Windows IT Pro UPDATE--Is IE Finally Safe?--May 9, 2006

Subscribe to Windows IT Pro:


Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertiser's Web sites and show your support for Windows IT Pro UPDATE.

Argent Software




1. Commentary
- Is IE Finally Safe?

2. Hot Off the Press
- Microsoft Ships Vista Beta 2 Preview to Testers

3. Networking Perspectives
- Server Virtualization Basics

4. Peer to Peer
- Featured Thread: No DNS over VPN
- Tip: What is Microsoft System Center?

5. New and Improved
- Protect Against Internal Threats

==== Sponsor: Argent Software ====

NETWORK TESTING LABS COMPARES ARGENT TO MOM 2005 Network Testing Labs, one of the world's leading independent research companies, concluded that "Argent's suite had a smaller footprint, was more scalable, supported more platforms, had a more responsive and intuitive user interface and gave us more useful reports," the report says. "Argent's suite of monitoring products emerged from our testing with flying colors."

Download this FREE Comparison Paper now:


==== 1. Commentary: Is IE Finally Safe? ====
by Paul Thurrott, News Editor, [email protected]

It's gut-check time. Tonight, I'm going to give a talk about Microsoft Internet Explorer (IE) 7.0 to a local user group, and I'm not sure how to handle this. I've almost made a career out of complaining about the many problems IE has caused over the past decade. But with IE 7.0, it seems, Microsoft finally got it right.

If you're having trouble with that assessment, you can now test IE 7.0 for yourself: Microsoft shipped the Beta 2 version of the product recently, and it's pretty solid. So solid, in fact, that the company is providing free phone support to Beta 2 users. It will also support upgrading systems from IE 7.0 Beta 2 to the final version, which is due late this year.

Support issues aside, IE 7.0 Beta 2 is interesting on several levels. In my mind, there have always been two major concerns with IE: functionality and security. With IE 7.0, Microsoft mostly addresses both of these quite nicely. It picks up the tabbed browsing and integrated search functionality that other browsers have offered for years and adds unique new features such as a Quick Tabs view that visually lays out the open browser windows in a graphical grid, and new printing functionality that's surprisingly first rate. (Anyone who has tried to print from IE can tell you what a miserable experience that is.)

IE 7.0 also picks up a new, Windows Vista-inspired UI, which doesn't work tremendously well in non-Vista OSs such as Windows XP and Windows Server 2003. Unlike the simple clarity of the Mozilla Firefox toolbar, in which the Back, Forward, Refresh, Stop, and Home buttons are all laid out logically to the left of the Address Bar, Microsoft chose to scatter these often-used buttons to the wind. Back and Forward are in the customary spot, but Refresh and Stop are incongruously to the right of the Address Bar. The frequently used Home button is even more poorly positioned in the second row of UI controls in an area called the Command Bar. So much for simplicity.

With regards to security, Microsoft finally seems to have solved most of IE's ills, though I should note that the approach is similar to that of User Account Protection (UAP) in Vista: security as an afterthought. After years of letting IE compromise system after system, I'm happy to see Microsoft finally brought under control. But the features seem tacked onto an otherwise insecure product. I hope it holds up under the scrutiny of the many hackers who will continue targeting IE.

Here's what I mean. IE's use as an attack vector has generally centered around its support for ActiveX, the insecure helper application technology that Microsoft derived from COM back in the mid-1990s. Firefox is more secure than IE for two reasons: One, it's less-frequently used (and thus less likely to be attacked). Two, Firefox doesn't support ActiveX. In the version of IE 6.0 that shipped with XP Service Pack 2 (SP2), Microsoft added a few valuable features: Pop-up ad blocking, a way to prevent so-called drive-by software downloads, and the Manage Add-ons interface, which helps users disable ActiveX controls and other browser plug-ins. Not surprisingly, two of those three features are aimed directly at ActiveX abuse.

IE 7.0 has many more new security features. A feature called ActiveX Opt-In automatically disables any ActiveX controls that the user hasn't explicitly enabled for use on the Web. Thus, it helps protect your system even against controls that were already on the hard disk when IE 7.0 was installed. IE 7.0 also includes protection against cross-domain scripting attacks and phishing sites (though, sadly, that feature is optional), and the Manage Add-ons interface has been updated to allow for uninstalling certain ActiveX controls. This all seems like a worthy if dubious attempt at righting the wrongs of the past.

IE 7.0 will be more secure on Vista. There, a unique feature called IE Protected Mode ensures that IE 7.0 always runs in lower security privileges than even a standard user account, regardless of the privileges of the user. Thus, while it's possible for the user to manually change IE settings via the application's UI, it's not possible for these changes to be made programmatically or via a Web download.

From an administrative standpoint, IE 7.0 is more configurable than ever before. All its new features--including the valuable phishing filter--are fully managed via Group Policy, and customization can occur, as before, via an IE Administration Kit (IEAK).

In the past few weeks of using IE 7.0, I've run into several compatibility issues, which is reason enough for you to begin evaluating the product with your own Web applications. I've also missed a few features I take for granted in Firefox, such as the inline search feature and download manager. But it's clear that IE 7.0 has basically reached functional equality with Firefox. The only question is whether Microsoft's security add-ons stand the test of time.

I don't think friends should let friends use IE, but IE 7.0 changes the equation. What's your take? Is your business ready for a new browser?


==== Sponsor: Thawte ====

Secure Your Online Data Transfer with SSL Increase your customers' confidence and your business by securely collecting sensitive information online. In this free white paper you'll learn about the various applications of SSL certificates and their appropriate deployment, along with details of how to test SSL on your web server.


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

Microsoft Ships Vista Beta 2 Preview to Testers
Several beta testers reported to me early Saturday morning that Microsoft had issued 32-bit and 64-bit versions of Windows Vista build 5381.1, which is a preview of the Beta 2 version of Vista the company intends to ship later this month to millions of testers. I first reported that Microsoft would ship a variant of build 5381 as Beta 2 earlier this week when rumors surfaced that the software giant would delay Vista further into 2007. Read the complete story at the following URL:

==== 3. Networking Perspectives ====
by Alan Sugano, [email protected]

Server Virtualization Basics
Discover the benefits of using virtualization in your test--and production--environments.

==== Events and Resources ====
(A complete Web and live events directory brought to you by Windows IT Pro: )

Hands-on Windows OS Internals & Advanced Troubleshooting by Russinovich and Solomon
Mark Russinovich and David Solomon present their hands-on Windows internals and advanced troubleshooting class, featuring the Sysinternals tools in London (June 26-30), San Francisco (Sep 18-22), and Austin (Dec 11-15). Topics include crash dump analysis, internals of processes and threads, memory management, security, I/O, and the boot process. Updated for Vista!

Make sure that your DR systems are up to the challenge of a real natural disaster by learning from messaging survivors of Hurricanes Katrina and Rita. On-Demand Web Seminar

Take an up-to-date look at secure, remote access to corporate applications and stay ahead of the curve when making decisions about near- and long-term IT infrastructure. Live Event: Tuesday, May 16

Learn about the advantages for each alternative to traditional file servers and tape storage solutions, and make the best choice for your enterprise needs. On-Demand Web Seminar

How will compliance regulations affect your IT infrastructure? Help design your retention and retrieval, privacy, and security policies to make sure that your organization is compliant.

==== Featured White Paper ====

Your Guide to Exchange 2003 High Availability

Many things can affect your messaging system's availability, including component failure, power outages, operator errors, and natural disasters. This FREE white paper will help you plan and implement reliable strategies to maintain highly available Exchange Server 2003 messaging systems. Download it today!

~~~~ Hot Spot: ~~~~

Combat phishing and pharming with complete protection against complex internet threats by filtering at multiple points on the gateway, network, and endpoints.

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows IT Pro's nonscientific Instant Poll for the question, "What are your vacation plans for this summer?" Here are the results from the 374 votes:
- 23% Taking 1 week
- 30% Taking 2 weeks
- 22% Taking 3 weeks
- 21% Not taking any time off
- 3% Taking my work to the beach

(Deviations from 100 percent are due to rounding error.)

New Instant Poll
The next Instant Poll question is, "Have you tested IE 7.0 Beta 2?" Go to the Windows IT Pro home page and submit your vote for a) Yes, and I loved it, b) Yes, and it seems to work fine, c) Yes, but I didn't like it, d) No, but I plan to test it soon, or e) No, and I have no plans to test it.

==== 4. Peer to Peer ====

Featured Thread: No DNS over VPN
A forum reader is having trouble with DNS over VPN. Users have no problems accessing files located on network shares from within the office, but they can't access the files via VPN. Read more and join the discussion at the following URL:

Tip: What is Microsoft System Center?
by John Savill,

Find the answer at the following URL:

==== Announcements ====
(A complete Web and live events directory brought to you by Windows IT Pro: )

Access to 26,000 IT Articles
Become a VIP subscriber and get continuous, inside access to ALL content published in Windows IT Pro. SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions. and Windows IT Security newsletters. That's more than 26,000 articles at your fingertips. You'll also get a valuable one-year print subscription to Windows IT Pro and biannual VIP CDs that contain the entire article database. Order now:

May Exclusive--Get $100 off the Windows IT Security Newsletter
For a limited time, order the Windows IT Security newsletter and SAVE up to $100! In addition to 12 helpful issues loaded with solutions you won't find anywhere else, you'll get FREE access to the entire Windows IT Security online article database. Subscribe now:

==== 5. New and Improved ====
by Blake Eno, [email protected]

Protect Against Internal Threats
Nowell announced updates to its flagship product, SpyForce-AI 2. SpyForce is an anomaly-detection, multifactor authentication solution that targets organizations' internal threats. With this release, SpyForce can be configured to selectively monitor different types of anomalies in user accounts. Additionally, the product supports Windows Server 2003 Terminal Services, which allows SpyForce to secure Windows users concurrently logged into an instance of Windows Terminal Server. Additional updates include an improved GUI and an enhanced anomaly-detection engine. Pricing for SpyForce starts at $199.99. For more information, contact Nowell at 512-469-9779.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected]

==== Contact Us ====

About the newsletter -- lett[email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!

Manage Your Account You are subscribed as %%$email%%

You are receiving this email message because you subscribed to this newsletter on our Web site. To unsubscribe, click the unsubscribe link:

View the Windows IT Pro Privacy policy at Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.