IE8 Released As Critical Update For XP
Binestar was one of several readers writing in to note that Microsoft is listing IE8 as a critical update to Windows XP. CNet reported a couple of weeks back that Microsoft would be rolling our IE8 to users in a gradual fashion, and requiring an opt-in before installing it. Opinion has been split as to whether IE8 is worth installing or not. Binestar notes delicately, "For those not interested in upgrading to IE8 at this time, the MSDN released information back in January on how to keep IE8 off your machine."
I use Firefox as my default browser. Should I care what version of IE is on my (XP) system?
So this means that more of the browser market will be standards compliant?
Does anyone know if this is still in effect?
http://www.sitepoint.com/blogs/2009/02/19/ie8-standards-mode-opt-in/
http://blogs.msdn.com/ie/archive/2008/12/03/compatibility-view-improvements-to-come-in-ie8.aspx
Does this seem like a way for Microsoft to require people to mark their pages as "standards compliant" in a Microsoft-specified syntax?
It seems like IE8 users would click the compatibility mode button not because they think the site should render better in IE7, but because it doesn't look right. Won't this populate Microsoft's "render as IE7" list with sites that are just poorly rendered in IE8? Surely this can't be what's going on. It'd be a train wreck in progress. Any good, standards-compliant pages IE8 can't render very well get rendered even more poorly unless you put MS markup in them?
Can't be.
My guess is that MS are engaged in some kind of gambit to pollute the existing DOCTYPE standard somehow, by requiring browser-specifying markup, but it's not clear to me exactly how. Well, IE8 is here. We'll see what happens.
You haven't been paying attention to the way Microsoft works, have you? This has been typical for .... ummm .... as far as I can remember. Ship first, patch later and frequently.
Erm. Then you haven't been paying attention to the way Microsoft have worked for the past 5-6 years, have you? They have seriously pulled themselves together since the code red, nimda and initial IE6 days. I know that it's a popular myth that Microsoft software is swiss cheese, but security analysts are starting to point at Microsoft SDL (Secure Development Lifecycle) as an example on how to do it. Independent analysts, i.e. IBM, researching vulnerability reports, have for the past 3 years pointed out how Windows XP and Windows Vista are actually the operating systems hit with the fewest vulnerabilities (but still most exploits).
Looking at vulnerability stats at secunia shows that Microsoft QC have improved drastically across their entire product portfolio:
On the whole Microsoft seems to do pretty well and considerably better than their competitors in all of the above areas. And no, Microsoft does not hide vulnerabilities. They may delay publication in a responsible disclosure, but any MS admin will tell you that they are very specific about each vuln in their patch bulletins. Microsoft cannot slip a "fix" through, as they have to provide enough information for admins to take a decision whether to block or allow a given patch based on security against stability (like in fewer changes). And Microsoft does not patch "frequently". They patch 12 times a year + emergency patches. This schedule has in general been well received by admins and several other vendors are now following the same schedule.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
>Looking at vulnerability stats at secunia shows that Microsoft QC have improved drastically across their entire product portfolio:
You have to read these with caution, though. Microsoft has been trying to get the vulnerability count down, and one way of doing this is merging several vulnerabilities into one. It looks good on paper, but it does not make the product any more secure.
That being said, the recent product certainly show improvements. They absolutely beat Java and Acrobat, when it comes to security. I think the comparison with Firefox may be uneven, though, because the Firefox guys class just about anything as a potential security issue, just to be on the safe side.