Microsoft Short on Specifics to IE Questions

By Matthew Hicks  |  Posted 2004-07-08 Email Print this article Print
 
 
 
 
 
 
 

WEBINAR: Event Date: Tues, December 5, 2017 at 1:00 p.m. ET/10:00 a.m. PT

How Real-World Numbers Make the Case for SSDs in the Data Center REGISTER >

As a series of exploits draws scrutiny of the browser, Microsoft responds to users' questions about its plans during an online chat.

Internet Explorer users continued to hammer Microsoft with questions about the Web browser's security during an online discussion Thursday, but they also sought answers about IE's future support for Web standards and new features.

The Redmond, Wash., software maker hosted a public chat with IE's product and development team on its Windows XP Expert Zone Community site. Another chat is planned for Aug. 12.

Microsoft's browser has come under attack in recent weeks for security issues, leading to increased calls that users consider alternative browsers to protect themselves from exploits.

Security researchers also have noted that all browsers have had security vulnerabilities, though IE has had more reported issues.

Mozilla is facing a security flaw that could open its Windows browsers to attack. Click here to read more.

Security remained a dominant concern during the online chat, and Microsoft continued to promise improvements in IE security in Service Pack 2 (SP2) of Windows XP, due out this summer.

Some of the 100-odd participants on the one-hour Web chat repeatedly asked the IE team to pinpoint when they could expect a cumulative patch for the browser and about whether they should continue to run IE. Microsoft last week released an early fix for the Download.Ject exploit but has promised a more comprehensive fix.

Click here to read about how security researchers are pointing to another IE security exploit similar to Download.Ject.

Responding to a question about the timing for a full IE patch, an IE team member offered no new details and referred users to Microsoft's information page on Download.Ject.

"I can't offer a specific date," wrote Dean Hachamovitch, who heads the IE team. "We have people working around the clock on it."

Also asked about the recommendation last month from CERT (the U.S. Computer Emergency Readiness Team) that users consider switching browsers as one way to avoid IE security issues, Hachamovitch deflected the question.

"What claim can you make that we should continue to support IE in terms of our user base?" an anonymous participant asked.

"I'm not sure who your user base is and what you mean by 'continue to support IE,'" Hachamovitch responded. "Can you clarify?"

Next Page: Is it time to say good-bye to ActiveX?

Users also wanted to know how Microsoft plans to keep IE secure even after SP2 and before a new version of the browser is included within the next Windows release, code-named Longhorn. An IE manager responded that Microsoft would issue other security patches, if needed, but that much of the security fixes in SP2 help control the behavior of ActiveX.

Active scripting and ActiveX controls have been cited as major methods for opening IE to security holes. They were the focus of a range of questions, including one wondering whether Microsoft has considered abandoning ActiveX technology altogether because it is "a source of bugs."

"ActiveX often receives much criticism, but I do not believe it is true that it is the source of bugs," responded Dave Massy, who recently rejoined the IE team as a program manager.

"In XP SP2, we have done much to reduce the opportunity for inadvertently installing software. It is true that a great many crash coming into Microsoft from third-party extensions to Internet Explorer, and in SP2 we have improved the mechanism to identify the culprits and inform them so they can improve their software."

Beyond security, though, users honed in on their desire for more support for Web standards in IE. Multiple participants asked about Microsoft's plans to extend support for CSS (cascading style sheets) to newer standards, such as CSS2 and CSS3.

IE 6 supports CSS1, and Massy said Microsoft is considering support for CSS 2.1 as well as other CSS recommendations before the W3C (World Wide Web Consortium). He also noted that no browser fully supports CSS2.

"We are looking at all CSS recommendations and are taking in ALL the feedback we are receiving regarding standards support," he wrote. "As I have said before, we can't make any definitive commitment at this time, but I can assure you we are taking these issues very seriously."

Microsoft has tied the Web browser ever closer to the Windows operating system, and officials repeated that most major enhancements to the browser are likely to come with the Longhorn Windows release.

Asked about whether users should expect an IE Version 7, an IE manager reiterated that "IE is a component of Windows and our primary ship vehicle is releases of Windows."

Microsoft has faced criticism for lagging behind in adding new features to the browser. IE has not had a major overhaul since releasing Version 6 in fall 2001. With SP2, the blocking of pop-up ads is one of the biggest new features being added to IE, though other browsers already have that feature.

Among the most requested features during Thursday's chat were tabbed browsing and support for reading RSS (Really Simple Syndication) feeds in the browser. The IE team said it is considering those features, among others, but would not commit to when, or if, they would be included in the browser.

The major alternative browsers from the Mozilla Foundation, Opera Software ASA and Apple Computer Inc. all have tabbed browsing, which allows users to open multiple Web pages within the same browser window. Opera also has added RSS support, and Apple and Mozilla have said they will add it in upcoming releases.

Mary Jo Foley of Microsoft Watch contributed to this report.

Check out eWEEK.com's Enterprise Applications Center at http://enterpriseapps.eweek.com for the latest news, reviews and analysis about productivity and business solutions.

Be sure to add our eWEEK.com enterprise applications news feed to your RSS newsreader or My Yahoo page

 
 
 
 
Matthew Hicks As an online reporter for eWEEK.com, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for eWEEK.com. Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.
 
 
 
 
 
























 
 
 
 
 
 

Submit a Comment

Loading Comments...
























 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date