IE7 Separated from Windows Explorer

An anonymous reader writes "Security experts warned Microsoft 10 years ago that putting IE as a component of Windows Explorer was a bad idea, looks like Microsoft finally decided to listen to the advice. According to a short write up in Business Week, Microsoft has decided that when IE7 comes out with Vista it will no longer be a component of Windows Explorer and will be able to replace IE6 even on XP machines."

Replace IE6 on XP machines?

[LiquidCoooled]

Surely they mean outwordly replace IE 6 like Firefox etc do, whilst keeping IE 6 tied into the XP system?

I wonder what would happen if you decided to remove IE 7 after installing it. Or will they "upgrade" it like they do with DirectX and Media Player (ie one way upgrades only, essentially no rolling back).

They are talking about Click to activate ActiveX controls as being a security benefit thats been added for the user - I thought it was because of losing the patent dispute?

ps, the guy talking sounds like Farnsworth, its worth listening just for that!

Re:Replace IE6 on XP machines?

[Krach42]

They are talking about Click to activate ActiveX controls as being a security benefit thats been added for the user - I thought it was because of losing the patent dispute?

Companies do this stupid stuff all the time. It's called "Spin".

Banks were marketting the instant scan of checks to customers as a security feature. "See your checks online right away, to be able to spot fraud easier!" In truth? With the instant scans of the checks, "check float" has been removed, and a big issue that banks had with some illegal behavior that most people thought were ok, is gone.

Heck, sometimes it comes to down right lies. I worked for a certain ISP signing people up for service, and if we were having computer problems, like a crash or something, we were told to tell customers that we were "upgrading" our system to provide "better customer service in the future". Which of course is a lie, because the network just sucked and was slow as crap, and the computer would crash and reboot all the time.

I don't believe any "feature" anymore as of Java, which marketed things like "architecture neutral", when I realized, it wasn't "architecture neutral" it was just designed to be an easily emulated architecture.

Re:Replace IE6 on XP machines?

[AKAImBatman]

With the instant scans of the checks, "check float" has been removed, and a big issue that banks had with some illegal behavior that most people thought were ok, is gone.

Check floating is not illegal. It's simply an artifact of the way banks work. You're probably thinking of check kiting, which is an illegal scheme that takes advantage of the float periods.

Re:Replace IE6 on XP machines?

[M.+Azerty]

Actually, you can try the Beta of IE7: http://www.microsoft.com/windows/ie/ie7/ie7betared irect.mspx And yes, you can uninstall it properly afterward.

Re:Replace IE6 on XP machines?

[drinkypoo]

Well, you can make multiple IE installs now by unpacking the installation cab files into a directory and putting a file called something like "IEXPLORE.exe.local" (I think that's it) into the directory. Unfortunately, it won't show the proper version in the About box, but if you load a page that renders differently in the two versions you can see that it is in fact using the older renderer. This is what I do to do testing between IE5.5 and IE6 on WinXP now. Maybe this new version will install alongside IE6?

Re:Replace IE6 on XP machines?

[Hollyfeld]

Actually, no. Post-dating a check will have no effect on when it can be cashed, or your liability for payment. The date field on a check has no legal signifigance - a check is a demand draft against an account and is payable on presentation...

Re:Replace IE6 on XP machines?

[freeweed]

Post-dating cheques is (from what I understand) either illegal or just not useful in the US - due to exactly what we're talking about here. Your money must be present in the account when you write the cheque (barring overdraft protection, etc).

In Canada, post-dating cheques is very legal, and very common. The provincial insurance companies accept post-dated cheques for payments due in the future, so it's certainly legal at that level.

I ran into this years and years ago when I first computerized the books for a small business - the vendor didn't provide any functionality for tracking post-dated cheques (they were a US vendor, and we were their first Canadian customer). When we called to request this feature, their response was "but post-dating cheques is illegal!". Pretty funny at the time. It took them over a year to get this functionality working right, incidentally.

Oh, and the banks here WILL honour post-dates. If I cash a cheque earlier than the day it is dated for, it usually gets caught. If it goes through by accident, it will be reversed (not as an NSF) and it's up to me to collect the money from the cheque writer.

Welcome news

[From+A+Far+Away+Land]

I had heard initially that IE7 wasn't going to be available for Windows 2000, and assumed that meant it wasn't going to be for XP either. If it works on XP, what would stop it from running on 2000 other than a Microsoft desire to cripple it so that people have one more reason they must leave 2000 which still works fine for most tasks [as long as it's well patched]?

Re:Welcome news

[offput]

Windows 2000 is no longer in the windows labelled "mainstream support" so the less they have to deal with it the better for their support teams. On IEBlog, they also cite specifically why it can work for WinXP and not Win2K. It's because of the security upgrades done to XP in service pack 2 which they claim are not easily back-ported into 2K.

Lied to the EU?

[Manip]

Didn't Microsoft engineers claim, in court, to the EU that they couldn't remove Internet Explorer from the Operating System without breaking it?

Interesting seeing as Microsoft are now suddenly able to seperate the two (in reference to Windows XP, not Windows Vista).

Re:Lied to the EU?

[mtenhagen]

That did not apply to windows xp but to windows 95 and me.

Maybe it could be done but this is the reason it will only be done for xp. On the other hand, having seen some of microsofts products it doesnt suprise me that a web browser which executes remote code (activex) is part of the os.

Re:Lied to the EU?

[Cro+Magnon]

It's only a lie if an IE-less Vista isn't broken.

Re:Lied to the EU?

[FatRatBastard]

Technically they were correct. Think of it as if BMW rerouted the ignition circiut to make sure it passed through the car stereo. Technically, removing the stereo could render the car useless. Its a stupid design decision unless you're trying to monopolize the market in car stereos.

Re:Lied to the EU?

[qw0ntum]

If you listen to the full podcast (LTFP?), they say that the seperation between the browser and the OS will only come in Vista. In XP versions, IE7 will only add new restrictions to ActiveX controls.

So I guess they were not lying, at least according to BusinessWeek.

Re:Lied to the EU?

[dtfinch]

You can't completely remove IE without breaking things. A lot of third party programs use IE to display html, or use HTML Help (.chm) files. Without IE, Windows would have trouble running many of the programs Wine has trouble with (unless IE is installed).

Re:Lied to the EU?

[gardyloo]

We're talking about Windows and IE here. Define "broken".

Sad

[Eightyford]

Another divorce. Why can't Americans just stay together for the kids?

Re:Sad

[eclectro]

Why can't Americans just stay together for the kids?

Because this marriage produces a kid every other day that has three eyes or extra limbs??

Okay, but...

[babbling]

Will Windows Explorer still be able to function as a web browser once IE7 has been installed separately on XP?

I imagine a lot of users are quite used to typing webaddress.com into Windows Explorer, now. I suppose that should respond by launching the user's default browser with the command line argument webaddress.com, but is that what it will do, or will WinExplore still function as a browser?

Finally!

[noamsml]

Next thing you'll know, maybe they'll realize that running executables out of the browser is a bad idea, and that an arbitrary execution flaw on CD insertion is NOT a feature.

Great! Now to get Konqueror!

[Kelson]

I'm sure I'm about to burn karma with this... but in KDE, Konqueror acts as both web browser and file manager. At least it's entirely userspace, but does anyone know how closely the file managing and web browsing aspects of Konqueror are tied?

IE7 is on the Rebound

[digitaldc]

Did you hear IE7 Separated from Windows Explorer?

Yes, I also heard she is now dating some new guy Winslow Vista.

meh

[popeguilty]

Will anyone who isn't currently using MSIE6 use MSIE7 on this news?

Good news

[TheSkepticalOptimist]

IE was integrated because the same kind of display used to show files and directories could be used to display web content, and it made sense to integrate the same technology in order to save on system resources.

Today, with people having more horsepower in their computer then they know what to do with, same goes for hard drive space, having a tightly integrated web browser / file browser doesn't make sense, and it has been a source of Microsoft's security problems.

Yes, you will still be able to type a web address in the file explorer in Vista and have a web page display . While explorer and internet explorer are no longer integrated, Vista will transparently switch between the applications and maintain the same window view.

I am sure that I.E. components will still be launched at system startup, to give Microsoft and edge over 3rd party browsers for quick browser launching, but by removing the integration with the file explorer, this will definitely be a welcomed change that should offer better security in the long run, which Microsoft desperitely needs.

So this explains the delay?

[Billly+Gates]

Microsoft mentioned it was due to security designs in Vista.

I doubt though that something so integrated into windows explorer can be seperated and reprogrammed into a seperate application within the extra 2 months.

Its alot of work not to mention may break many applications. For example cdroms that use autoplay sometimes display html and javascript in the windows explorer menu in a seperate pane. I suppose you could reprogram windows explorer to just call an IE7.dll to display it.

But Microsoft was found guilty of merging IE into a million libraries so third party apps would not function without IE and infact required it. Even a command prompt program that uses strings requires IE as a result.

Thank god I am not on the windows development team.

So in other words...

[moochfish]

So in other words, now that they've won the browser wars at the expense of OS security, they'll unbundle it now.

Damnit

[hackstraw]

It was so much nicer here in hell before it froze over.

Re:Great! Now to get Konqueror!

[Doctor+Crumb]

You are correct in noting that Konq is entirely userspace, which is why they can make it browse whatever they want it to. If you don't like it, you can use Nautilus or firefox or midnight commander or any number of other things. This is only a big deal for IE/Explorer because it is tied to the OS, and because it is really your only choice for many things.

As for how tightly tied konqueror is to itself, that's pretty much moot. Much of Konqueror's capabilities are provided by kioslaves, which are another layer entirely, and could theoretically be used by other apps. *Shrug*

Uninstall

[Locarius]

Microsoft has decided that when IE7 comes out with Vista it will no longer be a component of Windows Explorer

Yes! I can finally completely uninstall it from my system!

Actually, I'll just stick to my Mac.

Re:Is ActiveX gone too?

[Hal_Porter]

I think so -

http://www.microsoft.com/windows/ie/ie7/featuretab le.mspx

Disables nearly all pre-installed ActiveX controls to prevent potentially vulnerable controls from being exposed to attack. You can easily enable or disable ActiveX controls as needed through the Information Bar and the Add-on Manager.

From here
http://forum.pcstats.com/showthread.php?t=35534

The beta of Internet Explorer 7 is neat to play with but it has one quirky feature where it does not allow users to install unsigned Active X controls. Unfortunately since it's still beta, virtually all Active X addons (like Shockwave, Flash) are unsigned which means they cannot be installed by default. Trying to do so causes IE 7 to spit out an error message.
Not all is lost however, if you load up the Internet Options (Tools -> Internet Options...), click the "Security" tab and in Internet security settings click the Custom Level... utton. In the "ActiveX Controls and plugins" section, find the "Download unsigned ActiveX Controls" option and change it from "Disable" to "Prompt". After that's done click the OK button and you're set!

He he, "one quirky feature". Way to miss the point. Note that you can disable Download Signed ActiveX controls too, or make at least make it prompt you.

There's a best practices document here
http://msdn.microsoft.com/library/default.asp?url= /library/en-us/IETechCol/cols/dnexpie/activex_secu rity.asp?frame=true

I think the basic problem is that they still want to avoid breaking websites that rely on ActiveX as much as possible. You can see lots of stuff in that document which means that some ActiveX controls will still automatically on a webpage. If anyone develops and exploit for them and you run it on XP as an admin, you have a problem. Of course, if the user knows what they are doing they can make it secure, but the default setting is more geared to compatibility than security.

FTP Evidence

[beavt8r]

I installed IE7 (let me explain) and the FTP functionality in it is just like directory listings like Firefox has. I use IE for ftp just so I have the ease of a Windows Explorer-like interface for FTP. So I can't do that with IE7. But, if I open windows explorer or any folder, I can put an FTP address in that address bar and it works just like IE6 with the explorer interface. Unintentionally, I found out when I installed that it kept it separate. Interesting...

Bout Friggin Time

[Foofoobar]

Gee, how long did it take them to figure out what people knew from the beginning? Security and IT professionals have flogged this as a major security risk from day 1.

All I can say is that now that they have done this, I'm beginning to believe that they want to build a decent and secure product for their customers.

it already has

[minus_273]

I downloaed the IE7 beta 2 for XP yesterday and you can see that explorer is no longer tied at all to the web browser. Going to slashdot.org in an explorer window starts the default browser now.

Glad to hear it

[Bertie]

Just the other day I went to open an HTML page I'd made in IE7, to check that it rendered properly. After fumbling around for a few minutes wondering where they'd hidden the menu bar (yeah, clever one, Microsoft, give your most-used program a UI that flies in the face of 20 years of convention, and don't tell anybody you need to hit the ALT key to bring it up, that'll go down a treat with Joe User), I selected "open", browsed to the file... ...And IE7 opened the page in Firefox, my default browser!

Clever, eh?

Re:Great! Now to get Konqueror!

[prisoner-of-enigma]

The problem with MS's version was that the whole freaking system crashed if IE crashed.

This isn't entirely correct. EXPLORER.EXE, which is tied in with IE and is largely responsible for the GUI, can be crashed by IE. This mucks up the GUI to the point where the system is apparently hung. However, the NTOSKRNL.EXE almost never gets faulted by these kinds of crashes and, in reality, continues to run even though the interface is completely hosed. This is analogous to crashing XWindows in Unix in the sense that X can be completely hung but system processes underneath it continue to function normally. The difference is that a Ctrl-Alt-Bksp will kill X and give you a command prompt, whereas Windows has no such option. There has been talk in the past of Microsoft releasing a command-line version of Windows Server (i.e. the GUI is optional), but AFAIK, that's just been talk with no real action.

Note that crashes that do fully lock up a Windows box are almost always caused by faulty drivers, usually video drivers because these run in kernel space. Linux is just as susceptible to faulty drivers as Windows is. I've had a number of servers up and croak with a KERNEL PANIC because of a faulty RAID driver. Dodgy hardware, poor cooling, overclocking, etc. also locks up boxes but this isn't a Windows-only phenomenon by any means.