There is going to be an Internet Explorer 7 after all set for July for beta, late Summer or Fall for release. Well, well, well …. its part of the operating system, it cant be separated …. and that is one of the fundamental problems with IE. IEs use of privileged states then exposes it to hack attack and when viruses gain control over IE, that is their attack authorization avenue for more serious harm . The other major vulnerability – use of ActiveX controls was flagged as a major vulnerability in IE design way back in 1996-7. But IE and Microsofts design team waived off those cocerns and went full steam ahead. Now all users are paying for Microsofts excutive teams shortsighted decision. Geven the ravaging attacks, a secure IE is long overdue. And not just the Windows XP/SP2 version currently envisioned.
What will be interesting to see is if these security holes are gone … Dean Hachamovitch has had long enough to work on IE design such that IE7 should be coded in managed .NET VC++/CLI code – very fast and secure. But June/July beta puts it in a fast track given the latest VC++/CLI is just popping out the door. Even more serious, move to .NET potentially obsoletes a ton of older COM and ActiveX code. This will be an intro to watch closely for the technology decisions taken by Redmond.
Meanwhile the heat is definitely on. On my sites iMozilla/Gecko browsers are gaining every month and reaching from 16 to 22% usage. And at 100,000 and 750,000 hits per month these are small but robust samples of usage trends. Ohhh … sorry to even suggest that Mozillaa rise had anything to do with this upgrade. Really its customers needs that are foremost in Microsofts mind. And do they need security from the Swiss Cheese that is IE. Now that we have monthly patches and those are huge – maybe its a bit overdue.
So expect some new and possibly avuncular security mechanisms in the new IE, Kerberos based PKI, more certificates – somehow you have to attack phishers which means Outlook likely will be in on the action. Lots of speculation here. Now the other most interesting thing is what will IE7 do on standards – full CSS, JavaScript 2.0 with E4X, PNG, JPEG2000, full XHTML, SVG, XML-XQueries, Full class DOM … all are well within Microsofts capabilities because most are delivered in MS software elsewhere. Even more interesting, this is the first question raised at the Microsoft IE Blog after the announcement of IE7. Microsoft is talking big time about data integration and interoperability. Now they get to stand and deliver. Stay tuned – we will keep you posted as IE 7 emerges. Expect some surprises.
(c)JBSurveyer 2005