backtop


Print 84 comment(s) - last by Shadowmaster62.. on Oct 15 at 4:27 PM

Microsoft makes its IE7 browser available to a wider audience

In a surprise move, Microsoft has issued a new build of Internet Explorer 7 (IE7) to customers that can be installed on any machine running Windows XP or Windows Server 2003 -- IE7 is already included in Windows Vista operating systems.

IE7 was previously reserved for customers using genuine copies of Windows-based operating systems and was protected by Microsoft's Windows Genuine Advantage (WGA) validation software.

"Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we’re updating the IE7 installation experience to make it available as broadly as possible to all Windows users," remarked IE7 program manager Steve Reynolds on the IE Blog. "With today’s 'Installation and Availability Update,' Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users."

Microsoft is likely using this move to makes IE7 available to the broadest range of customers worldwide. Mozilla's Firefox browser has gained a lot of traction recently, and this move would give Microsoft some additional ammunition.

In addition to the removal of WGA, the latest version of IE7 brings updates to the menu bar, online tour and a new MSI installer for IT administrators.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: I guess MS is afraid of...
By mechBgon on 10/5/2007 8:08:25 PM , Rating: 3
quote:
The best security improvement over IE6 is to simply not use it anyways.


Actually, the best security improvement is to stop running your browsers, ANY browsers, with Admin-level privileges.

http://www.mechbgon.com/build/Limited.html

But if IE is invoked by malware, then that's where you may benefit from having IE7 rather than IE6 even if you don't normally use IE at all. Case in point, if you're interested:

http://www.eweek.com/article2/0,1759,2185307,00.as...

Speaking as someone who does a bit of security research ;) I suggest getting IE7 even if you don't plan to use it yourself. Also vet your rig for security vulnerabilities using Secunia's Personal Software Inspector:

https://psi.secunia.com

MVP, Windows Shell/User


RE: I guess MS is afraid of...
By yaneurabeya on 10/6/2007 2:32:08 PM , Rating: 2
quote:
Actually, the best security improvement is to stop running your browsers, ANY browsers, with Admin-level privileges.


Actually, the best thing to do is if you are so concerned about security is to unplug your computer from whatever network you're using, and don't allow physical access to it. No matter what OS you use, no matter what method you use to access the network, you are imposing a degree of security risk upon the machine by just being connected. End of Story.

And just because you execute a process using a non-privileged account, doesn't mean that it can't do a lot of damage with files that it can access (say your pictures, your documents, your music, etc).

Seriously though, please don't try and diffuse the fact that MSIE is a bloated browser (IE7 in particular, even though it works much better with higher amounts of resident memory than IE6), and it doesn't really any additional functionality with all its bloat.

The only reason why the Mozilla browsers are so slow is because they have the XUL engine powering the themes and add-ons, whereas IE6 requires third-party plug-ins and hacked themes to work.

Some food for thought:
- Mozilla browsers are closer to Javascript / W3 to being compliant than MSIE (even though IE7 which was lauded as MS's first attempt to become W3 compliant -- still not even close).
- Add-on's and extensions give you a much easier hold on adding features to your browser, instead of having to add a bunch of 3rd party plugins, sometimes from untrusted sources, in order to get functionality.
- If you build it (HTML, content) for Mozilla browsers, it'll reach a wider audience of users than IE will with MS's proprietary ActiveX and Javascript bindings.
- ActiveX, WScript, and some other portions of the MS scripting 'experience' expose a greater number of gateways for a cracker to access into your machine with. This includes file access, amongst many other facilities. Mozilla browsers (and other browsers such as Opera, etc even) don't have this 'functionality' because they're generic and don't want to support it across multiple platforms / OSes. However, I find it to be a strong security point that they don't have these possible security holes like MSIE does with the script setup.

quote:
Speaking as someone who does a bit of security research ;) I suggest getting IE7 even if you don't plan to use it yourself. Also vet your rig for security vulnerabilities using Secunia's Personal Software Inspector:


Or just run a Unix-based OS because if you don't run as root, you get the same thing, and you don't have to worry about annoying Vista features like UAC ;)..

-Garrett
http://wiki.freebsd.org/GarrettCooper


RE: I guess MS is afraid of...
By mechBgon on 10/6/2007 9:52:05 PM , Rating: 3
quote:
And just because you execute a process using a non-privileged account, doesn't mean that it can't do a lot of damage with files that it can access (say your pictures, your documents, your music, etc).


I completely agree, and this is one reason I also suggest using a disallowed-by-default Software Restriction Policy for verisons of Windows that support SRP (http://www.mechbgon.com/srp/index.html ), as well as risk avoidance to the extent that's practical, elimination of attack surface where practical, and some other good practices.

quote:
Seriously though, please don't try and diffuse the fact that MSIE is a bloated browser (IE7 in particular, even though it works much better with higher amounts of resident memory than IE6), and it doesn't really any additional functionality with all its bloat.


In an era where some PC games can push the 2GB mark, it appears to me that most modern computers can handle either version of IE pretty well. As for functionality, I can think of several functional advances in IE7, some of which I use a lot, some of which I don't.

quote:
Some food for thought:
- Mozilla browsers are closer to Javascript / W3 to being compliant than MSIE (even though IE7 which was lauded as MS's first attempt to become W3 compliant -- still not even close).
- Add-on's and extensions give you a much easier hold on adding features to your browser, instead of having to add a bunch of 3rd party plugins, sometimes from untrusted sources, in order to get functionality.
- If you build it (HTML, content) for Mozilla browsers, it'll reach a wider audience of users than IE will with MS's proprietary ActiveX and Javascript bindings.
- ActiveX, WScript, and some other portions of the MS scripting 'experience' expose a greater number of gateways for a cracker to access into your machine with. This includes file access, amongst many other facilities. Mozilla browsers (and other browsers such as Opera, etc even) don't have this 'functionality' because they're generic and don't want to support it across multiple platforms / OSes. However, I find it to be a strong security point that they don't have these possible security holes like MSIE does with the script setup.


Given the exploits I see used via both IE and FireFox at some malicious sites, the bad guys seem to be moving away from simply exploiting the browser itself on Windows systems. As for ActiveX, the opt-in feature of IE7 is a timely improvement over IE6 and gives a buffer against scripted attacks via ActiveX. Whether IE is the user's daily-driver browser or not, they stand to benefit from updating from IE6 to IE7, and that is the message to take to the bank here.

quote:
Or just run a Unix-based OS because if you don't run as root, you get the same thing, and you don't have to worry about annoying Vista features like UAC ;).


For those who are interested in that option, hit our Operating Systems forum where we have a stickied thread to help you out, as well as some helpful *nix dudes :) But for many folks, the more realistic option is to get up-to-speed on their Windows security.

MVP, Windows Shell/User


RE: I guess MS is afraid of...
By Christopher1 on 10/7/2007 2:09:42 PM , Rating: 2
IE7 BLOATED? What world are you living in? The installation takes up about 20MB's, less than Mozilla Minefield's 30-35MB's.

IE7 is not bloated in any way, shape or form.


RE: I guess MS is afraid of...
By Blight AC on 10/8/2007 8:51:11 AM , Rating: 2
The problem with IE7 for some IT departments is support by third party vendors for web based applications. Some of our web based apps do not like running in IE7, and getting the vendors off their arses to support it... well, some just don't and others are real slow about it.


“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads

Related Articles
Firefox Hits 400 Million Downloads
September 10, 2007, 3:29 PM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki