Microsoft gets hacker feedback on IE7 Beta 2
Posted by Tom Warren on 30 September 2005 - 11:36 · 18 comments & 1482 views
About the Author
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Full name: Tom Warren
Forum name: creamhackered
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(2 replies)
#1 Posted by Neobond on 30 Sep 2005 - 11:46
- Good news, it seems strange however that they won't release an internal update for XP (Vista 5219 had a newer IE)
There are a few bugs in the XP version of IE that are probably solved in the newer Vista build. -
#1.2 Posted by paulhaskew on 30 Sep 2005 - 12:50
- Neobond, we asked the same question to the Project Head for the IE team... He showed and told us, the reason why there is not another build for both Vista and XP with some really neat features is that its just NOT ready. He would rather get a beta build of a working browser out rather than one that crashes
-
(3 replies)
#2 Posted by Jugalator on 30 Sep 2005 - 11:50
QUOTE all downloads and other packages are automatically dropped in the "temporary Internet files" folder
So if you want to get a secure browsing environment with IE, you can't download files into other directories?? Do you need to maintain domain whitelists and put stuff into the "Trusted Sites" security zone?? If that's true, everyone will just turn off the feature to have it as convenient as before or in other competing reasonably secure browsers.-
#2.1 Posted by markjensen on 30 Sep 2005 - 12:04
- Except that any "other competing reasonably secure browsers" will download malware just as easily, if that is what the user asks it to do. Hello, "Bonsai Buddy"!
Too bad there is no patch against user stupidity (and the inertia to keep doing things the way they did the past 5 years). -
#2.2 Posted by Echelon Left on 30 Sep 2005 - 12:08
- That doesn't make sense. If they locked all IE download destinations to one folder and one folder only, people would abandon IE in droves.
Much more likely that MS is making a "Sandbox" for the downloads to sit in while they are downloading. When the download is finished, it gets moved to wherever the user has set as his desired folder fior that type of file. So, music files end up in folder "music", text and PDFs go to documents, executable code is carted off to the "downloaded software" folder, and so on.
This is all part of the "Trusted Computing" framework that MS is insisting on building. If you know what that is, then you know that this is yet another reason to not buy Vista. -
#2.3 Posted by Richardo on 30 Sep 2005 - 13:41
- This is already how it works. When you download a file it gets downloaded into a temp folder until the download is complete. Then it is moved into the user-defined destination folder.
What they're doing here seems way too restrictive. It seems even normal users will have to use this "Compatability Mode" if they want to download wallpaper, for instance.
-
#3 Posted by mr_demilord on 30 Sep 2005 - 12:09
- I wonder if hackers finds a bug, if they keep it for theirself instead of giving MS feedback.
And exploit the bug if IE7 gets released
-
(1 reply)
#4 Posted by Colin-uk on 30 Sep 2005 - 12:29
- /me waits for the leak
-
(4 replies)
#5 Posted by Ateoto on 30 Sep 2005 - 13:38
- It would be funny if they took IE7 to a Web Developers conference. They ask for questions and the entire place just starts chanting "W3C" and "Standards"
The only good thing I see coming out of IE7 for me is I can use PNG's fully as they will finally allow PNG transparency. GIF is evil. -
#5.1 Posted by xMorpheousx416 on 30 Sep 2005 - 15:36
- ...
-
#5.2 Posted by xMorpheousx416 on 30 Sep 2005 - 15:38
-
Ya don't need IE7 to use PNG files....just to view them properly.
QUOTE In protected mode, all downloads and other packages are automatically dropped in the "temporary Internet files" folder, so malware can't be deposited on the hard disk.
I could swear that the Temp Internet Files folder IS on the hard drive.
The only secure reason I'd switch back to using IE, is if they rip it's inter-dependency on sharing OS files. -
#5.3 Posted by neufuse on 30 Sep 2005 - 15:38
- they have before, and that is not what happened... people are actually mature at those things and give good feedback to the development teams
-
#5.4 Posted by Ateoto on 30 Sep 2005 - 16:48
- At Neufuse: My original reply was more of a jest, but if I got a serious reply I'll give you my serious thoughts.
Yeah it may be that they are more mature about their feedback, but do the IE7 developers listen to it? I mean I guarentee (unless every single one develops on IIS with ASP .NET) that a fair number of them would tend to bring up standards compliance. I'm not trying to be a smart ass. I really just can't understand why they choose to play ignorant. I'm sick of adding hacks to my page just to display in IE correctly. They go on and on about how they make everything easy for the user and the developer but when they do so through proprietary technologies and monopolistic methods it makes it a living hell for anyone not willing to shell out the money for their products and services.
-
#6 Posted by McLuke on 30 Sep 2005 - 16:17
- Strange feature...
I donn't see any point of restricting all downloaded files in any temporary folder, if those malware could be executed...
-
#7 Posted by nicedreams on 30 Sep 2005 - 21:58
- Isn't most malware downloaded and then the USER installs the program and then that program opens the door to other programs?
At the Hack in the Box Security Conference in Kuala Lumpur, Malaysia, Microsoft showed the latest build of IE7 Beta 2 to attendees to try and gain feedback. "People had a lot of good suggestions, and asked a lot of good questions," said Tony Chor, group program manager at Microsoft's Internet Explorer team.
The Beta 2 version of IE7, currently under internal dogfood testing at Microsoft, will likely be ready by the end of the year, said Chor.
One new feature on the Web browser is it runs in higher security "Protected Mode" by default, set at a lower user privilege. Similar to UAP in Longhorn. In protected mode, all downloads and other packages are automatically dropped in the "temporary Internet files" folder, so malware can't be deposited on the hard disk. Windows treat the files as dangerous and they're given no privileges to move about.
Microsoft will license its "Protected Mode" innovation to other developers for free to help spread its use, and increase security, said Chor.
For businesses, Microsoft added a "Compatibility Mode" that works when a person is using the company's intranet and allows them to drop files wherever they want to on their PCs.
Changelog for version 2.5:
- Added: you can now specify program categories for the Hot Launch Menu. Each category is displayed in the Hot Launch Menu as a separate submenu
- Now you can specify the "Stay On Top" property dynamically from the Advanced Task Switcher for all currently running programs
- Each program can be started from the Hot Launch Menu with the set property "Stay On Top"
- Added: a capability to shut down or restart the PC from the program's tray menu icon and from the Advanced Task Switcher
Task Commander version 2.5 is fully compatible with Windows 98, Windows ME, Windows 2000, Windows 2003 and Windows XP.