When browsers overstay their welcome they not only become a security concern, but they also make cross-browser compatibility a tall order for web developers. In recent times, silent updates have emerged as an effective means of tackling this problem. Recently, Microsoft too jumped on the silent update bandwagon. While the move seems to be yielding the desired result where IE8 is concerned—IE9 is gaining market share at the expense of IE8—it has had little or no effect on IE6 and IE7. An Australian online retailer is so frustrated with all this that it has decided to take things in its own hands.
Anyone who may have thought the death of Netscape would signal the end of the browser wars, boy were they mistaken. In fact, it could be argued that it was at that point it all began. It didn't take long for Mozilla's Firefox to emerge from Netscape Navigator's ashes, and over time, Firefox would win over enthusiasts with a potent combination of speed, security, and an unprecedented level of customization.
But what started as a two-man battle is quickly growing into all-out warfare. Prepare to be overwhelmed by an onslaught of new browser releases in the coming months as Microsoft, Mozilla, Apple, Opera Software, and Google all vie to provide your vehicle for navigating the web. Each one brings something new to the table, whether it be blazing fast performance or a unique feature-set. Don't worry if you haven't been paying attention - we jump in the trenches with whole lot of them and get to know each one on a personal basis.
Hit the jump to find out everything there is to know about the browsers of today and tomorrow!
After reading the “Powerful Protection” Doctor question in the July issue, I started wondering what kind of performance hit I was taking from the plethora of security programs on my system. I have two Dell machines: an XPS-600 and an older Dimension 8300 (Windows XP Home, SP3 and IE7). They are connected to the net through a Linksys WRT150N router. Both units also have AOL 9.1, McAfee Security Suite, and SpySweeper. I know this is overkill, but I have no idea what to keep or what to disable.
Let's face it, web developers. Even if you're the most devoted fan of Firefox, Opera, or Safari, the 800-pound gorilla in the room is still Internet Explorer. Like IE or hate it, your pages had better work properly with it. Unfortunately, you can only have one version of IE running on a test PC at a time...or can you?
Add Virtual PC 2007 SP1 to your Windows XP, Windows Vista or Windows Server 2003 or 2008 box, and install your choice of Windows XP SP3+IE6, Windows XP SP3+IE7, Windows XP+IE8 Beta 2, or Windows Vista+IE7 in VHD format. Now, it's easy to find out which pages make a particular flavor of IE gag, and you can switch between IE versions running in different VMs with the click of a mouse. For more Virtual PC downloads, including release notes, click here.
These disk images work until April 2009, so you have plenty of time to work out page glitches. Not developing websites? No problem! Try them anyway.
TG Dailyreports that Google's Gmail is now recommending that IE6 users switch to Chrome or Firefox 3. IE6 users logging into Gmail see a link that says "Get faster Gmail" that takes them to a "Get faster Google Mail with a faster browser" page that provides links to download IE7, Firefox 3, or Google Chrome.
Interestingly enough, if you use IE7, the page recommends upgrading to Firefox 3 or Google Chrome, as well as offering a link to the IE 8 beta.
So, what's up with Gmail and IE? Is IE6 no longer fully supported? For the answers, join us after the jump.
As we told you last week, Microsoft rolled out two new security programs, Microsoft Active Protections Program and Microsoft Exploitability Index, during the Black Hat USA 2008 Conference. Unfortunately for Microsoft, the same conference saw a presentation by security experts Mark Dowd and Alexander Sotirov that renders these and other protections for Windows Vista, including its much-touted Address Space Layout Randomization (ASLR) and Data Execution Protection (DEP) features, effectively null and void.
How did they do it? The full presentation (available here in PDF format) is quite technical, but here's the short version. according to SC Magazine:
In explaining the problem, the researchers said that most memory protection mechanisms are based on two things: detecting corruption and stopping common exploit patterns, and attempts to reinforce these are integral to Vista. But in many cases, some of the built-in protection mechanisms in Vista are not enabled by default for compatibility reasons.
“At the desktop level, compromises had to be made because of compatibility issues. Exploiters have a lot more control over browsers,” Sotirov said.
And in many cases, third-party applications are not compiled to use the Vista memory protections. For example, Java and Flash are not compiled using the critical protection called ASLR.
What can be done? My take: Microsoft needs to rethink the balance of compatibility versus protection, do a better job of informing users of what's protected and what's not, and get third-party application vendors to take advantage of the protection features in Vista. What about ordinary users like us? Watch out for compromised legitimate websites, and, as always, as our own Will Smith says, think before you click.
What's your take on Vista and other browser security issues? See us after the jump for your chance to sound off.
Framed web pages are everywhere - but IE isn't ready to handle iFrame hijacking. ZDNet's Zero Day blog repots that exploit code is now available online to demonstrate how to perform malicious attacks against IE7 as well as IE6 and even IE8 beta 1. Even if your version of IE is fully patched, it's not ready to handle this vulnerability.
To find out how the threat works, join us after the break.