Tag Archives | Internet Explorer

Attention: Everybody. Your Browser is Insecure. Deal With It.

War GamesYesterday’s most significant browser-related event wasn’t the release of Internet Explorer 8–it was the upshot of day one of the Pwn2Own browser-hacking contest at the CanSecWest security conference in Vancouver, British Columbia. The competition offered cash and hardware incentives to attendees who could exploit zero-day vulnerabilities in Chrome, Firefox, IE 8, and Safari.

The results? Chrome was the only browser that escaped unscathed, apparently because of the way it sandboxes Web code to prevent it from doing damage. (Chrome has, however, been shown to be insecure in the past.) Yup, IE 8–which Microsoft says its “safer than ever”–didn’t even get through its first day on the market without being hacked.

Which wasn’t a surprise in the least–really, it would have been more startling if a bunch of enterprising hackers with money, prizes, and publicity dangled in front of them weren’t able to break into the majority of browsers they tried to attack. Every browser company has smart folks working on making software safe, but it’s painfully obvious that the people who want to show that software is insecure are just as smart.

I don’t look at the people who enter Pwn2Own as white knights–they are, after all, tampering with products to get a chance at monetary reward, and bad guys can and do learn from their attacks. But ultimately, the contest and similar stunts do the world a favor: It’s important that browser companies know about the holes in their products, and if it takes a contest to find some of them, that’s okay. (Pwn2Own’s organizers turn over information on the vulnerabilities that are discovered to the companies in question so they can fix them.)

And the results of day one of Pwn2Own are also a useful reminder to all of us who use browsers: There are less secure browsers and more secure browsers, but there’s no such thing as a fully secure browser. (Even houses with deadbolts on all the doors and pricey alarm systems get broken into.) Remember that when you hear browser companies brag about their safety measures.

Day two of Pwn2Own, incidentally, included a competition to bust into mobile-phone browsers: Android, BlackBerry, iPhone, Symbian, and Windows Mobile. They all survived, apparently–mostly because almost nobody even showed up to try and attack them. Betcha phone browsers come under a lot more scrutiny from Pwn2Own contestants in years to come…


IE 8 Web Slices: Great Idea! Mediocre Execution!

Internet Explorer 8 LogoNow that Microsoft’s Internet Explorer 8 has officially launched, I wanted to take a look at the final incarnation of what may be the browser’s most strikingly new feature: Web Slices, which let you add buttons to your Favorites bar that provide little snippets of Web content when you click them. Here, for instance, is one that lets you peek at your Hotmail inbox:

Internet Explorer 8 Web Slice

Back when I reviewed the RC1 version of IE 8, I said that Web Slices were an intriguing idea, but that they didn’t live up to their potential–in part because there weren’t enough of them, and those that did exist were poorly explained. The good news is that Slices have launched with a bunch of examples that weren’t there when IE 8 RC1 appeared. The bad news is that they still don’t come anywhere near living up to their considerable potential.

Continue Reading →


Internet Explorer 8 Arriving on Thursday

Internet Explorer LogoWalt Mossberg of the Wall Street Journal has published a lengthy review of Internet Explorer 8 that says the final version of Microsoft’s new browser will be available for downloading on Thursday at noon ET. Walt likes it quite a bit, except for the fact that he found it slow in some instances. (He did some speed tests which didn’t agree with the ones that Microsoft itself recently published.)

Back in January, I reviewed the RC1 version of IE 8 that’s still the current version of the new browser as of the time I write this, and found it to be..well, a significant improvement over IE 7 and a good browser overall, but one that still feels a tad cluttered, interface-wise. Unlike most of its rivals, it feels like a browser that’s been around for a decade and a half and built up some cruft. And its marquee features, Web Slices and Accelerators, still need to be widely embraced by developers to live up to their potential. Still, any user of any earlier version of IE who doesn’t want to jump ship to Firefox, Chrome, Safari, Opera, or (whew!) Flock should move to IE 8 for its improved security, compatibility, and–at least compared to earlier versions of IE–speed.

Me, I’m basking in the riches of the most competitive browser race ever–it’s not uncommon for me to use Firefox, IE, Safari, and Chrome in the course of one day. (I’m taking a break from Flock, which was my default browser for quite awhile, but I could be back.) I don’t think any browser is a runaway winner at the moment, and every browser has something to recommend it. Like I said in my IE 8 RC1 review, that’s good news for consumers and a challenge for browser developers.

More thoughts on IE 8 once I get my hands on the final version.


Microsoft Does Its Own Browser Benchmarking

Internet Explorer 8In recent months, the hottest topic in the world of Web browsing has been speed. Apple says its beta version of Safari 4 is the world’s fastest browser. The first thing Google tells you about Chrome is that it’s “faster.” Better performance is a key feature in Mozilla’s upcoming Firefox 3.5. Opera says that its alpha of Opera 10 is “30% faster.”

And Microsoft? Well, mostly it’s had to contend with coverage like this story that reports that Safari is forty-two times faster than Internet Explorer 7 and six times faster than IE 8.

Today, the company is fighting back. It’s done its own speed benchmarks and has created a video about them and published a white paper about browser benchmarking. Here’s a stunner: It’s not concluding that IE is a horribly slow browser. In fact, it says that Internet Explorer 8 is not only competitive, but loads many of the world’s most popular Web sites faster than Firefox 3.0 or Chrome 1.0. I met with IE general manager Dean Hachamovitch last week, and he made the same claim.

Continue Reading →


5Words for March 4th, 2009

5wordsSan Francisco’s too rainy today:

Apple layoffs? Supposedly not true.

Will Washington prohibit iPhone exclusivity?

Windows 7 for Netbooks: dicey?

Disney might take on iTunes.

Nvidia reaps Mac desktop windfall.

IE: Nukable from Windows 7.

Hackers mock Apple’s Safari browser.

Office 14 beta? Fairly soon.

Obscure, good Microsoft Web services.

Sprint’s Treo Pro: March 15th.

Julius Genachowski tapped for FCC.

California legislator: blur Google Earth!

No comments

One Windows. Multiple Browsers. Bundled. I Like It!

win7firefox1Once again, those wacky Europeans are making life difficult for Microsoft. A site called EurActive is reporting that Microsoft’s ongoing antitrust tussle with the European Commission will result in the company being forced to help European Windows users opt for a browser that isn’t Internet Explorer. The details are yet to be worked out–the OS might include some sort of mechanism for choosing among multiple browsers, or Microsoft might be forced to work with PC manufacturers to install alternative browsers on new systems. Microsoft is apparently concerned enough that it has a secret plan to delay Windows 7’s release if necessary, reports our own Dave Worthington.

When you’re forced to do something you don’t particularly want to do, there are two ways to go about it: grudgingly or whole-heartedly. Previous legally-mandated editions of Windows such as the Korea-only Windows XP K and KN are the result of the first approach, and I’m not sure if they made anyone other than the government officials who required them happy.

But what if Microsoft poured its collective energy, intellect, and resources into making the best possible multiple-browser Windows–and then made it the standard version of the OS worldwide?

Continue Reading →


Microsoft Research Envisions Leap in Browser Security with "Gazelle"

GazelleMicrosoft Research has re-imagined the Web browser to include its own operating system. In a technical report published on February 19, researchers argued that a radical change in browser architecture is necessary, because Web sites have evolved from static documents into dynamic Web applications that draw content from multiple sources.

Their proposed solution is a browser, code-named Gazelle, that is designed with a multi-principal operating system at its core. The researchers explained that Gazelle would be more secure than traditional Web browsers, because its OS would manage the protection of system resources and better isolate Windows from the Web.

“Our prototype implementation and evaluation experience indicates that it is realistic to turn an existing browser into a multi-principal OS that yields significantly stronger security and robustness with acceptable performance and backward compatibility,” the researchers wrote.

Gazelle blazes a path that no modern browser has followed, including Internet Explore 8 and Google Chrome, they added. However, it might not be entirely necessary to go back to the drawing board: Microsoft has managed to make the current incarnation of Internet Explorer safer over the years by taking measures sucvh as restricting what system resources the browser may access and limiting application privileges through User Account Control in Windows Vista. It is also attempting to create a new standard to isolate Web content for greater security.

Ultimately, the Gazelle project does not necessarily mean that Microsoft is coming up with a replacement for Internet Explorer; Microsoft research projects do not always become products. Nonetheless, some industry watchers, including Mary Jo Foley, believe that the company may give Gazelle greater exposure at its TechFest ‘09 research fair this week.

(Gazelle photo by Erik A. Drablos from Wikipedia.)

One comment

Browsers: More Important Than Ever. Also More Boring.

Netscape Logo[Note: This item first appeared in Technologizer’s T-Week newsletter, which you can subscribe to here.]

This piece was inspired by spending the past few days using the RC1 version of Microsoft’s Internet Explorer 8. But it’s really a sequel-of-sorts to a blog post I wrote for PC World back in March of last year, when the first beta of IE 8 appeared. That one was called Internet Explorer 8 and the Boring Era of Web Browsers, and the gist was that even though browsers mattered more than ever in this era where we spend so much of our lives on the Web, Microsoft and other browser companies seemed to be focusing on under-the-hood improvements (like better support for Web standards) and were short on strikingly new features that let folks use their browsers in new ways. (IE 8’s Accelerators and Web Slices, for instance, are its most significant new tools–and they’re just not that big a whoop.)

Continue Reading →


Is Internet Explorer a Goner? Will It Ever Be?

RIP IE“Soon, Majority of Web Users Will No Longer Use IE.” That’s the headline on a story by Marshall Kirkpatrick over at ReadWriteWeb, reporting on browser market-share numbers from Net applications that have IE being used by 67.5 percent of Internet users, down 7 percent in a year–and down from 90+ percent a few years ago.

Marshall’s title is provocative–is the day really nearing when IE users will be in the minority? (Actually, he defines “soon” loosely, since he says it might take a few years.) I don’t think there’s any real way to project where IE will be in the future based on its decline in recent years. Absent some truly startling development–I once suggested that Microsoft get out of the browser business and simply use Firefox as the basis for Windows’ browser, but it wasn’t listening, apparently–there must be some floor below which IE usage won’t fall. A meaningful chunk of Windows users consists of folks who give little or no thought to Web browsers, and will therefore use whatever Microsoft provides; the big question is just how large that chunk is.

Continue Reading →


Internet Explorer RC1: The Technologizer Review

Internet Explorer 8

By any standard, Internet Explorer remains the planet’s dominant Web browser. Even after serious shrinkage over the past few years, estimates of its market share range from around 70 percent to 80 percent, a figure that just about any player in any business would happily take. Yet IE is a beleaguered giant. It’s got companies small (Mozilla, Opera) and huge (Google, Apple) nipping at its heels with alternative browsers. It’s still trying to shake its reputation for poor security. The more sophisticated a consumer of the Web you are, the less likely it is that your browser hails from Redmond. And it’s so widely used that even minor changes have major implications.

I’ve been thinking about all of these factors as I’ve spent time with Internet Explorer 8 Release Candidate 1, which Microsoft released on Monday. Every one of them has an impact on this near-final product, which adds a few features with no counterparts in other browsers; works hard to make its emphasis on safety as tangible as possible; and, when all is said and done, seems a bit hobbled by the sheer size of the user base it’s trying to serve.

Judging from this blog post by IE General Manager Dean Hachamovitch, a conversation I had with him myself last week, and–most important–the browser itself,  I think Microsoft is aiming IE 8 at the teeming masses of folks out there who aren’t browser junkies. Maybe even folks who don’t make any conscious decision about browsers at all, other than whether to upgrade to the newest version of IE or not. Which makes perfect sense. But it means that if you’re content with Firefox, Opera, Safari, Chrome, or my underdog favorite Flock, there’s nothing in IE 8 that’s so strikingly better that it’s likely to lure you back.

Continue Reading →