New IE Security News Group Launches


The information published in this post is now out-of-date and one or more links are invalid.

—IEBlog Editor, 21 August 2012

There is now a new forum for discussions related to IE security:  microsoft.public.internetexplorer.security

Here’s the initial posting: 

Welcome Everyone, 

This newsgroup is dedicated to the discussion of Internet Explorer security issues.  Questions/comments about browser security features, security updates, and IE security best practice are all topics for discussion here. 

To report a specific vulnerability in a Microsoft product, please contact secure@microsoft.com or visit: https://s.microsoft.com/technet/security/bulletin/alertus.aspx

Thank you,

David Ross

Secure Windows Initiative

Security will continue to be a topic on the IEBlog; but if you have specific questions or comments about IE security, I encourage you to post them to this news group.

-Patrick

Comments (26)

  1. Anonymous says:

    Is there any particular reason why this is started just now? Are you expecting to find éven more bugs in Internet Explorer 6 4 years after it’s been released?

  2. Anonymous says:

    how do i get it to use firefox when i click on ‘2 new email messages’ at the top of messenger? i have set firefox to be my default browser

    whenever it loads internet explorer i get lots of popups and spywares, and then all my icons go away for about 10 seconds before they come back. i don’t want to use internet explorer any more but is there a way to stop this? my friend said a program called spybot would work, i run it every day but the popups still come.

    thanks

  3. Anonymous says:

    Pas de sarcasmes ! MS lance (enfin) un newsgroup ddi la scurit d’Internet Explorer : microsoft.public.internetexplorer.security.

    Le post initial :

    Welcome Everyone,

    This newsgroup is…

  4. Anonymous says:

    Hehe, are you guys shirking the responsibility of security to the end user?

  5. Anonymous says:

    Is the discussion going to kill threads critical of IE? I certainly hope not, as some decent questions are often in those threads. Just because someone is critical of IE doesn’t mean they don’t want to help fix it.

    If the discussion IS going to kill said comments, then I’ll not feel bad about changing my entire company over to firefox this weekend. Could you please respond to this?

    Thanks!

    Dave

  6. Anonymous says:

    when will you allow windows licensees to start shipping with firefox instead of ie?

  7. Anonymous says:

    Is this the only MS-sponsored thread on Internet Explorer’s security? And if so, why the heck has it taken so long for you guys to acknolege the problem? Are you that scared of Firefox? And isn’t putting the responisbility on the users and independent developers instead of taking it yourselves admitting that, well, open source works?

  8. Anonymous says:

    7 seconden » IE Security News Group

  9. Anonymous says:

    Oh, I use FireFox. You guys dropped the ball on that security thing a LONG time ago. Too little, too late, folks.

  10. Anonymous says:

    This blog is a great metaphor for how well Microsoft understands the full implications of everything it does.

    Everyone do yourself a favor and downoad <a href="http://www.mozilla.org/products/firefox/">Firefox</a&gt;.

  11. Anonymous says:

    Hi, can you make IE as secure as firefox?

    Shouldn’t be too hard right, since you guys have like 30 billion dollars? … and mozilla has … 2 … million?

    Thanks.

  12. Anonymous says:

    The way your blog software handles links is similarly inspiring.

    http://www.mozilla.org/products/firefox/

  13. Anonymous says:

    IE Security? What’s that?

  14. Anonymous says:

    I found a security flaw where IE accidentally loses massive amounts of market share every time I launch it.

  15. Anonymous says:

    I always see tons of question being asked in this blog, some rude, some serious. What I dont see is answers to this questions, not even the serious ones. Why is that?

    It would be very interesting if you guys could actually respond to the questions and not just ignore them.

    Something like this would be more intresting:

    http://weblogs.mozillazine.org/asa/archives/007414.html

    (Asa is Mozillas community quality advocate extraordinaire)

  16. Anonymous says:

    I hope thateverything Microsoft is doing will make IE a better browser.

    Don’t forget to add:

    -Transparent PNG support

    -Tabbed browsing

    -Ad-blocker

    IE seems like the worst browser to use nowadays.

    IE shells like Maxthon are more feature packed, faster and a bit more secure.

    I hope that there will be a version of IE7 for Windows XP too.

    Don’t make it Longhorn only.

    José Jeria is right this blog feels dead with no IE team members responding.

    Please put some effort to this point too!

  17. Anonymous says:

    Well it’s a good sign, every little extra thing you do for security is better than nothing as some people will always use IE and so the safer you can make it the better.

    However, it is almost a case of too little, too late. I’ve had friends who had problems with IE’s ease of hijack even back in the early days of IE 4 and 5. For example people were visiting the house and trying to look at porn when no one was looking, the computer soon became a mess of dial up networking components trying to call premium rate numbers and programs changing the homepage or even the IE title bar.

    Changed them over to Netscape (4 as it was at the time, I know it was crap but at least it was more secure than IE) and hid all evidence of IE, even changed the proxy settings in IE to 0.0.0.0 and allowed direct connection only to *.microsoft.com for windows updates. This meant that they couldn’t accidentially use IE without changing the proxy settings. All of a sudden things were a lot better.

    As far as I know, this junk was never exploiting any bugs in IE, but was using certain features:

    1) Allowing web pages to set the homepage

    OK I think this requires confirmation, but most people just click OK anyways – Netscape, Mozilla and Firefox only allow the user to change the homepage, either in the preferences or by dragging the site icon next to the url over the home button.

    2) Allowing dialup settings to be executed

    Again I think a dialog pops up, but those porn hungry people are likely to click OK. These ISP settings files also allowed you to change the title of the IE browser with no obvious way to reset it (editing registry doesn’t count) and even add an ‘infobar’ to Outlook Express which people often used to supply ads.

    3) Allowing websites to set bookmarks

    Same as the homepage, is it really difficult for users to click ctrl-D or Add Favourite from the Favourites menu?

    4) Having an open button for executables.

    OK sometimes it annoys me that I have to take an extra step to launch an executable in Firefox but this decision (as it always has in Netscape) makes people think twice before running something as they have to track down the .exe and click on it. Unfortunately there’s no ideal solution that’d satisfy anyone here.

    So to put it short, I’ve always seen IE as the browser for the content provider and not the user

  18. Anonymous says:

    http://www.longhornblogs.com/adacosta/archive/2005/01/27/12168.aspx

    a great artical to read on IE and its lack of innovation and integration into Windows. a good read on why the brower needs help and this blogs is getting alot of screams for help but most fall on deaf ears saying that The IE team can not discuss features or improvemtnts that are on the drawing board but wait isint this blog supposed to be a place where we can talk about issues like security, usabitliy, UI, and other such things yes. The IE team does not blog on thier own Daves last post on his own blog was on October 15 2004, Tony S July 25 2004, Jeff has been pretty good though. Also why isint Ali Alvi’s(http://blogs.msdn.com/alialvi/) blog linked to from the IE team blog homepage?

  19. Anonymous says:

    Andre writes an interesting opinion piece.

    I’ve added Ali’s blog. He never mentioned he was writing one.

  20. Anonymous says:

    Andre’s article is indeed interesting. My take on things is this:

    I have no problem with IE being integrated in the OS the way it is. However, it is being treated in such a different light than other Windows components.

    Take the new Windows component called Avalon. It was introduced in 2003, and developers were encouraged to try it out, give feedback, etc. A wealth of articles, samples, etc. are out there for it. And now it’s being backported to XP and 2003.

    Contrast that to the Windows component IE. There has been no mention of even any *potential* features for the next version. No articles, samples, etc, and certainly no way to "try it out." And no intention to backport it to XP and 2003.

    It’s kind of sad. 2 new versions of Windows Media Player have been released since XP was released, and it’s just as much of an integrated OS component as IE. The only difference is that multimedia is a "hot topic" right now in the software market.

    The IE team really needs to contemplate these things and find a way to make things better. Having this blog is a great start, but what is stopping IE from having the same openness as Avalon and other teams?

    Note that I am an avid IE user — I use it for all of my browsing, and have used the web browser control and MSHTML extensively in projects I’ve developed. There’s a lot of neat technology there and still a lot of potential.

  21. Anonymous says:

    Jonathan, you’ve heard a lot about Avalon, and Real Soon Now the IE team will be ready to talk about the next version, what’s definitely in, what’s definitely out, and what’s in between, ship schedules, CTPs, the whole works.

    But not yet.

  22. Anonymous says:

    This is my first post to this site. I’ve been a MS-focused developer for the last 9 years. I’m one of those very frustrated in how MS created an awesome browser at the time with IE6, but then for some reason let it go for so long, ignoring some important commonly used CSS standards.

    Bruce Morgan, I couldn’t agree more with Jonathan about MS being so open about some things, but not IE. With Visual Studio 2005, MS has worked with testers to solve MANY bugs and has implemented quite a few suggestions. Why is IE so different? It’s like IE has it’s own agenda and we’re not truly welcome. I’m glad to see that the IE team will soon speak up. If they did something like the "top suggestions and top bugs" in the Visual Studio testing that would be great.

  23. Anonymous says:

    i cant find set program access and defaults. i dont want to change my email program anyway. outlook express is ok but internet explorer is really playing up, and every time i want to check my hotmail from msn, internet explorer starts up instead of firefox.

    i tried looking this up on google, it said it should be under add/remove programs in the control panel, but its definately not there. if it helps, my computer is a dell running windows me, and my hard disk is 20gb with about 5gb free.

    thanks for your help mr osterman.

  24. Anonymous says:

    confused: SPAD is only available on Windows XP SP1, Windows 2000 SP(3?), and newer versions. It doesn’t exist for Windows Me.

  25. Anonymous says:

    is there nothing i can do? and no, i’m not going to pay huge amounts to change to a new windows just because of this!

    someone told me that there is a new msn coming out, does anyone here know if that will work any different, how long i will have to wait, and who i can ask about that in more detail?

    i guess its not a huge deal, i can check my hotmail manually, but its quite annoying. it seems a little unfair that i am forced to use internet explorer just because both things are from microsoft. i like msn generally, but i don’t see why it can’t use the default automatically instead of making me jump through all these hoops – maybe something for you guys to think about for this new version!

  26. Anonymous says:

    Btw, for "confused" – have you used "Set Program Access and Defaults" (known as SPAD internally) to change your default email program?