It looks like Microsoft is done with Platform Preview releases of the next major iteration of Internet Explorer. There’s now approximately a month until the first Beta development milestone of Internet Explorer 9 will be made available for download to the public. Microsoft has confirmed this officially, during the keynote at the annual Microsoft Financial Analyst Meeting. According to Microsoft Chief Operating Officer Kevin Turner’s announcement on July 29, come September 2010, users will be able to download and start test driving IE9 Beta. A specific availability deadline for IE9 Beta was not delivered.
“The most beautiful thing about our browser story is the message is getting out with IE8, the safest most secure browser in the marketplace. We're really excited about IE9 which will be beta and coming out in September. Yes, we had a little headwinds, we had several things we had to do with IE8 this past year but guess what per external data in the marketplace, in May and June, we grew share in the browser space for the first time in a very long time,” Turner said. (emphasis added)
“So, the momentum on that has turned and it's a whole new day. And where we're going with IE9 and what we're going to do from an HTML 5 standard standpoint and where we're going from a speed standpoint, we're really going in a big way in this space this next year and have a great story to tell including around safety and security in the browser space,” he added.
At this point in time early adopters and developers can download IE9 Platform Preview 3. Over 2 million downloads of the developer previews of Internet Explorer 9 have already been confirmed by Microsoft a while back, and this number is bound to have increased since them.
Recently, leaked screenshots of IE9 Beta emerged in the wild. Although they looked completely fake to me, it seems that I might have been mistaken. A variety of sources are now confirming the validity of the screenshots and the IE9 leak. It seems that Microsoft has already shared the code of early pre-Beta Builds of Internet Explorer 9 with select testers and partners. The leaked IE9 screenshots do not contain a new UI for the browser but they do indicate that the successor of IE8 will feature a download manager.
IE9 is Microsoft’s most standard compliant browser yet, having embraced HTML5, CSS3, DOM and SVG. At the same time the browser features a new JavaScript engine codename Chakra, which delivers performance almost on par with rivals Google Chrome and Opera, and superior to Firefox. One of the best aspects of IE’s evolution is hardware acceleration, with the browser leveraging the machine’s GPU in concert with DirectX 11 in Windows 7 and Windows Vista to deliver unmatched web experiences.
пятница, 30 июля 2010 г.
Serious security flaw found in IE
Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
"It's a shame Microsoft have not been able to fix this more quickly"
Darien Graham-Smith
PC Pro magazine
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say.
Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.
Internet Explorer is used by the vast majority of the world's computer users.
"It's a shame Microsoft have not been able to fix this more quickly"
Darien Graham-Smith
PC Pro magazine
"Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw.
Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser.
Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified.
Browser bait
"In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing."
As many as 10,000 websites have been compromised since the vulnerability was discovered, he said.
"What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs."
MICROSOFT SECURITY ADVICE
Change IE security settings to high (Look under Tools/Internet Options)
Switch to a Windows user account with limited rights to change a PC's settings
With IE7 or 8 on Vista turn on Protected Mode
Ensure your PC is updated
Keep anti-virus and anti-spyware software up to date
Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat."
But Microsoft counselled against taking such action.
"I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group.
He added: "We're trying to get this resolved as soon as possible.
"At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time."
Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning.
"It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Micro's advice [of switching to an alternative web browser] is very sensible," he said.
This could be the moment when the minnows in the browser wars finally score a significant victory
Rory Cellan-Jones
BBC technology editor
Read the dot.life blog in full
PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities.
"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough."
"It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it."
"Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added.
понедельник, 26 июля 2010 г.
Microsoft Powers Up Campaign for Internet Explorer ८ June 9, 2010
Microsoft this week debuted a new campaign for Internet Explorer 8, highlighting how it easy it is to fall victim to online scams.
A TV spot kicked off the campaign on Monday night during Fox's Lie to Me and Good Guys. It shows real people in New York City being asked to provide personal information in order to open a new account and receive a $500 cash reward. Consumers are told to fill out outrageous information, including the kind of underwear they prefer, until it's revealed that the bank is fake. The full ad can be seen on the Internet Explorer 8 homepage. Crispin Porter + Bogusky, handles.
Ryan Gavin, senior director of Internet Explorer, said the campaign is meant to raise awareness about online security and show how Internet Explorer 8 can help protect consumers. "People talk about security, but they don't think about it until something bad happens. That's why the focus of the campaign is malware (malicious software) and how quickly that can become a risk to your online identity," Gavin said.
Microsoft used real people in a real situation in order to identify with consumers, Gavin said. "Going to New York, the most street-smart city, and having people hand over their private information demonstrates how quickly our expected behavior can impact us," he added. "Using real people gives the campaign authenticity, and hopefully, will drive people to protect themselves from malware with Internet Explorer 8."
The new effort builds on Microsoft's ongoing "Confidence" campaign, which carries the tagline: "Browse with confidence."
As part of the campaign for Internet Explorer 8, Microsoft will also launch a digital component that takes an approach similar to the TV spot. Gavin didn't provide the exact timeframe, but said that component will roll out soon.
A TV spot kicked off the campaign on Monday night during Fox's Lie to Me and Good Guys. It shows real people in New York City being asked to provide personal information in order to open a new account and receive a $500 cash reward. Consumers are told to fill out outrageous information, including the kind of underwear they prefer, until it's revealed that the bank is fake. The full ad can be seen on the Internet Explorer 8 homepage. Crispin Porter + Bogusky, handles.
Ryan Gavin, senior director of Internet Explorer, said the campaign is meant to raise awareness about online security and show how Internet Explorer 8 can help protect consumers. "People talk about security, but they don't think about it until something bad happens. That's why the focus of the campaign is malware (malicious software) and how quickly that can become a risk to your online identity," Gavin said.
Microsoft used real people in a real situation in order to identify with consumers, Gavin said. "Going to New York, the most street-smart city, and having people hand over their private information demonstrates how quickly our expected behavior can impact us," he added. "Using real people gives the campaign authenticity, and hopefully, will drive people to protect themselves from malware with Internet Explorer 8."
The new effort builds on Microsoft's ongoing "Confidence" campaign, which carries the tagline: "Browse with confidence."
As part of the campaign for Internet Explorer 8, Microsoft will also launch a digital component that takes an approach similar to the TV spot. Gavin didn't provide the exact timeframe, but said that component will roll out soon.
Microsoft's IE posts record usage share gains
Computerworld - Microsoft Corp.'s Internet Explorer Web browser turned things around last month, boosting its usage share by a record amount, a Web analytics firm said today.
By the end of June, IE accounted for 60.3% of all browsers used globally, according to data released by Net Applications. The increase of sixth-tenths of a percentage point was a record in Net Applications' data, exceeding the three-tenths of a percentage point jump in May 2009 by a wide margin.
Vince Vizzaccaro, a Net Applications executive vice president, attributed at least some of IE's gains to Microsoft's "Confidence" marketing campaign, which rolled out in early June and featured TV and Web ads extolling security enhancements in IE8.
"It's a fairly large campaign, something I don't remember Microsoft really doing before," Vizzaccaro said. "And I think it's a good campaign."
He also speculated that IE's increase was tied to the continued upswing in Windows PC sales, and to the fact that IE8 is included with Windows 7, the operating system packaged on virtually every new machine. "PC sales are at a record-setting pace," said Vizzaccaro, "and with Windows regaining some market share, it makes sense that IE does as well." Most people simply "go with the flow," he added, running the browser that comes on their machines.
Not surprisingly, Microsoft took the opportunity to trumpet the turnaround, particularly the increases in share for IE8, its newest browser. "Internet Explorer 8 continues to be the fastest growing browser with a 0.66 [percentage point] increase in share, more than three times the growth of Google Chrome," said Ryan Gavin, a senior director on Microsoft's IE team, in an entry on the browser's official blog.
According to Net Applications, IE 8's usage share totaled 48.7% during June when the browser's compatibility mode -- a feature that lets it properly render pages designed for older editions -- is taken into account.
Microsoft's achievement shouldn't come as a shock, since IE's intermittent gains have typically come in the summer. Last year, IE gained 0.55 of a percentage point in May and June, while in 2008 it posted a 0.15 of a percentage point increase in July. Net Applications' Vizzaccaro had no quick explanation for IE's summer jumps.
Rival browsers, meanwhile, either lost ground to IE or gained at rates slower than historical averages.
Mozilla Corp.'s Firefox slipped to 23.8%, a decrease of half a percentage point, its largest single-month loss since May 2009. Meanwhile the namesake browser of Norway's Opera Software ASA dropped to 2.3%, a decline of two-tenths of a percentage point.
Google Inc.'s Chrome, which has surged of late, ended June with a usage share of 7.2%, for an increase of two-tenths of a percentage point, half the average monthly gain it had posted during the previous 12 months. Apple Inc.'s Safari, whose share is tightly tied to that of the Macintosh platform, climbed almost one-tenth of percentage point to 4.9%.
By far the biggest loser was Firefox, which now has the same usage share it had in September 2009. Firefox has lost share in five of the last seven months.
Once considered a lock to hit and then move beyond the 25% bar, Firefox has yet to reach that milestone. In April, Vizzaccaro said that Firefox was "just holding steady" and explained that gains that had once come its way were instead being gobbled by Google's Chrome.
By the end of June, IE accounted for 60.3% of all browsers used globally, according to data released by Net Applications. The increase of sixth-tenths of a percentage point was a record in Net Applications' data, exceeding the three-tenths of a percentage point jump in May 2009 by a wide margin.
Vince Vizzaccaro, a Net Applications executive vice president, attributed at least some of IE's gains to Microsoft's "Confidence" marketing campaign, which rolled out in early June and featured TV and Web ads extolling security enhancements in IE8.
"It's a fairly large campaign, something I don't remember Microsoft really doing before," Vizzaccaro said. "And I think it's a good campaign."
He also speculated that IE's increase was tied to the continued upswing in Windows PC sales, and to the fact that IE8 is included with Windows 7, the operating system packaged on virtually every new machine. "PC sales are at a record-setting pace," said Vizzaccaro, "and with Windows regaining some market share, it makes sense that IE does as well." Most people simply "go with the flow," he added, running the browser that comes on their machines.
Not surprisingly, Microsoft took the opportunity to trumpet the turnaround, particularly the increases in share for IE8, its newest browser. "Internet Explorer 8 continues to be the fastest growing browser with a 0.66 [percentage point] increase in share, more than three times the growth of Google Chrome," said Ryan Gavin, a senior director on Microsoft's IE team, in an entry on the browser's official blog.
According to Net Applications, IE 8's usage share totaled 48.7% during June when the browser's compatibility mode -- a feature that lets it properly render pages designed for older editions -- is taken into account.
Microsoft's achievement shouldn't come as a shock, since IE's intermittent gains have typically come in the summer. Last year, IE gained 0.55 of a percentage point in May and June, while in 2008 it posted a 0.15 of a percentage point increase in July. Net Applications' Vizzaccaro had no quick explanation for IE's summer jumps.
Rival browsers, meanwhile, either lost ground to IE or gained at rates slower than historical averages.
Mozilla Corp.'s Firefox slipped to 23.8%, a decrease of half a percentage point, its largest single-month loss since May 2009. Meanwhile the namesake browser of Norway's Opera Software ASA dropped to 2.3%, a decline of two-tenths of a percentage point.
Google Inc.'s Chrome, which has surged of late, ended June with a usage share of 7.2%, for an increase of two-tenths of a percentage point, half the average monthly gain it had posted during the previous 12 months. Apple Inc.'s Safari, whose share is tightly tied to that of the Macintosh platform, climbed almost one-tenth of percentage point to 4.9%.
By far the biggest loser was Firefox, which now has the same usage share it had in September 2009. Firefox has lost share in five of the last seven months.
Once considered a lock to hit and then move beyond the 25% bar, Firefox has yet to reach that milestone. In April, Vizzaccaro said that Firefox was "just holding steady" and explained that gains that had once come its way were instead being gobbled by Google's Chrome.
Three more Microsoft zero-day bugs pop up
Computerworld - Microsoft faces a rash of zero-day vulnerabilities in some of its most important software, according to recent disclosures of unpatched bugs, including flaws in Windows XP, Internet Explorer and its flagship Web server.
Along with the unveiling of a vulnerability by a group of disgruntled security researchers who have dubbed themselves the Microsoft-Spurned Researcher Collective (MSRC), Microsoft has been served notice of at least three other flaws in the last few weeks.
Last Thursday, researcher Soroush Dalili published information about a vulnerability in Internet Information Services (IIS), Microsoft's Web server software. According to Dalili, who works as an information security analyst in the gambling and casino industry, authentication in older editions of IIS can be bypassed, giving attackers a leg up in any assault on a companies Web server.
The bug can be exploited in IIS 5.1, but not the newer IIS 6, IIS 7 or IIS 7.5, said Dalili.
Microsoft said it was investigating the vulnerability, but as it did Tuesday when it commented on the Microsoft-Spurned Researcher Collective-issued bug report, the company downplayed the threat. "IIS is not installed by default and users must change the default configuration in order to be vulnerable," said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail today.
Vulnerability tracker Secunia rated the threat as "moderately critical," the middle ranking in its five-step system.
Earlier last week, Ruben Santamarta, a researcher at the Spanish security firm Wintercore, disclosed information and published attack code for a critical vulnerability in Internet Explorer 8 (IE8) running on Windows XP, Vista or Windows 7. Santamarta claimed that the bug could be used to sidestep DEP (data execution prevention) and ASLR (address space layout randomization), two security defenses baked into Windows.
DEP and ASLR bypass techniques are nothing new: In late March, Dutch researcher Peter Vreugdenhil exploited a vulnerability in IE8 running on Windows 7 with attack code that evaded DEP and ASLR to win $10,000 at the fourth-annual Pwn2Own contest.
Microsoft also minimized the threat from Santamarta's claim that DEP and ASLR could be bypassed, not surprising since it has done the same in previous comments on sidestepping those defenses.
"This isn't a straight ASLR bypass as it only works under certain conditions," said Bryant. "An attacker would have to use this in conjunction with an unpatched vulnerability in order to exploit a system." In the same e-mail, Bryant declined to label the bug as a security vulnerability. "This is not a vulnerability but a mitigation bypass technique," he said.
Last month, someone identified only as "fl0 fl0w" posted exploit code for a flaw in an important code library used to develop third-party software using Microsoft's flagship Visual Studio software.
Along with the unveiling of a vulnerability by a group of disgruntled security researchers who have dubbed themselves the Microsoft-Spurned Researcher Collective (MSRC), Microsoft has been served notice of at least three other flaws in the last few weeks.
Last Thursday, researcher Soroush Dalili published information about a vulnerability in Internet Information Services (IIS), Microsoft's Web server software. According to Dalili, who works as an information security analyst in the gambling and casino industry, authentication in older editions of IIS can be bypassed, giving attackers a leg up in any assault on a companies Web server.
The bug can be exploited in IIS 5.1, but not the newer IIS 6, IIS 7 or IIS 7.5, said Dalili.
Microsoft said it was investigating the vulnerability, but as it did Tuesday when it commented on the Microsoft-Spurned Researcher Collective-issued bug report, the company downplayed the threat. "IIS is not installed by default and users must change the default configuration in order to be vulnerable," said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail today.
Vulnerability tracker Secunia rated the threat as "moderately critical," the middle ranking in its five-step system.
Earlier last week, Ruben Santamarta, a researcher at the Spanish security firm Wintercore, disclosed information and published attack code for a critical vulnerability in Internet Explorer 8 (IE8) running on Windows XP, Vista or Windows 7. Santamarta claimed that the bug could be used to sidestep DEP (data execution prevention) and ASLR (address space layout randomization), two security defenses baked into Windows.
DEP and ASLR bypass techniques are nothing new: In late March, Dutch researcher Peter Vreugdenhil exploited a vulnerability in IE8 running on Windows 7 with attack code that evaded DEP and ASLR to win $10,000 at the fourth-annual Pwn2Own contest.
Microsoft also minimized the threat from Santamarta's claim that DEP and ASLR could be bypassed, not surprising since it has done the same in previous comments on sidestepping those defenses.
"This isn't a straight ASLR bypass as it only works under certain conditions," said Bryant. "An attacker would have to use this in conjunction with an unpatched vulnerability in order to exploit a system." In the same e-mail, Bryant declined to label the bug as a security vulnerability. "This is not a vulnerability but a mitigation bypass technique," he said.
Last month, someone identified only as "fl0 fl0w" posted exploit code for a flaw in an important code library used to develop third-party software using Microsoft's flagship Visual Studio software.
Подписаться на:
Комментарии (Atom)