'Lower Rights' IE 7.0 Coming

← Back to Stories (view on slashdot.org)

Posted by timothy on Wednesday June 8, 2005 @01:22AM

blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."

29 of 378 comments (clear)

So basically ... by DeVryGuy23 · 2005-06-08 01:25 · Score: 4, Insightful

...just some of the key features of Firefox and Safari?

--
Butthead Vendor
1. Re:So basically ... by Dogers · 2005-06-08 01:28 · Score: 4, Informative
  
  Without the CSS support.
  
  Marvellous!
  
  --
  I am a viral sig. Please copy me and help me spread. Thank you.
2. Re:So basically ... by evilbessie · 2005-06-08 01:30 · Score: 5, Insightful
  
  Yes, that's is what they are doing but an interesting thing about the article
  "Nine months ago, we started hearing from partners like Dell that spyware was a major issue. Our own data from [Dr Watson] crash reports was telling us that 30 percent of all machines had some form of spyware. It reached a point where we had to do something."
  So yes they implement security but only when someone else points out that over 25% of all computers are infected with malware. Obviously this new Security concious microsoft takes some time to believe thaty they may be wrong... enjoy
3. Re:So basically ... by dioscaido · 2005-06-08 02:37 · Score: 4, Insightful
  
  ...just some of the key features of Firefox and Safari?
  
  What are you talking about? When you run Firefox under an Administrator account, it runs as an Administrator. In linux if you run Firefox as root, it runs as root. Neither provide any sort of explicit protection against this environment. Or am I missing something here? If you run your windows desktop account as a limited user (not an Administrator), then IE6/5/4 and all other browsers on the market today run as a least priviledged process.
4. Re:So basically ... by klubar · 2005-06-08 03:00 · Score: 4, Insightful
  
  A better question is what percentage of home/small business/clueless corporate users don't have automatic update turned on. (Yes, auto update has broken a few, relatively rare programs. But if 100% of users allowed auto-update to do its stuff we'd have many fewer infected machines.)
5. Re:So basically ... by JebusIsLord · 2005-06-08 05:30 · Score: 4, Insightful
  
  Welcome to slashdot. MS has 3 choices, and they are damned any which way they go:
  a) They can not do anything, and get blamed for not keeping up.
  b) They can catch up, and get blamed for just doing stuff everyone else already does.
  c) They can "innovate" ahead of the others, and really piss everyone off.
  
  --
  Jeremy
They're adding IDN support NOW??? by bgarcia · 2005-06-08 01:25 · Score: 5, Funny

IE 7.0 will add support for IDN (International Domain Names)
Oh, goodie!
I was wondering when IE would be able to support the Unicode URL spoofing attacks!

--
I'm a leaf on the wind. Watch how I soar.
Appropriate for the largest audience by wyoung76 · 2005-06-08 01:26 · Score: 5, Insightful

IMO, Microsoft has made the correct decision in announcing this change in IE. The main audience is the so-called "mom & pop" audience which haven't the faintest idea of how to do things, and just want things to work. They also tend to get hit with more problems which the typical /. crowd probably ends up having to fix.
Microsoft may be a bit slow to get there, but they'll get there in the end.
1. Re:Appropriate for the largest audience by Mithrandir86 · 2005-06-08 01:34 · Score: 5, Insightful
  
  Good to see that competition from Mozilla's Firefox is inspiring Microsoft to improve IE.
  Regardless of who wins in the battle of open-closed ideologies, the ultimate winner shall be the consumer. Which is exactly how it should be.
2. Re:Appropriate for the largest audience by matth · 2005-06-08 01:46 · Score: 4, Insightful
  
  My only thought is... in Server 2003 they do this (I think) by default and it's annoying as all get out... to the point of being unable to really browse the web without security boxes popping up all over the place. Isn't there a way to do it without being intrusive on the user? This is just going to force the user to increase the security level.
3. Re:Appropriate for the largest audience by chrome · 2005-06-08 02:12 · Score: 4, Insightful
  
  In my experience, users who decide to lower the security, overcompensate when doing so. Instead of setting the security to what they need it at, they set it to the "Bend over and rape me" setting.
  
  Microsoft: Stop writing buggy software with "accidental" hooks that let you install device drivers from a god-damn active X control! THEN you won't need crutches like "Security levels".
  
  I agree with the parent 100%: this won't be effective.
4. Re:Appropriate for the largest audience by Mithrandir86 · 2005-06-08 02:41 · Score: 5, Funny
  
  Crap, I forgot about posting against the /. articles of faith and got modded a troll.
  Just a second.
  
  Greedy M$ is making another foolish move. Hopefully they'll be bankrupt soon. All corporations are inherently evil. Linux forever!
  
  Was that better?
New Features? by Jackdaw+Rookery · 2005-06-08 01:26 · Score: 4, Insightful

So what will Microsoft be offering in IE7 that is new, and not just a take on Mozilla/Firefox/Opera?

It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?

Why would people move back to IE even after the release of IE7? I'm guessing they won't and this is for those that won't or can't move from IE.
1. Re:New Features? by Gorath99 · 2005-06-08 01:40 · Score: 5, Insightful
  
  So what will Microsoft be offering in IE7 that is new, and not just a take on Mozilla/Firefox/Opera?
  
  It seems to me that Microsoft is only playing catch up, has invention died over in Redmond?
  
  To be fair, Firefox has taken many (most?) of its features from other browsers as well.
  
  Let MS copy what they want. If IE improves, so much the better. Firefox et al will have a reason to find new ways to improve and I'll have a better browser when I'm stuck on a Windows box at work/school/whatever.
Multiple search engines! by grasshoppa · 2005-06-08 01:27 · Score: 5, Funny

You can use msn! Or, maybe you'd prefer msn!

Or, if those two options don't suit you, you can use MSN!

--
Mod me down with all of your hatred and your journey towards the dark side will be complete!
One of these days... by the+linux+geek · 2005-06-08 01:27 · Score: 4, Insightful

People will notice that all of MS's "New Features" have been in OSS for years.
Possible MS logic? by B5_geek · 2005-06-08 01:28 · Score: 5, Insightful

Hmm let me guess, this 'less-priviledged' IE "user" will be unable to install 3d party apps & addons (let's call them "plug-ins").

Idiot #1: I want to install these smile-themes and weather app, but IE won't let me. It says that these "plug-ins" are unsafe and operate at a higher priviledge level. I don't know what that means BUT I WANT MY SMILES! ...... you guys know the rest of the story.

--
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
Is it worth the switch? by Dancin_Santa · 2005-06-08 01:28 · Score: 5, Insightful

I remember about 6 or 7 years ago when I was switching from Netscape 3 to IE 4 that there was a huge argument over whether Netscape 4 or IE 4 was the better product. The step up from versions 3 was significant.

Lately, having switched to Firefox to avoid rampant security issues, I feel fairly comfortable with this browser. There are some things that I wish were better like better Googlebar and better plug-in handling, but am pretty happy with it.

So with IE7, what's the draw? What features will it have that will encourage me to jump ship again? The feature list doesn't impress me as much as the jump from Netscape 3 to IE 4 did. And security is not an issue with Firefox, so that's not a good enough reason.

I guess I'll just have to download the mandatory Critical Update and try out the browser for myself.
1. Re:Is it worth the switch? by Kjella · 2005-06-08 01:44 · Score: 4, Insightful
  
  So with IE7, what's the draw? What features will it have that will encourage me to jump ship again?
  
  Nothing. In short, IE7 is there to 1) stop people from installing a 3rd party browser and 2) when you get a new machine with IE7 installed, be too lazy to install a 3rd party browser again.
  
  It is quite simple really, let Firefox/Opera do all the R&D and find out what the "must-haves" are and what is fluff, then tag along. Having a Windows monopoly is the ultimate way to "unconvert" people. If people had to actively choose to install IE over other browsers, things would be different. But for each time, you have to actively do something NOT to use IE. From there it is all about laziness.
  
  Kjella
  
  --
  Live today, because you never know what tomorrow brings
Slow ears by KiloByte · 2005-06-08 01:31 · Score: 5, Funny

From TFA: "Nine months ago, we started hearing from partners like Dell that spyware was a major issue."

Hmm, let's see. (5 years-9 months) times the speed of sound... this means that Dell's headquarters are 46 million kilometers from Redmond.

--
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
no no no by hsmith · 2005-06-08 01:33 · Score: 4, Funny

when you type in "google" Clippy pops up and asks you "It looks like you want to do a search, we will take you to a far superior search engine" and will redirect you
if it comes with flash and such too by Lord+Bitman · 2005-06-08 01:34 · Score: 4, Insightful

If IE came pre-loaded with the most popular plugins (Flash, Quicktime), so that the majority of people would have no reason to ever turn off the reduced privledge mode, as opposed to turning it off several times soon after they have gotten their initial installation, it may work. If people are immediately conditioned that turning off reduced privledge mode is something that you need to do in order to get your browser to work right, then this will do nothing.

Of course, simply never allowing write-access to anything but /cookies-and-bookmarks on a kernel-level might help too

--
-- 'The' Lord and Master Bitman On High, Master Of All
Will only work if ActiveX is disabled by default by Motherfucking+Shit · 2005-06-08 01:37 · Score: 4, Interesting

From TFA,
The enhancements will build on the Security Zones feature in current versions of IE that allows customers to prevent untrusted Web sites from invoking ActiveX controls.
Sounds to me like ActiveX will still be enabled by default, they're just going to improve on the ability to block it on a per-domain basis instead of a per-zone basis. This isn't enough. IMO, ActiveX is the biggest (non-bug) avenue by which users become infected with all sorts of shit. It needs to be outright disabled out of the box if IE is going to get serious about security.

The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.

--
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Re:WHAT?? by Dorothy+86 · 2005-06-08 01:38 · Score: 5, Funny

Yeah, but verbing nouns weirds the language.

--
Game Overdrive - Gaming News
Re:Will only work if ActiveX is disabled by defaul by masklinn · 2005-06-08 01:59 · Score: 4, Insightful

The ideal solution would be to just create two seperate binaries -- IE-Internet and IE-Local, and make damn sure that it's virtually impossible to break the sandbox in IE-Internet.
Fuck that, fully separate Internet Explorer as a web browser and Explorer as a local computer browser, they should never have been merged in the first place. No sandbox, just two completely different programs that don't share any damn blasted thing they could *not share*, and not a single hook from the web browser to the innards of the computer.

--
"The way we can tell it's C# instead of Haskell is because it's nine lines instead of two." -- wadler
30%, Try 80% by blazerw11 · 2005-06-08 02:22 · Score: 5, Informative

Here are just a few references pointing out the real percentage of computers infected with spyware:
80%
8 out of 10
88%
Or, just search it.
So, 5 years to admit to the problem as it was 3-ish years ago.

--
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James
It's customary to identify source, even in humour by Petersko · 2005-06-08 03:04 · Score: 4, Informative

Yep, it's funny. But it's Bill Watterson. Give credit where credit is due.
Re:Will only work if ActiveX is disabled by defaul by magickalhack · 2005-06-08 04:47 · Score: 4, Insightful

By extension, you should have a separate computer that is connected to the internet with no hooks whatsoever to the computer you use to run your tax form preparation program, write your letters, balance your checkbook, etc. Oh, what's that? You want to e-file? You want to send e-mail? You want to bank online?

Integration may be scary, but it isn't something you should intellectially shy away from. Convenience and security have always been at odds, and I don't see that changing any time soon. The balance beteween them isn't a zero-sum-game, however, and the solution, IMO, isn't to discard all notions of integrated solutions, even if they are less secure in the short term. We need to keep moving forward, not idolize some rose-colored past that never existed.

--
This Sig Kills Fascists
Search choice? by RichM · 2005-06-08 05:54 · Score: 4, Funny

"...and seamless search that will include choices of search providers."

MSN.com
MSN.co.uk
MSN.co.fr
MSN.co.de
MSN.co.kr
MSN.co.ie
MSN.co.jp
and so on...