Microsoft's Head of Security and Privacy in the UK has told TechRadar that people who jump ship from Internet Explorer after the recent spate of bad headlines risk ending up on a less secure browser.
With France and Germany both advising a move away from Internet Explorer, things are far from rosy for Microsoft's browser, and although the vulnerability has only been used against IE6, the company has not ruled out that something similar could be used against the later versions.
With Microsoft not prepared to give details of how soon a fix will be released, and advising people to leave the appalling IE6 and its successor for the latest version – IE8 – Microsoft's UK security chief Cliff Evans insists that a non-Microsoft browser is the worse option.
Less secure
"The net effect of switching [from IE] is that you will end up on less secure browser," insisted Evans.
"The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.
"There are broader risks and issues with other browsers."
Not representing
Evans believes that the coverage attached to the problem – which was namechecked by Google as it changed its China policy – is "not representing the situation".
"If you were to ask me 'what's the most secure browser?' I would say Internet Explorer 8 – we're talking about a single vulnerability," he added.
"The reality of the risk is minimal, even if you have IE6; you would have to go to a website running the exploit."
PR disaster
The whole Google IE flaw issue is clearly a PR disaster for Microsoft, with Evans conceding that this particular problem is not likely to afflict IE's rivals.
"I'm not aware that the vulnerability exists in other products," says Evans, "But those products may have other vulnerabilities."
Asked directly when a fix would be ready, Evans states that the rollout might or might not be before the normal upgrade cycle, but has no further details.
"We are working to provide an update to the vulnerability. We are not seeing any attacks on IE8."
In the meantime, the company will be hoping that the knee-jerk reaction of France and Germany is not mirrored elsewhere.
четверг, 18 ноября 2010 г.
Microsoft issues 10 security patches, including three 'critical' ones
Microsoft released 10 security bulletins today -- three rated "critical," and the remainder rated "important" on the company's severity rating scale. Six of the bulletins address vulnerabilities that Microsoft says could be reliably exploited, including two of the three critical bulletins.
Today's release affects all of Microsoft's Windows operating systems, Internet Explorer, Microsoft Office, Internet Information Services (IIS) and the .NET Framework.
Eight of the 10 bulletins address client-side vulnerabilities, which can be exploited only if a user initiates an action such as visiting a malicious website or opening a malformed document. The other two vulnerabilities can be exploited against Web servers or client applications without any interaction with the end user.
Today's release affects all of Microsoft's Windows operating systems, Internet Explorer, Microsoft Office, Internet Information Services (IIS) and the .NET Framework.
Eight of the 10 bulletins address client-side vulnerabilities, which can be exploited only if a user initiates an action such as visiting a malicious website or opening a malformed document. The other two vulnerabilities can be exploited against Web servers or client applications without any interaction with the end user.
вторник, 28 сентября 2010 г.
Internet Explorer 8 Can Be Uninstalled In Latest Windows 7 Build
A complaint of browser developer Opera that Microsoft has undermined competition by integrating its own Internet Explorer with the Windows operating system is currently being investigated by the European Union. If Microsoft is found guilty the company could face hefty fines and be forced to untie Internet Explorer from its next operating system installment Windows 7.
The latest build of the operating system Windows 7 (build 7048) which leaked to the Internet earlier this week apparently contains an option to uninstall Internet Explorer 8. While this uninstallation does not remove the ties of the web browser in the operating system it does remove the Internet Explorer executable from the computer system.
Users should keep in mind that the Internet Explorer rendering engine is being used for various integral parts of the operating system and that it most likely would require a rewrite to untie it completely. It is unclear if the option to uninstall Internet Explorer has been added because of the complaint. It certainly looks that way considering that the option to uninstall Internet Explorer was not available in the beta build of Windows 7.
The real question is if it will be enough to please the European Union. Most end users will probably never make use of this option as it does not make a huge difference for most users. Many experienced users will install an alternative web browser like Firefox or Opera immediately after finishing the installation of the operating system.
Removing only the executable will not have an impact on system performance at all. What’s your take on this? Should Microsoft offer an option to remove Internet Explorer from the Windows operating system?
The latest build of the operating system Windows 7 (build 7048) which leaked to the Internet earlier this week apparently contains an option to uninstall Internet Explorer 8. While this uninstallation does not remove the ties of the web browser in the operating system it does remove the Internet Explorer executable from the computer system.
Users should keep in mind that the Internet Explorer rendering engine is being used for various integral parts of the operating system and that it most likely would require a rewrite to untie it completely. It is unclear if the option to uninstall Internet Explorer has been added because of the complaint. It certainly looks that way considering that the option to uninstall Internet Explorer was not available in the beta build of Windows 7.
The real question is if it will be enough to please the European Union. Most end users will probably never make use of this option as it does not make a huge difference for most users. Many experienced users will install an alternative web browser like Firefox or Opera immediately after finishing the installation of the operating system.
Removing only the executable will not have an impact on system performance at all. What’s your take on this? Should Microsoft offer an option to remove Internet Explorer from the Windows operating system?
Govt issues IE security warning
The Federal Government has ramped up warnings about Microsoft's web browser Internet Explorer, which has come under attack from hackers.
The Government is warning that people risk having their computers infiltrated and passwords stolen unless they install temporary fixes from Microsoft or use alternative browsers.
The Government says Microsoft has acknowledged all recent versions of the program are vulnerable.
It also says people should remember to regularly update their security software and change passwords frequently.
The French and German governments have warned internet users in Europe to avoid Microsoft's popular web browser.
The concern follows revelations that hackers used a crack in Internet Explorer to mount an attack on Google and a number of other companies.
Senior lecturer in network engineering at Melbourne's RMIT University, Mark Gregory, says industry and governments are not prepared for the changing threats to cyberspace.
"The digital network is like the wild west. It is unregulated," he said.
"It is being used in ways that it wasn't meant to be used and we need to get organisations, companies and governments ... focused on taking action to make the digital network more secure for the general public."
Bill Caelli, from the Information Security Institute at the Queensland University of Technology, says the Government and regulators must step in to protect internet users.
"How many builders have put smoke detectors in the new homes and houses? How many people have put fences around their pools to protect children?" he said.
"So safety and security has never, ever been market-driven. It's always been driven by regulatory [sic], by society itself, and that's the role of government."
The Government says Microsoft has not solved the security glitch and Australians should use alternative browsers.
Dr Gregory says it is good advice.
"There are other browsers that are available that appear to be being targeted less by the hackers and by these organisations than what Internet Explorer is being targeted," he said.
"I don't think there was any inference in what they said that Internet Explorer was any more deficient in terms of security than any of the other browsers, just that it was being targeted more.
"On that basis you'd have to argue that if security was a principal concern then using another browser would be wise until the incidence is reduced."
Editor's note (19 January 2010): This story has been amended to reflect the fact that web users can install temporary fixes from Microsoft to reduce their risk.
The Government is warning that people risk having their computers infiltrated and passwords stolen unless they install temporary fixes from Microsoft or use alternative browsers.
The Government says Microsoft has acknowledged all recent versions of the program are vulnerable.
It also says people should remember to regularly update their security software and change passwords frequently.
The French and German governments have warned internet users in Europe to avoid Microsoft's popular web browser.
The concern follows revelations that hackers used a crack in Internet Explorer to mount an attack on Google and a number of other companies.
Senior lecturer in network engineering at Melbourne's RMIT University, Mark Gregory, says industry and governments are not prepared for the changing threats to cyberspace.
"The digital network is like the wild west. It is unregulated," he said.
"It is being used in ways that it wasn't meant to be used and we need to get organisations, companies and governments ... focused on taking action to make the digital network more secure for the general public."
Bill Caelli, from the Information Security Institute at the Queensland University of Technology, says the Government and regulators must step in to protect internet users.
"How many builders have put smoke detectors in the new homes and houses? How many people have put fences around their pools to protect children?" he said.
"So safety and security has never, ever been market-driven. It's always been driven by regulatory [sic], by society itself, and that's the role of government."
The Government says Microsoft has not solved the security glitch and Australians should use alternative browsers.
Dr Gregory says it is good advice.
"There are other browsers that are available that appear to be being targeted less by the hackers and by these organisations than what Internet Explorer is being targeted," he said.
"I don't think there was any inference in what they said that Internet Explorer was any more deficient in terms of security than any of the other browsers, just that it was being targeted more.
"On that basis you'd have to argue that if security was a principal concern then using another browser would be wise until the incidence is reduced."
Editor's note (19 January 2010): This story has been amended to reflect the fact that web users can install temporary fixes from Microsoft to reduce their risk.
понедельник, 13 сентября 2010 г.
Serious security flaw found in IE
Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
It's a shame Microsoft have not been able to fix this more quickly
Darien Graham-Smith
PC Pro magazine
Q&A: Stay safe online
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
It's a shame Microsoft have not been able to fix this more quickly
Darien Graham-Smith
PC Pro magazine
Q&A: Stay safe online
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
French Government calls on internet users to abandon Internet Explorer
* France, Germany dump Internet Explorer
* Australians 'should upgrade or switch'
* Microsoft says hackers only hit IE6
* Google attack an "inside job"
AUSTRALIANS have been advised against using Microsoft's Internet Explorer (IE) because of a security threat.
Local web users have been advised to install security patches or switch browsers, while two countries - France and Germany - have now issued warnings against all versions of Microsoft's browser.
Germany warned users Friday after a malicious code - implicated in recent attacks on Google - was published online, and now Certa, a French Government agency that oversees cyber threats, has warned against using all recent versions of the web browser.
While the Google attacks were designed to exploit Internet Explorer 6, Microsoft has released a security advisory for Internet Explorer 6, 7 and 8.
Microsoft said it has only seen a "very limited number of targeted attacks against a small subset of corporations".
"The attacks that we have seen to date are only effective against Internet Explorer 6."
"We are not seeing any widespread attacks and thus far we are not seeing attacks focused on consumers."
The company recommended users upgrade to Internet Explorer 8 - which is technically still vulnerable - and anyone using older versions of Windows XP to upgrade to Service Pack 3.
It is still working on a permanent solution.
Australian alerts
An alert from the Australian Government website staysmartonline.gov.au suggests users try Microsoft's temporary fixes or consider an alternate browser.
But Paul Ducklin, Asia Pacific head of technology at Sophos, says "all browsers have vulnerabilities".
"Even though it's true that IE is exploited more than any other browser, you don't achieve security simply by switching."
"That's security through obscurity, which is merely false security."
"Good security means defence in depth, and in a well-defended network a single unpatched vulnerability in your browser shouldn't really be enough for the bad guys to get in."
Dr Mark Gregory, internet security expert at RMIT University, says any panic rush to another browser would not help protect users.
"Microsoft Internet Explorer is no worse than any other browser, they all have the same inherent flaws in them so a mass panic rush wouldn't do anything other than giving the hackers a new target," he said.
"Microsoft products are no more susceptible to hacking than other products, but because they are the largest they are often the target."
George Kurtz, worldwide chief technology officer of security firm McAfee, said on his blog last week that the Google attack was a fresh threat.
"All I can say is wow. The world has changed," Mr Kurtz said.
"Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats."
"In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value."
What can you do?
- Download an alternate browser: Mozilla Firefox, Apple Safari, or Google Chrome are the main alternatives.
- Upgrade from IE6: Internet Explorer 8 is technically still vulnerable, but Microsoft has not advised of any exploits in the wild.
- Upgrade your browser's security: Tips from US security agency CERT.
- Follow Government advice: Online alerts from Stay Smart Online.
* Australians 'should upgrade or switch'
* Microsoft says hackers only hit IE6
* Google attack an "inside job"
AUSTRALIANS have been advised against using Microsoft's Internet Explorer (IE) because of a security threat.
Local web users have been advised to install security patches or switch browsers, while two countries - France and Germany - have now issued warnings against all versions of Microsoft's browser.
Germany warned users Friday after a malicious code - implicated in recent attacks on Google - was published online, and now Certa, a French Government agency that oversees cyber threats, has warned against using all recent versions of the web browser.
While the Google attacks were designed to exploit Internet Explorer 6, Microsoft has released a security advisory for Internet Explorer 6, 7 and 8.
Microsoft said it has only seen a "very limited number of targeted attacks against a small subset of corporations".
"The attacks that we have seen to date are only effective against Internet Explorer 6."
"We are not seeing any widespread attacks and thus far we are not seeing attacks focused on consumers."
The company recommended users upgrade to Internet Explorer 8 - which is technically still vulnerable - and anyone using older versions of Windows XP to upgrade to Service Pack 3.
It is still working on a permanent solution.
Australian alerts
An alert from the Australian Government website staysmartonline.gov.au suggests users try Microsoft's temporary fixes or consider an alternate browser.
But Paul Ducklin, Asia Pacific head of technology at Sophos, says "all browsers have vulnerabilities".
"Even though it's true that IE is exploited more than any other browser, you don't achieve security simply by switching."
"That's security through obscurity, which is merely false security."
"Good security means defence in depth, and in a well-defended network a single unpatched vulnerability in your browser shouldn't really be enough for the bad guys to get in."
Dr Mark Gregory, internet security expert at RMIT University, says any panic rush to another browser would not help protect users.
"Microsoft Internet Explorer is no worse than any other browser, they all have the same inherent flaws in them so a mass panic rush wouldn't do anything other than giving the hackers a new target," he said.
"Microsoft products are no more susceptible to hacking than other products, but because they are the largest they are often the target."
George Kurtz, worldwide chief technology officer of security firm McAfee, said on his blog last week that the Google attack was a fresh threat.
"All I can say is wow. The world has changed," Mr Kurtz said.
"Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats."
"In addition to worrying about Eastern European cybercriminals trying to siphon off credit card databases, you have to focus on protecting all of your core intellectual property, private nonfinancial customer information and anything else of intangible value."
What can you do?
- Download an alternate browser: Mozilla Firefox, Apple Safari, or Google Chrome are the main alternatives.
- Upgrade from IE6: Internet Explorer 8 is technically still vulnerable, but Microsoft has not advised of any exploits in the wild.
- Upgrade your browser's security: Tips from US security agency CERT.
- Follow Government advice: Online alerts from Stay Smart Online.
понедельник, 30 августа 2010 г.
IE9 will tell just how agile Microsoft really is
Whenever the conversation turns to browsers lately, the question comes up: Can Microsoft be agile enough? Sure, what they’re showing off in the IE9 platform previews now is interesting, but it’s unfinished. Microsoft is planning to release an IE9 beta on September 15, but how long will it take for that beta to turn into a final product? And how quickly before the competition leapfrogs it?
Those doubts are understandable. Over the years, Microsoft hasn’t exactly developed a reputation for swift, sure software development. But how does their performance compare with rival software developers? I went back and looked at the record, counting the number of days between major releases for IE, Firefox, Google Chrome, and Safari. Here’s what the results look like, in chart form (click to see the full version in its own window):
I had to make a couple assumptions for this chart. I assumed that the final release of Internet Explorer would be on March 30, 2011, roughly six months after the beta and around the time of Microsoft’s MIX conference. I think that’s a reasonable period of time for the full beta cycle to complete. (By way of comparison, Microsoft went from beta to RTM of Windows 7 in less time than that.) Performance on the IE9 development effort has been very steady, with new releases every 6-8 weeks. So it can certainly be done. I also gave Mozilla credit for its Beta 2 release of Firefox 4 in July. Even with that largesse, they’ve still taken an unusually long time between major releases.
It’s hard to fully gauge what Microsoft is capable of doing based on past performance. Every single version of Internet Explorer up till now has been tied to a new release of Windows, which explains the enormous gap between IE6 (Windows XP, 2001) and IE7 (Vista, 2006). Clearly, Microsoft realizes that three years might be a reasonable gap between Windows releases, but it’s far too big a gap between browser updates. So what is the right number? In his keynote address at MIX06, Bill Gates was fairly blunt:
The browser we need to be unbelievably agile with. I don’t know if [the proper release cycle is] nine months or 12 months or what it is, but it’s much more like that than what we’ve done for these last three years.
Based on recent performance, Microsoft is a long ways from being able to deliver a new browser every year. Ironically, Apple is there already, releasing Safari 5 364 days after Safari 4. And Google is working at twice that speed, releasing Chrome 5 almost exactly six months after its predecessor. That’s understandable, given Chrome’s minimal user interface.
Picking the right release cycle is a tremendous balancing act for Microsoft, one in which they have to accommodate the demands of conservative corporate customers (who want to avoid upgrades except when absolutely required) and big-spending, trend-setting early adopters, who crave change.
The big question is whether IE9 represents a true break from the past for Microsoft. From a standards point of view, that’s certainly true, and its development effort also suggests a tempo that it hasn’t come close to in the past. Maybe after IE9 is complete, Microsoft will finally be able to pick up the pace, with the engine evolving along with the W3C’s HTML5 specifications. If that’s the case, an annual browser update could be the norm, with Internet Explorer 10 ready in early 2012, in time to be included with Windows 8.
Those doubts are understandable. Over the years, Microsoft hasn’t exactly developed a reputation for swift, sure software development. But how does their performance compare with rival software developers? I went back and looked at the record, counting the number of days between major releases for IE, Firefox, Google Chrome, and Safari. Here’s what the results look like, in chart form (click to see the full version in its own window):
I had to make a couple assumptions for this chart. I assumed that the final release of Internet Explorer would be on March 30, 2011, roughly six months after the beta and around the time of Microsoft’s MIX conference. I think that’s a reasonable period of time for the full beta cycle to complete. (By way of comparison, Microsoft went from beta to RTM of Windows 7 in less time than that.) Performance on the IE9 development effort has been very steady, with new releases every 6-8 weeks. So it can certainly be done. I also gave Mozilla credit for its Beta 2 release of Firefox 4 in July. Even with that largesse, they’ve still taken an unusually long time between major releases.
It’s hard to fully gauge what Microsoft is capable of doing based on past performance. Every single version of Internet Explorer up till now has been tied to a new release of Windows, which explains the enormous gap between IE6 (Windows XP, 2001) and IE7 (Vista, 2006). Clearly, Microsoft realizes that three years might be a reasonable gap between Windows releases, but it’s far too big a gap between browser updates. So what is the right number? In his keynote address at MIX06, Bill Gates was fairly blunt:
The browser we need to be unbelievably agile with. I don’t know if [the proper release cycle is] nine months or 12 months or what it is, but it’s much more like that than what we’ve done for these last three years.
Based on recent performance, Microsoft is a long ways from being able to deliver a new browser every year. Ironically, Apple is there already, releasing Safari 5 364 days after Safari 4. And Google is working at twice that speed, releasing Chrome 5 almost exactly six months after its predecessor. That’s understandable, given Chrome’s minimal user interface.
Picking the right release cycle is a tremendous balancing act for Microsoft, one in which they have to accommodate the demands of conservative corporate customers (who want to avoid upgrades except when absolutely required) and big-spending, trend-setting early adopters, who crave change.
The big question is whether IE9 represents a true break from the past for Microsoft. From a standards point of view, that’s certainly true, and its development effort also suggests a tempo that it hasn’t come close to in the past. Maybe after IE9 is complete, Microsoft will finally be able to pick up the pace, with the engine evolving along with the W3C’s HTML5 specifications. If that’s the case, an annual browser update could be the norm, with Internet Explorer 10 ready in early 2012, in time to be included with Windows 8.
IE9 fails to excite me
Despite the preview platform releases, and a beta that’s supposed to land on September 15th, I just can’t seem to muster up any excitement over Microsoft’s upcoming Internet Explorer 9.
Sure, I’ve downloaded the previews, and had a look at the demos that Microsoft has showcased, but even this leaves me feeling a little cold. Compare this to IE4, released back during the heady days of Dynamic HTML, when Internet Explorer seemed fresh and exciting and the browser that everyone (in my opinion) should have been running.
So what’s changed?
Well, several things. First, while IE4 was a developer and user’s paradise, Microsoft dropped the ball when it came to IE5, dropped the ball again with IE6, left IE6 festering about for way too long, and then dropped the ball again with IE8. Then came better browsers, such as Firefox, Opera and Chrome. Heck, even Safari makes IE seem like a mess in terms of plain old usability, and I say this as someone who dislikes Safari which a passion.
With IE9, Microsoft seems to be going back to the good old days of IE4 and putting a lot of emphasis on cool stuff that developers can do, and mixing this in with lashings of high-performance. But the more I play with the platform preview and the associated demos, the more disheartened I become, and the more convinced I am that Microsoft is still floundering. Sure, the ‘Softies have gone back to the formula of appealing to developers, something which that helped it beat Netscape and ward off the competition for years. But the problem with that tactic is that it’s old and belongs in a different era. The web now has expanded way beyond the desktop/notebook ecosystem and onto countless devices large and small. While those cool demos that Microsoft has put together for the preview platform seem to work well in IE9, they’re awful when viewed on other browsers, and simply don’t work on mobile devices. If the purpose of these demos is to encourage developers to leverage the power of IE9, that will mean frustration for those not using IE.
What Microsoft is doing is trying to rekindle the browser wars of days gone by, recruit developers as cannon fodder, and create a situation where end users are caught in the middle, facing a web that only works well on a certain kind of platform - Microsoft’s platform. Sure, other browsers will grow and adapt, but it will take time, and will likely be painful …
… if developers take an interest in leveraging this new power, that is.
The problem facing IE9 is getting people excited about another new browser. Fast browsers offering great performance are now commonplace, as is the compact, simple user interface and intuitive favorites/history/downloads mechanisms. Unless IE9 offers more to the end user than greater performance and a re-jigged user interface, then it will end up relying once again on being the default Windows browser, and having to watch its market share erode away.
Sure, I’ve downloaded the previews, and had a look at the demos that Microsoft has showcased, but even this leaves me feeling a little cold. Compare this to IE4, released back during the heady days of Dynamic HTML, when Internet Explorer seemed fresh and exciting and the browser that everyone (in my opinion) should have been running.
So what’s changed?
Well, several things. First, while IE4 was a developer and user’s paradise, Microsoft dropped the ball when it came to IE5, dropped the ball again with IE6, left IE6 festering about for way too long, and then dropped the ball again with IE8. Then came better browsers, such as Firefox, Opera and Chrome. Heck, even Safari makes IE seem like a mess in terms of plain old usability, and I say this as someone who dislikes Safari which a passion.
With IE9, Microsoft seems to be going back to the good old days of IE4 and putting a lot of emphasis on cool stuff that developers can do, and mixing this in with lashings of high-performance. But the more I play with the platform preview and the associated demos, the more disheartened I become, and the more convinced I am that Microsoft is still floundering. Sure, the ‘Softies have gone back to the formula of appealing to developers, something which that helped it beat Netscape and ward off the competition for years. But the problem with that tactic is that it’s old and belongs in a different era. The web now has expanded way beyond the desktop/notebook ecosystem and onto countless devices large and small. While those cool demos that Microsoft has put together for the preview platform seem to work well in IE9, they’re awful when viewed on other browsers, and simply don’t work on mobile devices. If the purpose of these demos is to encourage developers to leverage the power of IE9, that will mean frustration for those not using IE.
What Microsoft is doing is trying to rekindle the browser wars of days gone by, recruit developers as cannon fodder, and create a situation where end users are caught in the middle, facing a web that only works well on a certain kind of platform - Microsoft’s platform. Sure, other browsers will grow and adapt, but it will take time, and will likely be painful …
… if developers take an interest in leveraging this new power, that is.
The problem facing IE9 is getting people excited about another new browser. Fast browsers offering great performance are now commonplace, as is the compact, simple user interface and intuitive favorites/history/downloads mechanisms. Unless IE9 offers more to the end user than greater performance and a re-jigged user interface, then it will end up relying once again on being the default Windows browser, and having to watch its market share erode away.
Internet Explorer - 15 years old
The software giant launched the first version of the browser internet explorer 1 on August 16, 1995. It was a revised version of Spyglass Mosaic, which Microsoft had licensed from Spyglass Inc. The first version came with Microsoft Plus! for Windows 95 and the original equipment manufacturer release of Windows 95.
Here’s a timeline for the different versions of Internet Explorer:
* IE2: November 22, 1995
* IE3: August 13, 1996
* IE4: September 1997
* IE5: March 18, 1999
* IE6: August 27, 2001
* IE7: October 18, 2006
* IE8: March 19, 2009
It was IE3 that really propelled the browser into popularity, and usage share continued to grow to a peak in 2004, from which point it has been in devline ever since.
Here’s a timeline for the different versions of Internet Explorer:
* IE2: November 22, 1995
* IE3: August 13, 1996
* IE4: September 1997
* IE5: March 18, 1999
* IE6: August 27, 2001
* IE7: October 18, 2006
* IE8: March 19, 2009
It was IE3 that really propelled the browser into popularity, and usage share continued to grow to a peak in 2004, from which point it has been in devline ever since.
Internet Explorer through the years
Internet Explorer has evolved quite a bit over its 15 year history.
In a story, timeline and photo gallery CNET talks a look back at where IE has been and where it is headed as the company prepares to release a beta of IE9 next month.
Is this Microsoft's new Internet Explorer 9 interface?
Microsoft has delivered four developer previews of Internet Explorer (IE) 9 so far, but has yet to show off the new interface for its next-generation browser. That is expected to happen on September 15, during Microsoft’s beta launch event in San Francisco.
But maybe users won’t have to wait until then to get a glimpse of what’s coming. Microsoft Russia’s press site, on August 25, posted information and a photo that seem to be connected to the coming IE 9 beta. (The site has since pulled their post, but I grabbed the information and screen shot in the nick of time.)
The screen shot (above) shows a navigation bar and fewer controls. There’s a back button, a combined URL - search box at the top. And that’s pretty much it. I don’t see menu items like “Favorites” or “Suggested Sites” or “Get More Add-Ons” (but maybe they’re still in there, somehow).
I ran the text of the Russian site’s IE 9 posting through the Bing Translator. Other than turning a couple of the references from IE 9 to IE 8 (and IE 7, in one case), Bing did a good job.
The Microsoft Russia site said there will be a new, simplified navigation bar with IE 9 that will leave “more room for the (Web) site itself.” There will be some navigation tools for commonly used functions — things like a back button and a combined address/search bar. But the numerous menu items in older versions of IE have “been consolidated into one,” the site said. “Now the user sees only what you need to navigate.”
The Russian Microsoft site said that there will be provisions for “recognized,” or “protected,” sites which will allow users to go straight from the Windows taskbar to these sites without having to open IE first. In other words, recognized, protected sites will be treated more like traditional Windows applications.
Bing translated the instructions for doing this as “(C)lick the pins in the address bar or click the site in a new tab and drag it to the taskbar. That’s all. If the site is pinned, it displays an icon that is separate from the Internet Explorer. Now from the website you are just one click.”
(It sounds like this might be a feature accessible by Windows 7 users only, though I am not sure.)
The Russian site also mentioned “tear-off tabs” — a capability that will build on Windows’s Aero Snap feature. Snap allows users to more easily look at two pages, side-by-side by “snapping” them to the sides of their PC screen. Firefox and Safari both already include tear-off tabs, allowing users to select tabbed items and turn them into separate windows.
Here’s the description of the tear-off tabs from the Russian site, as translated by Bing:
“Often a task must open several Web pages or screens. Advanced tabs in combination with Windows Aero Snap is a quick way to display two or two-page spread. To do this, simply drag the page in different screen and will appear next to each other. Reproduction of content sites and video are not violated.”
I’ve asked Microsoft for comment on the information posted and removed from the Microsoft Russia site. I will add any comments I get to this post. Update: Not very useful, but here’s the official statement, from a Microsoft spokesperson: “Microsoft is encouraged by the early enthusiasm around Internet Explorer 9; we have nothing further to share about Internet Explorer 9 at this time.”
Microsoft officials first discussed plans for IE 9 in March 2010. IE 9 will be more compliant with the emerging HTML5, CSS3 and SVG2 standards and will include a new JavaScript engine (code-named “Chakra”). It will take advantage of PC hardware to accelerate graphics performance. IE 9 will work on Vista and Windows 7, but not Windows XP.
Company officials have not been willing to pinpoint a due-date target for IE 9, but many of us company watchers are thinking it will be in 2011
What do you think of the direction Microsoft may be taking — if this information is accurate — with the user interface for IE 9?
But maybe users won’t have to wait until then to get a glimpse of what’s coming. Microsoft Russia’s press site, on August 25, posted information and a photo that seem to be connected to the coming IE 9 beta. (The site has since pulled their post, but I grabbed the information and screen shot in the nick of time.)
The screen shot (above) shows a navigation bar and fewer controls. There’s a back button, a combined URL - search box at the top. And that’s pretty much it. I don’t see menu items like “Favorites” or “Suggested Sites” or “Get More Add-Ons” (but maybe they’re still in there, somehow).
I ran the text of the Russian site’s IE 9 posting through the Bing Translator. Other than turning a couple of the references from IE 9 to IE 8 (and IE 7, in one case), Bing did a good job.
The Microsoft Russia site said there will be a new, simplified navigation bar with IE 9 that will leave “more room for the (Web) site itself.” There will be some navigation tools for commonly used functions — things like a back button and a combined address/search bar. But the numerous menu items in older versions of IE have “been consolidated into one,” the site said. “Now the user sees only what you need to navigate.”
The Russian Microsoft site said that there will be provisions for “recognized,” or “protected,” sites which will allow users to go straight from the Windows taskbar to these sites without having to open IE first. In other words, recognized, protected sites will be treated more like traditional Windows applications.
Bing translated the instructions for doing this as “(C)lick the pins in the address bar or click the site in a new tab and drag it to the taskbar. That’s all. If the site is pinned, it displays an icon that is separate from the Internet Explorer. Now from the website you are just one click.”
(It sounds like this might be a feature accessible by Windows 7 users only, though I am not sure.)
The Russian site also mentioned “tear-off tabs” — a capability that will build on Windows’s Aero Snap feature. Snap allows users to more easily look at two pages, side-by-side by “snapping” them to the sides of their PC screen. Firefox and Safari both already include tear-off tabs, allowing users to select tabbed items and turn them into separate windows.
Here’s the description of the tear-off tabs from the Russian site, as translated by Bing:
“Often a task must open several Web pages or screens. Advanced tabs in combination with Windows Aero Snap is a quick way to display two or two-page spread. To do this, simply drag the page in different screen and will appear next to each other. Reproduction of content sites and video are not violated.”
I’ve asked Microsoft for comment on the information posted and removed from the Microsoft Russia site. I will add any comments I get to this post. Update: Not very useful, but here’s the official statement, from a Microsoft spokesperson: “Microsoft is encouraged by the early enthusiasm around Internet Explorer 9; we have nothing further to share about Internet Explorer 9 at this time.”
Microsoft officials first discussed plans for IE 9 in March 2010. IE 9 will be more compliant with the emerging HTML5, CSS3 and SVG2 standards and will include a new JavaScript engine (code-named “Chakra”). It will take advantage of PC hardware to accelerate graphics performance. IE 9 will work on Vista and Windows 7, but not Windows XP.
Company officials have not been willing to pinpoint a due-date target for IE 9, but many of us company watchers are thinking it will be in 2011
What do you think of the direction Microsoft may be taking — if this information is accurate — with the user interface for IE 9?
Internet News German government warns citizens off IE Read more: http://www.techradar.com/news/internet/german-government-warns-citizens-off-ie-6641
"Don't use IE 6, 7 or 8 and switch browser," says Federal Office
The German government's Federal Office for Information Security is warning computer users in the country NOT to use Microsoft Internet Explorer due to recent security scares.
The state organisation has issued the warning following Microsoft's admission that IE was a 'vector' in the recent attacks on Google in China.
The German government is thus advising its citizens to use alternative browsers such as Mozilla's Firefox, Google Chrome, Apple Safari or Opera.
Assessing the risk
For its part, Microsoft is adamant that the risk to users remains low, with German rep for the company, Thomas Baumgaertner, a spokesman for Microsoft in Germany, claiming that the recent attacks on Google were by "highly motivated people with a very specific agenda" and adding that they were "not attacks against general users or consumers."
"There is no threat to the general user, consequently we do not support this warning," said the Microsoft rep.
Microsoft is advising IE users to set their browser's security zone to "high" although other security experts, such as Sophos' Graham Cluley of anti-virus firm Sophos, have stressed the importance of the fact that the instructions on how to exploit the flaw have been posted online.
"This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," Cluley told the BBC.
"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."
"We've been working to analyse the malware that the Chinese are using. But new versions can always be created," added Cluley, who has also been working closely with Microsoft, "to see if the damage can be mitigated and we are hoping that they will release an emergency patch."
The German government's Federal Office for Information Security is warning computer users in the country NOT to use Microsoft Internet Explorer due to recent security scares.
The state organisation has issued the warning following Microsoft's admission that IE was a 'vector' in the recent attacks on Google in China.
The German government is thus advising its citizens to use alternative browsers such as Mozilla's Firefox, Google Chrome, Apple Safari or Opera.
Assessing the risk
For its part, Microsoft is adamant that the risk to users remains low, with German rep for the company, Thomas Baumgaertner, a spokesman for Microsoft in Germany, claiming that the recent attacks on Google were by "highly motivated people with a very specific agenda" and adding that they were "not attacks against general users or consumers."
"There is no threat to the general user, consequently we do not support this warning," said the Microsoft rep.
Microsoft is advising IE users to set their browser's security zone to "high" although other security experts, such as Sophos' Graham Cluley of anti-virus firm Sophos, have stressed the importance of the fact that the instructions on how to exploit the flaw have been posted online.
"This is a vulnerability that was announced in the last couple of days. Microsoft have no patch yet and the implication is that this is the same one that exploited on the attacks on Google earlier this week," Cluley told the BBC.
"The way to exploit this flaw has now appeared on the internet, so it is quite possible that everyone is now going to have a go."
"We've been working to analyse the malware that the Chinese are using. But new versions can always be created," added Cluley, who has also been working closely with Microsoft, "to see if the damage can be mitigated and we are hoping that they will release an emergency patch."
вторник, 10 августа 2010 г.
IE 9 preview offers tantalizing look at IE's future
The fourth and final developer's preview of Internet Explorer 9 was released on Wednesday, with significant updates to standards compliance and rendering speed, according to Microsoft. Microsoft said in a blog post that the developer's previews had been downloaded more than 2.5 million times, indicating that despite Internet Explorer's plummeting market share over the past few years, developer interest in seeing it improve remains high.
The vast and dramatic improvements made to Internet Explorer 9 are readily apparent, even in this stripped-down preview version. Hardware accelerated HTML5 support is a major and multifaceted component of IE9, allowing for more complex and high-powered audio and video support within the browser.
There's also extensive SVG animation support, although, as Microsoft points out in its blog, the animated SVG standards have yet to be finalized. You can see how these differences affect real-world rendering when you run the IE9 preview's SVG tests in other browsers, since they render imperfectly. Still, Microsoft is forging ahead and appears eager to address standards compliance in IE9, which is a good sign.
Internet Explorer 9's new JavaScript engine is a radical departure from older versions. Microsoft says that IE9's Chakra engine is remarkable for the way that the engine is integrated into the browser, as opposed, the company says, to being "bolted on." Previous versions of the developer's preview had Chakra in the "bolted on" position.
Microsoft says that decreases page load times and offers benchmarks that the company conducted showing the fourth preview of the browser in the top five browsers for the WebKit SunSpider JavaScript test.
The fourth IE9 preview also does better than any previous version of Internet Explorer on the Acid3 test, which compares a number of commonly used Web browsing technologies. The latest IE9 preview scores 95 out of 100, while the current Internet Explorer 8 only scores 83.
Microsoft offers multiple tests that can be accessed from within the preview so users can see how they perform on their own computers. The developer's preview now lets you copy and paste, but here are a few of the more interesting ones. To access them in other browsers, click on the following links: Hamster Dance Revolution and Psychedelic Browsing for testing JavaScript; IE Beatz and Tweet Map for testing hardware acceleration; or IETrade for seeing how the HTML5 canvas tag can be used in IE9. Note that "Hamster Dance Revolution" may induce rage seizures.
Some of these changes, such as the integration of the JavaScript engine, are unique to Internet Explorer. Others, such as the hardware acceleration, bring the browser up to speed with others, or surpass them entirely. The developer previews of Internet Explorer have served a similar purpose to any good pre-beta technology, by building anticipation that the beta will be more or less usable on a daily basis. The actual feature set and user interface that Microsoft builds on top of the engine will determine a significant amount of how people react to the browser, and it's yet to be seen whether Microsoft takes a page from the playbooks of Google and Mozilla and introduce faster revisions.
The vast and dramatic improvements made to Internet Explorer 9 are readily apparent, even in this stripped-down preview version. Hardware accelerated HTML5 support is a major and multifaceted component of IE9, allowing for more complex and high-powered audio and video support within the browser.
There's also extensive SVG animation support, although, as Microsoft points out in its blog, the animated SVG standards have yet to be finalized. You can see how these differences affect real-world rendering when you run the IE9 preview's SVG tests in other browsers, since they render imperfectly. Still, Microsoft is forging ahead and appears eager to address standards compliance in IE9, which is a good sign.
Internet Explorer 9's new JavaScript engine is a radical departure from older versions. Microsoft says that IE9's Chakra engine is remarkable for the way that the engine is integrated into the browser, as opposed, the company says, to being "bolted on." Previous versions of the developer's preview had Chakra in the "bolted on" position.
Microsoft says that decreases page load times and offers benchmarks that the company conducted showing the fourth preview of the browser in the top five browsers for the WebKit SunSpider JavaScript test.
The fourth IE9 preview also does better than any previous version of Internet Explorer on the Acid3 test, which compares a number of commonly used Web browsing technologies. The latest IE9 preview scores 95 out of 100, while the current Internet Explorer 8 only scores 83.
Microsoft offers multiple tests that can be accessed from within the preview so users can see how they perform on their own computers. The developer's preview now lets you copy and paste, but here are a few of the more interesting ones. To access them in other browsers, click on the following links: Hamster Dance Revolution and Psychedelic Browsing for testing JavaScript; IE Beatz and Tweet Map for testing hardware acceleration; or IETrade for seeing how the HTML5 canvas tag can be used in IE9. Note that "Hamster Dance Revolution" may induce rage seizures.
Some of these changes, such as the integration of the JavaScript engine, are unique to Internet Explorer. Others, such as the hardware acceleration, bring the browser up to speed with others, or surpass them entirely. The developer previews of Internet Explorer have served a similar purpose to any good pre-beta technology, by building anticipation that the beta will be more or less usable on a daily basis. The actual feature set and user interface that Microsoft builds on top of the engine will determine a significant amount of how people react to the browser, and it's yet to be seen whether Microsoft takes a page from the playbooks of Google and Mozilla and introduce faster revisions.
Microsoft Internet Explorer Reports JailbreakMe As Unsafe Site
Microsoft Internet Explorer has blocked navigation to JailbreakMe.com warning that it is an unsafe site, according to a tweet by @comex.
Reported Unsafe Website: Navigation Blocked
This website has been reported as unsafe: http://www.jailbreakme.com
We recommend that you do not continue to this website. This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information.
This of course has no effect on jailbreaking your device with MobileSafari but is noteable nonetheless.
Reported Unsafe Website: Navigation Blocked
This website has been reported as unsafe: http://www.jailbreakme.com
We recommend that you do not continue to this website. This website has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information.
This of course has no effect on jailbreaking your device with MobileSafari but is noteable nonetheless.
Chinese Hackers Attacked Google Through Internet Explorer?
If you follow the news even vaguely, then you've heard about Google's announcement that it may exit the Chinese market in response to hacker attacks originating in China that sought to access the private information of human rights advocates. I've argued that whether Google stays or not, such attacks aren't likely to stop. So I don't really see what Google expects to gain from leaving now, as opposed to months or years ago. But today a new wrinkle emerges: the attacks occurred as a result of an unknown flaw in Microsoft Internet Explorer.
Here's the news blurb, via PCWorld:
Microsoft Security Response Center director Mike Reavey said in an e-mailed statement "This afternoon, Microsoft issued Security Advisory 979352 to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer. The company has determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks targeted against Google and other corporate networks."
Am I the only one that finds this an interesting plot twist? Microsoft provided the window through which the Chinese hackers crawled through. A few thoughts about this:
First, what is Google doing using Internet Explorer? Shouldn't it be running its own Google Chrome browser instead? Or at least Mozilla Firefox?
Maybe the excuse here is that it's impossible for a software company like Google to entirely avoid using Internet Explorer. After all, if it wants to produce browser-agnostic software, then it needs to test its systems in all varieties. So it probably can't avoid IE altogether, but I wonder if it's planning to use it even less now, particularly for its external Internet usage unreleated to product testing.
Second, this story is another blow for Internet Explorer. The Google-China spat is big news right now, and this thrusts Microsoft in the center of it. As I mentioned a few months ago, IE is already beginning to give up small chunks of its market share each month to other browsers like Firefox and Chrome. Could this push firms affected by the Chinese attack to also begin exploring other browser alternatives? Will the rest of the Internet-using public take notice?
If Google really wants to live its "don't be evil" mantra, then it might consider starting an antivirus unit of its own, and/or developing its Chrome browser to be virus proof. In my opinion, other than physical violence, there are few things more evil than computer viruses. They plague unsuspecting Internet users and lead to stolen identities, invasions of privacy, stolen property and incredible inconvenience.
I consider computer viruses technological weapons of mass destruction, and the hackers who create them terrorists. As these foreign-based attacks continue to become more common, the U.S. might want to consider putting more of its defense budget towards preventing them. I don't begin to doubt that millions of dollars are lost each year because of virus attacks. Eventually that tally will reach the billions, if it hasn't already.
Here's the news blurb, via PCWorld:
Microsoft Security Response Center director Mike Reavey said in an e-mailed statement "This afternoon, Microsoft issued Security Advisory 979352 to help customers mitigate a Remote Code Execution (RCE) vulnerability in Internet Explorer. The company has determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks targeted against Google and other corporate networks."
Am I the only one that finds this an interesting plot twist? Microsoft provided the window through which the Chinese hackers crawled through. A few thoughts about this:
First, what is Google doing using Internet Explorer? Shouldn't it be running its own Google Chrome browser instead? Or at least Mozilla Firefox?
Maybe the excuse here is that it's impossible for a software company like Google to entirely avoid using Internet Explorer. After all, if it wants to produce browser-agnostic software, then it needs to test its systems in all varieties. So it probably can't avoid IE altogether, but I wonder if it's planning to use it even less now, particularly for its external Internet usage unreleated to product testing.
Second, this story is another blow for Internet Explorer. The Google-China spat is big news right now, and this thrusts Microsoft in the center of it. As I mentioned a few months ago, IE is already beginning to give up small chunks of its market share each month to other browsers like Firefox and Chrome. Could this push firms affected by the Chinese attack to also begin exploring other browser alternatives? Will the rest of the Internet-using public take notice?
If Google really wants to live its "don't be evil" mantra, then it might consider starting an antivirus unit of its own, and/or developing its Chrome browser to be virus proof. In my opinion, other than physical violence, there are few things more evil than computer viruses. They plague unsuspecting Internet users and lead to stolen identities, invasions of privacy, stolen property and incredible inconvenience.
I consider computer viruses technological weapons of mass destruction, and the hackers who create them terrorists. As these foreign-based attacks continue to become more common, the U.S. might want to consider putting more of its defense budget towards preventing them. I don't begin to doubt that millions of dollars are lost each year because of virus attacks. Eventually that tally will reach the billions, if it hasn't already.
пятница, 30 июля 2010 г.
Internet Explorer 9 (IE9) Beta Drops in September 2010 Microsoft confirms officially
It looks like Microsoft is done with Platform Preview releases of the next major iteration of Internet Explorer. There’s now approximately a month until the first Beta development milestone of Internet Explorer 9 will be made available for download to the public. Microsoft has confirmed this officially, during the keynote at the annual Microsoft Financial Analyst Meeting. According to Microsoft Chief Operating Officer Kevin Turner’s announcement on July 29, come September 2010, users will be able to download and start test driving IE9 Beta. A specific availability deadline for IE9 Beta was not delivered.
“The most beautiful thing about our browser story is the message is getting out with IE8, the safest most secure browser in the marketplace. We're really excited about IE9 which will be beta and coming out in September. Yes, we had a little headwinds, we had several things we had to do with IE8 this past year but guess what per external data in the marketplace, in May and June, we grew share in the browser space for the first time in a very long time,” Turner said. (emphasis added)
“So, the momentum on that has turned and it's a whole new day. And where we're going with IE9 and what we're going to do from an HTML 5 standard standpoint and where we're going from a speed standpoint, we're really going in a big way in this space this next year and have a great story to tell including around safety and security in the browser space,” he added.
At this point in time early adopters and developers can download IE9 Platform Preview 3. Over 2 million downloads of the developer previews of Internet Explorer 9 have already been confirmed by Microsoft a while back, and this number is bound to have increased since them.
Recently, leaked screenshots of IE9 Beta emerged in the wild. Although they looked completely fake to me, it seems that I might have been mistaken. A variety of sources are now confirming the validity of the screenshots and the IE9 leak. It seems that Microsoft has already shared the code of early pre-Beta Builds of Internet Explorer 9 with select testers and partners. The leaked IE9 screenshots do not contain a new UI for the browser but they do indicate that the successor of IE8 will feature a download manager.
IE9 is Microsoft’s most standard compliant browser yet, having embraced HTML5, CSS3, DOM and SVG. At the same time the browser features a new JavaScript engine codename Chakra, which delivers performance almost on par with rivals Google Chrome and Opera, and superior to Firefox. One of the best aspects of IE’s evolution is hardware acceleration, with the browser leveraging the machine’s GPU in concert with DirectX 11 in Windows 7 and Windows Vista to deliver unmatched web experiences.
“The most beautiful thing about our browser story is the message is getting out with IE8, the safest most secure browser in the marketplace. We're really excited about IE9 which will be beta and coming out in September. Yes, we had a little headwinds, we had several things we had to do with IE8 this past year but guess what per external data in the marketplace, in May and June, we grew share in the browser space for the first time in a very long time,” Turner said. (emphasis added)
“So, the momentum on that has turned and it's a whole new day. And where we're going with IE9 and what we're going to do from an HTML 5 standard standpoint and where we're going from a speed standpoint, we're really going in a big way in this space this next year and have a great story to tell including around safety and security in the browser space,” he added.
At this point in time early adopters and developers can download IE9 Platform Preview 3. Over 2 million downloads of the developer previews of Internet Explorer 9 have already been confirmed by Microsoft a while back, and this number is bound to have increased since them.
Recently, leaked screenshots of IE9 Beta emerged in the wild. Although they looked completely fake to me, it seems that I might have been mistaken. A variety of sources are now confirming the validity of the screenshots and the IE9 leak. It seems that Microsoft has already shared the code of early pre-Beta Builds of Internet Explorer 9 with select testers and partners. The leaked IE9 screenshots do not contain a new UI for the browser but they do indicate that the successor of IE8 will feature a download manager.
IE9 is Microsoft’s most standard compliant browser yet, having embraced HTML5, CSS3, DOM and SVG. At the same time the browser features a new JavaScript engine codename Chakra, which delivers performance almost on par with rivals Google Chrome and Opera, and superior to Firefox. One of the best aspects of IE’s evolution is hardware acceleration, with the browser leveraging the machine’s GPU in concert with DirectX 11 in Windows 7 and Windows Vista to deliver unmatched web experiences.
Serious security flaw found in IE
Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
"It's a shame Microsoft have not been able to fix this more quickly"
Darien Graham-Smith
PC Pro magazine
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
"It's a shame Microsoft have not been able to fix this more quickly"
Darien Graham-Smith
PC Pro magazine
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
понедельник, 26 июля 2010 г.
Microsoft Powers Up Campaign for Internet Explorer ८ June 9, 2010
Microsoft this week debuted a new campaign for Internet Explorer 8, highlighting how it easy it is to fall victim to online scams.
A TV spot kicked off the campaign on Monday night during Fox's Lie to Me and Good Guys. It shows real people in New York City being asked to provide personal information in order to open a new account and receive a $500 cash reward. Consumers are told to fill out outrageous information, including the kind of underwear they prefer, until it's revealed that the bank is fake. The full ad can be seen on the Internet Explorer 8 homepage. Crispin Porter + Bogusky, handles.
Ryan Gavin, senior director of Internet Explorer, said the campaign is meant to raise awareness about online security and show how Internet Explorer 8 can help protect consumers. "People talk about security, but they don't think about it until something bad happens. That's why the focus of the campaign is malware (malicious software) and how quickly that can become a risk to your online identity," Gavin said.
Microsoft used real people in a real situation in order to identify with consumers, Gavin said. "Going to New York, the most street-smart city, and having people hand over their private information demonstrates how quickly our expected behavior can impact us," he added. "Using real people gives the campaign authenticity, and hopefully, will drive people to protect themselves from malware with Internet Explorer 8."
The new effort builds on Microsoft's ongoing "Confidence" campaign, which carries the tagline: "Browse with confidence."
As part of the campaign for Internet Explorer 8, Microsoft will also launch a digital component that takes an approach similar to the TV spot. Gavin didn't provide the exact timeframe, but said that component will roll out soon.
A TV spot kicked off the campaign on Monday night during Fox's Lie to Me and Good Guys. It shows real people in New York City being asked to provide personal information in order to open a new account and receive a $500 cash reward. Consumers are told to fill out outrageous information, including the kind of underwear they prefer, until it's revealed that the bank is fake. The full ad can be seen on the Internet Explorer 8 homepage. Crispin Porter + Bogusky, handles.
Ryan Gavin, senior director of Internet Explorer, said the campaign is meant to raise awareness about online security and show how Internet Explorer 8 can help protect consumers. "People talk about security, but they don't think about it until something bad happens. That's why the focus of the campaign is malware (malicious software) and how quickly that can become a risk to your online identity," Gavin said.
Microsoft used real people in a real situation in order to identify with consumers, Gavin said. "Going to New York, the most street-smart city, and having people hand over their private information demonstrates how quickly our expected behavior can impact us," he added. "Using real people gives the campaign authenticity, and hopefully, will drive people to protect themselves from malware with Internet Explorer 8."
The new effort builds on Microsoft's ongoing "Confidence" campaign, which carries the tagline: "Browse with confidence."
As part of the campaign for Internet Explorer 8, Microsoft will also launch a digital component that takes an approach similar to the TV spot. Gavin didn't provide the exact timeframe, but said that component will roll out soon.
Microsoft's IE posts record usage share gains
Computerworld - Microsoft Corp.'s Internet Explorer Web browser turned things around last month, boosting its usage share by a record amount, a Web analytics firm said today.
By the end of June, IE accounted for 60.3% of all browsers used globally, according to data released by Net Applications. The increase of sixth-tenths of a percentage point was a record in Net Applications' data, exceeding the three-tenths of a percentage point jump in May 2009 by a wide margin.
Vince Vizzaccaro, a Net Applications executive vice president, attributed at least some of IE's gains to Microsoft's "Confidence" marketing campaign, which rolled out in early June and featured TV and Web ads extolling security enhancements in IE8.
"It's a fairly large campaign, something I don't remember Microsoft really doing before," Vizzaccaro said. "And I think it's a good campaign."
He also speculated that IE's increase was tied to the continued upswing in Windows PC sales, and to the fact that IE8 is included with Windows 7, the operating system packaged on virtually every new machine. "PC sales are at a record-setting pace," said Vizzaccaro, "and with Windows regaining some market share, it makes sense that IE does as well." Most people simply "go with the flow," he added, running the browser that comes on their machines.
Not surprisingly, Microsoft took the opportunity to trumpet the turnaround, particularly the increases in share for IE8, its newest browser. "Internet Explorer 8 continues to be the fastest growing browser with a 0.66 [percentage point] increase in share, more than three times the growth of Google Chrome," said Ryan Gavin, a senior director on Microsoft's IE team, in an entry on the browser's official blog.
According to Net Applications, IE 8's usage share totaled 48.7% during June when the browser's compatibility mode -- a feature that lets it properly render pages designed for older editions -- is taken into account.
Microsoft's achievement shouldn't come as a shock, since IE's intermittent gains have typically come in the summer. Last year, IE gained 0.55 of a percentage point in May and June, while in 2008 it posted a 0.15 of a percentage point increase in July. Net Applications' Vizzaccaro had no quick explanation for IE's summer jumps.
Rival browsers, meanwhile, either lost ground to IE or gained at rates slower than historical averages.
Mozilla Corp.'s Firefox slipped to 23.8%, a decrease of half a percentage point, its largest single-month loss since May 2009. Meanwhile the namesake browser of Norway's Opera Software ASA dropped to 2.3%, a decline of two-tenths of a percentage point.
Google Inc.'s Chrome, which has surged of late, ended June with a usage share of 7.2%, for an increase of two-tenths of a percentage point, half the average monthly gain it had posted during the previous 12 months. Apple Inc.'s Safari, whose share is tightly tied to that of the Macintosh platform, climbed almost one-tenth of percentage point to 4.9%.
By far the biggest loser was Firefox, which now has the same usage share it had in September 2009. Firefox has lost share in five of the last seven months.
Once considered a lock to hit and then move beyond the 25% bar, Firefox has yet to reach that milestone. In April, Vizzaccaro said that Firefox was "just holding steady" and explained that gains that had once come its way were instead being gobbled by Google's Chrome.
By the end of June, IE accounted for 60.3% of all browsers used globally, according to data released by Net Applications. The increase of sixth-tenths of a percentage point was a record in Net Applications' data, exceeding the three-tenths of a percentage point jump in May 2009 by a wide margin.
Vince Vizzaccaro, a Net Applications executive vice president, attributed at least some of IE's gains to Microsoft's "Confidence" marketing campaign, which rolled out in early June and featured TV and Web ads extolling security enhancements in IE8.
"It's a fairly large campaign, something I don't remember Microsoft really doing before," Vizzaccaro said. "And I think it's a good campaign."
He also speculated that IE's increase was tied to the continued upswing in Windows PC sales, and to the fact that IE8 is included with Windows 7, the operating system packaged on virtually every new machine. "PC sales are at a record-setting pace," said Vizzaccaro, "and with Windows regaining some market share, it makes sense that IE does as well." Most people simply "go with the flow," he added, running the browser that comes on their machines.
Not surprisingly, Microsoft took the opportunity to trumpet the turnaround, particularly the increases in share for IE8, its newest browser. "Internet Explorer 8 continues to be the fastest growing browser with a 0.66 [percentage point] increase in share, more than three times the growth of Google Chrome," said Ryan Gavin, a senior director on Microsoft's IE team, in an entry on the browser's official blog.
According to Net Applications, IE 8's usage share totaled 48.7% during June when the browser's compatibility mode -- a feature that lets it properly render pages designed for older editions -- is taken into account.
Microsoft's achievement shouldn't come as a shock, since IE's intermittent gains have typically come in the summer. Last year, IE gained 0.55 of a percentage point in May and June, while in 2008 it posted a 0.15 of a percentage point increase in July. Net Applications' Vizzaccaro had no quick explanation for IE's summer jumps.
Rival browsers, meanwhile, either lost ground to IE or gained at rates slower than historical averages.
Mozilla Corp.'s Firefox slipped to 23.8%, a decrease of half a percentage point, its largest single-month loss since May 2009. Meanwhile the namesake browser of Norway's Opera Software ASA dropped to 2.3%, a decline of two-tenths of a percentage point.
Google Inc.'s Chrome, which has surged of late, ended June with a usage share of 7.2%, for an increase of two-tenths of a percentage point, half the average monthly gain it had posted during the previous 12 months. Apple Inc.'s Safari, whose share is tightly tied to that of the Macintosh platform, climbed almost one-tenth of percentage point to 4.9%.
By far the biggest loser was Firefox, which now has the same usage share it had in September 2009. Firefox has lost share in five of the last seven months.
Once considered a lock to hit and then move beyond the 25% bar, Firefox has yet to reach that milestone. In April, Vizzaccaro said that Firefox was "just holding steady" and explained that gains that had once come its way were instead being gobbled by Google's Chrome.
Three more Microsoft zero-day bugs pop up
Computerworld - Microsoft faces a rash of zero-day vulnerabilities in some of its most important software, according to recent disclosures of unpatched bugs, including flaws in Windows XP, Internet Explorer and its flagship Web server.
Along with the unveiling of a vulnerability by a group of disgruntled security researchers who have dubbed themselves the Microsoft-Spurned Researcher Collective (MSRC), Microsoft has been served notice of at least three other flaws in the last few weeks.
Last Thursday, researcher Soroush Dalili published information about a vulnerability in Internet Information Services (IIS), Microsoft's Web server software. According to Dalili, who works as an information security analyst in the gambling and casino industry, authentication in older editions of IIS can be bypassed, giving attackers a leg up in any assault on a companies Web server.
The bug can be exploited in IIS 5.1, but not the newer IIS 6, IIS 7 or IIS 7.5, said Dalili.
Microsoft said it was investigating the vulnerability, but as it did Tuesday when it commented on the Microsoft-Spurned Researcher Collective-issued bug report, the company downplayed the threat. "IIS is not installed by default and users must change the default configuration in order to be vulnerable," said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail today.
Vulnerability tracker Secunia rated the threat as "moderately critical," the middle ranking in its five-step system.
Earlier last week, Ruben Santamarta, a researcher at the Spanish security firm Wintercore, disclosed information and published attack code for a critical vulnerability in Internet Explorer 8 (IE8) running on Windows XP, Vista or Windows 7. Santamarta claimed that the bug could be used to sidestep DEP (data execution prevention) and ASLR (address space layout randomization), two security defenses baked into Windows.
DEP and ASLR bypass techniques are nothing new: In late March, Dutch researcher Peter Vreugdenhil exploited a vulnerability in IE8 running on Windows 7 with attack code that evaded DEP and ASLR to win $10,000 at the fourth-annual Pwn2Own contest.
Microsoft also minimized the threat from Santamarta's claim that DEP and ASLR could be bypassed, not surprising since it has done the same in previous comments on sidestepping those defenses.
"This isn't a straight ASLR bypass as it only works under certain conditions," said Bryant. "An attacker would have to use this in conjunction with an unpatched vulnerability in order to exploit a system." In the same e-mail, Bryant declined to label the bug as a security vulnerability. "This is not a vulnerability but a mitigation bypass technique," he said.
Last month, someone identified only as "fl0 fl0w" posted exploit code for a flaw in an important code library used to develop third-party software using Microsoft's flagship Visual Studio software.
Along with the unveiling of a vulnerability by a group of disgruntled security researchers who have dubbed themselves the Microsoft-Spurned Researcher Collective (MSRC), Microsoft has been served notice of at least three other flaws in the last few weeks.
Last Thursday, researcher Soroush Dalili published information about a vulnerability in Internet Information Services (IIS), Microsoft's Web server software. According to Dalili, who works as an information security analyst in the gambling and casino industry, authentication in older editions of IIS can be bypassed, giving attackers a leg up in any assault on a companies Web server.
The bug can be exploited in IIS 5.1, but not the newer IIS 6, IIS 7 or IIS 7.5, said Dalili.
Microsoft said it was investigating the vulnerability, but as it did Tuesday when it commented on the Microsoft-Spurned Researcher Collective-issued bug report, the company downplayed the threat. "IIS is not installed by default and users must change the default configuration in order to be vulnerable," said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail today.
Vulnerability tracker Secunia rated the threat as "moderately critical," the middle ranking in its five-step system.
Earlier last week, Ruben Santamarta, a researcher at the Spanish security firm Wintercore, disclosed information and published attack code for a critical vulnerability in Internet Explorer 8 (IE8) running on Windows XP, Vista or Windows 7. Santamarta claimed that the bug could be used to sidestep DEP (data execution prevention) and ASLR (address space layout randomization), two security defenses baked into Windows.
DEP and ASLR bypass techniques are nothing new: In late March, Dutch researcher Peter Vreugdenhil exploited a vulnerability in IE8 running on Windows 7 with attack code that evaded DEP and ASLR to win $10,000 at the fourth-annual Pwn2Own contest.
Microsoft also minimized the threat from Santamarta's claim that DEP and ASLR could be bypassed, not surprising since it has done the same in previous comments on sidestepping those defenses.
"This isn't a straight ASLR bypass as it only works under certain conditions," said Bryant. "An attacker would have to use this in conjunction with an unpatched vulnerability in order to exploit a system." In the same e-mail, Bryant declined to label the bug as a security vulnerability. "This is not a vulnerability but a mitigation bypass technique," he said.
Last month, someone identified only as "fl0 fl0w" posted exploit code for a flaw in an important code library used to develop third-party software using Microsoft's flagship Visual Studio software.
Подписаться на:
Сообщения (Atom)