Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Bug Reports Flooding In

Posted by Zonk on from the experience-them-now-avoid-the-rush dept.

the JoshMeister writes "According to ZDNet, bug reports are already flooding in for Microsoft's new Internet Explorer 7 Beta 2 Preview. Specific issues include the possibility of arbitrary code execution as well as incompatibilities with McAfee Security Center, anti-spyware programs, and online banking sites." From the article: "... browser testers may already be at risk, according to security researcher Tom Ferris. Late Tuesday, Ferris released details of a potential security flaw in IE 7. An attacker could exploit the flaw by crafting a special Web page that could be used to crash the browser or gain complete control of a vulnerable system, Ferris said in an advisory on his Web site. Microsoft had no immediate comment on Ferris' alert."

16 of 259 comments (clear)

  1. Duh! by sparkydevil · · Score: 5, Insightful

    Of course it's got bugs -- it's a beta!

    1. Re:Duh! by dotpavan · · Score: 3, Insightful

      its a preview to the beta 2! wait for the beta 11 preview 46, its better

    2. Re:Duh! by plague3106 · · Score: 3, Insightful

      Why would you use a beta for production work at all?

    3. Re:Duh! by Junior+J.+Junior+III · · Score: 4, Insightful

      That's what I was going to say, bug reports flooding in are a sign of a successful beta test. I wonder how many of them Microsoft will actually be fixing, though... that's kindof the whole point of it all.

      --
      You see? You see? Your stupid minds! Stupid! Stupid!
  2. Bug reports already? by VJTod · · Score: 3, Insightful

    It's beta software. Of course there will be bugs. The public B2 is much better than the leaked B2 which was still better than B1.

    Taken with grain of salt... it's still beta.

  3. good! by steve.m · · Score: 4, Insightful

    sounds like a productive beta test. end users finding lots of bugs.

    (anyone who would use it - or anything else beta - in a production environment is insane)

  4. This a good thing by Beelub · · Score: 5, Insightful
    Getting bug reports on beta software is good. That's why it's released as beta.

    Why is this front page, unless it's just the usual knee-jerk, let's-find-something-bad-to-say-about-Microsoft thing that makes Slashdot less than useful for info about anything about Microsoft.

    Yeesh.

    1. Re:This a good thing by 99BottlesOfBeerInMyF · · Score: 4, Insightful

      Why is this front page

      This is on the front page for a number of reasons. First, it is somewhat indicative of the quality of the new software MS is planning to release. Yes, betas will have bugs, but no comment has been made about the remote exploit from MS, nor about the myriad failures to implement CSS properly. The number of bugs found in such a small time, is a meaningful metric and of interest to people here. It indicates to many of us, that the final version is still unlikely to properly implement the spec and that whatever new security practices MS is employing are probably not working to stop vulnerabilities. (Gee, big surprise.) The number of incompatibilities with current banking and other Websites is a useful indication to how much work the Web designers among us are likely to have ahead of us.

      Second, because of the design of Windows and IE you can either install this beta for testing, or you can install the current IE, but not both. This means a number of people will install the beta, but end up also using it as an everyday browser, since they don't want to be constantly installing and uninstalling it for testing. Thus, security concerns with this beta may actually be a real concern. Those among us working to secure networks may want to account for this by restricting use of this browser for the time being.

      Finally, the number of bug reports is a useful metric for gauging interest in the product, which is also of concern to people here.

  5. It's.. Beta? by PhrostyMcByte · · Score: 4, Insightful

    How is this news? Betas are there for finding bugs. If you don't want to risk more than the usual, how about just not using it?

    The past builds were also riddled with bugs, and the IE developers are very involved with testers to fix them. It's not like they're just sitting with their hands over their ears yelling "LA LA LA LA I can't hear you!"

  6. Nasty security flaw that Microsoft missed by OwlWhacker · · Score: 3, Insightful

    I was about to post something about bugs being natrual in almost all beta software, then I read the article...

    An attacker could exploit the flaw by crafting a special Web page that could be used to crash the browser or gain complete control of a vulnerable system

    So, this is actually a relevant article, despite its initial appearance.

    We've got some new additions and enhancements to IE, and here we have a flaw that can give an attacker complete control over the user's computer!

    I guess this is a taste of things to come in Vista? Evidence that Microsoft's secure code development practices are mostly just verbal pacification?

    --
    Linux/Open Source/Anti Microsoft News
  7. Re:Wow by ucahg · · Score: 3, Insightful

    A beta of anything better have bugs. Otherwise the testers aren't finding them because they are most certainly there.

    I don't even see how this is a news-worthy... it's a beta!

  8. The Acid 2 CSS Test by dshannon · · Score: 3, Insightful

    The famed acid2 test renders truly badly: http://www.webstandards.org/act/acid2/test.html#to p

  9. From the IE Team Blog by Pedrito · · Score: 3, Insightful

    Finally, I'd like to reiterate the importance of the responsible disclosure of security issues. We firmly believe that privately disclosing security issues to software vendors is the best way to keep the users of the world secure.

    I'm sorry, but I take issue with this, particularly with a product being beta-tested, but really, with any product. Users need to know what exploits are known. If there are serious, known, security flaws in IE, that may very well affect my decision of whether or not I want to install it on my system. THe idea of keeping it hush-hush doesn't really help anyone.

  10. Re:More annoying than the bugs.. by bmajik · · Score: 3, Insightful

    Requires you to validate windows to install

    Ok, this doesn't buy the customer much, but is it really all that big of a pain? Do you just conceptually object to Microsoft asking "is that a valid Windows you're using?"

    Requires a reboot

    I am not thrilled about this but given the wedding of the browser rendering component and the rest of the user experience ("OS"), i can't say i am surprised. You have to reboot after uninstalling it also, by the way :)

    Actually attempts to pass off things like tabbed browsing and a search bar as innovative (really, take a look at the "demo" they bring you to when you first install it).

    Consider part of the target market for IE7: People that are happy enough with the features of IE6 that they haven't bothered looking at Firefox yet. For them, tabbed browsing and a search bar are new and innovative. These are things that everyone will potentially benefit from but not all people will seek out and discover by themselves.

    Part of the reason my grandfather uses a computer at a public library to do web surfing and write email is because Microsoft brings "cool stuff" away from the realm of the early adopter and puts it in the hands of everyone.

    --
    My opinions are my own, and do not necessarily represent those of my employer.
  11. Re:Treat IE 7 as IE 6? by kawika · · Score: 4, Insightful

    Don't let Microsoft off the hook that easily. Most of the problems I've seen with this IE7 beta aren't the "we messed up the implementation" variety. They are the "we still don't support all of CSS" variety.

    Microsoft has eliminated several bugs that made it easy to identify IE6 and apply hacks to the CSS. For example, the "* html" selector let you apply CSS rules just for IE because it's ignored by standards-compliant browsers. Now IE7 ignores that too. However, the need for hacks is still there. IE7 still does not implement several important CSS features that necessitated the hacks in the first place, such as min-height.

    If Microsoft were to decide that this beta was "close enough" or even if it fixes just the minimum number of things to keep major sites from breaking, that's not going to help. Designers will end up needing an entirely different set of hacks to make up for the fact that IE7 is *still* not a complete CSS2 implementation.

  12. Report Non-Compliance As A Bug by Xopl · · Score: 3, Insightful

    I'm really serious about this... I'm not kidding...

    The web community should start flooding the bug reporting for the IE beta with reports about CSS and XHTML/HTML standards non-compliance. Anything IE 7 does that isn't in line with web standards should be reported as a bug, by as many people as possible. And we should keep reporting these, daily, until the IE team wakes up to web standards and decides to support them.

    Then, webmasters can make one version of the website that works in all modern browsers. Oh happy day. The IE team won't have to worry about supporting the weird IE quirks... people who haven't upgraded and are still using IE 6 will continue getting the same hacks that fix IE 6 and are ignored by Firefox et al, and IE 7 can ignore them just the same.

    Seriously... it's best for everybody.

    What's really going to piss me off is when they "fix" the hacks but not the non-compliance... AND on top of it they support some CSS 3 stuff in a non-standard way so we can go through this all over again when IE 8 comes out.