Problems with IE7?
p2pnet.net News:- “We heard you,” shouts Microsoft. “You wanted it easier and more secure.”
‘It’ is the new release of IE7, Internet Explorer 7. And already there’s a report of a vulnerability, “which can be exploited by malicious people to disclose potentially sensitive information”.
The assertion comes from Secunia which says it’s, “confirmed the vulnerability on a fully patched system with Internet Explorer 7.0 and Microsoft Windows XP SP2″ and that, “Other versions may also be affected.”
Is it a problem for you? To find out, Secunia suggests, “Please use the test below, to see an example of how this vulnerability can be exploited, and also to determine whether or not your browser is vulnerable.”
The test is based on Proof of Concept code by codedreamer, it says, stating it will, “try to read content from http://news.google.com/ in the context of your browser”.
So we launched our version of IE, 60.2900.2180.xpsp_sp2_gdr.050301-1519. and got:
Your browser is vulnerable! The test retrieved content from news.google.com in the context of your browser.
This actually means that if you were logged into your bank account, any web site you are visiting would be able to retrieve confidential data from your bank. This could also be used to retrieve personal settings entered on sites like eBay or Paypal.
There are so many security problems with Microsoft’s IE7 browser that it now routinely and regularly releases what it calls ‘updates’ – fixes, in other words – many of which are supposed to repair security gaps of critical importance.
What’s the answer for people who are worried that using it will open them to potentially deadly security problems? Don’t use it. Get another web browser such as Firefox or Opera. Or switch systems altogether and use Linux, or even Apple.
But Ars Technica isn’t terribly impressed, calling the report “inaccurate”.
“The knee-jerk reaction to the flaw was one big cry of ’see, it’s not so secure after all’, but Microsoft quickly responded with an investigation into the problem only to find that Outlook Express was the true culprit,” says the story, going on:
“Here’s what one Microsoft researcher had to say: ‘These reports (on the vulnerability) are technically inaccurate: the issue concerned in these reports is not in Internet Explorer 7 (or any other version) at all. Rather, it is in a different Windows component, specifically a component in Outlook Express. While these reports use Internet Explorer as a vector the vulnerability itself is in Outlook Express’.”
Besides being exploitable in IE7, the vulnerability also exists in IE6, Ars Technica points out, “and has for a while. Is this just a case of poor timing? Secunia’s IE6 version of the flaw was released April 27, 2006, but the IE7 version was released today; one day after the browsers debut. Could it be that researchers wanted to wait to test for the vulnerability’s existence on a non-beta release of the browser, or could this be something along the lines of an anti-Microsoft conspiracy?”
Meanwhile, IE is still the dominant browser, ‘updated’ to include tabbed browsing which lets uses open more than one page in a single window, originally introduced by Opera and Firefox.
But its power is waning, and fast, and IE 7 will only work with the latest version of Windows XP.
Moreover, emphasises TechMonster, “Some features, including a control that stops web sites from changing the settings on users’ computers, will only work in conjunction with Windows Vista, the new operating system that will become available to consumers in January.”
And, “Windows XP Service Pack (SP 3), which Microsoft officials said in January to expect in the latter half of 2007, now has slipped into 2008,” says ZDNet, adding:
“Microsoft delivered the last service pack update for XP, Windows XP SP2 (which was actually more of a whole new version of Windows than it was a typical service pack) in August of 2004.
“And that’s not all that’s slipping: Windows Server 2003 SP 2, until recently due out in the second half of 2006, is now slated for Q1 2007. Microsoft released SP1 for Windows Server 2003 in March, 2005.”
Download IE7 here.
Also See:
Secunia – Internet Explorer 7 “mhtml:” Redirection Information Disclosure, October 19, 2006
Ars Technica – Microsoft: IE7 vulnerability reports are inaccurate, October 19, 2006
TechMonster – Microsoft’s new Internet Explorer 7 – too little too late, October 17, 2006
ZDNet – Windows XP SP3 delayed to 2008, October 19, 2006
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php
October 21st, 2006 at 12:55 pm
Welcome to the next round of the browser wars. Microsoft just released Internet Explorer 7 for Windows XP SP2. Another day, another under-whelming product from the minds at Microsoft. I know I wonder constantly, “what the heck are they thinking?”.
Internet Explorer is another reactive (as opposed to proactive) move by Microsoft brought about solely because another company is threatening part of their monopoly. Is there any doubt that IE7 was a knee jerk reaction to Mozilla’s Firefox & Opera’s web browsers stealing significant market share?
Because they are constantly in reactive (can you say crisis?) mode these days, the results are very predictable. Microsoft’s latest reincarnation of Internet Explorer catches up to Firefox & Opera on some features, falls short on others, and in general offers nothing that the others don’t. And let’s not forget that Firefox 2 is scheduled for release shortly and that Firefox 3 is already under development.
Here are some random snippets on the web regarding IE7.
IE 7 is an attempt by Microsoft to catch rival browsers as it includes features that have long been seen in competitors such as Firefox and Opera.
Internet Explorer 7 is a solid upgrade, but it’s disappointing that after five years, the best Microsoft could do was to mostly catch up to smaller competitors.
IE 7 was Microsoft’s one chance to leapfrog ahead of the competition, but the company has only barely caught sight of the current front-runners. For more features and greater security, switch to Mozilla Firefox.
I did find one website that referred to IE7 as a “Radically new Internet Explorer”. Compared to IE6, definitely. Compared to Firefox or Opera, hardly. And considering IE6’s track record, how hard was it to be “radically different”? I own a Toyota, which is radically different than the domestic vehicles I’ve owned in the past. Toyota, Firefox/Opera. Domestic, Microsoft.
The choice is yours. You can enable Microsoft to keep dumping average software on us, or you can vote with your hard earned mind share.
I’m Guessing ©2006
October 22nd, 2006 at 12:31 am
Im sticking with Bill and Team. People that spend thier lives trying to find holes in a program are very very boring people
murray m
October 22nd, 2006 at 8:03 pm
Well said, Murray M. Switch to a Mac and then you won’t have to bash Bill and the boys anymore.
Dale Q.
March 17th, 2008 at 4:55 pm
The one thing I can say about IE7 is that with a fully updated computer with XP Pro that IE7 sucks it down and then major problems occur. Browser not opening and system shutdowns. systems slowing right down to a crawl that allows you to make a pot of coffee and a sandwich while the browser is still trying to open up the site you requested. I have come accross 7 of these systems already and have had to redo them since once IE7 is loaded you can only partially remove the program the rest of it sits there in limbo waiting for a chance to submerge your system into the watery depths of no return. I will try IE8 and see what happens but everyone I talk to I tell them to avoid IE7 unless they want me to redo their system. This is just my opinion and not nessessarily those of other respondants on this site. LOL
Phil W.
June 12th, 2008 at 5:35 am
I have IE7 and it’s horrible … Phil is right when he says it is very slow ! OMG slow is not the word. I wish I knew how to remove it and get rid of IE forever . I have Firefox and it still loads fast .