Avast WEBforum
Other => General Topics => Topic started by: Sojourner on February 16, 2005, 02:14:28 AM
-
Security concerns prompt early release of IE7
By John Leyden
Published Tuesday 15th February 2005 19:17 GMT
RSA Information security concerns have prompted Microsoft to release a new version of Internet Explorer before its next version of Windows ships. Contrary to previous plans, Microsoft will release IE7 as a beta from "early summer" 2005. Longhorn, the next iteration of Windows, is due late next year.
Microsoft chairman Bill Gates today said IE7 will offer Windows XP SP2 advances in defending against phishing and malware but failed to go into any details. IE7 will also be included in Longhorn but its availability on other platforms remains unclear.
In a keynote address at the RSA Conference in San Francisco, Gates singled out spyware and social engineering such as phishing and spyware attacks as the "fastest growing challenge".
"There's no exploit involved," he said. "Social engineering attacks take the privilege of a user and fool them into running code they don't want to run."
Microsoft has decided to make its Windows Anti-Spyware, released as a beta earlier this year and downloaded by 5m users, available at no extra charge to licensed Windows users, Gates announced. Microsoft also intends to introduce a consumer-focused anti-virus product by the end of the year.
From
The Register
-
Sojourner, Thanks for this information. Very interesting whether to some it's old news or for others it's new information. I appreciate you posting it, thanks again. :)
-
In announcing the plan, Gates acknowledged something that many outside the company had been arguing for some time--that the browser itself has become a security risk.
http://news.zdnet.com/2100-9588_22-5577263.html?tag=zdfd.newsfeed
-
I've been wanting them to get the next IE in beta for sometime, glad they will be doing that soon enough. Hopefully this IE will be a lot more stable and safer.
-
I've got one main concern about IE7: considering the way MS has been thinking, what's the odds that it'll include deliberately-engineered incompatibility with (or even disabling of) popular 3rd-party anti-malware goodies like avast and others?
We saw a lot of that with SP2, especially in its early beta days. But most of that was sloppiness on MS's part, rather than deliberate, and at least some of it has since been corrected by them, under pressure from the 3rd party developers and from users.
-
Mike BCda,
Let's think positively; I am one happy camper with all the Microsoft things I use; no problems ever with SP 2. Unless it is necessary, however, I will not upgrade to IE 7; I am happy with IE 6 and I am not looking for trouble. (How's that for positive thinking, Mike?)
-
Before making a decision about IE7, regardless if your happy with IE6, you should find out what security/functional enhancements it will contain.
However, it is not due in beta form until the summer and I too have no desire to become an MS beta tester.
I would have been far happier if this beta release was a planned roadmap release (originally it wasn't due until Longhorn was released), rather than being rushed out the door.
Regardless of what MS is stating, that this has nothing to do with the march of firefox (25 million downloads in 99 days after firefox 1.0 released), or the slating IE is getting in the IT/security media.
-
Regardless of what MS is stating, that this has nothing to do with the march of firefox (25 million downloads in 99 days after firefox 1.0 released), or the slating IE is getting in the IT/security media.
Hmmm, not clear, David; could you elaborate a bit?
-
All the security warnings, etc being reported giving the overall impression that IE is not secure. So early release to beta to perhaps counter the reports/comments 'we are doing something about it.' Not to mention try to stem the flow to firefox and other browsers.
There is a big PR push to promote the beta of IE7 by MS right now and there is still 5 months or so (summer is really undefined) until it is released to beta.
I though it was clear.
-
Well, you are saying they are fluffing the facts, afraid they are losing to firefox and trying to save their necks?
Some of us are not as Up on the computer news as others, making it difficult to discuss things intelligently --- sorry.
-
Well, you are saying they are fluffing the facts
No, facts are facts, they are losing market share in the browser arena, about 5% in the recent months and they have had a bit of a rough ride with various security bulletins, etc.
MS aren't going to say we have brought forward the IE7 beta release, because IE6 is getting canned in the media, or that they are losing market share; they say they are listening to their users. The fact remains if you release something 4-6 months early how are you able to do that without cutting corners or devoting more staff to a project that isn't going to produce any revenue. They are also dropping functions from Longhorn (the next windows OS release) in order to keep to the roadmap dates.
Even US Dept. of Homeland Security (or some such Gov body) are recommending a switch from IE.
No need to be sorry, you are only seeking information.
-
Thank you, David. That is VERY clear!
Have you tried the Slim Browser? (This may have been discussed on another thread; I'm always afraid I'm arriving on the scene after the party is over --- usually the case!)
-
I will come to your party, Sojourner. I usually am picking up the crumbs after everyone has feasted. ;D
Thanks for asking the questions and thanks to David for his explanations.
-
Well, if MS is worried who's fault is that? :) I personally don't use I.E. for reasons of my own but certaintly don't have any sympathy for MS whatever their excuses may be.
-
Since IE 7 will not be standalone, and will be an update for those using XP SP2 (if ive read things correctly).. I will not be using it myself. I only use IE these days for using Microsoft Update.. Firefox does all I need for it to do. Im using Win98SE still.. have had no real reason to upgrade to XP other then being forced eventually to do so because of lack of support :P and a broken 98SE CD lol I also just cannot see spending the amount of money it costs to upgrade to XP on 2 machines in our home when its just not something either of us "need". 98 serves us just fine, and Ill live without IE 7 :0
-
Since IE 7 will not be standalone, and will be an update for those using XP SP2 (if ive read things correctly).. I will not be using it myself. I only use IE these days for using Microsoft Update.. Firefox does all I need for it to do. Im using Win98SE still.. have had no real reason to upgrade to XP other then being forced eventually to do so because of lack of support :P and a broken 98SE CD lol I also just cannot see spending the amount of money it costs to upgrade to XP on 2 machines in our home when its just not something either of us "need". 98 serves us just fine, and Ill live without IE 7 :0
That is one of the problems with IE in general, its integration into the windows OS, so whatever gets a toe hold into IE also has a toe hold into your OS and those running XP and are running with admin privileges, it can reap havoc. That is why it is so difficult to remove some of the malware out there.
So those using XP have to keep IE up to date regardless to ensure that any security issues are updated and closed. You will also be presented with updates for IE every time you visit windows update if they are available. I don't use IE even for windows update I use Avant browser.
It is also possible, regardless of what browser you use for someone to make a call to use the IE browser, rather than the default browser (even one of avast's links pops-up IE, as has been mentioned in these forums), we simply can't ignore IE 7 when it is released (after beta testing).
Connie, I'm a great believer of if it ain't broke don't fix it, but as you are finding it becomes more difficult without support.
-
I don't use IE even for windows update I use Avant browser.
David, if you wanted you could use Firefox with the automatic windows update, although i have not set this up myself (I'm happy enough using IE for windows update), i believe it works fine.
Edited
--lee
-
Not sure how much confidence or trust in a site that have a section on Virus code.
Short extract from the Virus Code page.
We have only included source code for a small fraction of the viruses out in the wild to show you how easy it is to write one. Making public the source for viruses, will not make any impact to the huge number of viruses out there - virus writers are aware of the loop-holes and procedures used by these viruses anyway.
Responsible, I think not. So would I let them tweak firefox, to somehow allow it to run active X, - because that is the major requirement of windows update - No way.
Perhaps you should edit out the web link in your post, we don't want to make it any easier for the script kiddies, to get some code to tweak.
-
Well as far as i know that website is fine to use, but i haved edited out the link anyway just to be save ;)
--lee
-
Yeah, better safe than sorry.
-
This is some info on the avant browser:
"Full IE Compatibility: Avant Browser comes with all Internet Explorer functions, including Cookies, ActiveX Controls, Java Script, Real player and Macromedia Flash. IE bookmarks are automatically imported into Avant Browser.
Is Avant Browser a secure browser?
Yes, Avant Browser is secure. Since it's based on Internet Explorer, Avant Browser IS AS secure as Internet Explorer. "
This is directly from the Avant web site. It would obviously be susceptible to quite a few of the same exploits as IE. I especially hope you've disabled activex :)
-
Avant simply makes it easier to disable/enable active X (two mouse clicks) rather than having IE security settings at High with active X disabled.
There are many settings that make it much more flexible in changing your security settings than IE (for this reason alone, many people leave IE security settings at default levels), This makes it much easier to use, there is also a front end that differs from the IE core, this makes it IMHO more secure, even with it using the IE core.
-
I agree that the interface for changing IE security settings isn't the most user friendly and most people use default settings. I can see your point.
-
I use Win98se, and just like Connie, I've no real need to "upgrade" to XP. With all the patches, 98 works good enough for me. I can only imagine how bloated IE7 will be esp. considering it won't be a standalone. Firefox suits me just fine. It has so many neat extensions/plugins. The Firefox developers certainly have some creative talents 8)
-
I'm also still using Win 98 SE, and are quite happy to do so on My computer. The " families" comp. runs XP , (which I often wonder stands for " e-XP-erimental ) . Going from one to the other is a little disorientating, but Windows is Windows. The major issue is the Updates. W 98 SE is obviously out of date, but I'm still getting IE 6 security updates and not too many problems as Spyware Guard, Spyware Blaster, Spybot & Ad-Aware do a good job for me With Win 98 SE.
The Idea of a Beta version ; IE 7 , is a worry, as we are the guinea pigs doing the testing for Microsoft. Like with MS Beta Anti-Spyware ; which I've tested on XP, and went back to Ad-Aware Spybot, & Spyware Guard. Oh, obviously I've omitted Avast! , as that's taken for granted as an essential part of both our Home computer's. ;D
I do see a keen interest by many users towards Firefox ,and alternate browsers, and think that as stated earlier this is prompting the quick release of IE 7. Maybe I'll be one of them when IE 6 is gone and forgotten. ::)