspiracy theorist if you like but this has happened over and over and over with Microsoft. One eventually begins to question whether these are all truly honest mistakes.
/.: why the hell am I here?
Windows == MacOS (== Xerox PARC, if you like) :)
:)
Regarding office components:
Word == Wordperfect (== Wordstar or somesuch)
Excel == Lotus 1-2-3 (== Visicalc)
Point being, everyone rips off everyone else. The difference with Microsoft is that they use their OS monopoly to crush the competition. Whether that is OK or not will be debated ad nauseum until MS is no longer in existence.
/.: why the hell am I here?
yup. call it vmware.
I have separate windows VMs for work and play, and when my child gets big enough to need his own pc, he gets his own vm too.
Microsoft could have easily fixed this whole problem years ago if they wanted.
The only thing they have to do is to split the 'disable active scripting' checkbox in IE into a seperate 'disable javascript' and 'disable vbscript' checkbox.
If this would happen, people would disable vbscript, but keep javascript enabled, so they still have a working WWW, only the occasional activex/vbscript site would fail.
Microsoft probably invested a lot of money in activeX, but I think it never really took off.
Maybe they'll earn the money back through their new anti-spyware product line.
Yet another great example of the monopoly getting in the way of users interrest.
>Convenience and security have always been at odds
I know what you mean. The point is well taken.
But did you ever notice that the opposite is true? A secure system keeps working, which is the ultimate convenience. Truly inconvenient security gets bypassed and the workaround is usually even worse.
...but I'm pretty keen as to what's going into IE7. There are some really nice features in this browser. If I said what they were the Firefox team would no doubt copy them in them in a heartbeat. There's an anti-URL-spoofing feature that's clever and effective but really simple. It effectively stops virtually all URL spoofs.
Everyone knows IE7 has tabbed browsing but what they don't know is how great the implementation is. It doesn't feel tacked on but more like a native part of the interface. It has features that you may have seen before (*cough* Opera) and some new innovations too. Plus it fits in with the interface paradigms you'd expect to be able to do in Windows.
I.E. wants to handle IDN..... why don't they try to handling html first!!!
GCS/MU d- s: a--- C++ W+++ w+ M-- PS--- PE++ t+ R+ tv b+ DI++ G e- h! !y
When will Microsoft stop trying to shove this crippleware bullcrap down our throats?!
Uhh, yeah, thanks for the highly technical explaination, but you're wrong. Most IE bugs have nothing to do with how much code is shared, or how deeply it is rooted, but instead attack buggy integration features like ActiveX Zone security.
Whenever I hear the word 'Innovation', I reach for my pistol.
When I ask Windows desktop users they won't try Linux instead of upgrading to the next version of Windows, they often reply that they are happy how things just "work" out of the box. Of course what they are talking about is the relatively 'trusted' state that the system defaults to. That is, they don't have to know how to enable features, the users work on the presumption that while things may be insecure and spyware may embed itself in their system, the chances that something will go wrong enough to warrant their having to 'do' something about it are relatively low. You and I know that's a cop out by someone who fears technology, but I think it's the way they really see the situation.
It's the difference between a reactionary vs. premeditative viewpoint. It will be interesting to see how these users react when they are forced to actually take measures towards enabling certain features into their own hands, or they simply offload that burden onto their local SysAdmin.
At that point I'll ask them to justify the licensing fees that Microsoft is charging them once more...
I do like programming things that work super quickly, especially when they work super quickly, super quickly.
too true. Normally I do. I just forgot. Thanks for fixing it for me though :)
Game Overdrive - Gaming News
...I had absolutely no idea that was the case. Uh...holy crap?
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.