IE7 Separated from Windows Explorer

An anonymous reader writes "Security experts warned Microsoft 10 years ago that putting IE as a component of Windows Explorer was a bad idea, looks like Microsoft finally decided to listen to the advice. According to a short write up in Business Week, Microsoft has decided that when IE7 comes out with Vista it will no longer be a component of Windows Explorer and will be able to replace IE6 even on XP machines."

Replace IE6 on XP machines?

[LiquidCoooled]

Surely they mean outwordly replace IE 6 like Firefox etc do, whilst keeping IE 6 tied into the XP system?

I wonder what would happen if you decided to remove IE 7 after installing it. Or will they "upgrade" it like they do with DirectX and Media Player (ie one way upgrades only, essentially no rolling back).

They are talking about Click to activate ActiveX controls as being a security benefit thats been added for the user - I thought it was because of losing the patent dispute?

ps, the guy talking sounds like Farnsworth, its worth listening just for that!

Re:Replace IE6 on XP machines?

[Krach42]

They are talking about Click to activate ActiveX controls as being a security benefit thats been added for the user - I thought it was because of losing the patent dispute?

Companies do this stupid stuff all the time. It's called "Spin".

Banks were marketting the instant scan of checks to customers as a security feature. "See your checks online right away, to be able to spot fraud easier!" In truth? With the instant scans of the checks, "check float" has been removed, and a big issue that banks had with some illegal behavior that most people thought were ok, is gone.

Heck, sometimes it comes to down right lies. I worked for a certain ISP signing people up for service, and if we were having computer problems, like a crash or something, we were told to tell customers that we were "upgrading" our system to provide "better customer service in the future". Which of course is a lie, because the network just sucked and was slow as crap, and the computer would crash and reboot all the time.

I don't believe any "feature" anymore as of Java, which marketed things like "architecture neutral", when I realized, it wasn't "architecture neutral" it was just designed to be an easily emulated architecture.

Welcome news

[From+A+Far+Away+Land]

I had heard initially that IE7 wasn't going to be available for Windows 2000, and assumed that meant it wasn't going to be for XP either. If it works on XP, what would stop it from running on 2000 other than a Microsoft desire to cripple it so that people have one more reason they must leave 2000 which still works fine for most tasks [as long as it's well patched]?

Re:Welcome news

[offput]

Windows 2000 is no longer in the windows labelled "mainstream support" so the less they have to deal with it the better for their support teams. On IEBlog, they also cite specifically why it can work for WinXP and not Win2K. It's because of the security upgrades done to XP in service pack 2 which they claim are not easily back-ported into 2K.

Lied to the EU?

[Manip]

Didn't Microsoft engineers claim, in court, to the EU that they couldn't remove Internet Explorer from the Operating System without breaking it?

Interesting seeing as Microsoft are now suddenly able to seperate the two (in reference to Windows XP, not Windows Vista).

Re:Lied to the EU?

[mtenhagen]

That did not apply to windows xp but to windows 95 and me.

Maybe it could be done but this is the reason it will only be done for xp. On the other hand, having seen some of microsofts products it doesnt suprise me that a web browser which executes remote code (activex) is part of the os.

Re:Lied to the EU?

[FatRatBastard]

Technically they were correct. Think of it as if BMW rerouted the ignition circiut to make sure it passed through the car stereo. Technically, removing the stereo could render the car useless. Its a stupid design decision unless you're trying to monopolize the market in car stereos.

Re:Lied to the EU?

[dtfinch]

You can't completely remove IE without breaking things. A lot of third party programs use IE to display html, or use HTML Help (.chm) files. Without IE, Windows would have trouble running many of the programs Wine has trouble with (unless IE is installed).

Sad

[Eightyford]

Another divorce. Why can't Americans just stay together for the kids?

Re:Sad

[eclectro]

Why can't Americans just stay together for the kids?

Because this marriage produces a kid every other day that has three eyes or extra limbs??

Okay, but...

[babbling]

Will Windows Explorer still be able to function as a web browser once IE7 has been installed separately on XP?

I imagine a lot of users are quite used to typing webaddress.com into Windows Explorer, now. I suppose that should respond by launching the user's default browser with the command line argument webaddress.com, but is that what it will do, or will WinExplore still function as a browser?

Finally!

[noamsml]

Next thing you'll know, maybe they'll realize that running executables out of the browser is a bad idea, and that an arbitrary execution flaw on CD insertion is NOT a feature.

Great! Now to get Konqueror!

[Kelson]

I'm sure I'm about to burn karma with this... but in KDE, Konqueror acts as both web browser and file manager. At least it's entirely userspace, but does anyone know how closely the file managing and web browsing aspects of Konqueror are tied?

IE7 is on the Rebound

[digitaldc]

Did you hear IE7 Separated from Windows Explorer?

Yes, I also heard she is now dating some new guy Winslow Vista.

meh

[popeguilty]

Will anyone who isn't currently using MSIE6 use MSIE7 on this news?

Good news

[TheSkepticalOptimist]

IE was integrated because the same kind of display used to show files and directories could be used to display web content, and it made sense to integrate the same technology in order to save on system resources.

Today, with people having more horsepower in their computer then they know what to do with, same goes for hard drive space, having a tightly integrated web browser / file browser doesn't make sense, and it has been a source of Microsoft's security problems.

Yes, you will still be able to type a web address in the file explorer in Vista and have a web page display . While explorer and internet explorer are no longer integrated, Vista will transparently switch between the applications and maintain the same window view.

I am sure that I.E. components will still be launched at system startup, to give Microsoft and edge over 3rd party browsers for quick browser launching, but by removing the integration with the file explorer, this will definitely be a welcomed change that should offer better security in the long run, which Microsoft desperitely needs.

So this explains the delay?

[Billly+Gates]

Microsoft mentioned it was due to security designs in Vista.

I doubt though that something so integrated into windows explorer can be seperated and reprogrammed into a seperate application within the extra 2 months.

Its alot of work not to mention may break many applications. For example cdroms that use autoplay sometimes display html and javascript in the windows explorer menu in a seperate pane. I suppose you could reprogram windows explorer to just call an IE7.dll to display it.

But Microsoft was found guilty of merging IE into a million libraries so third party apps would not function without IE and infact required it. Even a command prompt program that uses strings requires IE as a result.

Thank god I am not on the windows development team.

Damnit

[hackstraw]

It was so much nicer here in hell before it froze over.

Re:Is ActiveX gone too?

[Hal_Porter]

I think so -

http://www.microsoft.com/windows/ie/ie7/featuretab le.mspx

Disables nearly all pre-installed ActiveX controls to prevent potentially vulnerable controls from being exposed to attack. You can easily enable or disable ActiveX controls as needed through the Information Bar and the Add-on Manager.

From here
http://forum.pcstats.com/showthread.php?t=35534

The beta of Internet Explorer 7 is neat to play with but it has one quirky feature where it does not allow users to install unsigned Active X controls. Unfortunately since it's still beta, virtually all Active X addons (like Shockwave, Flash) are unsigned which means they cannot be installed by default. Trying to do so causes IE 7 to spit out an error message.
Not all is lost however, if you load up the Internet Options (Tools -> Internet Options...), click the "Security" tab and in Internet security settings click the Custom Level... utton. In the "ActiveX Controls and plugins" section, find the "Download unsigned ActiveX Controls" option and change it from "Disable" to "Prompt". After that's done click the OK button and you're set!

He he, "one quirky feature". Way to miss the point. Note that you can disable Download Signed ActiveX controls too, or make at least make it prompt you.

There's a best practices document here
http://msdn.microsoft.com/library/default.asp?url= /library/en-us/IETechCol/cols/dnexpie/activex_secu rity.asp?frame=true

I think the basic problem is that they still want to avoid breaking websites that rely on ActiveX as much as possible. You can see lots of stuff in that document which means that some ActiveX controls will still automatically on a webpage. If anyone develops and exploit for them and you run it on XP as an admin, you have a problem. Of course, if the user knows what they are doing they can make it secure, but the default setting is more geared to compatibility than security.

FTP Evidence

[beavt8r]

I installed IE7 (let me explain) and the FTP functionality in it is just like directory listings like Firefox has. I use IE for ftp just so I have the ease of a Windows Explorer-like interface for FTP. So I can't do that with IE7. But, if I open windows explorer or any folder, I can put an FTP address in that address bar and it works just like IE6 with the explorer interface. Unintentionally, I found out when I installed that it kept it separate. Interesting...

Re:Great! Now to get Konqueror!

[prisoner-of-enigma]

The problem with MS's version was that the whole freaking system crashed if IE crashed.

This isn't entirely correct. EXPLORER.EXE, which is tied in with IE and is largely responsible for the GUI, can be crashed by IE. This mucks up the GUI to the point where the system is apparently hung. However, the NTOSKRNL.EXE almost never gets faulted by these kinds of crashes and, in reality, continues to run even though the interface is completely hosed. This is analogous to crashing XWindows in Unix in the sense that X can be completely hung but system processes underneath it continue to function normally. The difference is that a Ctrl-Alt-Bksp will kill X and give you a command prompt, whereas Windows has no such option. There has been talk in the past of Microsoft releasing a command-line version of Windows Server (i.e. the GUI is optional), but AFAIK, that's just been talk with no real action.

Note that crashes that do fully lock up a Windows box are almost always caused by faulty drivers, usually video drivers because these run in kernel space. Linux is just as susceptible to faulty drivers as Windows is. I've had a number of servers up and croak with a KERNEL PANIC because of a faulty RAID driver. Dodgy hardware, poor cooling, overclocking, etc. also locks up boxes but this isn't a Windows-only phenomenon by any means.