Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE 8 To Include New Security Tools

Posted by ryuzaki0 on from the hopefully-half-of-them-work dept.

Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."

16 of 177 comments (clear)

  1. Better security for ActiveX controls by sakdoctor · · Score: 5, Insightful

    Or scrap ActiveX controls?

    1. Re:Better security for ActiveX controls by Tweenk · · Score: 4, Insightful

      ActiveX is a critical technology in (South) Korea - you can't do any online banking, online shopping, etc. without ActiveX support. MS can't drop ActiveX or it would lose the Korean market.

      --
      Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
    2. Re:Better security for ActiveX controls by Anonymous Coward · · Score: 5, Insightful

      > MS can't drop ActiveX or it would lose the Korean market.

      Lose it to whom? There aren't any other ActiveX providers, so if MS dropped ActiveX, South Korea would have no choice but to use whatever MS would provide as replacement.

    3. Re:Better security for ActiveX controls by JebusIsLord · · Score: 4, Insightful

      ActiveX is the only thing keeping large businesses TIED to IE. The last thing MS would do is scrap them. And to be honest, within a corporate intranet (where users don't have the rights to install activex controls), ActiveX is a pretty solid technology.

      --
      Jeremy
    4. Re:Better security for ActiveX controls by Anonymous Coward · · Score: 1, Insightful

      Cause Korea doesn't have anti-trust laws? The problem is thus: There was a window between the Mosaic project winding down and closing up shop and the plethera of what became opensource browsers and standards. In that window, Microsoft was inventing the standards very quickly and with little consideration. Well in exactly the way the free-market had been doing a good job since Adam Smith's time. But the problem is that kind of thing isn't particularly helpful at a networking technology, be it roads/railroads/POTS/or lolcat infused intarwebz.

      That has created a world of multiple standards which have unintended and undesirable consequences, but none-the-less have a tremendous amount of invested capital behind them. You might as well advocate the taking of an axe to any machine (or host of a virtualized machine) running legacy COBOL code. It's just not always convienent to rebuild the world from scratch, even if it's a GLOB of 1's and 0's.

      The money isn't there to run two platforms sidebyside into the future, elegantly and mercifully letting the legacy cudgles fade away. The downtime for a do-over is so comically idiotic that standards zealots even speak to the idea at all is practically an indictment of their whole position. So we'll get to enjoy the interaction of a million (million-million?) poorly considered decisions for decades to come.

    5. Re:Better security for ActiveX controls by IntlHarvester · · Score: 3, Insightful

      It isn't.

      But yet every single modern browser has a way of running 3rd party binary 'plug-ins' or 'add-on' because its too damn useful. Therefore the only real distinction here between browsers that support ActiveX and browsers that don't is marketing.

      --
      Business. Numbers. Money. People. Computer World.
    6. Re:Better security for ActiveX controls by IntlHarvester · · Score: 5, Insightful

      Actually, I'm not. If you look at that Firefox plug-in I linked above, it uses a site whitelist which makes it considerably more secure than IE. Just because IE has/had poor ActiveX security doesn't mean another browser would have the same policies.

      Look at the posts in this thread. Everyone's convinced that "ActiveX==BAD" while they probably have 50 Firefox add-ins and plug-ins installed. They're the basically the same damn thing, so I'll maintain this is almost entirely a perception issue (which exists for valid, but historical reasons).

      --
      Business. Numbers. Money. People. Computer World.
    7. Re:Better security for ActiveX controls by Daimaou · · Score: 3, Insightful

      Or maybe South Korea could pull their collective head out and stop supporting lock-in and using crap technologies.

  2. Good by willyhill · · Score: 1, Insightful

    I think the IE7 solution to ActiveX sandboxing was well done. It's still a problem, but a lesser one I guess. I always thought that was the most serious issue with IE.

    It just feels like it's taking forever to make IE a good browser. All those years in a stagnant pond where the order of the day was fighting little fires instead of improving the product beget Firefox, and now Microsoft is really feeling the heat. Competition is good, but Microsoft seems to still be moving at a glacial pace.

    --
    The twitter monologues. Click on my homepage and be amazed.
  3. Re:Was I the only one to misread the title? by kjart · · Score: 5, Insightful

    Was I the only one to misread the title as: "IE 8 To Include New Security Holes" ?

    That's true for almost everything new. As complexity rises, so does the chance of a problem, and browsers are surprisingly complex nowadays.

  4. Sandbox javascript, flash etc ... by BlueParrot · · Score: 3, Insightful

    There isn't any good reason why the javascript engine should run with the same privileges as the browser, and there certainly isn't any good reason why plugins like flash should have as many privileges as they do. Sandboxing those bits should help a lot.

  5. Re:Let me guess... by lostmongoose · · Score: 3, Insightful

    As bad as they've been about IE security in the past, they're actually trying this time.

    Because they say they are, right? They've said that it'll be more secure than before everytime they've done this and nothing really changes.

  6. Re:This is a simple job by Your.Master · · Score: 2, Insightful

    Right, because only nimrod programmers have bugs in their software.

  7. I thought the same. Microsoft need to learn! by QJimbo · · Score: 2, Insightful

    Annoying the user seems like a running pattern with anything Microsoft try and make secure.

    Windows Live messenger: "This file was a security risk and has been removed", User: "BUT IT WAS AN MP3?!?!"

    Windows Vista: *download program* IE7: "Are you sure you want to download?" *click yes... wait...* "File downloaded" *click Run* IE7: "Are you sure you want to run this file?" *click yes* Vista Access Control: "This file is a program and may cause bad things to happen! Are you sure?" User: "ARGH FOR THE THIRD TIME YES I'M SURE"

  8. whatever by Anonymous Coward · · Score: 2, Insightful

    year after year after year after year after year after year after year......

    all we ever hear is how MS is making their next OS/Browser/Apps more secure. Have they ever succeeded? Not once... all I have witnessed is bug patches and more complexity. Its very tiring to hear the same garbage over and over again.... ...and for any site that only runs activex - get with the rest of the world and learn something....

  9. Re:Nope, just the best one to date. by DaedalusHKX · · Score: 4, Insightful

    Technically, if they break the use of the product it is THEM that broke it. For example, if you take a car to a dealership for an oil change, and they break your transmission, the auto company/dealership is NOT immune to a lawsuit because "hey, you got usage out of the transmission".

    In fact, they will have to get you the FULL value of the transmission / replace it with a fully working one. See the whole issue is that a remedy to a broken contract is supposed to set you off AS WELL OR BETTER THAN BEFORE THE DAMAGE WAS INCURRED!

    Pay attention to the caps... there's a reason for them. That was originally the whole point of contracts, fulfillments and remedies in case of broken contracts. Seems that companies that deal in software are permitted to break the product and the client is to blame. Strange that. Nowhere nearly as strange as the fact that you seem to think that such things are perfectly fine. Amazing. Nothing short thereof.

    Not that I care. It was one more reason why I stopped using XP period. Guess what. Unless they give me a copy of Vista FREE, I don't plan to ever go back either. Hell, since I stopped gaming I've had more spare time than I've been able to waste with a conscious effort :)

    --
    " What luck for rulers that men do not think" - Adolf Hitler