XPSP2 and its slightly updated user agent string


The information published in this post is now out-of-date and one or more links are invalid.

—IEBlog Editor, 20 August 2012

Hi, I’m Christopher Vaughan, and I’m the lead project manager for the Internet Explorer team. I’ve worked on IE on and off since the IE 3.0 days, and have been involved in every major Windows release since Windows 95. I work with Dean, Scott, Tony, Dave, and the others who have or will be posting here to make sure that the IE team is working on the right things and at the right times.

I wanted to drop a quick note to make sure people knew about an update to our user agent string in Windows XP Service Pack 2. We’ve added “SV1″ to the UA string so it’ll start looking something like this:

HTTP_USER_AGENT              :Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)

This will let site authors know that they’re being visited by someone who’s running an IE browser on the latest, most secure Microsoft platform. Right now only XPSP2 has this token, but soon you’ll see this token show up on other platforms as we bring our security enhancements to them.

SV1 stands for “Security Version 1″ by the way. We’re proud of the security work that we’ve done in XPSP2 and wanted to be sure that site authors had some way to differentiate users running the latest version of IE.

Also, I’d like to remind folks that there’s an online chat scheduled with members of the IE team on September 9th. See the chat schedule for details. See you there!

Till next time!
-Christopher

Comments (34)

  1. Anonymous says:

    I agree – "SV1" is a hackish word.

    But has anyone else observed the problem we have? (described above)

  2. Anonymous says:

    ********************* Soren Werk wrote ***************

    We need to sniff for SV1 for the following workaround:

    Problem:

    When a PDF document *residing in a frame* in IE60 under XPSP2 calls an ASP file with [PDF function] submitForm() nothing displays in the browser window. This seems to be a new bug introduced in XPSP2. Anyone have an explanation?

    Workaround:

    We normally want the PDF document in the frame but are willing to (have to!) place it outside all frames when we detect XPSP2 – by sniffing SV1.

    *****************************

    Thanks to Soren Werk on clue to Adobe PDF form submit problem with XP SP2 internet explorer. Although the workaround is really a problem for us as it confuses users when Adobe Form is launched on a separate window.

    We will ask Adobe developer support for a solution, we will appreciate if someone can shared with us for any solution to executing PDF forms within Frame/Frameset under XP SP2.

  3. Anonymous says:

    The "information bar" is a complete nightmare and disaster for anyone who uses css, layers, gallery type functions, etc. in their designs. Will IE be offering any tools to designers so that every site they’ve designed this way isn’t completely worthless??? Seriously, this is completely unacceptable!

  4. Anonymous says:

    Internet Explorer 7 Beta 1 is fast approaching.  A tiny but significant code change was checked…

  5. Anonymous says:

    Well this is really wonderful. Now a site that wants to run an exploit against a user will know what patches are on the machine so it will know exactly what exploit to run against the client computer. The site running the exploits will not have to guess. Maybe this is an improvement for the crackers. Is this called "BETTER" security????

  6. Anonymous says:

    > Will IE be offering any tools to designers so that every site they’ve designed this way isn’t completely worthless?

    IE never did ;)

    Maybe instead of doing workarounds add message: "This site looks better in better browser. See Browsehappy.com"

  7. Anonymous says:

    I just heard you will fix IE crashing on this pic

    http://sylvana.net/test/AP4.jpg

    just with XP SP3.

    Is it true?

    How should webmasters or guestbook owners react to this? Disabling links and image posting in blogs, guestbooks and so on?

  8. Anonymous says:

    Forgive me, but isn’t it much simpler to just bump up the version number? IE’s UA string is too long to begin with and already quite filled with less-than-obvious information.

    Why the insistance on staying at version 6.0 when IE has obviously had several major enhancements?

  9. Anonymous says:

    There is a downside. Now the spyware manufacturers can customise their installers and you end up with screen shots like the one I blogged about at http://idunno.org/displayBlog.aspx/2004082901

  10. Anonymous says:

    Why does IE claim to be Mozilla? Or even Mozilla compatible? There are several major browsers more like Mozilla than IE is.

  11. Anonymous says:

    FYI, when you install SP2 on a Windows XP Tablet PC Edition machine the UA string will be updated to include "Tablet PC 1.7", in addition to "SV1".

  12. Anonymous says:

    Rory

    Its a legacy of the browser wars. When IE still had little market share, it, like many other browsers, started copying Netscape’s UA which has always started with "Mozilla". This was to prevent it from being locked out of sites. When IE became a major web browser, other browsers began to mimic it.

  13. Anonymous says:

    Regarding the ‘Mozilla’ prefix on the string- given that things have now inverted, and we find browsers like Opera putting ‘IE’ etc. in their default using string… do you suspect ‘Mozilla’ on IE’s user agent string will ever be dropped- perhaps as a sign that IE stands on its own feet now, if nothing else?

  14. Anonymous says:

    The only good reason (that I can think of) to sniff for "SV1" is to accomodate the unwanted status bar in dialog windows. See http://www.aspnetresources.com/blog/sp2_early_tweak.aspx.

  15. Anonymous says:

    With Windows XP Service Pack 2 the web browser user agent string changes for internet explorer to SV1 aka "Security Version 1". Like that´s logical! Hence, what did we have before SP2 – only security version 0 ? [small rant]

  16. Anonymous says:

    I’m not so much worried about the past as much as the future. How does this new identifier age? Under what kind of circumstances will we see SV2? Would a hypothetical MSIE 7.0 still be SV1? Will it not have any SV identifier? Has the SV identifier become the new version number with the "MSIE #.#" substring forever frozen?

    Logically, all future versions of IE will have at least the same security measures and likely supperior ones as new vulnerabilities are found and addressed. "SV1" would quickly become meaningless.

  17. Anonymous says:

    Why is such problem to increase minor version of browser? Everybody in browser business is doing such thing, so Microsoft has to do something different? Will MSIE 7 be in UA string "MSIE 6.0; … SV1a"?

  18. Anonymous says:

    Security Version 1! Haha! I’m glad after six versions, you’ve finally decided to add security. :D

  19. Anonymous says:

    What’s gonna happen if the Mozilla Foundation start insisting that IE can’t claim to be "Mozilla" because it dilutes their brand?

  20. Anonymous says:

    I reiterate all above comments. And who’s idea was it to add sv1 instead of incrementing the version? I have a nice meringue pie for that gentleman/lady. Just how many separate version numbers do we need?

    Where’s the bit about "Bacon 2.4.x", eh? It is so useful that I can’t live without it!

  21. Anonymous says:

    Unfortunately, this also allows web sites that used to use pop-up ads to know that the popups would be blocked, and to serve annoying flash ads instead….

  22. Anonymous says:

    IE sux

  23. Anonymous says:

    thanks! updating firefox user agent switcher ie uas

  24. Anonymous says:

    Popup blockers are usually detectable because the popup window fails to create. That detection method works cross platform and cross browser, so why bother with user agent string stuff?

  25. Anonymous says:

    IE is only Mozilla *4.0* compatible. *snicker* Anyway, if the Mozilla people were gonna whine about Microsoft using its name in their user agent string, that would’ve (and maybe did?) come up during Netscape/AOL’s court case against them, if not earlier.

    "soon you’ll see this token show up on other platforms as we bring our security enhancements to them."

    aha! So there *will* be updates to IE for other platforms! Good to know.

  26. Anonymous says:

    We need to sniff for SV1 for the following workaround:

    Problem:

    When a PDF document *residing in a frame* in IE60 under XPSP2 calls an ASP file with [PDF function] submitForm() nothing displays in the browser window. This seems to be a new bug introduced in XPSP2. Anyone have an explanation?

    Workaround:

    We normally want the PDF document in the frame but are willing to (have to!) place it outside all frames when we detect XPSP2 – by sniffing SV1.

  27. Anonymous says:

    Soren Werk:

    And what happens when IE is updated to SV2? It would have to a regular expression to be reliable—which would make the whole "SV1" thing moot as the version number could simply be incremented. I -really- don’t see the advantage. Indeed, I see only disadvantages in the long run.