03.17.10
Internet Explorer 9 Seems Less Secure Than Predecessors; Microsoft Plays the Vapourware Game Against Rival Web Browsers
Summary: Internet Explorer 9 removes security features and lies about its standards compliance using improper benchmarks
MICROSOFT made some Internet Explorer patches available last week, only to discover that Internet Explorer is under a new wave of attacks (due to flaws which cannot be patched until next month). What did Microsoft do? To the gurus out there it advised that they apply some registry hacking. Windows is easy, eh? SJVN writes about this issue which we covered before:
A Quick IE Fix
[...]
The first one disables the peer factory class in the Windows registry. ‘Peer factory’ is used by the iepeers.dll binary program in IE 6 and 7 on Windows XP and Windows Server 2003 to call some kinds of Windows functionality from within IE. The most common way it’s used is to print from IE. The downside of this fix, as you might guess, is that it will stop IE’s print functionality from working.
Try explaining this security measure to people who are fearful of computing.
According to another new article from SJVN, Internet Explorer 9 will fix almost nothing when it comes to security. Just like when Vista 7 was planned and released, Microsoft said nearly nothing about improved security; it’s the same when it comes to Internet Explorer.
While Microsoft seems focused on some good things, like improving IE’s speed and finally making it more compatible with the forthcoming HTML 5 standard, I didn’t see a lot about improving the program’s own built-in security. Indeed, this early test-drive model [of IE 9] doesn’t even include IE 8′s SmartScreen anti-malware filter and private-browsing function.
This sounds familiar because according to two separate sources, Vista 7 is also less secure than Vista [1, 2]. They go backwards.
But now comes the interesting part. A reader who wishes to remain anonymous has told us that, regarding Microsoft’s “test browser compliance”, it will “test browsers, except for their current version, Internet Explorer 8″. To quote the message:
“Download the latest Windows web browser”. Is it fair testing a future release against the current versions of the rest? Also the original stand alone SVG files appear to be missing.
“This website contains several collections of test pages that were developed in conjunction with the World Wide Web Consortium (W3C) working groups. These tests make it possible to validate a browser’s compliance with specific web standards”
Microsoft never likes to compare the comparable. It pits vapourware against real products, as usual. It must mean that Microsoft is behind, not ahead. █
“In the face of strong competition, Evangelism’s focus may shift immediately to the next version of the same technology, however. Indeed, Phase 1 (Evangelism Starts) for version x+1 may start as soon as this Final Release of version X.”
–Microsoft, internal document [PDF]
