Internet Explorer users continued to hammer Microsoft with questions about the Web browser’s security during an online discussion Thursday, but they also sought answers about IE’s future support for Web standards and new features.
The Redmond, Wash., software maker hosted a public chat with IE’s product and development team on its Windows XP Expert Zone Community site. Another chat is planned for Aug. 12.
Microsoft’s browser has come under attack in recent weeks for security issues, leading to increased calls that users consider alternative browsers to protect themselves from exploits.
Security researchers also have noted that all browsers have had security vulnerabilities, though IE has had more reported issues.
Security remained a dominant concern during the online chat, and Microsoft continued to promise improvements in IE security in Service Pack 2 (SP2) of Windows XP, due out this summer.
Some of the 100-odd participants on the one-hour Web chat repeatedly asked the IE team to pinpoint when they could expect a cumulative patch for the browser and about whether they should continue to run IE. Microsoft last week released an early fix for the Download.Ject exploit but has promised a more comprehensive fix.
Responding to a question about the timing for a full IE patch, an IE team member offered no new details and referred users to Microsoft’s information page on Download.Ject.
“I can’t offer a specific date,” wrote Dean Hachamovitch, who heads the IE team. “We have people working around the clock on it.”
Also asked about the recommendation last month from CERT (the U.S. Computer Emergency Readiness Team) that users consider switching browsers as one way to avoid IE security issues, Hachamovitch deflected the question.
“What claim can you make that we should continue to support IE in terms of our user base?” an anonymous participant asked.
“I’m not sure who your user base is and what you mean by ‘continue to support IE,’” Hachamovitch responded. “Can you clarify?”
Next Page: Is it time to say good-bye to ActiveX?
Users also wanted to know how Microsoft plans to keep IE secure even after SP2 and before a new version of the browser is included within the next Windows release, code-named Longhorn. An IE manager responded that Microsoft would issue other security patches, if needed, but that much of the security fixes in SP2 help control the behavior of ActiveX.
Active scripting and ActiveX controls have been cited as major methods for opening IE to security holes. They were the focus of a range of questions, including one wondering whether Microsoft has considered abandoning ActiveX technology altogether because it is “a source of bugs.”
“ActiveX often receives much criticism, but I do not believe it is true that it is the source of bugs,” responded Dave Massy, who recently rejoined the IE team as a program manager.
“In XP SP2, we have done much to reduce the opportunity for inadvertently installing software. It is true that a great many crash coming into Microsoft from third-party extensions to Internet Explorer, and in SP2 we have improved the mechanism to identify the culprits and inform them so they can improve their software.”
Beyond security, though, users honed in on their desire for more support for Web standards in IE. Multiple participants asked about Microsoft’s plans to extend support for CSS (cascading style sheets) to newer standards, such as CSS2 and CSS3.
IE 6 supports CSS1, and Massy said Microsoft is considering support for CSS 2.1 as well as other CSS recommendations before the W3C (World Wide Web Consortium). He also noted that no browser fully supports CSS2.
“We are looking at all CSS recommendations and are taking in ALL the feedback we are receiving regarding standards support,” he wrote. “As I have said before, we can’t make any definitive commitment at this time, but I can assure you we are taking these issues very seriously.”
Microsoft has tied the Web browser ever closer to the Windows operating system, and officials repeated that most major enhancements to the browser are likely to come with the Longhorn Windows release.
Asked about whether users should expect an IE Version 7, an IE manager reiterated that “IE is a component of Windows and our primary ship vehicle is releases of Windows.”
Microsoft has faced criticism for lagging behind in adding new features to the browser. IE has not had a major overhaul since releasing Version 6 in fall 2001. With SP2, the blocking of pop-up ads is one of the biggest new features being added to IE, though other browsers already have that feature.
Among the most requested features during Thursday’s chat were tabbed browsing and support for reading RSS (Really Simple Syndication) feeds in the browser. The IE team said it is considering those features, among others, but would not commit to when, or if, they would be included in the browser.
The major alternative browsers from the Mozilla Foundation, Opera Software ASA and Apple Computer Inc. all have tabbed browsing, which allows users to open multiple Web pages within the same browser window. Opera also has added RSS support, and Apple and Mozilla have said they will add it in upcoming releases.
Mary Jo Foley of Microsoft Watch contributed to this report.