Slashdot Mirror
'Lower Rights' IE 7.0 Coming
blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."
...just some of the key features of Firefox and Safari?
Butthead Vendor
I was wondering when IE would be able to support the Unicode URL spoofing attacks!
I'm a leaf on the wind. Watch how I soar.
"We've re-architected it to defend against exploits," Mangione said
architect IS NOT a verb!!
great laugh to start the day though.
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
Microsoft may be a bit slow to get there, but they'll get there in the end.
So what will Microsoft be offering in IE7 that is new, and not just a take on Mozilla/Firefox/Opera?
It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?
Why would people move back to IE even after the release of IE7? I'm guessing they won't and this is for those that won't or can't move from IE.
You can use msn! Or, maybe you'd prefer msn!
Or, if those two options don't suit you, you can use MSN!
Mod me down with all of your hatred and your journey towards the dark side will be complete!
People will notice that all of MS's "New Features" have been in OSS for years.
Hmm let me guess, this 'less-priviledged' IE "user" will be unable to install 3d party apps & addons (let's call them "plug-ins").
...... you guys know the rest of the story.
Idiot #1: I want to install these smile-themes and weather app, but IE won't let me. It says that these "plug-ins" are unsafe and operate at a higher priviledge level. I don't know what that means BUT I WANT MY SMILES!
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
I remember about 6 or 7 years ago when I was switching from Netscape 3 to IE 4 that there was a huge argument over whether Netscape 4 or IE 4 was the better product. The step up from versions 3 was significant.
Lately, having switched to Firefox to avoid rampant security issues, I feel fairly comfortable with this browser. There are some things that I wish were better like better Googlebar and better plug-in handling, but am pretty happy with it.
So with IE7, what's the draw? What features will it have that will encourage me to jump ship again? The feature list doesn't impress me as much as the jump from Netscape 3 to IE 4 did. And security is not an issue with Firefox, so that's not a good enough reason.
I guess I'll just have to download the mandatory Critical Update and try out the browser for myself.
The other way that this will be fun is watching all of the *really* bad ISVs who assume that IE is a complete solution for their apps and will of course be able to alter the system config when they use it as a component.
And you thought SP2 broke things? *laughs evily*
"To any truly impartial person, it would be obvious that I am right."
This is the problem with Microsoft. They're capable of making a good product when they want to, but they throw their weight around and make it the only product on the market. After this, what incentive do they have to continue to make their product better or keep it up to date? IE hadn't changed forever and didn't look like it ever would until people started using Firefox.
I don't mind MS trying to make a product for every single aspect of the computer world (and occasionally beyond) but when they use their huge bank account and the huge Windows customer base to become monopolistic and the only product out there, it really hurts the consumers more than anyone else in the end.
From TFA: "Nine months ago, we started hearing from partners like Dell that spyware was a major issue."
Hmm, let's see. (5 years-9 months) times the speed of sound... this means that Dell's headquarters are 46 million kilometers from Redmond.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Too little, too late, perhaps? Why has it taken Microsoft over 5 years (and counting) to release an upgraded version of IE? Oh well, I want to thank Microsoft, because the only browser I used on my WinXP boxes was IE...then FireFox came out.
Yes, I admit it, I used to be an IE user...but now, I will never go back. For once when you see the great bird that showers fire and thunder at the masses, then you know that the forces of Mammon will never succeed at world domination.
about:mozilla
IGB: More fun than eating oatmeal!
After checking information on IDN, I noticed that there are two variations of international domain names. Anyone know whether Microsoft will actually be using IDN or Internationalizing Domain Names in Applications (IDNA)?
:)
I apologize in advance for my anti-Slashdot action of reading a little before commenting.
when you type in "google" Clippy pops up and asks you "It looks like you want to do a search, we will take you to a far superior search engine" and will redirect you
If IE came pre-loaded with the most popular plugins (Flash, Quicktime), so that the majority of people would have no reason to ever turn off the reduced privledge mode, as opposed to turning it off several times soon after they have gotten their initial installation, it may work. If people are immediately conditioned that turning off reduced privledge mode is something that you need to do in order to get your browser to work right, then this will do nothing.
/cookies-and-bookmarks on a kernel-level might help too
Of course, simply never allowing write-access to anything but
-- 'The' Lord and Master Bitman On High, Master Of All
The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Recently, Microsoft already lowered the rights of gays and lesbians by dropping support for a major state anti-discrimination bill. Based on that wildly popular success (with right wingers at least) we'll be dropping the rights for everyone in the next release of Internet Explorer; trust us, we know what's good for you. And for those anxious about what the future holds, worry no more; coming with Longhorn, we'll offer new digital rights management features. Just remember, all your rights are belong to us.
That's the web designer's fault. You should scream '@ media print' or "media=print" every time you see him Actually I'm curious if this will break the nicely coded CSS I've done to make pages print as they should?
You know damn well the default start page is going
to default to msn search and nobody is going to change it. If google was going be a leader and remain a leader it should have as I said all along been pushing firefox like a mad man. Instead they are about to learn the same lesson Netscape did the hard way. If the market share of the users have a msn search start page and I am a advertiser where am I going to spend my dollars.
I love google, it is going to be sad to see them go.
Got Code?
Who the hell titles these articles? Lower rights and Lower permissions mean completely different things...
_ test/
If MS is adding support for IDN, I'm really going to stick with Mozilla. Does anyone remember the IDN spoofing exploit from Firefox on February 7, 2005? http://secunia.com/multiple_browsers_idn_spoofing
Let's hope MS caps this hole before it happens. Unfortunately, MS has a reputation for adding bugs along with new features.
-- Game Developers: Stop porting badly-textured games from crappy console systems!
is money grabbing registries.
.com/.org/.net and only stuff appropriate to the language in question in the cctlds) then IDN is just going to be a paradise for troublemakers
until those who run the major domain registries can come up with sensible rules for IDN (which imo means no international stuff in
of course the regsitries don't care because all they care about is selling as many domains as possible which the current don't care policy promotes.
if i were running a dns server i'd be very very inclined to set it up to simply block requests to IDN urls.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
If they're thinking of running IE as a less-priv user, then that's closer to the mark. When people are tricked, an exploit is used, or they outright say, "install this, yes I agree to have you screw with me," then you better hope that app doesn't have rights to HKLM\Software\Microsoft\Run and C:\WINDOWS\SYSTEM32.
Of course if IE7 does run with a less-priv user, there's the risk that all of us in the well-oiled IT shops, already running as less-priv users, will have more and more spyware developed to target us, rather than all the truckloads of spyware that just assume they have full access to the system once they start executing.
I don't really care if a seamless user experience is lost. There's no distinction between seamless installation of a helpfull plugin or seamless installation of spyware.
I can picture the yellow tooltip now.
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
Perhaps, "We copied someone else's exploit defenses"
I am not trolling here, but exactly which mainstream sites (which I assume you meant by "Joe SixPack") rely on ActiveX? In my personal experience, the vast majority of websites I have visited now work perfectly fine in Firefox and Safari. It seems a lot of sites of moved to the slightly-less-annoying Flash-based interfaces if they want to do some things.
Porn sites seem to be the exception, but primarily to install spyware. Err ... I mean ... this is what I have heard.
I think we can all agree there is almost no technical reason to use ActiveX versus other solutions which are both more secure and less tied to only one platform. The driving force between more standards-based web development is not, however, a concern out of security but more out of the increasing desire to support mobile devices.
Here are just a few references pointing out the real percentage of computers infected with spyware:
80%
8 out of 10
88%
Or, just search it.
So, 5 years to admit to the problem as it was 3-ish years ago.
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
Had to have been ;-)
Shoulda, woulda, coulda ... I agree.
But you have to realize there's always going to be some "sharing". Look at Firefox -- XUL, Java Applets, Flash or custom plugins -- all of these have been used to "break out" of the browser and infect the local machine. You could gimp your browser, but the real answer is probably some better form of OS access controls.
Whenever I hear the word 'Innovation', I reach for my pistol.
When I installed Debian for the first time, it really urged me to have a regular user account, and to only use super user for things that require it, but otherwise I would just log in regularly. In Windows when you install it, you're an administrator automatically. How about they ship Windows with lower rights as well? I'm not being a troll or anything, but damn it - they need to do this for the greater good (i.e. internet).
Remember how Microsoft said that Internet Explorer is a fundamental part of the operating system and cannot be removed? Well, this is what happens when you integrate the most security-vulnerable software on any OS (the browser) directly with the OS, then have everyone run as a full-privilege account by default.
See, what makes it so bad is that IE has such deep hooks into the OS that cracking into IE is effectively the same as getting a root shell. Now we've seen that Microsoft's insistence on forcing a web browser into the OS at any cost is having detrimental effects on security.
There are, of course, security exploits for lots of other browsers, but since IE has such tight integration with the rest of the OS, the stakes are much higher. Breaking into IE is to breaking into Firefox as breaking into a house is to breaking into a tool shed.
If it's not one thing it's your mother.
the big ActiveX offenders (Yahoo) would fix themselves up
Any site attempting to use "AJAX" is now a big offender because XMLHttpRequest is implemented as an ActiveX control in IE. For example, turn off ActiveX and try using Google Maps in IE and you get.. "ActiveX is not enabled in your browser. If your browser is Internet Explorer, you must have ActiveX enabled to use Google Maps."
Yep, it's funny. But it's Bill Watterson. Give credit where credit is due.
and damned if they don't. It doesn't really matter one way or the other, because they're already in hell. And (as is true of humans), they are there because they chose to go there.
See, Microsoft started by creating "features" (like ActiveX on the web) that are horrible security ideas. Now they are trying to fix things. But they can't make it really secure (remove the feature), because too many web sites depend on it. So they have to try to fix the security without removing the features, and are coming up with all these layers of band-aids.
Moral to the story: Don't create "features" that are gaping security holes in the first place.
By extension, you should have a separate computer that is connected to the internet with no hooks whatsoever to the computer you use to run your tax form preparation program, write your letters, balance your checkbook, etc. Oh, what's that? You want to e-file? You want to send e-mail? You want to bank online?
Integration may be scary, but it isn't something you should intellectially shy away from. Convenience and security have always been at odds, and I don't see that changing any time soon. The balance beteween them isn't a zero-sum-game, however, and the solution, IMO, isn't to discard all notions of integrated solutions, even if they are less secure in the short term. We need to keep moving forward, not idolize some rose-colored past that never existed.
This Sig Kills Fascists
"...and seamless search that will include choices of search providers."
MSN.com
MSN.co.uk
MSN.co.fr
MSN.co.de
MSN.co.kr
MSN.co.ie
MSN.co.jp
and so on...
Microsoft competes with Oracle, what a shock that an update broke their application.
I remember way back when Windows 98 came out, there was an article that listed the top five applications broken by the upgrade from Windows 95. The number one broken application (by number of reports) was Lotus Notes. Very shocking that they were battling Lotus with Exchange.
The article didn't even point it out as being possibly intentional, just printed the list. No one even made a stink about it, which I thought was interesting at the time.
You can call me a foilhat conspiracy theorist if you like but this has happened over and over and over with Microsoft. One eventually begins to question whether these are all truly honest mistakes.
/.: why the hell am I here?