Tabbed IE Coming?

[Boogahz]

Microsoft Internet Explorer 7.0 Details Begin to Leak
By Mary Jo Foley, Microsoft Watch
March 15, 2005


Since it first revealed a month ago that it was pulling a U-turn by releasing a new version of Internet Explorer independent of Longhorn, Microsoft has been unwilling to share many particulars about its forthcoming browser.

Will Internet Explorer 7.0 have tabs? Will it comply with the CSS (Cascading Style Sheet) 2.0 standard? Exactly how will it make browsing more secure? Will it ship in 2005?

Microsoft's answers? No comment.

Microsoft has shared publicly that IE 7.0 will be focused primarily on improving security.

Company officials said recently that Microsoft plans to make IE 7.0 available to Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows XP Professional x64 users. A first beta of IE 7.0 is due out this summer.

But Microsoft is sharing quite a few more specifics about IE 7.0 privately with key partners, claim sources who requested anonymity.

Sources say that IE 7.0–which is code-named "Rincon," they hear–will be a tabbed browser.

IE 7.0 will feature IDN (international domain name) support; transparent PNG (Portable Network Graphics) support, which will allow for the display of overlaid images in the browser; and new functionality that will simplify printing from inside IE 7.0, partner sources said. The new browser also likely will include a built-in news aggregator.

(Coincidentally, or perhaps not, MSN just began testing a new Microsoft-developed RSS aggregator.)

Among the myriad security enhancements Microsoft is expecting to include in IE 7.0, according to partner sources:


Reduced-privilege mode becomes the default;
No cross-domain scripting and/or scripting access;
Improved SSL (Secure Sockets Layer) user interface;
Possible integration between IE 7.0 and Microsoft's Windows anti-spyware service, which currently is in beta.

[Ebumar]

So basically it's avant browser?

[Sionistic]

I still dont see whats the big deal about tabbed browsing.

[Aslanna]

tabbed browsing. If you don't like it hey that's ok too.

[miir]

Not surprising.

MS has always taken the best features of other software and incorporated them into it's own.

[Kelshara]

IE!

Firefox 4Life, yo!

[Winnow]

IE!

[Lohrno]

I use IE when I have to now...I only recently made the switch after among other things my browser got exposed to about every exploit known to man...

[Winnow]

BAHAHAHAHAHAHAHA!

Firefox Unleashes Spyware
Author: Andrew

It looks like the Prophets have been found correct and the age of Firefox Spyware is upon us. While the current Java Scheme requires user intervention, this is how it started on IE. Users were given Pop-up window choices to install a "necessary" program, choosing "Yes" would install the Spyware. I can hear the cyber cries now, as Firefox followers commit mass suicide, their beloved browser infallible no more.

"In a flurry of remote downloads, numerous changes to the registry took place and a sizeable amount of IE specific installs began downloading. Amongst the assortment was DyFuCA, Internet Optimizer, ISTsvc, Kapabout, sais (180 Solutions), SideFind, Avenue Media and something called djtopr1150.exe lurking in the Temp folder."


Double Standard

Is there a Double Standard for Internet Explorer? Of course there is. The Firefox community will quickly dismiss this sort of exploit. It will be considered not important because it requires user interaction. Yet these same exploits found in Internet Explorer have been fiercely criticized by the Firefox community and used as a reason to switch away from IE. This is also why recommending Firefox, as a Spyware solution is very dangerous. Installing and using Firefox does not clean or prevent your system from being infected with Spyware. The parasites can still exist in memory, robbing your system of resources, killing performance and causing application crashes.


Pop-ups

The infallible Firefox is currently being plagued with Pop-under advertisements that are displayed when you minimize or close Firefox. These are related to the Flash Plug-in. It turns out that Firefox does have the ability to block these but it was disabled by default.

"Well, we shipped 1.0 with the capability to block these pop-ups and pop-unders but we didn't enable it because we were concerned about breaking legitimate uses"

This is an excuse for "We could not write it good enough to not break legitimate uses."

[noel]

Fully patched Firefox is no more or less secure than fully patched IE. Anyone that says otherwise is a fucking idiot.

They're both software. Both can be overcome with social engineering. They both have weaknesses. The major difference between the two is the number of users IE has, and the number of hackers that are targetting IE. Feel free to blindly believe that Firefox is better, than IE. In truth, it is, but why it's better has nothing to do with security. It has to do with support for Internet standards (such as CSS). Firefox has better support for them, and IE doesn't.

Sadly, there are still many web sites that write shitty code, or have some bullshit that requires IE.

[Xouqoa]

The main reason I use Firefox at the moment is the tabbed browsing. Anyone with three quarters of a brain can avoid spyware, imo.

[Kelshara]

I ran 6 months of Firefox without running ad-aware or any other spyware/virus scanner on a computer to see what I ended up with. Then ran scans and didn't find anything. Nada.

Ran 1 week of IE the same way and had more tracking cookies and other crap than I can remember.

My personal (note: Personal, as in my own) experience is that Firefox keeps a lot of crap away from my computers. Not to mention it seems a hell of a lot faster, tabbed browsing etc it will take a LOT to make me go back to IE.

[noel]

If you were running XP-SP2 IE, I find that hard to believe.

I'll say it again, if you believe that Firefox is more secure, you're an idiot (or uninformed). It is very simply less targetted. However, if you'd like, I'd be more than happy to post the security advisories regarding Firefox that have become more and more frequent since the browser began to increase in popularity.

I'm not suggesting that anyone go back to IE. I'm simply suggesting that people remain informed about issues pertinent to browser security, and that they treat every piece of software on their PC as a potential risk.

[Kelshara]

Nah was before SP2. And the fact that it is less targeted makes it more secure. You made the best argument for using Firefox yourself.

[noel]

Security through obscurity is not security.

Feel free to research that.

[Kelshara]

I disagree. When you have two softwares doing the same thing (and I might add one slightly better than the other.. Firefox is faster) and one is likely to be attacked and the other is not.. then it brings YOU more security than Joe Bloe down the road.

Really not that hard of a concept. Both patched up and used with intelligence are reasonably safe. One is more likely to be attacked, that gives the other an edge.

[noel]

You believe that, but you're wrong.

If you don't believe me, look at EVERY single article in the following link:
http://www.google.com/search?hl=en&q=%2 ... gle+Search

For the record, this message was posted in Firefox.

On a Mac Mini.

[Kelshara]

We're not talking servers or high-end software here. We are talking cheap-ass minor exploits of a web browser. Sorry, I'll stand by my choice and my argument and plenty of others (so-called experts) support it as well.

And frankly, I don't give a shit what you think

Many software manufacturers hide bugs that impair the security of programs, or even entire operating systems, without knowing whether some outsider has already found and exploited these bugs. The only proper course for a software manufacturer is to issue a software update as soon as possible after a problem is found, and to inform all customers that the update must be installed to correct an existing security problem.

That quote describes Microsoft perfectly, and they are hardly obscure.

One exception to the above are Open Source operating systems such as Linux and FreeBSD, and cryptography programs such as GNU Privacy Guard. Because the developers of these systems publish all of their source code for others to read, they can't rely on security through obscurity. The publication of source code actually improves security because the program or operating system can be peer-reviewed by anyone who cares to read it. Many security bugs that are overlooked in other operating systems have been caught and repaired in Linux, because of its extensive peer-review process.

Hey looky, supports my argument for Firefox!

Btw, in my "security by obscurity" argument I looked at it more like Linux vs Microsoft etc. Linux is hardly obscure, but it is definitely LESS used than Windows. Hence why I would argue it is "obscure" in comparison. I agree that a completely no-name product would be a bad idea.

[noel]

I'm wasting my time here. Firefox will protect you from everything, you have nothing to be worried about.

[Kelshara]

Do you even read posts before you cut and paste your typical replies?

[noel]

I absolutely read your post. I always read your posts. I even started to throw together a reply. Problem is, I realized halfway through linking shit off of securityfocus.org, slashdot.org and a few other websites to prove my point. I just decided it wasn't worth the time.

Here's a hint. Any piece of software, including the vaunted Linux operating system, is only as secure as the person using it. What the hell do I know though. I just do this for a living.

[Tenuvil]

Any piece of software, including the vaunted Linux operating system, is only as secure as the person using it.

Truest fuckin thing I've ever seen on these forums.

[Kelshara]

Here's a hint. Any piece of software, including the vaunted Linux operating system, is only as secure as the person using it. What the hell do I know though. I just do this for a living.

Makes two of us. And even though what you say is 100% true, an informed person using a better software would be ranked above an informed person using lesser software, hum?

I admited I used "obscure" wrong in the beginning. I will admit it again. Sue me for that if you want, frankly I don't care. That said, we unfortunately run Win2K/Win2K3 (with XP desktops) at work running IE heh. My boss is a MS whore.

[Fash]

my work is IE only, and have permissions locked down tight...

but not tight enough, as i brought in a copy of PortableFirefox on a USB flash drive

[archeiron]

I would be happier if they said that they were going to fix their handling of the CSS box model, add full CSS lvl 2 support, add mouse gestures and tabbed browsing, support native PNG alpha transparency, and implement the first native support for XForms of a mainstream browser, but I doubt that most of that will see the light of day in 7.0.

[noel]

I would be happier if they said that they were going to fix their handling of the CSS box model, add full CSS lvl 2 support, add mouse gestures and tabbed browsing, support native PNG alpha transparency, and implement the first native support for XForms of a mainstream browser, but I doubt that most of that will see the light of day in 7.0.

Seconded.

Sucks they're totally off the 'supporting standards' bandwagon again.

[Hoarmurath]

Any piece of software, including the vaunted Linux operating system, is only as secure as the person using it.

<a href="http://it.slashdot.org/comments.pl?sid= ... 866659">OS X is invulnerable to all attacks, because it's made of magic.
</a>

Favorite Slashdot quote evar!

[Winnow]

Awwwww

For the fourth time in three months, major security flaws in the upstart Firefox Web browser have pushed volunteers at the Mozilla Foundation into damage-control mode.

Mozilla's public acknowledgement of the vulnerabilities includes a chilling warning that an attacker could combine the flaws to execute malicious code without user interaction.

The vulnerabilities have been confirmed in Firefox 1.0.3. The Mozilla Suite is only "partially vulnerable" to the bugs, according to the Foundation.

Firefox users are urged to disable JavaScript immediately as a temporary workaround. Additionally, Mozilla recommends that the browser's software installation feature be disabled. This can be done by unchecking the "Allow web sites to install software" box, which can be found by selecting Options on the Tools menu and then Web Features.

IE

[noel]

OMFG THAT'S IMPOSSIBLE!

Firefox is made from the best stuff on earth!!11! (or was that Snapple?)

There's also a memory leak for those that care.

I'm shocked and awed that since Firefox has built up a relatively large user base, flaws are starting to be discovered. Of course the real key is, how fast can the Mozilla foundation react to these flaws. It's fairly safe to assume that all pieces of software have flaws (security or otherwise). What makes one product better than another is how fast the developers react to these flaws.

Poster's Note: Sarcastic green was used for your convenience in case your browser's sarcasm filter is turned on.

[Fash]

the mozilla foundation can respond quicker than microsoft... and they do it for free.

firefox... considering all i do is check the vault, drudge, and my email.. it's very secure for my uses...

noel's a wanker

[Aabidano]

How did I moss this thread the first time around

One is more likely to be attacked, that gives the other an edge.

Well that and one doesn't have hooks into nearly every aspect of a largely undocumented and poorly structured OS...

Any piece of software, ... is only as secure as the person using it.

Unless you go the route my company did on one of our security products, strip it to the bones. It's hard to exploit something that don't exist and can't be added. Even if you physically take it apart, there's nothing useful once you power it off. Close to 10 years with 0 exploits or vulnerabilities (so far). Inferno OS

[Boogahz]

the mozilla foundation can respond quicker than microsoft... and they do it for free.

That's funny, I have never been charged anything for fixes to IE.

[archeiron]

the mozilla foundation can respond quicker than microsoft... and they do it for free.

That's funny, I have never been charged anything for fixes to IE.

I believe the comment was suggesting that Microsoft employees get paid for their fixes whereas (some) Mozilla foundation developers are working for free in their spare time.

[Hoarmurath]

And the updated Firefox is already available.

[Winnow]

And the updated Firefox is already available.

And those paid Microsoft employees are already looking for ways to break it again.

OK, maybe not for another week as they'll be distracted by the Xbox 360 announcement today.

[*~*stragi*~*]

if you love IE so much why don't you marry it!

[Zaelath]

And the updated Firefox is already available.

And those paid Microsoft employees are already looking for ways to break it again.

OK, maybe not for another week as they'll be distracted by the Xbox 360 announcement today.

You make that sound sarcastic.. but there certainly was at least one MS employee that did nothing but find issues with Netscape on the bugtraq list.

[Winnow]

And the updated Firefox is already available.

And those paid Microsoft employees are already looking for ways to break it again.

OK, maybe not for another week as they'll be distracted by the Xbox 360 announcement today.

You make that sound sarcastic.. but there certainly was at least one MS employee that did nothing but find issues with Netscape on the bugtraq list.

I'd hope that MS was trying to find ways to crash Firefox. A little pissant browser being "secure" just because not enough people use it needs to be made an example of so ignorant users understand that it's not because IE is necessarily that bad, it's because so many people use it that it gets abused by hackers and that any browser will run into issues if enough people use it.

If Firefox wants market share...hellooooo, you're getting some security holes as well as hacking it becomes more worthwhile. I'd be lining up the security holes discovered and releasing them monthly upon firefox users if I was MS. Business is war bitches!

[Zaelath]

At least Mozilla didn't invent ActiveX

Firefox is undeniably more secure from a programmatic standpoint, not purely its obscurity.

Sure, people who proselytise any application as invulnerable are bound to come unstuck, but you're still better off w/ Firefox than IE.

And nothing stops phishing!

[Fash]

phishing is so old!

Bill1ngA0L>> Hello, This is A0L billing. Please reply for with your credit card information to confirm the billing. Failure to do will suspend your account. Thanks, A0L Billing

[Aabidano]

At least Mozilla didn't invent ActiveX

And that's a whole bunch of points in their favor right there.

M$ java is the definition of crap as well. The additions they made were composed of "features" Sun intentionally left out because they were insecure.

[Boogahz]

Can you even get MS java anymore? I seem to remember having to go get Sun's Java downloads when I got XP.

[miir]

Can you even get MS java anymore? I seem to remember having to go get Sun's Java downloads when I got XP.

Not for over 2 years now.

There are sites around with the MS JVM but it's not available from MS.