Slashdot Mirror
IE 8 To Include New Security Tools
Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."
Or scrap ActiveX controls?
Was I the only one to misread the title as: "IE 8 To Include New Security Holes" ?
An 'Install Firefox' button?
Apple has never claimed not to be evil, they're just very stylish about it.
"Uninstall Internet Explorer 8? Are you sure? Yes/Yes"
Perfect security tool, IMHO.
" What luck for rulers that men do not think" - Adolf Hitler
And more DRM to wade through. Much of Microsoft's current 'security' development is aimed squarely at DRM and protecting the control by businesses, not at protecting users.
In IE7 on Vista, those bits (and everything you do, actually) are sandboxed. It's called protected mode and like everything well-written and intelligible in life, there's a MSDN article. ~~
If you can get to a Vista machine, boot up Internet Explorer 7. In the bottom-right hand corner, you'll see a "Internet|Protected Mode: On." Internet Explorer, and everything launched in/from IE, run under a low "Integrity Level", which means they only have access to the "Temporary Internet Files\Low" folder and "HKEY_CURRENT_USER\Software\LowRegistry" key.
Any file access is transparently redirected from these points: An ActiveX control trying to create "virus.dll" in "c:\windows\system32" will have it actually created "Temporary Internet Files\Low\C\Windows\System32". (Nothing in this folder is executable.)
Open up task manager. (CTRL+SHIFT+ESC) You'll notice an "ieuser.exe" process - should something need more privileges, like you saving a file to your downloads directory, this process will grant that one action regular, non-admin user privileges. Anything system changing has to pass through an "IEinstal.exe" process, which will trigger a UAC prompt.
My understanding is limited to some Vista beta-era documentation and the MSDN article I linked, but they pretty much sandboxed the entire browser with sub-guest-account privileges. It's relies on some new parts of the Vista kernel (you won't see the same sandboxing on IE7 in XP) but it's still pretty nifty, I think.
DATABASE WOW WOW
Actually, you can't with Firefox 3. It will detect a looping script and give you the option of stopping it. If you use NoScript, you can block it entirely.
Maybe you could, but it's never happened to me... even before NoScript came along.
That's the irony about the Web. It started out as a document display technology and eventually morphed into an application platform, taking about 15 years too long and going down too many dead ends on the way. I read somewhere that someone suggested the Web should have simply been X from the start. It surely would have saved them reinventing the wheel a dozen times in the last 20 years, that's for sure.
We've almost come full circle. The browser is _almost_ the OS which runs your applications. In fact, Microsoft's biggest problem was that they hooked the browser directly into the OS (in fact, their problem has always been that they hook everything directly into the OS). ActiveX was just a shortcut to run native code via the Web, and it suffered all the obvious problems from being so. "Hello, world,, run anything you want on my computer. I trust you." Java was better, but it's just too darn bureaucratic. I can't imagine having to actually develop in Java... from everything I've seen it's worse than dealing with the government and insurance companies combined.
So where will it all end up? Starting around 1991, we reverted back some 15 years in UI development and had to go through the 80's again, but in browsers. I figure in another couple years Web apps and native apps will essentially be indistinguishable, especially from the non-techie's point of view. That's not bad except all the good UI standards and conventions developed by Xerox, IBM, Microsoft, Apple backed with decades of research have been almost completely abandoned. I can't even imagine what the average computer experience will be like in 10 years, but if the past 20 is an example, some things will advance more than I could have ever guessed and others will barely change, and it will still take an expert to solve all but the most basic problems.
The term "bleeding edge" was a play on the term "leading edge" but at the rate things change, there is no more "leading edge" any more. With Vista and recent releases of OSX, the "bleeding edge" is the mainstream, and we've come to not only not be surprised that systems aren't even remotely complete when shipped, in fact, we expect a "dot oh" product to be essentially a late alpha. I don't recall what product it was, but it was a "release candidate" and at the same time the release notes said in effect, "but we haven't documented all the features yet because we don't have a firm list of what will be included". That's not a "release candidate" by any definition... not even Microsoft's. That's an alpha release, by the original definitions. But these days (and Google is a perfect example, even though many of their products are very good), most software never really gets out of "beta" any more. There are Google products that were literally labelled "beta" for years. It's always possible there was some legal reason for this, but the idea of a "test version" vs. a "release version" barely exists any more. Often the only distinction is the size of the group of users who have access to it. Microsoft does this, even though they still pretend to adhere to the gigantic monolithic release after years of development apparently because that's the only way they can justify charging people for the same old crap, but shinier and slower. I think the Ubuntu concept works well. They seem to have an attitude of "We'll take what we've got and make sure it installs and works together" every six months. Each release isn't always a huge change, that depends on the state of things like Gnome, KDE or the Linux kernel or who knows what, but this "evolutionary release cycle", where each subsequent upgrade is relatively small, seems to work a whole lot better than Microsoft's "revolutionary release cycle" where it's a major IT undertaking that is so massive most companies these days would rather not bother.
Hmmm... I seem that have digressed a bit.
You are in a maze of twisty little passages, all alike.