Print 84 comment(s) - last by Shadowmaster62.. on Oct 15 at 4:27 PM

Microsoft makes its IE7 browser available to a wider audience

In a surprise move, Microsoft has issued a new build of Internet Explorer 7 (IE7) to customers that can be installed on any machine running Windows XP or Windows Server 2003 -- IE7 is already included in Windows Vista operating systems.

IE7 was previously reserved for customers using genuine copies of Windows-based operating systems and was protected by Microsoft's Windows Genuine Advantage (WGA) validation software.

"Because Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, we’re updating the IE7 installation experience to make it available as broadly as possible to all Windows users," remarked IE7 program manager Steve Reynolds on the IE Blog. "With today’s 'Installation and Availability Update,' Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users."

Microsoft is likely using this move to makes IE7 available to the broadest range of customers worldwide. Mozilla's Firefox browser has gained a lot of traction recently, and this move would give Microsoft some additional ammunition.

In addition to the removal of WGA, the latest version of IE7 brings updates to the menu bar, online tour and a new MSI installer for IT administrators.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: I guess MS is afraid of...
By mechBgon on 10/6/2007 9:52:05 PM , Rating: 3
And just because you execute a process using a non-privileged account, doesn't mean that it can't do a lot of damage with files that it can access (say your pictures, your documents, your music, etc).

I completely agree, and this is one reason I also suggest using a disallowed-by-default Software Restriction Policy for verisons of Windows that support SRP ( ), as well as risk avoidance to the extent that's practical, elimination of attack surface where practical, and some other good practices.

Seriously though, please don't try and diffuse the fact that MSIE is a bloated browser (IE7 in particular, even though it works much better with higher amounts of resident memory than IE6), and it doesn't really any additional functionality with all its bloat.

In an era where some PC games can push the 2GB mark, it appears to me that most modern computers can handle either version of IE pretty well. As for functionality, I can think of several functional advances in IE7, some of which I use a lot, some of which I don't.

Some food for thought:
- Mozilla browsers are closer to Javascript / W3 to being compliant than MSIE (even though IE7 which was lauded as MS's first attempt to become W3 compliant -- still not even close).
- Add-on's and extensions give you a much easier hold on adding features to your browser, instead of having to add a bunch of 3rd party plugins, sometimes from untrusted sources, in order to get functionality.
- If you build it (HTML, content) for Mozilla browsers, it'll reach a wider audience of users than IE will with MS's proprietary ActiveX and Javascript bindings.
- ActiveX, WScript, and some other portions of the MS scripting 'experience' expose a greater number of gateways for a cracker to access into your machine with. This includes file access, amongst many other facilities. Mozilla browsers (and other browsers such as Opera, etc even) don't have this 'functionality' because they're generic and don't want to support it across multiple platforms / OSes. However, I find it to be a strong security point that they don't have these possible security holes like MSIE does with the script setup.

Given the exploits I see used via both IE and FireFox at some malicious sites, the bad guys seem to be moving away from simply exploiting the browser itself on Windows systems. As for ActiveX, the opt-in feature of IE7 is a timely improvement over IE6 and gives a buffer against scripted attacks via ActiveX. Whether IE is the user's daily-driver browser or not, they stand to benefit from updating from IE6 to IE7, and that is the message to take to the bank here.

Or just run a Unix-based OS because if you don't run as root, you get the same thing, and you don't have to worry about annoying Vista features like UAC ;).

For those who are interested in that option, hit our Operating Systems forum where we have a stickied thread to help you out, as well as some helpful *nix dudes :) But for many folks, the more realistic option is to get up-to-speed on their Windows security.

MVP, Windows Shell/User

"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton
Related Articles
Firefox Hits 400 Million Downloads
September 10, 2007, 3:29 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki