sjdurfey writes "Microsoft recently decided to open up IE7 to all users of Windows, not just the ones with legitimate copies of Windows. They claim it is in the 'end-users best interest'. As a result, Microsoft has decided to mark IE7 as a 'High-priority' update. This is essentially a forced update. Granted, its only a forced update if you are running Windows and have windows update set to automatically install all updates, but nevertheless, it's unnecessary. You can however uninstall IE7 from the Add/Remove Programs menu after its been installed. 'A blocking tool kit is still available for companies and organizations that don't use Windows Server Update Services and want to permanently prevent IE7 from automatically installing on PCs equipped with IE6.'" Update: 10/06 21:19 GMT by Z :Sorry if this seems a bit familiar.

Kelson writes "The Internet Explorer team has updated the installer for IE7. Mostly they've adjusted a few defaults and updated their tutorials, but one change stands out: The installer no longer requires Windows Genuine Advantage validation. Almost a year after its release, IE7 has yet to overtake its predecessor. Was WGA holding back a tide of potential upgrades, or did it just send people over to alternative browsers?"

Marcion writes "Some handy Japanese guy called Hamachiya discovered a bug in Internet Explorer. Under certain conditions, an asterisk when used as a wildcard can crash IE as soon as the user attempts to go to another page." The article claims the "five HTML tags and a CSS declaration" crash IE7 as well as IE6, but I couldn't get IE7 to fail. This page says that as of June, IE6 was at about 37% market share and IE7 under 20%.

juct writes "Heise describes a new demo showing how Firefox running under Windows XP SP2 can be abused to start applications. For this to work, however, Internet Explorer 7 needs to be installed. This severe security problem promises another round in the 'who-is-to-blame-war' between Mozilla and Microsoft. Mozilla currently is leading the race for a patch, as they have one ready in their bugzilla database. 'The authors of the demo note that there are many further examples of such vulnerabilities via registered URIs. What is so far visible is just "the tip of the iceberg". They state that registered URIs are tantamount to a remote gateway into your computer. To be on the safe side, users should, in the authors' opinion, deregister all unnecessary URIs - without, however, elucidating which are superfluous.'"

Eatfrank writes "A recent CNet article suggests that Mozilla should pipe a lite version of Firefox into older PCs to further attack IE's dominance: 'Firefox supporters, take note. A bare-bones Firefox will get the browser into more houses, increasing the Fox's market share and keeps it in novice users' eyes for when they get a new PC ... a truly great super-lightweight browser would have the security of Firefox, without the add-ons, without the tabs, yes, even without favourites, history lists and customisability. The Firefox name is synonymous with security and Web-browsing vigilance. Why not give this to the processing lightweights of the PC world?'"

Kevin Spiritus lets us know that XiTi Monitor, a French Web survey institute, has published its browser barometer for July, and Internet Explorer continues to lose ground. "The ascension of Firefox continues... Nearly 28% average use rate in Europe in the beginning of July 2007, with a progression in the totality of the 32 European countries studied. Firefox doesn't loose ground in any of the countries."

Tookis writes "Mozilla's Firefox web browser has made dramatic gains on Microsoft's Internet Explorer throughout Europe in the past year with a marked upturn in FF use compared to IE over the past four months, according to French web monitoring service XiTiMonitor. A study of nearly 96,000 websites carried out during the week of July 2 to July 8 found that FF had 27.8% market share across Eastern and Western Europe, IE had 66.5%, with other browsers including Safari and Opera making up the remaining 5.7%. In some key European markets FF has already reached parity and is threatening to overtake IE as the market leading browser."

Continent1106 writes "Hacker Michal Zalewski has ratcheted up his ongoing assault on Web browser security models, releasing details on serious flaws in fully patched versions of IE6, IE7 and Firefox 2.0. The vulnerabilities could cause cookie stealing, page hijacking, memory corruption, code execution, and URL bar spoofing attacks." Here is Zalewski's post to Full Disclosure.

eldavojohn writes "A legal battle that has been around since 1999 and seemingly ended in 2005 now rears its head again. In a confusing move, the USPTO 'reissued a Microsoft patent last week covering the same concepts outlined in the Eolas patent and with wording mirroring that of the Eolas patent. With both companies holding identical patents, the USPTO will now play King Solomon and decide which parent gets custody of the baby.' Both the Microsoft & Eolas patents are available online."

benuski writes "Lost in the hype about Microsoft's new Siverlight platform, there has been some information surfacing about IE8. It will include improvements in RSS, CSS, and AJAX support, and will follow Firefox 3 in supporting microformats. Also, the developers are going to try and improve UI customization, which is one of the main criticisms of IE7."

hcmtnbiker writes with news of a logic flaw shared by IE 7 and Firefox 2.0. IE 5.01, IE 6, and Firefox 1.5.0.9 are also affected. The flaw was discovered by Michal Zalewski, and is easily demonstrated on IE7 and Firefox. The vulnerability is not platform-specific, but these demonstrations are — they work only on Windows systems. (Microsoft says that IE7 on Vista is not vulnerable.) From the vulnerability description: "In all modern browsers, form fields (used to upload user-specified files to a remote server) enjoy some added protection meant to prevent scripts from arbitrarily choosing local files to be sent, and automatically submitting the form without user knowledge. For example, '.value' parameter cannot be set or changed, and any changes to .type reset the contents of the field... [in this attack] the keyboard input in unrelated locations can be selectively geared toward input fields by the attacker."

An anonymous reader writes "Stanford University and Microsoft Research have published a study that claims that the new Extended Validation SSL Certificates in IE7 are ineffective (PDF). The study, based on user testing, found that EV certificates don't improve users' ability to detect attacks, that the interface can be spoofed, and that training users actually decreases their ability to detect attacks. The study will be presented at Usable Security 2007 next month, which is a little late now that the new certificates are already being issued."

Chris Beard was "point" on this interview, but got help writing his answers to your questions from other Mozilla and Firefox people. (Since this was sort of a "companion" interview to one we did just before it with MSIE dude Dean Hachamovitch, you might want to look at the two Q&A posts side by side and compare the way they answered.)

We got lots and lots of questions for Dean Hachamovitch, whose formal title is "general manager Internet Explorer at Microsoft Corp." Picking a mere 10 of those questions was not easy, and I wish Dean could have answered twice as many -- and so does he, but his schedule has been tight this week. Anyway, here are his answers to the Chosen Ten.

Buertio writes, "A week with IE takes a look at IE7 from the perspective of a long-time Firefox user. The verdict? Microsoft has come a long way but still has some way to go before taking on Firefox and Opera."

Opera Software has gotten all kinds of media play lately, including rumors that both Google and Microsoft were buying the company. Whether you love or hate Opera, you've got to give them credit for building a decent browser and grabbing a small but noticeable market share in the face of competition from both MSIE and Firefox. Co-founder/CEO Jon von Tetzchner is obviously reponsible for at least some of this success -- and for much of the company's high press profile, due not only to the Opera Browser itself but to at least one whacky PR stunt and at least one high-profile beef with Microsoft. So who is this guy? Ask and find out. He's obviously not your typical software company CEO, so we don't expect typical CEO-type answers from him. We'll send him (direct, not through a PR person) 10 or 12 of your best questions Friday afternoon (US EST), and run his answers during the first week of 2006.

An anonymous reader writes " Forbes article is reporting that Microsoft 'forthcoming Internet Explorer 7 browser will adopt Firefox's RSS feed icon, the company announced on a blog--effectively making the orange square with white radio waves the industry standard.' "

prostoalex writes "With Firefox market share reaching a substantial level, is the popular Internet browser becoming a security nightmare for IT administrators? George Ou takes a look at the hard numbers. From the article: 'From March 2005 to September 2005 10 vulnerabilities were published for Microsoft Internet Explorer, 40 for Mozilla Firefox. In April-September timespan there were 6 exploits for MSIE, 11 for Firefox. Conclusion? As you can see, the facade that Firefox is the cure to the Internet Explorer security blues is quickly fading. It just goes to prove that any popular software worth hacking that has security vulnerabilities will eventually have to deal with live working exploits. Firefox mostly managed to stay under the radar from hackers before April of 2005.'"

wikinerd writes "The United States Copyright Office asks whether you would have any problem if you were required to use Microsoft Internet Explorer in order to pre-register a work via their website. The Norwegian government recently said no to proprietary formats, but it seems that the US government sites should be informed about the existence of non-Microsoft Web browsers, such as Firefox, Konqueror, Opera, and Safari. I have written a letter about this issue, which is posted on my blog for everyone to copy and base on it their own response. If they see how many people use alternative browsers, they'll probably reconsider and stay within the W3C standards."

OSCON 2005 was held in a convention center this year, instead of a hotel, because it just got too big (2000+ people). Too big, in fact, for pudge and myself to cover more than a fraction of the talks and the ideas flitting around the hallways. But here's some of what I found cool last week. And if you attended or presented at OSCON and want to tell us about all the neat stuff we missed, please, share your thoughts in the comments, or submit a fact-rich writeup and we'll maybe do a followup story later.