IE7 Released As High-Priority Update

jimbojw writes, "Internet Explorer 7 was finally released this morning and is available via automatic update or download from Microsoft." And an anonymous reader notes stats on IE7 and FF2 downloads, adding: "Looks like FF2 is already outnumbering FF 1.5, while IE7 is having a hard time to find followers. Will today's release as a high-priority, force-fed update fix this issue?" The sans.org stats site will be updated throughout the day, so perhaps we'll get an indication.

I heard Michael Howard talking about this one

[Beryllium+Sphere(tm)]

Microsoft says they've taken steps aimed at the root causes of IE security problems, as in doing a real redesign.

It's not exactly sandboxed, but it has to ask permission from a "request broker" before changing anything in the rest of the system, and the request broker is smaller, more auditable, and not handling malicious input all the time. Troublesome features like installing Browser Help Objects are off by default.

If we're lucky this could be like IIS 6. If we're not lucky, it should still be better than the malware installation engine everyone's running now.

Don't expect your friends and relatives to report fewer malware installations, though. The bad guys will just shift to a different infection vector if IE7 lives up to its promises.