Network News

X My Profile
View More Activity

Microsoft to Push Out IE7 as High Priority Update

Microsoft is apparently planning to ship Internet Explorer 7 out to Windows XP users as a "high priority" security update later this year, according to a company spokesperson. While the new browser version will be pushed out through Windows' Automatic Updates feature, users will still have the option not to install it.

CNet's Joris Evers reports: "IE 7 will be the first major update to Microsoft's ubiquitous Web browser in five years. Security was the No. 1 investment for the update, Microsoft has said. Critics have likened predecessor IE 6 to 'Swiss cheese' because of the many security vulnerabilities in it. A third and final beta of IE 7 was released late last month."

This is probably a positive move overall, as the majority of Windows users still browse and will continue to browse with some version of Internet Exploiter ... err, Explorer, and any security rewrite can only help them stay safer online. The new browser fixes more than 1,000 bugs and shores up some weaknesses in ActiveX. The feature was designed to help Web sites load interactive content, but spyware purveyors have used ActiveX to install their junk with abandon. IE 7 also includes tools to help users spot phishing Web sites that mimic banks and trusted e-commerce companies to steal personal and financial data.

But from where I sit, the true test of IE 7's security will be whether it comes with fewer flaws that take Microsoft a month or three to fix while the bad guys continue exploiting them to hijack Windows computers. Also, one of IE 7's most useful security features, protected mode -- a "containment wall" called that prevents the browser from installing software or changing computer settings without the user's consent -- will not be available for XP users. That feature will be reserved for users who upgrade to Windows Vista, the next version of the operating system, due in January.

The third beta of IE 7 currently is available for download for Windows XP users who have installed the bundle of security and bug fixes known as Service Pack 2. In October, Microsoft plans to end security updates for XP machines still running Service Pack 1. While we're on the subject of service packs, Microsoft says it doesn't plan to issue the next one for XP Home and XP Professional systems until the second half of 2007. That date is tentative, of course -- if Microsoft decides to further delay Vista's release, Service Pack 3 could be pushed back even further.

By Brian Krebs  |  July 27, 2006; 12:52 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Mozilla Issues Security Updates for Firefox
Next: Bot-Slaying ISP Hall of Fame

Comments

Any word on whether an "Automatic Update" installation of IE7 is as bad as the beta? For fun, I tried installing IE7 beta on a secondary PC and it required me turning off Windows Defender and getting the latest version of ZoneAlarm before it could install correctly.

Posted by: tallbear | July 27, 2006 1:41 PM | Report abuse

Yes, getting rid old, insecure, IE6 should be a "high priority". I agree with Microsoft's delivery plan.

I currently use Firefox, but as you point out, most people still use IE.

Posted by: John Johnson | July 27, 2006 1:48 PM | Report abuse

Firefox will always be better, open source forever

Posted by: Anonymous | July 27, 2006 4:12 PM | Report abuse

Firefox may be better but it is less secure than IE6. Don't believe me? Google "Firefox Myths" and see for yourself.

Posted by: rijit | July 27, 2006 4:33 PM | Report abuse

"Also, one of IE 7's most useful security features, protected mode -- a "containment wall" called that prevents the browser from installing software or changing computer settings without the user's consent -- will not be available for XP users."

Doesn't SpyBot Search & Destroy do this ?

Hasn't it been doing it for years ... ok, don't get me started.

Posted by: GTexas | July 27, 2006 4:37 PM | Report abuse

rijit: Thanks for your post. I did google "Firefox Myths" (FM) and found that website -- but also this other site that contests the points the FM site makes about Firefox: http://tinyurl.com/99kjq Not being a computer expert, it's hard for me to judge the technicalities being argued. But the overall tone of the discussion and reader comments made about the online behavior of the FM site's owner indicate that his arguments are unfairly biased against Firefox.

Posted by: Catawba | July 27, 2006 5:53 PM | Report abuse

I've been using IE6 for years, I have no problem with it. Never had a spyware, virus, nor anything else. Not once.

Nearly all of it comes pushed from malicious javascript and ActiveX anyway, along with the customary flurry of pop-ups and banner ads.

IE Zones are more than effective at removing all that bad junk and letting the good stuff through. Problem is, most users are ignorant on how to use Zones and can't even be bothered to learn how, even with their hand held.. they simply want MS to take care of it all for them.

Posted by: Anonymous | July 27, 2006 6:34 PM | Report abuse

Oh, please - Internet Zones? You must work for M$ to float such a concept.

Security should not rely on users. Security should be built into the product. This has been and continues to be what M$ doesn't get.

Posted by: Anonymous | July 27, 2006 6:41 PM | Report abuse

Microsoft has lost all the credibility in the browser market, especially among people who are tech. savvy. As a web developer, I have had to repeatedly deal with IE's non-compliance with basic web standards making designing and delivering for IE an art in itself. IE7, on the development end, fixes no compliance issues and remains annoying to use.

Posted by: Spincycle | July 27, 2006 7:26 PM | Report abuse

>>Nearly all of it comes pushed from malicious javascript and ActiveX anyway

. . . both enabled by default in the Internet zone, due to Microsoft's policy decision.
http://support.microsoft.com/kb/174360

>>Problem is, most users are ignorant on how to use Zones and can't even be bothered to learn how, even with their hand held..

For the benefit of those of you who *can* be bothered to learn how:
http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

>>they simply want MS to take care of it all for them.

Are you implying you think that's an unreasonable expectation -- especially with Microsoft's recent "born-again" claims of commitment to security?

I expect most users just want to be able to use their computers safely. Why should they remain "caught in the crossfire" between malware authors on one hand, who take advantage of (among other things) now-inadequate default security settings in IE, and OTOH a big company's inertia WRT said security settings?

Posted by: Mark Odell | July 27, 2006 9:16 PM | Report abuse

What about those of us corporate users that are still on Windows 2000?? We can't migrate all desktops to XP due to vendor support issues (yes)!

I still have vendors that only support Windows NT, and I have to stay on that till the vendor updates are available. Oh, and changing vendors isn't always practical.

Posted by: David | July 28, 2006 11:16 AM | Report abuse

Micro$oft's attempt to make the Web Micro$centric is not taking hold. The web have standards (RFC's), unlike M$ products (API), API changes with every product release. The Web was build on standards, M$ still don't get it...

Posted by: rse | July 28, 2006 11:17 AM | Report abuse

More confused than ever. This stuff is like an old British car- you're supposed to spend half your time fixing it and be happy about it.

Posted by: cdonnelly | July 28, 2006 11:49 AM | Report abuse

Funny that I keep hearing about how many IE users there are when compared to Firefox. The stats trackers for my site (www.tctheterrible.com) are showing that my Firefox visitors are only 8% less than the IE users. That could be different than the norm, but I still find it interesting.

Posted by: TC | July 28, 2006 12:46 PM | Report abuse

Ahh, IE7 will be published as an high priority security update. As a Windows 2000 user I ask, why is IE7 not available for W2K then? W2K is in the "Extended Support Phase" till 2010 and according to Microsoft this means that till then all neccesary security updates are published for W2K, too. Webstatistics say that even today about 10 to 15 percent are using W2K and they all will be punished for not updating to XP or Vista. Of course they could use Opera/Firefox browsing the web. But IE6 is fairly well integrated into W2K and other webbased software so that IE6 will remain a security risk.

Posted by: joo | July 28, 2006 2:44 PM | Report abuse

Anyone who is concerned about being "forced" to Download and Install IE 7 can prevent the Installation by using the Microsoft Internet Explorer 7 Blocker Toolkit Released Jul 26, 2006.

Download Page: http://www.microsoft.com/downloads/details.aspx?FamilyID=4516a6f7-5d44-482b-9dbd-869b4a90159c&DisplayLang=en

Posted by: Larry Thomas | July 29, 2006 1:43 AM | Report abuse

Do I have to download IE7? I am relatively happy using IE6. Most of IE6s annoyances are old hat to me now. Some of the articles and comments on IE7 only prove that there are lots of new issues with this browser that need to be addressed. I am a slightly-above average computer user. Please don't confuse me now!

Posted by: Leslie | September 27, 2006 3:46 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company