Internet Explorer Compatibility Evaluator


My name is Tariq Sharif and I am a program manager in the IE security and networking team. I joined IE team shortly after Windows XP Service Pack 2 was released. Windows XP Service Pack 2 introduced many new security features for Internet Explorer, which can cause compatibility issues for some web applications and sites. In order to help solve such issues I am pleased to announce that the Internet Explorer Compatibility Evaluator (IECE) is now available. IECE is released as part of Microsoft Application Compatibility Toolkit 4.0 and can be downloaded from http://www.microsoft.com/windows/appcompatibility/default.mspx.

IECE is designed to help IT professionals evaluate changes in behavior of web applications and web sites caused by the new security features in Windows XP with Service Pack 2 (SP2) and test for compatibility when moving from Windows XP to Windows XP Service Pack 2. It does this by:

  • Identifying issues and blocks to web site functionality
  • Identifying the cause of a block and specific details to identify the location of the problem

After installing Windows XP with SP2 and IECE, you can begin testing web sites and web applications. When a security feature blocks an action, new information will be entered in the test log including details such as:

  • A time stamp
  • The URL where the block occurred
  • The security feature involved
  • The URL zone
  • A link to information on how to fix this error
  • Automatic mitigation (if available)
Comments (56)

  1. Anonymous says:

    It would have been nice if you provided or linked to some details about what issues may occur and thus what issues this system detects, rather than just giving vague information, as usual. Personally, I’ve never had a compatibility issue with an IE upgrade of any kind, so I guess it only really affects those that use non-standard, insecure, proprietary extensions.

  2. Anonymous says:

    Agreed with Lachlan. The security features introduced with SP2 may have incompatibilites with ActiveX or some JavaScript function. If your website follows the accessibility standards, there should be no problems.

  3. Anonymous says:

    There’s an entire article about the myriad issues introduced by XPSP2. You can find it on the homepage, or use this link:

    http://msdn.microsoft.com/ie/default.aspx?pull=/library/en-us/dnwxp/html/xpsp2web.asp

    And while you fellas don’t use ActiveX, my company depends on it. Thanks for the info!

  4. Anonymous says:

    Will, the page you showed contains *everything* that a website should not have…

  5. Anonymous says:

    "non-standard, insecure, proprietary extensions"

    Ha, because That Is The Evil Which Is IE, eh? :7

    Example broken thing: SP2 disabled the view-source protocol, a non-standard, proprietary extension …invented by Netscape circa 1996 (and added to IE by _customer demand_ — aka a defacto standard).

    IE ‘fixed’ (removed) this nonstandard feature in SP2.

    Mozilla/Firefox (the poster-child for standards) still hasn’t.

    As a dev, I’d rather have seen view-soruce made standard than lose it, but it’s good evidence that MS is listening to the pleas for standards.

  6. Anonymous says:

    It’s slightly offtopic, but what about supporting HTTP/1.1 pipelining in IE7?

    Other browser vendors found some servers and load-balancing systems to be incompatible with that. Maybe you could create some pipeline test suite prior to implementing that feature? It would decrease speed gap between IE and Opera/Firefox.

  7. Anonymous says:

    Microsoft’s browser development group has released a new Internet Explorer Compatibility Evaluator: IECE is designed to help IT professionals evaluate changes in behavior of web applications and web sites caused by the new security features in Windows XP with Service Pack 2 (SP2) and test for compatibility when moving from Windows XP to…

  8. Anonymous says:

    @Rob – view-source has absolutely nothing to do with web standards. Once IE supports standards to a comparable level, then it can be additional features such as view-source, tab-browsing, etc. that are used to compete with other browsers out there.

    As it stands, IE is rapidly becoming something of a joke amongst people I know. Unfortunately it not commercially viable to refuse to support IE, but it is reaching the stage where it will be easier to offer down-level experiences on non-compliant browsers (IE), and/or list the cost of making a feature work in IE separately on the clients invoice.

    I am hoping that IE7 will go a long way to addressing the issues many web developers are currently facing; however I have received very different information about Microsoft’s intentions to support standards from different sources. If the pessimists on /. are correct I believe we will rapidly see web apps that only offer very basic functionality on IE. When it comes down to the IT managers choice of installing a free, small, secure alternative browser in addition to IE, or paying several $CURRENCY thousand extra, I think the number of Firefox/Mozilla installations will be climbing quickly…

    Besides, I’m fairly sure that view-source is still available under SP2 anyway? (Can’t check now as this office doesn’t have any windows workstations…).

  9. Anonymous says:

    I would like to remind people that IE is a platform…Firefox is an internet-navigation-system.

    We need the IE platform for now in business(that is, until ActiveX is absolute — hopefully soon) and we need Firefox as the standard browser, globally. Standards are required…they are standard.

  10. Anonymous says:

    Would the source code being available for this tool make it easier to hack Web sites or aid in the understanding of how to check for Web site security exposures?

  11. Anonymous says:

    If you have some real need for MSHTML on an intranet or whatever, it should be using MSHTA, not IE.

  12. Anonymous says:

    It’s a neat tool, and I support the release of such tools. However, I think we’ve got more important issues at hand:

    1) Javascript debugging, It’s HORRIBLE!

    2) CSS2 standard support…

    Now, I heard that you boys over at Redmond have a problem and that is if you choose to fix the CSS implementation it would break a lot of the websites on the Internet currently supporting the IE6. That is understandable … But have you considered maybe leving the Ie6 render mode as the default in Ie7 and allowing some kind of flag, that the other browsers could also implement/ ignore, embedded in the markup to shift the browser into 100% compliance mode?

    That would be great. Please. If you guys tried to create cross platform sites you would understand the PAIN!

  13. Anonymous says:

    PeterP said "allowing some kind of flag, […] to shift the browser into 100% compliance mode"

    > Lots of people around here, including me, think that the application/xhtml+xml mime type should be the flag to switch to 100% standards mode

  14. Anonymous says:

    Matt, I couldn’t agree more with you… what’s the use of flaming ie in this blog? I don’t think it really ‘helps’ anyone, it just clogs p this blog making it harder for everyone to filter out the ‘constructive’ posts.

  15. Anonymous says:

    To all you asking/hoping MS will make IE sufficiently standards compliant. Consider this: It’s unlikely to happen, EVER! Why? …

    Because significat standards support would be sufficient to most developers’ and users’ desires for AWESOME FEATURES(1), thus dramatically reducing the need for the windows OS and also many client-side applications, which is where MS makes its MONEY FROM(2).

    Microsoft doesn’t achieve market dominance by being INTER-operable and standards compliant; it does this by LOCKING OUT competitors, and on the internet, this means NOT being standars compliant (MS and the internet are kind of like "oil and water" in a way).

    MS will NEVER adequately support standards, because they are greedy, and MORE profit is more important to them than the human race having an effective means of communications.

    From what I’ve been reading, having to code around IE’s poor support of the standards has made doing web design LESS FUN. Now go and DO SOMETHING about it. Here’s what you should do…

    THE SOLUTION FOR DEVELOPERS:

    In your proposals to your clients, have a line item showing how much MORE it would cost them if they insist on having you make their web pages work in IE. Especially for their intranet sites, you should AT LEAST RECOMMEND to them to use a standards compliant browser (like Firefox).

    (1) http://www.faser.net/mab/remote.cfm

    (view using a gecko-based browser)

    (2) http://www.joelonsoftware.com/articles/APIWar.html

    http://www.GetFirefox.com

    .

  16. Anonymous says:

    To Peter Reaper:

    I can’t open link (1) with K-Meleon, which uses Gecko.

  17. Anonymous says:

    I hope to put this in the politest possible way:

    The majority of comments so far seem to be from complete fruitcakes.

  18. Anonymous says:

    i really hope that this is being released because rincon will need it.

    by the way, please do the right thing by users. do not automatically and anticompetitively inflict ie7 as the ‘default browser’ when they upgrade (although by all means leave it as an option during the install).

  19. Anonymous says:

    What he meant to say was open it in an _XUL_-and-Gecko-based browser, since that’s what it uses.

  20. Anonymous says:

    I hope your tool includes suggestions like this when it discovers incompatibilities:

    http://lab.msdn.microsoft.com/ProductFeedback/ViewWorkaround.aspx?FeedbackID=FDBK10939

  21. Anonymous says:

    I’ve reached the stage where I just don’t bother to try and make my web pages compatible to IE. I place a disclaimer to the effect that the site is developed to be viewed in a standards complaint browser and put links to Firefox site.

  22. Anonymous says:

    I find this blog sociotechnical trick… Some people that use to code aps are bloggin about "how hard is their job"!

    Is it so complicated to discover that IE _isn’t_ secure, _isn’t_ compatible with STANDARDS, _is_ losing market AND what features people want to see in next versions?

    You are blogging just to _imitate_ that your Team cares about users and their needs. This is fake care… MS is company, and you guys are doing what MS’s managers says – this is not Open Source Project to debate about future versions. Stop imitate.

  23. Anonymous says:

    I for one appreciate the attempt to at least appear to be more open. Does this make IE open source? Of course not. Does it appear that MS is becoming a little more open about what is going on? Absolutly. Be prepared though. Many among the unwashed masses have been waiting for this oppertunity to vent their frustrations of dealing with a company that often seemed to not want to hear from them.

    I hope bloggers/developers packed their extra thick skin and asbestoes undies.

  24. Anonymous says:

    sorry for offtopic, i have such trouble –

    for some sites, IE does not show any content, it shows blank page (not blank:page, but white blank page). View source shows right content…

    Proxy usage fixes this trouble, but my http://localhost is in ‘blank list’ ;-(.

    How to fix?

  25. Anonymous says:

    ops, IE 6.0.2800.1152.xpsp2.030410-1604

    Update Versions:;SP1;

  26. Anonymous says:

    Mark:

    of course it’s great opportunity to interact with developers Team – _in_a_way_ of Open Source Projects. I know.. it’s just the firs step.

    But, opportunity to speak out truism IMHO won’t solve any problem. It’s just another way to build personal relationships, customer relationships (and that’s why I’ve found this sociotechnical trick)

    I believe that true power of Open Source Project comes with interacting with code and problems – not only with people or opinions.

  27. Anonymous says:

    Starting a discussion on this blog is nearly impossible with so much fruitcakes. Peter Reaper, what part of the blog posting has to do with standards? Maybe in the near future we can have a discussion here … format http:// /zealots

  28. Anonymous says:

    I agree with Micha. It is impossible to have a real discussion on this blog because of all the slashdotters and their mutated offspring. I am almost to the point where I don’t even read the comments anymore.

    I applaud the IE for their never ending patience.

    James

  29. Anonymous says:

    To Micha: Disagreeing position <> fruitcake. 😉

    As to "what part of the blog posting has to do with standards?". I would say that this quote from the original post: "*compatibility* issues for some web applications and sites" and the fact that at least 5 out of about 20 posts (25%) mentioning "standards" pretty much makes this blog (also) about standards.

    <flame>

    I am not a zealot (i gladly use Windows). Perhaps you are refusing to face reality.

    </flame>

    PS. The fact that you didn’t repudiate any of my conclusions didn’t go unnoticed. 😉

  30. Anonymous says:

    Micha & James,

    It would be a lot easier to believe you when you say you want a real discussion if you refrained from calling people names.

  31. Anonymous says:

    400098,

    I think it would be difficult to avoid calling people names.

    Of course, my immediate reaction was, perhaps we could use all use nicknames instead, but this is somewhat confusing. Also, nicknames ARE names in themselves.

    This led me to consider what exactly a name was. The best definition I could come up with was a text property assigned to a person, with some small degree of uniqueness specified.

    If we are to avoid names, then perhaps we could use other methods of identification. We could for example use photographs or other images. We could use biometric identifiers like fingerprints. However, this is inconvenient and expensive and somewhat of a privacy concern.

    I think the best solution avoiding names would be to identify the post number you are referring to when you reply. This has additional advantages – it offers a homebrew ‘threading’ mechanism for free!

    However, I still reject your premise that a real discussion is easier without names. Real world (including popular electronic forms of communication) evidence seems to give weight to this view, although it is admittedly completely anecdotal.

    It is telling that civilizations all over the world, including tribals in deep jungle, have created unique verbal identifiers for each other. I think you are simply wrong. Sorry Jim. Oops.

  32. Anonymous says:

    ikiwiki: ROTFLMAO! LOL LOL LOL.

    Assuming you weren’t joking, by "names" he meant "insulting labels" such as: "fruitcakes", "zealots", "mutated offspring". 😀

    I think the previous poster’s link was to a graph showing Firefox’s usage in Europe (e.g., Germany 21% !!!). 🙂

    Article (in French):

    http://www.xitimonitor.com/etudes/equipement4.asp

    Google Translation of Article:

    http://tinyurl.com/3nrd5

  33. Anonymous says:

    This is what The IE team has brought upon themselves. You have *THE LARGEST* case of ‘not invented here’ syndrome. You will never again blog about something without someone mentioning Firefox in a comment (unless you disable comments, which in that case would be extremely ironic.)

  34. Anonymous says:

    "You [MS] have *THE LARGEST* case of ‘not invented here’ syndrome."

    Could you explain (specifically) what you meant is relation to this blog? I’m having a dense moment. You comment just doesn’t seem applicable.

  35. Anonymous says:

    Thanks for posting that, it helped a lot.

  36. Anonymous says:

    Jim,

    Your response indicates to me that you have a guilty conscience. Otherwise, you would not have paid any attention to my mentioning of "slashdotters and their mutated offspring."

    James

  37. Anonymous says:

    Internet Explorer Compatibility Evaluator: This was released last Thursday… it’s a kit to tell which browser applications won’t work in the new version. (It’s intended for IT staff who have intranets featuring IE6 apps which may break under Service Pack…

  38. Anonymous says:

    With the upcoming Windows XP x64 and the 64 version of IE that comes with it, will there be an update to the Internet Explorer Compatibility Evaluator to let you know what won’t work with IE x64?

  39. Anonymous says:

    don’t know what the fuss with firefox is, I’ve tried it each time a new version came out, and it is crap, it doesn’t even compare to Opera.

  40. Anonymous says:

    anon: well use Opera, just don’t set Opera to identify as IE or it may mess up some stats. Opera is an entirely different browser to Firefox so some people prefer it and other people don’t. Firefox out of the box is designed to be easy to use and similar to IE so it’s easy to get used to while offering useful features IE doesn’t have.

    Anyway, back on topic. It’s good to see an IE compatibility evaluator but why wasn’t this released before XP SP2 went gold? I’d have thought that this would have solved a lot of frustrations.

    I’m pleased to see that you’re slowly and steadily heading in the right direction now.

  41. Anonymous says:

    I’ve been reading this blog from the shadows for a wee while, as, no offence, improvements to IE’s rendering and scripting engines, particularly towards consistency with the other popular user agents, would make my job as a developer a whole lot easier- so it’s an area of interest to me.

    That said, some of the comments I see here, I find outrageous. In fact, I see a lot of mishandled frustration on the part of commenters on this blog; folks that would do better to stop and think a bit more, before blurting.

    Concerning Mr. PeterP’s comment, IE’s given me the best debugging experience of any of the browsers (maybe I’m only saying that ’cause I have Visual Studio at hand– either way- I’m saying it), with Opera in a good second place in the debug department- the Gecko browsers are a bit behind, and Safari’s debug feedback is a sack of nonsense.

    Arr.

    That’ll be all- I don’t belive I have anything specific to add or ask in relation to the original topic.

  42. Anonymous says:

    It looks as if the bloggers went back into their collective corporate hole.

    Isn’t independent thinking what started MS? It sure is interesting to see how the corporate "I’m-rich-so-I-can-do-whatever-I-want" mentality affects a company. Forget the users, forget how you started.

    "THINK"

  43. Anonymous says:

    Reply to Simon Murray:

    Would it be far more accurate to say that Visual Studio is then giving you a far better debugging than any other browser?

    If so, it’s kind of redundent because you’re comparing a browser’s default debugger to that of a third party IDE.

    Anyway – Not the point.

    I find the information that IE’s debugger provides very scarse, and at some times useless (Such as the line number – Which isn’t relevant to the HTML doucment, but the script).

    It also doesn’t tell me which file the error occured in, in the case of having a "src’ed" script.

    The errors that it reports are also vague.

    In the case of firefox, I’m able to see the line it occured on, the file, a section of the code and the area which caused the exception. I’m also able to click on the error: Which would open the file in a source view on the relevant line.

  44. Anonymous says:

    Hey,

    I’m glad you’re making this effort to help site designers improve compatibility. However, I have a proposal:

    How about you release guides for developers describing how they can replace online ActiveX-content with standards-based content? This would be the best migration strategy from ActiveX. As you say, you cannot remove it for backwards-compatibility reasons, but as you know, you cannot keep it for security reasons.

    By the way, I’d like to add a vote for implementing CSS 2.1 and the parts of CSS3 that have reached Candidate Recommendation status. The only thing that’s keeping most of them from become Final Recommendations is that no-one has implemented them yet (apart from KHTML), and an IE implementation would push it to final recommendation status, meaning web developers could start using it.

    To be honest, a CSS2 implementation is a waste of time for you. It’s more convenient for your dev team to implement CSS2.1 while you’re at it. It would be great for web devs, too, and since Mozilla haven’t got it fully, you’d have temporarily IE-exclusive content without breaking any moral boundaries.

    Good luck on driving standards forwards.

    If you do that, good luck on gaining market share. 😉

  45. Anonymous says:

    Common misconception: CSS 2.1 is a different standard to CSS2

    "CSS2" means "CSS level 2"; "CSS 2.1" means "CSS level 2 (revision 1)".

    CSS 2.1 is just the latest version of CSS2.

  46. Anonymous says:

    Greg,

    I know. I’m just pointing it out, as several people here have noted that it isn’t a standard yet, and in fact it is a standard as far as browser vendors are concerned, and IE should therefore implement the latest revision, not what was invented in 1998.

    http://www.w3.org/Style/CSS/current-work.html

    Everything marked as "Candidate Recommendation" should be implemented if I’m not very much mistaken. CSS2 without the 2.1 revisions is pretty much a waste of time.

  47. Anonymous says:

    &amp;nbsp;

    Depuis hier soir, vous pouvez t&#233;l&#233;charger la version d’Internet Explorer 7 Beta 2 pour Windows…

  48. Anonymous says:

    &amp;nbsp;

    Depuis hier soir, vous pouvez t&#233;l&#233;charger la version d’Internet Explorer 7 Beta 2 pour Windows…

  49. Anonymous says:

    My name is Tariq Sharif and I am a program manager in the IE security and networking team. I joined IE team shortly after Windows XP Service Pack 2 was released. Windows XP Service Pack 2 introduced many new security features for Internet Explorer, whic