Slashdot Mirror
IE8 Released As Critical Update For XP
Binestar was one of several readers writing in to note that Microsoft is listing IE8 as a critical update to Windows XP. CNet reported a couple of weeks back that Microsoft would be rolling our IE8 to users in a gradual fashion, and requiring an opt-in before installing it. Opinion has been split as to whether IE8 is worth installing or not. Binestar notes delicately, "For those not interested in upgrading to IE8 at this time, the MSDN released information back in January on how to keep IE8 off your machine."
...the better!
I use Firefox as my default browser. Should I care what version of IE is on my (XP) system?
Seeing as how IE is integrated into the OS, having a vulnerable, outdated browser can be a problem. Like when you use windows update.
Need more useless stuff to read on teh internetz?
How is microsoft abandoning patching IE6 any different than Mozilla abandoning patches for Firefox 2?
Seriously.
IE6 has some root code that is insecure and patching is merely chasing the tail of the dragon when it comes to security exploits.
So abandoning it, and moving users to an inherently more secure browser that also happens to be more inline with modern browser standards is a good move, not a bad one.
Software companies (all of them) abandon old code for new code all the time, and when they do, they stop issueing security updates and patches for the old code.
It's common, and happens all the time.
It's good news because it will help kill IE6, which has serious CSS rendering problems and doesn't support PNG24 graphics.
As of today, IE6 still has significant market penetration. My guess is that corporate users keep that number high.
Step into a huge movement. Don't Tread In Me.
shouldn't they patch the version XP shipped with instead?
They did. The patch is called "IE8".
Normally I'm opposed to Microsoft pushing out feature updates as compulsory (versus security fixes and bug patches), however, in this particular case I'd have to say this is a good move. The benefits are many and the negatives few.
IE might have a bad reputation, and not at all unfairly much of the time, but no matter how much you hate IE, IE8 brings a lot to the table; even if what it brings is long overdue. Improved security, much better standards support, and even some genuine innovative features.
The debate can rage on about the ethics and legality of bundling the browser with and integrating it into the OS, but the reality is this is the case, and the security benefits alone make the upgrade sensible in my view.
However, the upgrade should be done in the background and in no way alter any preferences. Provided no configuration settings the user has set are changed (in particular, default browser), then the background benefits are gained, and the user can check out IE8 at their leisure if they wish, or ignore it completely.
Oh, and finally, this helps to kill off IE6, which really does need to FOAD.
How is microsoft abandoning patching IE6 any different than Mozilla abandoning patches for Firefox 2?
Firefox 2 wasn't forced down our throats as a supposedly integral part of the operating system. If IE6 was a critical part of the operating system, shouldn't it get critical updates for the life of the operating system? Shouldn't corporate customers who bought in with the promise that they'd have a stable platform for however many years actually be able to use that platform, with all its knotholes, for that long?
Not that I mind seeing it go, but it kind of acknowledges the emperor's lack of clothes.
You need to relearn the difference between full disclosure and responsible disclosure, know that MS doesn't even follow RD guidelines, then go and rewrite your post. You can't compare numbers of vulns when one of the projects doesn't disclose them.
"They may delay publication in a responsible disclosure ...." Yes. They delay it until a patch is available or a vulnerability is in the wild.
Put identity in the browser.