Art Manion’s CNET piece on Security

The information published in this post is now out-of-date.

—IEBlog Editor, 12 September 2012

I just read
Art Manion’s perspectives piece on cnet. I agree with much of what he says
and encourage anyone who cares about browsers, security, or both, to read it. A few months ago, I offered
my opinion on this topic. We’re still open to feedback on this. We’re
getting a lot of it, privately, as we work closely with and listen to many
security experts as we build IE7.

As Art says, Windows XP Service Pack 2 made important
improvements. I strongly recommend XP SP2, whether you browse with IE or not.

- Dean

Comments (84)

  1. Anonymous says:

    I’m not so sure what makes this article so great. It seems to me like it’s filled with common sense information. Just about everything I see in that article is true, but what makes it stand out? I don’t see many agreeable points; all of it appears to be fact, and you can’t disagree with fact.


  2. Anonymous says:

    How about a blog entry or two on standards? I am sure you can find good articles about them.

  3. Anonymous says:

    "I don’t see many agreeable points; all of it appears to be fact, and you can’t disagree with fact."

    I think what this chap is suggested is that he doesn’t see anything he can disagree with.

    Heh, spot the troll!

  4. Anonymous says:

    an update on standards? or come release date are you just going to say "we don’t want to break backwards-compatibility!" and leave developpers wasting hours upon hours hacking their layouts to work in IE for the next 10 years (hey, were still coding for IE5)

    Good for you if you’re getting good press about security, but what are you expecting? A medal?

  5. Anonymous says:

    completely off topic question:

    Will making selections with the I-beam mouse cursor be more sane in IE7? I’ve noticed that it behaves very poorly on some pages… like pages marked up with pretty CSS or whatever. Highlighting what I want is impossible far too often.

  6. Anonymous says:

    Whatever security changes you make in IE7, please make sure that this time round you get the change notes & tech docs delivered in sync with the beta drops for those of us working with WebBrowser and our own security manager schema. Thanks.

  7. Anonymous says:

    Hmm, it didn’t look to me like Microsoft was getting good press about their security with Internet Explorer at all in this article. Maybe it was because I was doing other things when I read the article, or maybe it actually doesn’t. Either way, if this article suggests that IE security is high, it must not be recent, due to the fact that a major security flaw was just found less than a week ago.


  8. Anonymous says:

    Probably if you try very hard, you can prove that every sentence of this article is true, but at first glance (especially non-techie people) may be tricked into believing that alternative browsers aren’t more secure than IE (and those tons of IE-targetted malware don’t exist).

    Article highlights sentence "Attackers have begun to exploit vulnerabilities similar to IE’s in alternative browsers."

    Can you name those browser*s* and attacker*s*? Because AFAIK there was only one case and targetted one, outdated, version of one non-IE browser.

  9. Anonymous says:

    Just tell us the release date of IE7. Do you guys know how hard it is to not download and use firefox, because of all the cool stuff it does?? You are really getting some of the users that are loyal IE users impatient. Gosh, just release IE 7 or tell us the release date or something. . . It’s like you guys just ignore the past comments made by people asking for the release dates. At least acknowlege them. Again, just release IE7 or release date.



  10. UnexpectedBill says:

    Hello Dean (and others on the IE team)…

    I think it is certainly fair to say that security on any browser in the world can be a problem. However, it can also be said that IE has a track record that isn’t very good in some ways. Personally I have used both Internet Explorer and Firefox–and never encountered a malicious vulnerability with either one. I’m a user of both browsers now as IE works well on my low end hardware and Firefox offers more features on the computers that can handle running it well.

    However, I do computer work for people and so far the examples of exploited IE flaws (sorry, I have lost count) far outnumber those I’ve seen everyday users encounter with Firefox or another browser. In the interest of fairness to IE, I haven’t yet looked into why this seems to be the case…if it is security issues or something users are doing that is not appropriate.

    Regarding your comment about XP Service Pack 2…it’s just not yet realistic to make such a "strong recommendation". I personally have no intention of running on XP, much less Service Pack 2. To me, Windows XP is just plain annoying, slow and nowhere near the wonderful example that Windows 2000 set for the Windows product line. Service Pack 2 doesn’t do much to help me like XP, either. I find the notification enhancements annoying at best, especially the one about automatic updates needing a restart that simply will *not* go away and keeps popping back on a timer. (Why isn’t this a user selectable preference?)

    I don’t understand the rationale for not releasing a port of IE7 for Windows 2000. It is, after all, what I think most would consider to be a major critical security update. Sure it would be a lot of work…but don’t think that it would go unnoticed or unappreciated.

    So I’m not running XP Service Pack 2 and I have no intention of doing so other than in test environments.

    If you guys (and gals) don’t mind, I’d like to ask a few questions of you:

    1. Where can one officially report bugs on Microsoft software? I’d like to report that the new software for Microsoft Update/Windows Update does not display a proper high color icon in the system tray when it is down there. This is running on Windows 2000 SP4/IE6SP1.

    2. How can one submit private feedback to the IE team? Is this something the general public is allowed to do?

    By the way…I do really appreciate hearing what the IE team is up to…I think this blog is really great. It is even better that you’re accepting feedback from the general public. Keep up the great work and the updates–I’m really looking forward to seeing the IE7 beta even though it won’t do a whole lot for me now.

  11. Anonymous says:

    Dean, are you suggesting that we have no say in the security of IE? Are you saying we don’t know what we are talking about?

  12. NewXStar says:

    whether you browse with IE or not. ???

  13. Anonymous says:

    You are always pushing or boasting for security features. I’m OK with that since I’m using Firefox.

    Just drop ActiveX and be sure to meet Acid2 (

  14. Anonymous says:

    @Sceptical: "Just drop ActiveX…"

    They’ll do that as soon FF will drop their extensions installation mechanism (aka XPInstall).

  15. Anonymous says:

    When can we expect a public beta of IE7? ALl this talk is nice, but how about getting us something to bang on.

  16. Anonymous says:

    Ok, I’m sure this is the wrong place to ask this. But, when are we going to see the first IE7 Beta? Thank you!

  17. Anonymous says:

    All of you at IE7 developement.

    We here in the Southern half of the world have passed mid winter which indicates to us that Summer is almost gone north of the equator.

    Where is IE7 Beta?

    Perhaps it will be summer 2006/7/8?

    BTW will IE7 be available in languages other than English or will there be some way we can translate the browser to languages not normally supported by IE?


  18. Anonymous says:

    Microsoft has lost the browser wars amongst the Jewish market after the chief Rabbi of Israel has started to publicly endorse Firefox (see

    IE still has broad appeal amongst evangelical Christians though, as far as I can tell.

  19. Anonymous says:


    The beta ie7 was slated out around july 16th is the rumor I heard. xp only as you know.

    been checking my work’s weblogs for activity (~4 million uniques per month) and no ie7 user strings yet.

  20. Anonymous says:

    How about you all fix your RSS feed. I currently use Mozilla T-Bird for reading mail and RSS feeds and YOUR RSS FEED is the ONLY ONE that seems to constantly refresh EVERY article 2 times a day (And I subscribe to about 40 different RSS feeds, so its not T-Bird), regardless of whether or not I have read them. I hope this isnt the kind of support we can expect from Microsoft’s RSS support because this alone really annoys me.

  21. Anonymous says:

    The most reverent congregation of the Church of Emacs shall never stoop so low as to worship false idols such as Lynx. Verily, they shall not cower even when assailed by swarms of Lizards, and will sing with exaltation the praises of the blessed w3.

  22. Anonymous says:

    I have been working with CSS1/2 for a while now. Never bothered to see what results you get from {display:table-cell}. It works perfectly in FireFox,NN6+,Opera7+ and others I imagine. "Works perfectly" as in it <div>’s act as if td’s …. so now just imagine the positioning issues that could have been avoided with coding for IE if "only" CSS was properly supported !! Hope you IE guys are listening to developers.

  23. Anonymous says:

    Just tell us the release date or release IE 7. . .


  24. Anonymous says:

    Joshua Levine wrote:

    >How about you all fix your RSS feed.

    And today it’s flaked out yet again. It’s almost like they are trying to tick off the majority of subscribers, so that only the IE loyalists remain.

  25. ieblog says:

    Tom wrote:

    > And today it’s flaked out yet again. It’s almost like they are trying to tick off the majority of subscribers, so that only the IE loyalists remain.


    Sorry Tom it is not a conspiracy. The software and servers for the IE blog are the same as those used by other msdn blogs at

    We’ll see if we can get the issues addressed but it is definitely not something we want to happen.



  26. Anonymous says:

    Well why don’t you change your blogging software? It sucks, and people have been saying it sucks for ages.

    1)It can’t handle basic HTML or BBCode, in particular, mangling all links.

    2)It breaks down every 3rd time

    3)The RSS feeds suck, they repeat items and miss them out.

    4)The comment counts are a work of fiction to rival Dostoyevsky.

    5)It thinks every user has ID 1001.

    6)There’s no way to quote previous comments other than manually.

    I realize it takes your managers 4 years to decide to start a process, but maybe you can expedite matters?

    I recommend WordPress.

  27. Anonymous says:

    Anyone going to answer the IE7 Beta 1 release date question?

  28. Anonymous says:

    The question has been answered before: this summer.

    Summer started less than a month ago. Let’s give it a rest, guys.

  29. Bruce Morgan [MSFT] says:

    The answer is, and has been, "summer 2005". I’m sorry I can’t be more precise than that.

    BTW, summer ends about September 22, 2005.

  30. Anonymous says:

    Mr. Bruce,

    SO, why couldn’t you guys just say late summer 2005??? Because you saying September tells me something. It tells me that you guys won’t release it anytime soon. And I bet next year with longhorn it’ll be the same thing. . . I hope for your sake you don’t lose anymore people to FireFox. . . !! !! !!


  31. Anonymous says:

    Oh do quit whinning. I run a purely Windows/IE environment and I’ve never had a single virus or piece of spyware or adware, and I haven’t seen a blue screen in several years (and yes, I hammer my machines a LOT). If something has a link to an .exe or an embedded ActiveX, yes, it is going to run if you click the little OK button – amazing! Stop clicking random things and think every once in a while. Or go whine at those people coding the viruses and spyware. Also, if you keep your system fully up to date, odds are very good that Microsoft will fix any major problems long before you find a site trying to exploit them. I would take a Microsoft system that’s been tested and fails once in a blue moon over a completely untested open source project any day of the week.

    As for the blogging software, Microsoft is using CommunityServer, which is open source. What happened? I thought everyone *loved* open source software. We run it in our local corporate network and it runs fine. So it goes down for them every so often under load enormous loads, or maybe they misconfigure a relatively complex engine once in a while. Go outside and enjoy the weather or something.

    As for standards, I’m pretty sure that the folks at Microsoft are well aware of what the community wants by now, and I’d bet they’re going to do everything they can to implement it in the time they have, with the manpower they’re allotted. Does that mean 100% compliance? Maybe so, maybe not. I don’t really care as some of the standards are stupid anyways (nobody can tell me that "table-cell" isn’t a hack and a half – oh, we don’t use tables for layout because tables are meant just for tables, but we can call our div’s table cells and solve all out problems). Cry me a river.

    Yes, I want to see IE7. Yes, I want more standards compliance. Yes, I want the current bugs fixed, too. Yes, I want a more secure browser experience. But all this complaining is hardly going to help any of that.

  32. Anonymous says:

    well well well, I wonder if we really will have to wait until September 22nd…

    didn’t have any of these until today — all sorts of them too!

    "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0; .NET CLR 2.0.50215; SL Commerce Client v1.0; Tablet PC 2.0)"

    "Mozilla/4.0 (compatible; MSIE 7.0a1; Windows NT 5.1; SV1; .NET CLR 1.1.4322; MS IdentiServ 1.4.12)"

    "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322)"

  33. Anonymous says:

    Bruce you sure that is when summer ends? afterall microsoft have been crap reaching their dates, perhaps microsoft would like to go to God and ask summer be extended for a few more months

    Gawd microsoft is becoming a pathetic joke.

    Gates should sake you all and employ people who can do this better and quicker, like firefox, opera, to name a few.

  34. Anonymous says:

    SurrealLogic wrote

    1) Microsoft is using CommunityServer, which is open source.

    Just so wrong. Oh so wrong. Please read:

    2) I thought everyone *loved* open source software.

    People love software that works "reliably" and helps them to do their job "effectively". A point that MS has been missing more and more the past few years.

    3) We run it in our local corporate network and it runs fine.

    Sorry, but a corporate LAN is not real world conditions anymore.

    4) So it goes down for them every so often under load enormous loads,

    Daily failure is slightly too often.

    4) or maybe they misconfigure a relatively complex engine once in a while.

    RSS is not brain surgery.

    5) Go outside and enjoy the weather or something.

    I think I will πŸ˜‰

  35. Anonymous says:

    This is OT, but to any M$ marketers reading this. is the worst advert for Community Server, ASP.NET and Microsoft possible. Its very visible, its very high-profile, and its a completely stinking steaming pile of poo.

    Microsoft can easily afford to lob a few millions to build a good blog engine, or improve Community Server until its acceptable.

    No-one would care as much about your corporate evility if the stuff you built wasn’t so awful.

  36. Anonymous says:


    You guys are turning into a joke. . . All because you can’t ever release anything on time or make anything ever work correctly. . . Mozilla’s FireFox will continue to outdue you, just like Google is with their e-mail service, blogging service and many more. . . I hope you don’t lose those very few that are loyal to you. . . Because you love to make people wait. .


  37. Anonymous says:

    There, I said it. This blogpost predicted by the prophets on /.

  38. Anonymous says:

    You guys just can’t give a honest answer, can you?

    Try these:

    Will IE7 support SVG and any of CSS3?

    Will IE7 migrate my Firefox and Opera bookmarks?

    Will IE7 be a forced upgrade pushed out with Windows Update to XP SP2 users?

    And, why does Allchin still have a job after he is proven to be a liar?

  39. Anonymous says:

    I don’t understand why all of you continue to harass Microsoft over IE7, standards, and security. I don’t see why you want IE7 on a platform that isn’t supported. Honestly, it doesn’t make any sense to me.

    All of you guys talk about standards, but you know what, if IE wasn’t what the majority of internet users used, you wouldn’t sit here right now posting comments about how "awesome" FireFox is.

    I’ve tried FireFox on my Windows box, with XP SP2, and I found it slow. It was slow to start up, and it was slow to load pages…even pages as simple as Google News compared to IE. Even the fonts look horrid compared to IE.

    Don’t whine about spyware or adware either, since I haven’t gotten anything on my computer, and I just run CA Anti-Virus that I got for free for 12 months. So instead of whining about how insecure IE is, maybe you shouldn’t install all of those ActiveX controls on those sites full of viruses that you all seem to go to.

    And since you are all "OPEN SOURCE IS GREAT" fanboys, why are you complaining to Microsoft? Since surely if you are so awesomely open source, then you use Linux or BSD, and you never touch Microsoft.

    Oh, that’s right, Linux isn’t compatible with your favorite app? Your favorite game? Your favorite SITE? It’s sickening, truly sickening, when the entire open source community is just full of kiddies now who use FireFox and shout "Down with Microsoft" and think they are cool for doing it. Go use Redhat 7.3 and realize what Linux was meant to do. It isn’t a desktop, it’s a server OS. That’s why you use Windows 2000 and XP. Any attempts for Linux to move foreward now are just becoming more of a farse.

    Just because something is open source doesn’t make it secure. That’s why when I install Fedora Core 4 and I have, when I do a "complete install", patches flying at me daily for hundreds of various programs, makes me wonder why these apps need new patches. Oh, maybe because they were coded badly? Hmm? Use NetBSD if you are SO concerned with security, otherwise just get smart and don’t blame IE, blame your self for not being able to "use the Internet" properly and you need a slow browser with many vulnerabilities itself, just to be "safe".

    Any OS has security holes, be it Mac, Linux, or Microsoft-based products. And chances are, these security holes are caused due to the "lightest" security settings possible. All I can say is, I feel a heck of alot more secure using IE and XP, then I ever did with Fedora and FireFox. Puh-lease, gaining entry into a Linux box takes so much less time to do, anyways.

    Microsoft isn’t the perfect company, and may sometimes sway facts, but if you don’t think Novell and Redhat do this themselves, then you are ignorant, and proves you should stay on using your Knoppix and your Fedora and your Ubuntu, as I don’t think you are capable of using your computers.

    Oh, and find me an un-biased security report on IE versus FireFox, not just "ActiveX is the devil!!!", because you know what? Extensions and the JavaScript abilities in FireFox are just as deadly, if not more deadly, then ActiveX in IE. At least Microsoft allows me to more easily block hack attacks then FireFox.

    Besides, THIS POST WASN’T EVEN ABOUT IE7 SO WHY DO YOU ASK THESE QUESTIONS. I mean, get a life all of you trolls. You just wait for anything to pounce on, like you think you are more "powerful" then these guys. What’s the last browser you’ve written?

  40. Anonymous says:

    Tom wrote:

    >> Microsoft isn’t the perfect company, and may sometimes sway facts, but if you don’t think Novell and Redhat do this themselves, then you are ignorant, and proves you should stay on using your Knoppix and your Fedora and your Ubuntu, as I don’t think you are capable of using your computers. <<

    Hold on a minute. You end your post with:

    >> I mean, get a life all of you trolls. <<

    Yet you are trolling about trolls. Hmm, what good does that do, mr. Mike?

    Also, talk about being a stereotypist; you claim that ALL open source developers are like that? How biased!

    The door swings both ways.


  41. Anonymous says:

    31 pointless comments from bedroom nerds ranting about browsers and standards again.

  42. Anonymous says:

    pseudo, this is a Microsoft blog about Internet Explorer. Now, let’s look at FireFox for a minute here…

    It holds around 5% or so of the entire browser market, right? Well, Linux does NOT make up 5% of the market of desktop OS’s and things like that. FireFox would not even be heard of if it was just another Linux browser like Konq, so all I am saying is when you guys sit here and rant about Microsoft releasing horrid products, you (the open source community) go and still design products on "a horrible system".

    I just find it quite ironic that the only reason you all are here today is to flame about a browser that isn’t even built upon an open source operating system, well, at least not the one that actually gets frequently downloaded =P

    And to all of you guys complaining about a release date for IE7…give me a break. states:

    The usually warmest season of the year, occurring between spring and autumn and constituting June, July, and August in the Northern Hemisphere, or, as calculated astronomically, extending from the summer solstice to the autumnal equinox.

    If I am not mistaken, Microsoft said they would release a Beta in the summer time. Now, notice the date. It is July 13th, barely half of the entire summer is gone. Quit being so impatient just so you can say "zomg IE is t3h sux0rs".

    I’d rather the IE team take their time and continue to test and test, refine, and then release. Of course, this isn’t acceptable though, because that is just too late and I believe since Knight Rider seems to think this: "I hope you don’t lose those very few that are loyal to you. . . Because you love to make people wait. . "…yes, the very few who are loyal to Microsoft will just run away because IE7 beta wasn’t released in spring instead of summer, how realistic.

    Oh, not to mention if Microsoft released it too early, you all would whine anyways saying it’s a bad product and they should’ve taken more time.

    And pseudo, I didn’t state all open source developers. Nor was I talking about Open Source developers. I was talking about how Novell and Redhat sway just as many facts as Microsoft in that quote, and that it is kiddies who believe Microsoft is the devil just because it’s what they are force fed on IRC who use the Linux distros I stated.

    Like I said, all of you fanboys, use Redhat 7.3 and I’d like to see you all using Linux on your home desktop.

    Heck, even better, use NetBSD! It doesn’t even have a GUI! Let’s see how fun the computing experience is for all of you IRC idlers now.

  43. Anonymous says:


    I use a system without a GUI every single day. Infact, I PREFER it this way. GUIs are big and bog things down. I use a GUI some of the time, but not for the majority of things.

    Also, I run Slackware 10.1 on all my boxes, thank you very much. I’m not just a fan boy who says linux is cool and claims to use it; I _DO_ use it, and I use it on all of my servers.

    Also, you talk like all of us Linux users are "IRC idlers". This couldn’t be further from the truth.

    Distrust of Microsoft has been earned, not force fed.


  44. Anonymous says:

    I just can’t believe the IE teams puts up with all the crap from the many posters on this blog. Do any of you realize how you sound? Do any of you bother to read your posts back to yourselves before you click SUBMIT?

    Allow me to sum up in one word how many of you who post comments on this blog sound like:

    P A T H E T I C

    I assure each of you that you would get far more response out of the IE team if you worded your posts professionally and with some common courtesy. Believe it or not the slashdot mentallity just doesn’t fly in every little corner of the Internet.

    Please, be more professional. Not only will you get more response from the IE team, but you will also greatly improve the quality of this blog and make it more enjoyable not only for the IE team, but for yourselves and everyone else.

    Some of you complain about being ignored. Well, based on some of the idiotic comments on this post alone, are you truly that surprised?

    If all of you are truly web developers, then based on the comments I have seen here and elsewhere on this blog I can only say two things:

    1. None of you will ever do any development for me.

    2. I am totally happy I will most likely never have the displeasure of meeting such harsh and unprofessional people (read: YOU).

    Give it a shot. Be more professional and behave yourselves. You won’t be disappointed.


  45. Anonymous says:

    Pseudo, then I apologize. But the common user (Read: Windows "cool convert") who uses Linux just for hating Microsoft without reason (I.E, if you ever asked them to compare ASP.NET and PHP or Apache and IIS, they would have no idea what you are talking about), those are the users I despise.

    And it is also those fanboyish types who are the IRC idlers, as they sit in their distro’s channel and answer support questions in fairly stupid manners (I.E, "zomg u r such a n00b to linx lik y r u here"), and those are the disgraceful people.

    I applaud you though, for using Linux and not just blindly hating it like others do :)…I choose to not use Linux / Solaris because I tried it and found Microsoft to be better for me, and I am sure you used Microsoft to find that Linux was better suited for your needs, correct? I assure you I have no problems either way, but hey, sorry for the misunderstanding :)…

    I find the Linux versus Microsoft arguement though, is almost Xbox vs Gamecube and some of the most vocal people on either side probablly have only used one system, or found them both to be similar for what they want so they just pick whoever seems to hate the other more. Know what I mean?

    And James, did any of us ask to do development for you? Please, don’t come in here talking like we should kiss up to guys like you on an IE blog comment section! If you want a real response from the IE team, there is a "Comments" link where you can write the IE team direct.

  46. Anonymous says:


    Your comment to Pseudo indicates that you prefer to form opinion based on fact and logic/reason rather than blind hatred or just following some fad. Which, I assume, is why you were apologizing to Pseudo. Therefore, my comment wasn’t directed toward you (which I thought would be implied).

    Unfortunately, it appears you must feel guilty about something or you would not have paid any attention to my comment at all. Afterall, if you are behaving professionally, then why respond to someone who is fed up with unprofessionalism and voices it?

    And no, you didn’t ask. And no, I’m not asking you, or anyone else to kiss up to me or anyone else. I am, however, asking for people to drop the attitude so we may have some serious discussion with the IE team.

    I truly am sorry you had to kill off a totally wonderful comment by responding to me. I was really digging your stance toward the Linux vs Microsoft argument and your ability to make up with Pseudo.


  47. Anonymous says:

    James, I’m all for that πŸ™‚

    Sorry for coming off in a shrewd manner towards you on my last comment, but we’re already quite a bit off-topic and I wasn’t sure who exactly the comment was directed at (You could’ve hated my opinion and I would’ve been oblivious to it πŸ˜› )…

    I don’t neccesarily feel "guilty" about anything, per say, except for the fact that I was a bit quick in my judgement of Pseudo.

    Also, a correction in my last comment, I meant to say "Contacts" link and not "Comments".

    But honestly, am I the only guy who comments here who cares about the other features of IE besides standards? =P

  48. Anonymous says:


    No apology necessary. I should have been a little more direct in my comment.

    But alas, let us move forward in helping the IE team make a great blog so we can all benefit from it lest we spend the rest of the day apologizing to each other while the undead scourge of slashdotters and other zealots take over. πŸ™‚


  49. Anonymous says:

    Mike wrote:

    >> […] and I am sure you used Microsoft to find that Linux was better suited for your needs, correct? I assure you I have no problems either way, but hey, sorry for the misunderstanding :)… <<

    Correct. I use linux simply because I am a developer, and find that there are more tools for Linux than Windows (plus, I like the editors that come with most linux distributions. ;-))

    You and I have no problem. I don’t blame you for the misunderstanding; one must stand up for what he believes. πŸ™‚


  50. Anonymous says:

    For all those out there using firefox and IE – userscripts (finally) in IE

    ObRANT: People who don’t like GUIs are ranting about graphical web browsers. What a freaking joke.

  51. Anonymous says:

    Tom wrote:

    1) Just so wrong. Oh so wrong. Please read:

    Look, it’s under a slightly different license than the half dozen popular linux open source licenses. Big deal. It’s the convergence of 3 open source .NET projects, and that’s close enough for me.

    2) People love software that works "reliably" and helps them to do their job "effectively". A point that MS has been missing more and more the past few years.

    I think MS has actually been getting better and better at this. Did you even get automatic updates 5 years ago? I can’t even remember the last time I crashed or rebooted my machine. I doubt any single suite has increased worker productivity more than Microsoft Office.

    3) Sorry, but a corporate LAN is not real world conditions anymore.

    No, no it’s not.

    4) Daily failure is slightly too often.

    I see the same people whinning everday, but I have yet to see their system down. If it is going down (and I assume it is), it must not be all that often or all that long.

    4) RSS is not brain surgery.

    There’s a hell of a lot more to CommunityServer than RSS.

    5) I think I will πŸ˜‰

    I wish I could. Sadly it’s work all day and work all night for me. πŸ™

  52. Anonymous says:

    SurrealLogic wrote:

    >> I see the same people whinning everday, but I have yet to see their system down. If it is going down (and I assume it is), it must not be all that often or all that long. <<

    You came about a half hour too late. The system was down a short while ago (perhaps 5:00 CST or so).

    Although, this isn’t exactly a daily occourance.


  53. Anonymous says:

    If any of you have followed the link to his opinion and then checked out the Firefox bug advisory, you will see that I am the reporter of the vulnerability. Dean is entirely correct in his statements that security is an industry-wide problem. The reasons that Firefox doesn’t have as many vulnerabilities as IE are:

    1) It is not as old as Internet Explorer

    2) It doesn’t have nearly as many features as IE has

    3) It doesn’t use the object html tag

    Being a security researcher, I know what secure software should be like. Internet Explorer had a couple rough spots pre-sp2, but after sp2 was released, interesting vulnerabilities are few and far between.

    Also, to those of you that think IE is losing all of it’s customers, think again. From the month of June to July, Firefox dropped by a percentage point in browser usage, while IE increased 2 percentage points.

    While I do respect Mozilla for creating a nice alternative to Internet Explorer, I find IE more attractive due to the fact that Microsoft is paying more attention than ever before to security in it’s software. I’m going to stick with the "e".


    Greyhats Security

  54. Anonymous says:

    > The reasons that Firefox doesn’t have as many vulnerabilities as IE are:


    3) It doesn’t use the object html tag

    Huh? You might know what you are talking about wrt. security, but you don’t know what you are talking about wrt. the web. Firefox implements the object element type (not "tag", as newbies are fond of calling it).

    > Also, to those of you that think IE is losing all of it’s customers, think again. From the month of June to July, Firefox dropped by a percentage point in browser usage, while IE increased 2 percentage points.

    Cite please. And from a reputable source (i.e. not just stats culled from access logs and Javascript; they are worthless).

  55. Anonymous says:

    pseudoterminal wrote:

    > Although, this isn’t exactly a daily occourance.

    The RSS feeds were screwing up daily, but it looks like Dave kicked some MSDN booty the other day, because it has not flaked out since.


    SurrealLogic wrote:

    > Look, it’s under a slightly different license than the half dozen popular linux open source licenses. Big deal.

    The big deal is that it is free as in beer, not as in speech. That’s "Open Source 101" stuff. You are still at a Vendor’s mercy, and only get to play with the source after you pay.

  56. pankajahire says:

    Excuse me, this is for the person who posted the definition of Summer from

    The meaning and actual occurence of summer varies from place to place around the world.

    I agree Microsoft must have meant Summer in "America", but in an increasingly globalized world, don’t you think such terms are obsolete? Summer for us here in India, began way back in the middle of March and it finishes right up in the middle of June.

    Microsoft’s software is just not limited to America, and hence it is time that Microsoft starts using more sensible terms to indicate the release of their software.

    And besides that – No, I don’t hate IE, infact I have consistently vouched that IE has one of the most simplistic yet powerful interface ever, but tell me if everytime I design something and have to put in hacks for it to work in IE, don’t I have a little right to demand better adherence to Standards?

    I am not a professional person, just a freelancing student who has ample access to Linux, BSD and Solaris. I fully know the differences between ASP.NET and PHP, Apache and IIS and have used all of them extensively.

    So, expecting a little more interaction from IE team and a little more involvement of us in the development process is all I ask for…

    Now come on, I willingly lapped up the postings on tabbed interface, the one on PNG’s implementation – more of those such excellent postings are what I require.

  57. Anonymous says:

    I’ll make a prediction based on a recent (late june) css3 ‘working draft’ posted by microsoft employees to the w3c:

    They will half-implement the CSS3 specs as they are right now — some, like the speech module, aren’t on the roadmap.

    Hell yeah CSS3 text effects module!

  58. Anonymous says:

    To: Jim, regarding Nelson’s post.

    Nelson (correct me if im wrong) wants to get rid of the NON-JavaScript methods…

    //example A

    var fso = new ActiveXObject("Scripting.FileSystemObject");

    //example B (this is the worst invention here)


    And i certainly agree with him. These ‘features’ are not needed nor wanted by 99% of us.

    otherwise i have to agree with 6,9,10,11,12 & 14

    Regarding 12, Paul points to BHO’s. i dont think that this is the kind of solution we want either. Last time i looked in my IE6.x SP2, I could only *see* the spyware BHOs i had, I could *disable* them, but there was no uninstall. (there should be one, on that tab)

    and here is my additions;

    #15) Some support for pre-XP IE. i know this seems backwards to most, but i like many, have no intention of upgrading my OS to upgrade my browser.

    #16) Some sort of greasemonkey plugin thing. i know there is one out there, but a MS sanctioned one would be best.

    #17) The Javascript popup, for a window.prompt(); isn’t a.) big enough to put 3+ lines of text for the message, b.) anoyingly top-left justified to the ‘desktop’ (it should be middle-centered, like the alert(), confirm(), and print(). c.) the size of the textbox is too long for normal use (e.g. just filling in a name for something (e.g. an email folder name)

    #18) Let me pick what search engine to use for 404/ page not found redirects

    #19) Expand the size of the Internet Options dialog, or at least make it stretchable. it is real anoying to try and view all the advanced scripting settings in that tiny scroll window. also nest related items in a collapsed view when it is opened up it is too cluttered.

    #20) The fonts dialog is even worse

    #21) "open this frame in a new window" option on right-click in a frameset (I pressume this is already done)

    #22) No scroll bars on screen real-estate, until they are required. looks ugly, an amateur.

    #23) initial window/tab load focus should go to the address bar

    #24) double-click on address in address bar to alter highlight from full uri and relative ‘chunk’ of the uri

    #25) Printing (my oh my do I hope they learned about scaling)

    #26) More flexibility in text size

    #27) Easy removal of any toolbar, button, etc. from the browser (e.g. email clients that put an icon in the toolbar, or become default source editors)

    (thats all from me…….. for now πŸ™‚

  59. Anonymous says:

    Pual (Greyhats) wrote:

    >> I don’t see why everyone is so caught up in CSS2. CSS1 is just fine. <<

    I don’t see why everyone is so caught up in Windows XP. Windows 3.1 is just fine.

    So I assume you are saying it is "Just Fine" not to support CSS2? I guess it is "Just Fine" if a tech support company desides to only support Windows 3.1?


  60. Anonymous says:

    @Random Loon

    I completely agree. If you don’t like Microsoft, and you have a valid complaint about a specific issue or the way they do something, you should be fully entitled to your opinion as well as the right to make yourself heard if you think something should be done about it. However, if you just don’t like Microsoft because you consider yourself "l33t" if you hate them, do not post on blogs; it’s just a waist of your time as well as ours.

    I have not seen a single post on this thread that actually has any kind of relevance to the topic at hand. If you look, you will see that the second post asked facetiously about standards, and from then on it’s as if the whole thread was created for bellyaching about non-compliance. Gimme a break.

    If Microsoft feels that implementing CSS2 is important, I’m sure they will make the right decision. However, if there is any suspicion that it would break any part of the internet, they probably won’t do it. App-compat over features, as they say.


    Paul (Greyhats)

    Greyhats Security

  61. Anonymous says:

    I believe Bugzilla is leading an army of Transformers and Cartoon Super Heros against all successful (Evil obviously) corporations around the world as we speak.

    As for reporting things that dont work the way they probably should for Microsoft, try – and you will be able to enter any info you feel the need to on their Beta Products. There is also a contact link on the bottom of all Microsoft pages if you feel the need to contact them on an non Beta product.

    Oh – and Paul (Greyhats) – by the way thanks – I swear I have learned more worth while stuff from you, than probably any where else.

    You can learn a lot about how things work, quickly, from the exploits of things I have discovered πŸ™‚

  62. Anonymous says:

    @ Trevor, Nelson

    (15) is right on the money! This is the one thing that will continue to plague IE. Esp. since D.O.J. was told it couldn’t be separated.

    new ones;

    (28) Where is the "Bugzilla"? we know it is closed source, but where do we submit all the anoying bugs? Seriously, this is very important! (REPEAT: This is a huge issue! Even if the bugs do not get fixed, at least they can be vented, and MS can be made aware of them) (Note: if it requires a .Net/Passport account, don’t bother)

    (29) should not throw up a 403 or 404. Post a welcome page at least, so that users can bookmark it, find out new info etc.

    (30) View Image link on right-click

    (31) Deprecate "alt" tooltips

    (32) <li> indentation fixed (looks u-g-l-y!)

    (33) When an event (e.g. onchange) fires, causing a form to submit/or a new page to load, change the cursor to "busy". This is very anoying for all the new web apps, as users have no idea the page is re/loading etc. (PS throbber should also "swirl")

    (34) This might be obsolete, as I dont have XP here… but the organize favorites dialog in preXP needed a LOT of work.


  63. Anonymous says:

    No offense guys, but some of us actually like reading the thoughts and articles of the IE team, or learning of the features of the new IE. Is it really necessary to spam every, and I repeat, *EVERY* thread with "standards compliance" or "firefox vs IE" garbage?

    Seriously its highly immature. Try and stay on topic for once, please? So that parties actually interested in the topic can hear others thoughts without having to weed thru a ton of junk.

    Whats worse is quite afew people, and i’m not saying all, bring these topics up in a immature and inflammatory way, do you really expect a response to these questions if you can’t present yourself as mature individuals.

    Instead of the usual "Anti-MS" posts, simply cause in the geek community its considered the "cool" thing to do, if you have a complaint, present your argument in a mature and civilized manner. Likewise, if theres something about IE that you feel is inferior to FF, please address it in the same manner. With abit of maturity, I think we’d all find this blog to be a better place for us all.

    Just because its the internet, thats not an excuse to leave maturity, common sense, courtesy and respect behind. I remember the internet about 6 years back, there was alot more forums and such with mature discussion, now almost every community on the internet is one line replies, flames and insults, "I agrees" or whatnot. Intelligent discussion seems to have died as the internet got taken over by those with less intelligence than a lima bean.

    I’m sorry for going off-topic, but i’m alittle annoyed by not being able to read a single post without seeing the same thing flood the comments on every single one of them, time and time again.

  64. Anonymous says:

    I want to address a couple points here wrt CSS2 and CSS2.1 amoungst people who didn’t read the entire spec.

    [a] CSS 2.1 is still a working draft. Wasn’t everyone complaining about IE 4 using an incomplete CSS 1 draft? About IE 5.0 using the working draft of VML (FOUR years later, FINALLY superceded by SVG recommendation?) So why in the hell would these same people cheer on CSS 2.1 Get on the w3c to ratify it.

    [b] CSS 2 contains Aural style sheets. As far as a I can tell Opera is the only browser that comes close to being a correct CSS 2.0 spec (not Mozilla, not Safari, Firefox, IE, etc.etc.etc.)

  65. Anonymous says:

    Forgot to note that even though CSS1 is already quite powerful (but nowhere near "just fine"), completely bugged implementations of it are not, and this is what IE6 currently provides.

  66. Anonymous says:

    >> I don’t see why everyone is so caught up in CSS2. CSS1 is just fine.

    I really hope this is either a joke or a troll, because if you really believe it you’re damn out of whack.

    CSS2.1’s selectors alone are more than worth implementing CSS2, let alone the pseudo classes and pseudo elements, as well as the various media selectors.

    And CSS3’s ready for implementation modules (CSS3 was designed modularly for that very purpose of being able to implement ready modules while tossing assides the one not ready for implementation) should be implemented too, as well as full DOM 1-3 and DOM Events support (with more or less full drop of MS’ model when in strict mode)

    >> Give me a specific example of bad rendering, otherwise, your request is invalid.

    Pick any, compare IE6 and any modern browser (FF 1, Opera 8, Safari 1.3/2.0, …)

    One could also consider Eric Meyer’s CSS/Edge demos (, especially the ComplexSpiral ones (, that make use of CSS1 properties wrongly implemented in MSIE

  67. Anonymous says:

    > Full support of CSS2

    I don’t see why everyone is so caught up in CSS2. CSS1 is just fine.

    > ActiveX (dropped or restricted to the host server only, e.g. local)

    ActiveX is too powerful to drop. Perhaps other browsers should ADD activeX support. Everyone is hiding behind the security excuse, when really, they are just too lazy to correctly support activeX like IE does.

    > VBScript (dropped)

    Drop support for an entire language? What reason do you have to back this up? Because Firefox doesnt support it? Aww, cry my a river.


    They already said they are including tabs


    They already said they are including RSS support

    >Zones (dropped, cause lets face it, they don’t work worth !@#$)

    What are you running, IE5? Zones work great, and with the addition of LMZL, users are more secure than ever.


    It’s called Browser Helper Object (BHO), my friend. Use google.

    >Better Rendering

    Give me a specific example of bad rendering, otherwise, your request is invalid.



    Greyhats Security

  68. Anonymous says:

    Greets from Germany! It is really good to see the amount of work put into IE 7. I am very much looking forward to it’s release! I also notice that Tony Chor is listed as the KEYNOTE SPEAKER at the HITB conference in KL. It just so happens I will be in Malaysia at that time so I will be sure to catch his presentation!

    Keep up the good work.

    Hans-Zimmer (Terminal-Illness)

  69. Anonymous says:

    > They will half-implement the CSS3 specs as they are right now

    From what they have said in the past on this weblog, that seems unlikely.

    > JScript (dropped), full support of ECMAScript added

    JScript is an implementation of "ECMAScript" (the ECMA-262 standard), and, apart from the memory leaks, is complete as far as I know. More recent developments, such as ECMA-357 (E4X) or DOM improvements might be good, but those are not part of ECMA-262.

    Why would they get rid of JScript? You are essentially asking them to drop their ECMA-262 implementation and… add an ECMA-262 implementation. It makes no sense.

    > Box model fixed.

    They fixed this in 2001 when they released Internet Explorer 6. Your complaint is four years out of date.

    > Tabs

    Internet Explorer 7 will have tabs. See here:

  70. Anonymous says:

    Okay, again, another post, not releasing any of the facts we need to know.

    Tell us, in no uncertain terms, what we will get in IE7 and what we won’t.

    I hope the list is like this:

    1.)Full support of CSS2

    2.)JScript (dropped), full support of ECMAScript added

    3.)ActiveX (dropped or restricted to the host server only, e.g. local)

    4.)VBScript (dropped)

    5.)Box model fixed.

    6.)Support for ECMAScript URL’s of 2048+ char.



    9.)Zones (dropped, cause lets face it, they don’t work worth !@#$)

    10.)ECMAScript links on pages *CAN* be bookmarked by dragging to the Links bar. The fact that you can right click and do this, indicates just how stupid it is, that you can’t drag it. (BUG #0000001 on my list!!!)

    11.)An ECMAScript Console!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


    13.)Better Rendering

    14.)New windows, will **NEVER, EVER, IN A MILLION YEARS AGAIN** open up the previous page!!!!!!! THIS WAS THE WORST DESIGN EVER!!!

    (other posters, please continue, I had to go have a coffee and calm my nerves… using IE drives so many users up the wall with frustration!)

  71. Anonymous says:

    Nice blog! Good to see that Microsoft is open to opinions from the public for once!

    So, #1 change the blog width! yikes! looks horrible with a typical screen size of 16×12 all scrunched up into a tiny column… (hint: don’t restrict the width, this isn’t 1998 anymore)

    The ohter thing I like reading, is that some of our worst gripes with IE are being put in writing (now that they will be heard!)

    So, from the list so far:

    #1) This would be great, but I don’t have enough faith in MS for this one.

    #2,3,4) Totally obvious that these should be dealt with.

    #6) YES! tired of hosting all the bookmarks!

    #9) No one uses these (even if they should), get rid of them.

    #11) OF COURSE! every Web designer hates the current dialog – too small – not all info

    #14 ) Yup. Real anoy when try to get away from popup city site.

    #15, 27) yes, yes


    #30) ya

    #31 & 32) yup

    Now this was about security. I hope that this is fixed in IE.7 yes?

    Tired of weekly spywares alerts and updates.


  72. Anonymous says:

    IE is a piece of doo doo. There! I ADMITED IT THERE YOU HAPPY NOW????

Skip to main content