Windows - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Windows


Microsoft Puts IE Enhancements on Fast Track



 By: Peter Galli
2005-05-02
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Windows story.


Rate This Article:
Poor Best
Microsoft isn't waiting for Longhorn to ship before boosting security in Internet Explorer.

"Longhorn" wont make its first appearance until the end of next year at the earliest, but with enterprises demanding better security tools, Microsoft Corp. is not waiting for the next version of Windows to ship before it makes changes to improve the security of some key components such as Internet Explorer, which will see a significant security upgrade in its next release.

"We made the decision that the things we were doing wouldnt just be in Longhorn and that we needed to get them into the hands of the current installed base as well. IE 7 is down-level to [Windows] XP, even though somewhat of a superset of it is the browser in Longhorn," said Microsoft Chairman and Chief Software Architect Bill Gates in an interview at WinHEC here last week.

In Longhorn, IE will run in its own protected space, thus isolating it from other parts of the operating system.

But even before Longhorn hits, Microsoft is adding several security enhancements to IE 7.0, which is due in beta this summer. The newest version of the browser will have technology to prevent cross-domain scripting, and the default mode will be one with a reduced privilege level to help prevent attackers from using IE as a stepping-off point for other attacks.

Version 7.0 may also include integration with Microsofts nascent anti-spyware technology, which is in beta.

Resource Library:

Bill Gates at the RSA Conference previewed the next version of Internet Explorer. Click here to read more.

Administrators said that the plan to isolate IE from the rest of Windows makes good security sense but that it is also ironic.

"Years ago, during the browser wars with Netscape [Communications Corp.], one argument being made to the [Department of Justice] was that IE was coupled to the operating system, integrated with the operating system, so it couldnt function as a stand-alone application," said David Robert, a systems manager for a global consulting and engineering company in Cambridge, Mass.

That meant IE was integrated with the operating system, and if something compromised IE, it had easy access and hooks into Windows. "But, if you consider that IE is probably one of the most-used products and has the most access to untrusted systems on the Internet, it kind of makes some sense to almost have IE behave like a bastion host," Robert said.

Matthew Patton, a network security engineer in Arlington, Va., said he does not believe Microsofts moves will be very effective. "Cross-domain scripting, for example, is a problem local to IE, and isolating IE from the operating system doesnt change anything in that regard," Patton said.

While the company works out the security kinks in IE, Microsoft has finally started to travel the long road that will end in the public release of Longhorn next year on the client side and in 2007 on the server side.

The Redmond, Wash., software maker is entering the third decade of Windows computing, which really became pervasive in its second decade with the release of Windows 95. Gates said he believes the advances that 64-bit computing and Longhorn will bring will be key early features and drivers of this decade, but he said the companys Trustworthy Computing effort "will be the biggest category for as long as I can see out in the future—lets say for the rest of this decade."

"We have moved from where people were asking if we really cared enough two years ago to now being viewed as a key security partner," he said. "That doesnt mean weve solved everything. Theres still more to be done, and its still our top issue, and a decade from now, making sure these things still dont stand in our way will probably still belong at the top of the list."

Network security engineer Patton does not agree with that characterization. "Windows has been Swiss cheese from Day One," he said. "Microsoft is finally starting to turn things around, and I dont mean to trivialize that, but its appalling that it took them a decade to get the message and only after the likes of the Department of Justice started putting their boot to Gates neck."

Virtualization is another key technology for Microsoft, and the company will be building that support into Windows, making sure the emulation is "very, very efficient," Gates said. "[Virtual machines are] coming up in a number of scenarios—whether its backward compatibility, load balancing, certain security things—and we are putting a huge investment into it."

Microsoft must be careful that the VM does not become a security weakness through which an attacker could insert a VM under the operating system, negating Windows security protections, Gates said. "So the operating system will have to become enabled to be able to look down and have whats called a chain of trust where it looks if it is a trustworthy [VM] running on trustworthy hardware. So Windows has to see whats underneath it," he said.

Check out eWEEK.coms for Microsoft and Windows news, views and analysis.



  Reader Comments: Microsoft Puts IE Enhancements on Fast Track
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Windows Articles          >>> More By Peter Galli
 


x}r8qռFsw1E#dKc[^K7SJE1ErIʎ2w_9u_>/}Вd$3%lݍFw?Ip4ô'1%3TI}"Iͽ~xh#(~0`)_rdxBԲ|WR #Yntj55Gl$J~x'AT{j" xL9 ΜM}ٜi7'x2 X 8N0,, P8$h] \(~&c [tV;v *UFN83pyf_ž0Iz5ExL#|x\{Gd #B=Vya/ w-mqHFM-G ؓ ۭBulvy!hrs#gKͻHbPr&Nww#205IRZ"[ XdTj ӑc)u8r x08JeJ-jfL yf_%z(wwɠi!Zdq#}9ef42MYT\BX-UR~/^yxx?vO:}dO#t6+?fV'Z-[lxyf{ dP[w8LwZ\{dڽ I|[ <7MH/0i\|ͣn]?&tno7,AbGa`Ψ6rjLP#iAтMx>tT؎]6}l29<8L&& zrtc` VPCh9N@tmS(r`>39{ʹiǀxԘ.%w2Z}g%n.G))$C[]HPw9J B!\0HV0(VNzzGBJe6Os@PG҅3qJ\B;7 ˥=*%nqR%a 934YIjL=?뺾n1!G,D`v9J,L.[ ϴ6jԭeRpJ >Ѥ73 Kbi]ye,`b H[%\Ew,t3Asp=7c@Cyw{J`p=Ͱ"̴b֜u4dMfB7g ƩOI|B3< I8Mlz:eR#O45Kıa|dN'p6?>{@OM\n|8$o4<3rGֶL/j@~.&](LuΩJJ&k:HX3j-yspm ֌O\XbʁZO%XScX`Da Lzb8ufm/n$)`V|\uLg˦zkfTؽ/ 7r@]֥P M2LZ1D4$B]`}.eGQHīl - InQy{8dO1>7l`(`RTȅ))KaՂZ^Ϛc+ L 4/`* [0P.m^GVމu<|$}r;6? 8{y4%2N?APiSt @I*5%}끆_ƅ/c%|o2rl\:b暚8\, uaOjI 7s<&MC8` ;DӜh2F ñiH5ߴig#2RXO%}\(*JLEl ԑq,YXTر,!0}65{APOK)KӞ@#@&"#'ѠTcD8vi_&<[ >Fc`'zpgItо&hʰeh8`Zzq8JD%xT,* xHkMf٧O副1ۉg4`Dk ڸ/)gpG,^\~F>BO$BRhg[QZn3C zaRI?I L!2Bsݧ}=1g匬7 ~ԪbV=N (QIV8Y+0yϹoǼL]Cg<ޗ8k!yw꾿g4-cB}Ho): gn!ڂשXTe1_0fW#S^(gHF(k1 . Wh3sazT̼r4_rAM]CNx.+pD\Pۦ}o pe#ynR)brdLǖ8+ё,Xr*-ÏR vU#tT#CWta{0)X]QiSZiS9]QӲ*ZЁQ}/5u<|X\.``!>v#3Hoa7X[ RkE}vW{%|h#Q j` K{ZCAm3۩w\܁c:P=H(Tg7gMEH]ac6U{z@n)ZmMӓU;4 ϢcIۛGozA-rF37=_`%to@șY%Gj3m97a~"('cj9% `,fqNg epvN{569,3?t\kr :=Fp=Нt;ǚ~7w?Lׂܵ C-oZc d6.ōfπïǖ mԺ VNM&^Wav bȈCrfZB$~ ^%Vip=nzʅJg HW4qMݗ8nH#ohksR<@̙5Y*% =EZЋqcꞃSLB.]ITY)(kq5΀LdZT+EZy,jJHBL |E C/ PNkFC~g$:@|)@U%UHU,UU\Hz, :.7xџ1XD+(++i-^2yimD9[ 4wʨK^-,sK"hʌg _|q[rn)tyĆ5(4]sFup0 O+oskKIl'ϱKzk@5?3RiɊZ+ujMRԞE'sL؞EA(ǡd:)dnQ==׍!n@&ݙCadJHT]я{_ 1K0G\0R>+{H"p?lVz슣d9#T`| @)c'd1s<œo =$P_؆ +~w?l)ɑXXD>Dif\{e">QXٿ oo(0h_pm;dU]uv'HGϢ.cn{p~H*ۧ>] e!1`\e&øDoٷ)P K #F16bd+]=/ao[vL0lgAhy+ @$+ǽw)\nκWK' ?wD.W)ޠw-y0NԺ]$'d0 sri݄'6b7 ` xѤȢ<"̔F<$]wFD_!uBU\z7 g ^|&֒}UYq!slPhlꏽ5/ٿ+[ 5 ̀o $`P8ǀzB:/Z#i%LB[( `M/)(+RJ)"4FL |ڝM3_f Rt]t8/g`IB^2 7?xKP -M>vnSo4 jGYkNEm{-~=`rr(SJ&M'i. [5Kb-RJ<:<ad:nX$yYIzJ,STeD$SQSKFI39uޞ-Hu=Ym ybXýK3%˳ƗHΖf̗4.נݓE8V#["|)-&GX!*VjRZz]UHN~D!qbwy~@0GW吜zC=?rUm_f=z@'M{q?K8t2Ti\'sX6rwѺB ?ݡM5=ICw5ϴc>%/5gk3 \:`AL[ıp߆؉ ?O*yro5r78{JnM<:*UPݮcAIk#G 6j 2'|?Gdc:M"I^QԼګUdE)IW}ۋ~g#S^q:-< ctHt.lǵ4 ZR_{k!bi4V3XTdO#@/u,vx54Y aAXy Vorl8w@rs&8<O$[euw+[S'gSc;/HF#%o&yȱmG @|Ր ;a6r*|b \<U+_M·⎭zgQy}rx|[qzLVNLRG_'h5dnV،SLsPj Lt4/r7W,}ޏe<2b{cv-4p;0Xb7_P}Og k\˼eM':REi6!15s=S?uis'WM GQ'A38h_4SA){<Y}_NⓊ_$L_cYb #/k wIlX^#qiU шĘA}(5w zW"욟ňROc^&^*tr} J#ivV*ɍnPj[e6C]K0=r]dveɆM8 mnSK}ӺdPu$@q0JN] |I)cP.8DW?$dB& ȤD &RF${QJIZȔGTO'Oɯ޺.zc $Eɿ NU_S0B{iԇ:(Vc͖jZf0b0$A-WpOE;q,VQ|)8\ा3L KЫ}"UZ)l`*a!u" >y QnP :B؝]¶Zz*K:qYAR^/U8.L\ !Z`oᕪي&|/eKN|q7th܂=rդ &-N\.JV4?r|*/=>ŋ |"XM)N5𒅵ذ1xp⯣JN|l:DxkDr_=5mͲl#'ls܊kyaC" Axe !;ܥ&oIw#ooooJX,nc| c s9s9|7ҳ\2 |ľ^!}-VվO7x d6/`2F:z/?qo4Ə|Ku/>PFѱ k]-S͒@Y>dp_;7zx/KCQ0uqŋQ+ڷ&u}gܓLMGr<{L%%ެ:z߿YbG,SAX5?ΦMHNW)$<5z<#cg/&f Տ棈1Kو6Vt$}d }KXtma@Xe~o jFug$C!\["Ӵߺ4Jo),nLaqC0=ѹ8X"go{6 Wggkm\Z'n^ \ţ!{6p&ΰZ.F(`5ܒ+ly/Wꑫ2.9~:fY5U+xצ ȿ==Gon&dn{Tґ9a y1BS%.ԍu#l(M#lۀձDP(JՈ_~4ׅdUoo#fyΜ{mV)j+1ͣml.j؂_? FRˬ2d$I1Ʊ+}-d8ET1̭-iXdn[Zì$VƁo yWA|`߱1 RpxS&?__;K}~[ O<{T[߷86C̫}ײd=I^ F {8R[~xz1RC1H1=+;3Mǃ/Tw#=T{c1tq*o,q7vPln[- ZWqi3sϹ~| 1i}f8#nŽq'keO/ :ä="Lam4?Y?`#p>b䭽ĥd?ƤS^tW ɜhvp^xK)LIG|-A$H{OH~0Vp[7Wd'|]_KJAk)'>?FWAU6^gKnb,l]*@,6aa`٭-)ȁ.cb*1ʱ, <~܋^"We.klAƛЭ,|9ia\lGN$(cX ~=='8>hzcWqUc\Z8 ziv0%I4I`~ki㽻o% D`cvq@t|юM-۠[.н^ -gq|܋1/նW)' +KkC_~=eE&d[j ilwIQg)nf 皭&fO ʠ:Iߥ4 ?R)!_~uJ0c&[q{ZaȄR 7TQy_L]?$|͈Vs%..=OeBNYTW'nJYVmIr .kh>ayR|VkGd}exxJ"XrGL%h.c:&$  )<<]Сܛ ꁢߒ_i4<>{}A6ڄyi$Yc r/ǯ\IxcO=)׀gȂUV"Ba=X :>IoHL]U# `xJ(f?sۿ >zxX2+™6 fxo{MmAG:l= ab O3Bxt'le>u0BUֽ?#7L>-l \Zs4cgwzsUP/1 {~6L Dä"c*41GJ[#}ɹgMN;vBE< ,i mang¸Hb1Ř!i^ôukfĄSϚs(5cZ|"{X#&3(9v_cG߀$Rę t]\UP*@J>S|??'­!~Rjs# 9[xF@8`F" Uxm)6lD < 23̇kR>ɖàFP8Y|obyLgA~:\b@Ԑ0(JIB uXRFB(6s ֋S $u7úޝ/I`p3W .Ԕj> MZ E>gٕa)豂I9o7)^ ;euK=M蕴B%^Șp~/Y40u>1}71l]__|""78t9\nDoWj(;utһtڽ\t橉10lB[d_T ΓQ9j]v283E B*rK x5" /%qx&'Q~\ rYmn8~(hOuɀ:fhR `Nj_׌ߠ(\~NmeQ>\;'P~sA3YF>@\󼻹5r_7^eCk(6_ xU\_,@ ^}.3s _f y2zG(Q~e_BeF9U^\eU@2OK/C\\g5 M~}o@?6_cV91@۬r o3ڿ\'I2u S.ry/ 苬 OY射:(Cy><_`ektsͿg_3̭Lߺ'vr]!,.%PUZ« /Y;3ʹ6qմ  &J Dk(xxGm4Dy_ƌmRRPռD<gM~ o2P e +?o 7X i- R+B\ęC_mov1*m{{[d7:,q$DR43NBq hlУm{hĉŴ)9P3l1@Й zKM&Dr&߲jOG *AlZ`,SͶ1Qk`Q{ϹqÄ#6O UE"yw|\tIMɱw|cc6H_,mgvlCk:nܙ%O_ aGVbg94Aأ_BDOv֦+`a?94Ǟ"">},.q sEeאe,&J Z{JfBZ'<=ص|4#eUI;.~k'o ]*_ ?PɑX)Ns'|oSې_SahypI0)n9vsYT:9A&{x+ ˎ4 m'#84C<غlQ޺qml.a;+C]Yp穎m,U|J6A1^<&;z~*e~%=ۭ/p,Zf@G6CF|%Joyk;ܨNaeVb05yMvͳFߟ2L\-Ԣ3g(\*],1Ał?qLwv)Qh~0r,#<[_ڵ<ok3+ot-(5x{nGOeg[$| _[0~YrvJ^St 7tlmb @JD >D7#D*| X^c 0У,:059GE6<:=܈xjͺXg 昻3HTxXU\(S4lRTFE[®":u`x];<{.**{[wyXA4X3' ȱ ya1 g{y{~kC'>f k8ann,eH&}kqd.GDI qk,Ma4,Lb5"[]QI(VvX3e3}"@a)5ZdBLN Po3pRaL  b[и[z00jPLP9͓_ a0*=:`-hW\aXo$.W654Ƙ]~v1yLX+0W_mkASsLeUTt#BYEL`;X+N%t&ж?8acTx 1L(S,Y7u!xZy΋{El>WNENE<<Sf}')VSL_Xџ_,P>I*'\%ƕ)Sq||܉7,w5N[݋O<|Xyx(~'c(FRqO\|鞝.z71X74N~=}jKaE eiAђuz7N]Y"ӳ/ .A|>hy6gn_1M4ZQwN㛼VtƢI:6pzR/jŭ{g;a+b(1lS2F4K_jjBJlxTɉ|Y;z[q;_d†[hh b7;a1ԲhyT*