Better Website Identification and Extended Validation Certificates in IE7 and Other Browsers

Today I want to tell you about both our established plan to highlight secure sites in IE7 but also to tell you about some early thinking in the industry about creating stronger standards for identity on the internet.

IE7 will join other browsers like Firefox, Opera and Konqueror in making the experience for secure (HTTPS) sites more visible by moving the lock icon into the address bar. We think the address bar is also important for users to see in pop-up windows. A missing address bar creates a chance for a fraudster to forge an address of their own. To help thwart that, IE7 will show the address bar on all internet windows to help users see where they are. IE7 will also help users avoid fraudulent sites if users choose to use the Phishing Filter to check a site for known phishing activity.

Today the lock icon in your browser window fundamentally means that your traffic with the website is encrypted, and that a trusted third party, known as a Certification Authority, has identified the website. Certification Authorities offer certificates with broadly different levels of background checking for the website. Unfortunately, there is no industry standard method for anyone to tell what level of background checking was performed for a given site.

On Wednesday, we met with folks from other browser vendors including Mozilla (which is the basis of Firefox), Opera and Konqueror to discuss this situation (other browser vendors were invited but weren’t able to attend). George Staikos from Konqueror was good enough to host all of us in Toronto. Along with picking up the tab for lunch, George brewed coffee strong enough to bring weary travelers from Oslo and Redmond into the same time zone. Microsoft and others in the group think our users should have a better experience when they visit a website that passed a more rigorous identification process.

As a counter-example to how we might handle highly-identified sites, I presented the IE7 Anti-Phishing User Experience for known phishing and suspected phishing sites. The Phishing Filter shows warnings to users when it detects a site that might be trying to misrepresent its identity.

When the Phishing Filter is in use, IE will fill the address bar with red for known phishing sites (Fig 1) and with yellow for suspected phishing sites (Fig 2). In both cases, the address bar will include text that explains that the user should effectively either “stop” or proceed with “caution”. In IE7, most normal sites including those with “the lock” today will not have a color-filled address bar.

Fig 1, IE7 address bar for a known phishing website detected by the Phishing Filter 

Known Phishing Website


Fig 2, IE7 address bar for a suspected phishing website detected by the Phishing Filter

Suspected Phishing Website

If the browsers and the Certification Authority industry can generate better guidelines to identify web sites, we want to take the experience in the address bar a step further to help create a positive experience for rigorously identified HTTPS sites. We have implemented a green-filled address bar in IE7 for sites that meet future guidelines for better identity validation. Along with the green fill, our current design for the address bar includes the name of the business (Fig 3.1) alternating with the name of the third party Certification Authority who identified the business (Fig 3.2). We think this alternating presentation of business name with Certification Authority name is the right balance of user notification and simplicity. 

Fig 3.1, IE7 address bar for a site with a high-assurance SSL certificate
(showing the identity of the site from the SSL certificate)

Identity of Site from SSL Certificate


Fig 3.2, IE7 address bar for a site with a high-assurance SSL certificate
(alternating in the name of the Certification Authority who identified the site)

Showing Name from Certification Authority

I know that Frank and Gerv from Mozilla, George from Konqueror and Yngve and Carsten from Opera have their own thoughts for an improved certificate standard and how they would handle that in the user experience.

I wish we could promise you that you will see this experience in IE7 and its equivalent in other browsers but there are a lot of details to work out before browsers can differentiate SSL sites based on how well vetted they are. For this to work, Microsoft, Mozilla, Opera and Konqueror, amongst others, think there should be some common validation guidelines for rigorous website identification. There is a lot of preliminary agreement but also a lot of work to do. The American Bar Association Information Security Committee is providing a forum to pursue this. You can check back with us and other browsers to see how the process moves along.

 – Rob Franco (with lots of help from Kelvin Yiu and Tom Albertson who work on PKI for Windows)

November 23 Update: You can read more about our meeting in posts from other browser developers who attended:

Comments (185)

  1. Anonymous says:

    You might wanna link your images diffrently 😉

  2. ieblog says:

    Yep. I noticed that too once it went live. I fixed the URLs. There was a conversion error between local and remote locations.


    – Al Billings [MSFT]

  3. Anonymous says:

    what’s user xp for people who are color blind?

  4. ieblog says:

    Each state is accompanied by both text and appropriate icons. The state can be read without a need to see the color.

    – Al Billings [MSFT] (who is mildly colorblind)

  5. Anonymous says:

    In addition to the icons and text, it’s probably worth reiterating that, in the event that IE knows something is bad (e.g. Certificate Error or Known-Phishing site) navigation is interrupted by a blocking error page. Hence, such errors are unlikely to be overlooked, even by the color blind.

  6. Anonymous says:

    This sounds like a great idea, but I do worry about the colours you have chosen to use.

    At first glance they seem great as we have come to associate green for go, yellow for caution, red for stop. But we live in a world where we know and regonize not all people can see the differences between colours.

    With stop lights, the top is red, the bottom is green (or right red, left green) yellow in the middle. This ths gives those who can not tell the difference between red and green a way to tell if they are to stop or not.

    Red-Green colour blindness is the most common type. Though I personally like this colour choices you have made, I do worry about my friends and fellow memebrs of the human race who can not tell the difference.

    So, I hope that as you contuine to work on this you will find someway for them to be able to at a glance know. As I am not colour blind I can not for sure know what would be the best way to go, but I would guess that there are ways for you to set up alternatie settings, or do somithing wioth the colours to help them have this wounderful adition usable to them.

    Keep up the great work, I can’t wait til ie7 is ready for the masses

  7. Anonymous says:

    You guys are too fast, provided info of ways to help before I finished my post… Keep up the great work

  8. Anonymous says:

    Please don’t use yellow for suspicious sites as it’s already been used for HTTPS sites on Firefox. What did you get out of that meeting how to confuse cross-browser users the most?

    Additionally, what’s with this alternating thing? You’re not going to constantly alternate while people are browsing are you?? That would make blinking text look like a kitty next to this beast of an annoyance.

  9. Anonymous says:

    I second that about please don’t use yellow for the "suspicious site" color. Firefox did a great thing making the address bar a different color when browsing secure sites, so please don’t go breaking the experience by making it confusing to go between the two browsers.

    I can totally understand the want to make it red, yellow, green for the different states, but either be consistent with what is out there or start a conversation with the Mozilla guys and get them to play along with your new color scheme.

  10. Anonymous says:

    I say make it red, yellow, green! Just because other browsers use non-sensical colors for security doesn’t mean you have to. BE DIFFERENT!

  11. Anonymous says:

    I think I prefer Microsoft’s color scheme, to be honest. It’s a scheme recognized through driving… even in many (if not all) countries. Mozilla wouldn’t exactly have a difficult time adapting their bar to conform either.

    That being said, I can imagine that this is one of their sticking points, lol. I can just imagine the outrage of Mozilla conforming to Microsoft standards, *grin*.

    Regardless of color scheme though, the overall idea of color-coding and providing information in the address bar for this purpose is very cool. Keep up the good work!

  12. Anonymous says:

    Rob & Co, thanks for the thorough post and thorough thinking.

    As an app developer for my company’s intranet, I do try to make web apps as "app-like" as possible, and part of this is the use of nice, clean, uncluttered popups.

    I do appreciate your intentions here (security first), but boy, an address bar in a popup is real distracting from the content. How about letting the developer control the address bar for Trusted Sites or the Intranet Zone? Ditto on the status bar.


    – M

  13. Anonymous says:

    Nice concept, but I am not crazy about colorizing the address bar as it seems to hurt readability of the URL. How about just making the explanatory text on the right side shaded with the colors? Or allow the color effect to be turned off.

  14. Anonymous says:

    Hi all!

    I would suggest that this colour-coding for the address bar be implemented across all Web-browsing plwtforms. The code could be made commonly available for implementation in browsers like Apple Safari for example.

    Also, a good idea would be to shoehorn the code for the phishing-control functionality so the functionality does exist but is available for use in embedded Web browser applications like set-top boxes for example.

    With regards,

    Simon Mackay

  15. Anonymous says:

    I really like this; it conveys a considerable amount of information in a relatively compact and elegant way. Just *please* make sure the alternating text is as subtle as possible. Also, I prefer the red / yellow / green color scheme over Firefox’s FWIW. 🙂

  16. Anonymous says:

    The problem is that people switching from IE to Firefox will think that secure sites are actually potential phishing sites, and people switching from Firefox to IE will think that potential phishing sites are secure sites! Imagine the confusion!

    Other than that major caveat though, the red/yellow/green thing isn’t too bad of an idea…

  17. Anonymous says:

    Please consider changing "phishing" to "dangerous" or something like that. Besides being less confusing for the average user, it will be easier to translate to other languages.

    I agree with those who said that alternating text would be annoying. Just show the subject name; the issuer name will be meaningless for most users anyway.

  18. Anonymous says:

    I second Dylans opinion above. Well said.

  19. Anonymous says:

    To me, the descriptive text is too big. Maybe it’s better to use "popup text" instead?

  20. Anonymous says:

    I like the colour coding method chosen here (although I can see problems when it comes to IE / Firefox users and the yellow status, with one thinking a site is secure, while the other thinking it is a phishing site).

    I just wanted to ask if you’d considered adding the colour status to the individual tabs as well? As I feel that would stand out more so as well.

    Also, what do the two arrows (which look like they are spinning) next to the security message refer too?

  21. Anonymous says:

    What happens when a site hides the address bar, and places an image of a fake green address bar at the top of the page? (as already done by many scam sites).

    Even if a site cannot hide the address bar, having the ‘double’ address bar, with one green and the other white, a casual glance to the top of the page lets the eye see the green bar, ignores the white, and the user would proceed with a false sense of security.

    I know not much can be done about this, but what about colorizing the status bar, toolbars and window frames etc instead of the ‘client’ area? Too much customization of how the address bar can appear, esp if sites can modify it, harms the standardized way of recognizing safe sites. I hope much of this cannot be changed in IE7, even if it hurts customization of the browser.

  22. Anonymous says:

    I agree that:

    a) The colours will cause confusion

    b) The alternating text will cause annoyance


    a) Don’t have a "suspected" state, as it’s only determined by a program which is prone to making mistakes. This way you don’t have to worry about the colour yellow either.

    b) Don’t display the name of the company in the url bar. Or leave it there but make it a tooltip, so when you move the mouse over "Identified by Contoso Root", the name of the company displays in a tooltip.

    What do you reckon?

  23. Anonymous says:

    <<Also, what do the two arrows (which look like they are spinning) next to the security message refer too? >>

    Chris, this is the icon for the refresh button.

    <<What happens when a site hides the address bar, and places an image of a fake green address bar at the top of the page?>>

    Shane, this is not possible, as noted in the post.

  24. Anonymous says:

    <<Even if a site cannot hide the address bar, having the ‘double’ address bar, with one green and the other white>>

    Actually, any site pulling such tricks to phish would rather quickly be blocked by the Phishing filter, so the user won’t ever get to this state to begin with.

    <<The problem is that people switching from IE to Firefox will think that secure sites are actually potential phishing sites>>

    It’s probably worth mentioning that the lock will not be visible on a suspected phishing site, so the likelihood of user confusion is relatively lower.

    That being said, I think we agree that it would be ideal if colors were standardized across browsers.

  25. Anonymous says:

    The IE6 SP2 warning strip is often not noticed. I participated in a test in which not one experienced user or developer of our applications noticed the thing. Address bar color is really more of the same.

    I agree with a previous remark that doing what you propose to do (force the address bar in application popups) in the context of secure application environments seems senseless and will be a distraction for the user.

    Check the repeated misspellings in the screenshots you posted. Can we have any confidence whatsoever that your attention to detail is any better when it comes to programming security?

    Brett Merkey

  26. Anonymous says:

    I prefer the IE7 colours for the address bar. It makes sense, more sense than the Firefox colours if you think about it.

    >>What happens when a site hides the address bar, and places an image of a fake green address bar at the top of the page?

    >>Shane, this is not possible, as noted in the post.

    This worries me a bit though. Firefox puts the domain in the title of the window (before the window title) when there is no address bar. While this pushes the title of the window off the edge in a lot of cases, it’s still a less intrusive solution. That way the user can see the domain is the same, but doesn’t change the size/style of the popup. For a lot of popups on the sites I manage, we hide the address bar on purpose to a) keep the window style clean, and b) to hide the URL so people don’t try to mess with the site (because they do).

    If you put the domain in the title, you could still easily throw up a "Warning, suspected phishing site!" page before loading the window’s document.

    Can you tell us the reason you chose this method instead of the titlebar method?

  27. Anonymous says:

    I like the color coding system…I think in a previous post a full page warning is issued for suspected phishing websites?

    I like the fact that folks from the four major browsers got together and discussed the issue.

    AC brings up a good point with Firefox’s HTTPS and the yellow address bar but honestly I have to admit I am going to side with Microsoft on this one. Green is associated with go (whereas yellow is associated with HURRY UP GO FASTER BEFORE IT TURNS RED….well in some cities anyway).

    How about having the warning in orange then? A little less friendly, not exactly red but not yellow like Firefox’s secure site color? Either way I’d like to see some constructive conversation between Moz/MS fans and visitors as in the end it effects us all (whether we’re using or fixing someone’s computers for example).

    "How about letting the developer control the address bar for Trusted Sites or the Intranet Zone? Ditto on the status bar." Matt Sherman

    I second that notion; if you’re on an Intranet or listed on a trusted site then (and only then) should a site be able to hide the address bar. If for example a popup does cross a high standard boundary a warning page can be in it’s place regardless (leaving HTTPS perhaps).

    While reading the issue of Firefox/IE colored address bar I came up with an idea…shared preferences? Why not to address this issue have a meeting between Moz/MS about having some setting to have the colors coordinated between the two browsers?

    I have to drop the hammer down on something that has consistently been inconsistent! The toolbars frankly suck! For the sanity of, "where the heck did my favorites go?", here are some of my mad paint skills to help you guys out with the …err..needy GUI.

  28. I think the cross-browser color difference is overblown.

    I don’t see a good use for the color green, though.

    I can buy the red… and even the yellow. But HTML injection vulnerabilities are just too common to have a "green" state, IMHO.

  29. Anonymous says:

    I also add my disagreement with the use of yellow for suspected sites.

    Even if the color yellow in general conveys a sense of warning, I believe it’s too late to use it. The Firefox issue is not a small one, but in addition, the color of the HTTPS lock on IE 6 is already yellow as well.

    The IE team should have the protection of end users in its heart no matter which browser is being used, and sending mixed signals between different browsers would not be conducive to this.

    Overall, though, this is a great feature, and I’m glad we’ll be seeing it soon.

  30. Anonymous says:

    Quite a few posters have commented about possible confusion between the gold address bar for HTTPS in Firefox and the suspicious state for the IE7 Phishing Filter. I agree that’s a possible issue and we’ll continue to discuss with other browser vendors.

    Folks should bear in mind that most sites will probably not have color-filled address bars in IE7 as described. Today’s ordinary SSL sites will show the lock in the address bar but will not include any color fill.

    I want to make sure folks understand our commitment to the experience for visually-impaired users. The color effects in the address bar are just one way for us to highlight the differences between sites. There will be text and icons in the address bar. Eric makes a great point that in the case of a confirmed phishing site or the case of a certificate error, IE will back up the address bar warnings with an error pages to help the user

    Matt Sherman and John Bilicki both asked about how the persistent address bar will impact trusted sites and intranet sites. By default the persistent address bar won’t show up for pop-ups in the trusted sites and intranet sites zones. The persistent address bar for pop-up windows will follow the window size and position restrictions security setting. If you’re a desktop administrator, you’ll be able to control this setting through group policy. If you’re a web developer for intranet or trusted sites, you’ll be able to enable and disable the address bar the way that you can today.

    As always, thanks for the feedback!

    Rob Franco [MSFT]

  31. Anonymous says:

    I do think that the color thing is good, and I’d agree that it should probably be changed to orange to avoid confusion with Firefox in the near term. The problem I have however is disallowing javascript from removing the address bar in all allowed pop-up windows. I think that displaying the URL in the actual windows topbar for the application is fine. It would be a large waste of space to have the address bar always visible in the popups, and will deter developers from pop-up windows. This will make developers us css popups and the like. These are even more annoying to users as their pop-up blockers can not stop this. It will also hurt web application development, and make even casual application developers have to get HTTPS, not an inexpensive proposition to an ameteur web developer.

    It might be better to have IE control pop-ups in known or suspected phishing sites, but in sites that have no prior security violations, javascript should behave as normal IMHO. How about a little innocent until proven guilty.

  32. Mike_J says:

    These are good thoughts but not practical.

    The reason is too many colours make things worse. When we develop Tablane browser(it is based on IE engine for now), we tested many colours for Tab, such as Read, Unread, Bookmarked, HTTPS site, Tab with comments, etc. We confused ourselves. What colour represents what? In the end, we get the clue, keep the colour scheme simple and use the colour to identify something different, but not expect the user memorizing it quickly/firmly. If expect user to remember it, just one colour for HTTPS is enough.

    Comparing with traffic light seems reasonable, but it is wrong in user interface design. When driving, you must concentrate to the traffic light, it is such built in risk involved. So many years we have been taught: red, yellow and green. But for surfing the net , it’s very relaxing. It is more concentrated on content. Just to signal HTTPS site, is simple and effective.

    The colour usage is even not intuitive. With icon we know 70% what it does. With colours, how can we agree the same colour binds to the same thing?(if in multiple colours environment).

    It is much better for most browsers to use the similar colour by default, and leave some space to let user customize it under some guidance.

  33. Anonymous says:

    <<Check the repeated misspellings in the screenshots you posted>>

    Brett, are you referring to the spelling errors in the Phishing examples? Those are taken from actual Phishing sites that have been found in the wild.

  34. Anonymous says:

    <<make even casual application developers have to get HTTPS, not an inexpensive proposition to an ameteur web developer.>>

    Onezero, I’m not sure I understand this concern. Using HTTPS has no impact on the fact that all popup windows will show the address bar.

    (It’s probably worth mentioning that a "domain control" SSL certificate can be had for ~20$.)

  35. Anonymous says:

    I like how Opera solved pop-ups address problem. I think that’s the best solution.

    Forcing addressbar to be visible could initiate some over-creative "solutions" to that "problem" and we’ll end with inaccesible annoying DHTML hacks.

    And how about orange for IE and yellowish lime for Firefox?

  36. Anonymous says:


    It’s probably worth mentioning that the lock will not be visible on a suspected phishing site, so the likelihood of user confusion is relatively lower.>>

    I’d like to get a clarification on this – the lock is not shown for a site (with a cert, and a working HTTPS connection) that the phishing heuristic flags as suspicious? Will this be a problem for the (somewhat common) sites like Wikis or forums that use self-signed certs?

  37. Anonymous says:

    With Firefox(1.5RC3) the address bar colour can be changed by the theme. The current theme I am using has green as the colour for https.

  38. Anonymous says:

    Folks, Thanks for thinking of us colorblind users. I am red green colorblind and I could not easily distinguish between the Green and Yellow toolbars.

    The real important thing to remember is that colorblindness is not standardized. Each of us see a different palette. I propose that the color displayed be a user adjustable value so that a colorblind user can set it up to best meet his/her needs. After all who would know best what colors to use?

    In addition, the default colors need to be selected with an average color blind person in mind so that customization is not always needed. There are many sites that discuss ways to accomplish this.

    While a standard is great, remember one size does not fit all. Let’s standardize on a set of HOOKS that still allow the user to do customization when needed!!

  39. Anonymous says:

    <<Will this be a problem for the (somewhat common) sites like Wikis or forums that use self-signed certs?>>

    Actually, for a self-signed certificate, this scenario would show up as a red/blocked navigation unless the user explicitly added the site’s certificate to his trusted store.

  40. Anonymous says:

    Stay with Green, Yellow and Red. Those are WORLD standard colors! Firefox isn’t God!

  41. Anonymous says:

    One suggestion I have is to change the text Phishing to Dangerous. This way you don’t have to worry if the user understands the term "Phishing". I know if I saw a red URL field with the word Dangerous, it would sure catch my attention quickly vs. the URL field displaying Phishing.

    When the URL field shows that a site is safe, why not just tell the user exactly that. Right now you have the URL field showing certification information about the site. I personally like how it shows certification information, but the average user isn’t really going to care about that and will probably get confused over it.

  42. Anonymous says:

    Nice ideas.

    I’m wondering really though why firefox is an issue. The GOLD/YELLOW colour is the CURRENT STATE in firefox for SSL Encrypted sites.

    That remains the same with this new scheme, with the addition of the GREEN for properly verified and configured SSL sites.

    So nothing has actually changed here for firefox.

    The new user education task is that you should only trust sensitive / confidential information to GREEN sites. Hopefully banks / paypal / ebay etc. can send out some straightfoward flyers or something to their customers. – Although I doubt it! The people who are targetted most by phishing seem completely oblivious to any technicial measures available to help reduce the problem.


  43. Anonymous says:

    Nice ideas.

    I’m wondering really though why firefox is an issue. The GOLD/YELLOW colour is the CURRENT STATE in firefox for SSL Encrypted sites.

    That remains the same with this new scheme, with the addition of the GREEN for properly verified and configured SSL sites.

    So nothing has actually changed here for firefox.

    The new user education task is that you should only trust sensitive / confidential information to GREEN sites. Hopefully banks / paypal / ebay etc. can send out some straightfoward flyers or something to their customers. – Although I doubt it! The people who are targetted most by phishing seem completely oblivious to any technicial measures available to help reduce the problem.


  44. Anonymous says:

    This is great thinking, but I’m not sold on the conclusions.

    People have brought up the color confusion issues, the color clutter issues, and there is also the question of what happens when you have the address highlighted.

    No one has pointed out, however, that the ill-intentioned of the web always stay a step ahead of stuff. If their address winds up on a blacklist somewhere, they’ll hop to a new one. Users accustomed to relying on the color coding will think they’re safe when they reach a site that hasn’t yet been blacklisted.

    I think the better idea is to keep the color coding, but only one color (red? orange?)… Use it both where you now propose to use red and where you now propose to use yellow. This would then apply freely to all browsers without regard for what yellow might mean in one versus another. Users would need to be trained to recognize that this new color (red/orange) means the site in question has triggered sensors and is suspect. Users should be advised to not put all their faith in the color coding; the warning is simply a guess based on a low threshold of probability. Throw in a "percent suspect" so people can judge for themselves.

    This same logic should be applied to any links that point to suspect urls. Set the default threshold to 50% or something, let the user adjust in their options/preferences for higher or lower sensitivity. When triggered, you get a warning after clicking the link and you can cancel or proceed. Same goes for meta-refresh.

    Finally, do not force the address bar to appear on windows EXCEPT when the user is on a site that has exceeded the same threshold set above OR when the popup is from a domain that is different from the parent window.

    As for the issue people are fearing with DHTML: allow users to right-click on and close any div layer having a z-index (or having had it’s display updated from none to not none). When the mouse hovers over any such div, it should receive an outline as feedback to the user that this is a user-closeable element. This would only create an issue for developers who check the div-state to make assumptions about some variable or behavior on the page. Easy to workaround.

  45. Anonymous says:

    Thank you for the heads up on developments in Anti-Phishing. As a web application developer I feel that the work done recently, and the openness about it, has been nothing but very positive.

    While I think the colouring of the address bar is a great idea, I believe it needs to be implemented consistently across all browsers, otherwise it will cause more confusion than benefit. Which is why the discussion you’ve just talked about is so important, and such a good sign that it has occurred.

  46. Anonymous says:

    I like the color schemes. However, how about for green, to make the color gradient. From the left of the URL bar a more solid green fading to a lighter shade at the far right of the bar. In this way those who are color blind could see a secure site without having to read the secure site caption. At the same time, those who can see color would not be annoyed by a solid green color extending all the way across the bar.


  47. Anonymous says:

    I think that the colorscheme doesn’t matter. The idea behind this is absolute good. I like the fact that MS is thinking about ideas to make the internet a safer place, especially since criminals are more and more interested in making money by cheating unsuspicious (and sometimes ignorent) users. Good idea!

  48. Anonymous says:

    While disallowing web sites from hiding the address bar using javascript (with the exception of pop-ups) is a good idea, the user should have the flexibility to resize, move or even hide the address bar (independet of the tab bar). This was a major improvement over other browsers in IE6 and earlier.

    I am suggesting this because I have developed an alternative address bar for IE6. But think also of the following usage scenarios that rely on hiding the address bar:

    * saving real estate (for example in pop-up windows)

    * restricting usage (disallow users to enter URLs)

    * user is not interested in the address (think of kiosk mode when no keyboard is available)

    * using a 3rd-party toolbar for navigation

    (like the Google or Quero Toolbar)


  49. Anonymous says:

    Firefox is already using yellow for secure sites – and it works really well. I look for this yellow rather than looking for the padlock icon. That said – I wouldn’t mind if it becomes green across all browsers and these colours were to be standardised. Showing the company name, now we have more screen real estate to show it in, also makes sense.

    Another nice feature is a warning if you use an URL with embedded username and password and the site on the other end does not require authentication – this being a common trick with phishers, but presumably one they can fix once detection becomes common place.

  50. Anonymous says:

    Colours are great idea, stay with red, yellow, green. The firefox lovers will always complain, tell you to look like firefox and if you do say your just copying them. I use firefox and IE, (though I have a feeling with IE7 will go almost fully to IE7 when it goes gold)

    The first time I saw yellow in the address bar in firfox, I thought firefox was trying to warn me. Yellow=caution/warn I oon realized it was not supose to be a warning but reasurance, but even today when I go somewhere and it goes yellow, I have slight reaction of "wait, is this securue" before my knodge of fixox sinks in and I know fixfox messed up with its colour choice to represent secure.

  51. Anonymous says:

    Hi guys

    I know you’re probably getting sick and tired of the articles that I seem to keep coming up with, but I’d still like to throw this one your ways – plus it’s kinda relevant here (it’s an article on security anyways): It’s pretty much about what the link suggests, saying that people aren’t taking the security issues on the net seriously enough thinking: "that the threat is less than it is and the protection they have is better than it is". Now an article like this is always worrisome, but honestly it doesn’t surprise me.

    So anyways, my point is: security, security, security – since people aparently aren’t willing to pay for decent security software, then I’d say that is now doubly important to make your browser as safe as it can be.

    Thanks. Now of to find more articles, lol.

  52. Anonymous says:

    My suggestions:

    1 – Let users choose their own colors for each status, including an option for no color. Also, as you currently do when visiting a secure site, popup a dialog describing the status change, with an option to change color scheme, as well as an option to not show the dialog again.

    2 – Don’t rotate text for SSL identification. Personally, I say just show the icon, and let everything else be in a tooltip or dropdown. Otherwise just show the CA, and company name and cert details are in tooltip/dropdown.

    3 – Allow the user to control what sites can show/hide the address bar, menu, status bar, etc. You already have the zones (Internet, Intranet, Trusted, etc.). There are valid applications where it is best that this info not be available to the user, and in most of these cases this is for the benefit of the user themselves.

  53. Anonymous says:

    First of all Thank You Microsoft for all your efforts to fight cyber crime.

    It’s all about configurability!

    Most of the issues addressed here could be solved by giving the user customizable options.

    Allow the user to select their colors of choice, with red, yellow, and green as the default. Maybe add blue for intranet sites.

    I like Brian’s idea about not coloring the entire URL, but just the explanatory text.

    No blinky blinky. Make it a hover or tooltip.

    Allow the user to turn off the feature entirely.

    I don’t like popups that hide the location. I normally bypass this by typing CTRL + N. Why not go ahead and HIDE the URL, but have a cute little button that the user clicks to HIDE/SHOW the URL?

    Allow the user to bypass the blocking error page – just in case they have a valid reason for visiting that page (like if the Phishing software is wrong about a particular site).

    Calzones pointed out that the phishers hop domain names frequently. Can you create a color or symbol for a domain that is less than six months old? Will you be doing screening based solely on domain names or also on IPs or some other criteria. Are you going to disable active content on the red and yellow sites? And I like Calzones other ideas about percents and threshholds and applying them to links.

    And it seems everyone is forgetting that restricting free usage of the client (resizing windows – viewing address bars – typing in URLs) goes against the original spirit of the internet. It’s an open platform to share information. It’s like having someone micromanage your visit to the public library. Popups without address bars are like reading books without being allowed to see the title and credits.

  54. Anonymous says:

    I agree in part with Calzones. The yellow bar is confusing, and red should be used. I also like Melissa’s idea about being able to show a hidden URL bar. Maybe use a collapsible bar, so that "hidden" really means "collapsed".

    Perhaps the following can be used:

    * Known phishing/unsafe site: Red URL bar + confirmation page before allowing site access. URL bar may not be hidden/collapsed from code.

    * Possible phishing/unsafe site: Red URL bar only. URL bar may not be hidden/collapsed from code.

    * Confirmed "good" site: Green URL bar. URL bar may be hidden/collapsed from code.

  55. Anonymous says:

    Although the colours are a great improvement over nothing at all, there are better ideas. You should look at the Petname and Trustbar ideas for inspiration if the goal is to address phishing.

    Also, be aware that we are moving to direct attacks on certificate authorities, the scene is now set for phishers to use real certs, which will give rise to a new category: valid cert but reported as phishing site.

    Further, any statement made by the browser based on the cert lacks foundation unless the statement says which CA made the cert. Without the CA being presented on the chrome somehow, the browser is subject to substitute-CA attack, and all the validation ideas will fall to that if it is worthwhile enough. Users don’t buy house insurance from Joe’s Diner, so why would they accept a cert (or a statement) from some random CA that operates two continents away?

  56. Anonymous says:

    Please make sure that all these color coded address bars include sufficient accessibility for the color blind, the blind and the visually impaired. Make sure that, along with colors, text shows the bar’s status. It seemed this would be the case for red and yellow, but saw no such indication for green. Please don’t forget about us!

  57. Anonymous says:

    How about changing the color scheme to follow the U.S. Homeland Security Advisory system of Red, Orange, Yellow, Blue and Green?

    Red – Severe risk of phishing attack

    Orange – High risk of phishing attack

    Yellow – Elevated risk of phishing attack

    Blue – Guarded risk of phishing attack

    Green – Low risk of phishing attack

    This includes the term "severe" and the color "orange" from prior suggestions. Oh and for those in the U. S. of A. I want YOU to have a happy and safe Thanksgiving?? (-:

  58. Anonymous says:

    I suggest you use an actual bright red, rather than the pastel pink in the exmple. Pink is soothing and calming and reassuring, not at all indicative of the lever of concern you wish to provoke in users when visiting a phishing site.

  59. Anonymous says:

    <<Another nice feature is a warning if you use an URL with embedded username and password >>

    Internet Explorer has prohibited this syntax for HTTP(S) URLs for over a year. IE7 continues to prohibit this syntax, and such URLs will not navigate.

    Melissa– The user may opt to ignore the phishing blocking page and navigate anyway. A persistent red warning will remain in the address bar while on the alleged phishing site.

    Iang– Petname is a really interesting idea, but I’m not convinced that this is the simplest route to take for most end users. IE7 does expose new APIs which should make it much easier to write a Petname plugin for IE.

    Note that reported phishing sites are blocked, even if they bear a certificate. Furthermore, because we are turning revocation checks on by default in Vista, a phisher’s certificate will likely be revoked shortly after the site is flagged as a phisher.

    As you noted, it’s important that we show the name of the CA who identified the site, and hence we do so in the top-level IE chrome.

  60. Anonymous says:

    Great Idea of using color in address bar.

    Since some have clor blindness, we can also

    consider the idea of putting ‘tick’ mark,

    ‘cross’ mark and ‘question/exclamation’

    mark in the address bar.

  61. Anonymous says:

    I’m sorry to post this here. But I can’t think of any other ways to find out the answer. It might be out of the topic but please.. Help me if possible.

    IE used to be able to surf RTSP links. However, IE now is unable to surf RTSP links. Why? And is there other way to surf RTSP links? It is because, we need to do this RTSP thing however, we realise that it is impossible now. Thus causing us to have diffculties in continuing our research.


  62. Anonymous says:

    @IE Team

    If you haven’t done this already, can you please make sure that it isn’t possible to make a window "fixed?!". I want to be able to maximize _all_ windows, even popups.

    Also please remove the option to be disable right click. There are lots of ways to get around this.

    Do not allow webmasters to hide the address bar in popups. I hate it when I don’t know where I’m surfing.

    Whenever someone comes with a new hack to get around this, then please try to update it via windows updates when you know about it and have tried it on all language versions.

  63. Anonymous says:

    Well, as a long time Mozilla and Firefox user (in fact I don’t run Windows at all) I say: that IE7 colour scheme is a great idea. I hope that other browsers will use it too. To me this makes a lot of sense and would add real value to user experience. Maybe using yellow for https-connections in Firefox/Mozilla was not a very bright idea – green might have been much better. But changing that shouldn’t be a major problem – neither for the developers nor the users.

  64. Anonymous says:

    TrustBar is a FireFox extension that already (and for a while already) implements several of these ideas, and others. In particular, it supports both `petnaming` of a site, i.e. to assign a name (or, with TrustBar, a logo) to a site, and also display `Identified by` and the logo (or name) of the organization and of the CA, like IE 7. You can install it via”>

    TrustBar is the result of secure usability study by Ahmad Jbara and myself, and has some other mechanisms, including random `exercise training attacks` to help users stay trained to watch for the name/logo of the site. (I must admit that this mechanism is now set for too frequent `exercise attacks`, we will improve this in our next release very soon, but you can also reduce or eliminate this using the user interface of course).

    We are very happy to see some of this research adopted by browsers. We have some more ideas we are investigating, and would love to cooperate with any browser developers to help improve security indicators. TrustBar is an `open source`, public domain project.

    BTW, I also had a student working on an IE version of TrustBar, but it didn’t work well. He used IE 6 and couldn’t get the certificate for the page.

    Best, Amir Herzberg

    Assoc. Prof., Dept. of Computer Science, Bar Ilan University

  65. Anonymous says:

    Don’t break existing functionality in the name of "security": If a popup requests that any chrome is not required, honour that request just like the web has for the last decade. This means that intranet and certified valid sites display just as they always have.


    If the address is denoted as invalid, then override the behaviour. After all, a big fat address bar on the screen littered with "This site is not what it says it is" type messages, etc., is perfectly reasonable and can hardly be missed by the user.

    As to the colours: A site is either valid or it isn’t. Don’t confuse the issue by having a "possible" option. Yellow works fine for me on FF as it clearly isn’t white. Having yellow as a "we’re not sure" will just annoy and confuse.

  66. Anonymous says:

    From Frank Hecker (see link above):

    <<Microsoft’s proposal provides more visibility for the CA issuing an extended validation certificate than is present in most current browsers (which to display the CA name typically require an extra user action like clicking on the lock icon or moving the cursor over it). Besides making users more aware of the role of CAs, this provides CAs with an opportunity to do the sort of brand-building mentioned in my previous post, and to that extent offers an incentive for CAs to participate in the market for extended validation certificates.>>

    Some comments state, that a tooltip should be used, instead of rotating the CA’s name in periodically. I think, that Franks words really have merit. If we want to make the web secure, it takes efforts, and compromises from all: the industry, the browser vendors and the users. So I will gladly accept some rotating info in my address bar, if that gives the CA industry the incentive to adopt the stronger rules. In the long run, I think this will pay off.

    So to Microsoft I say:

    You are on the right way, and a little more farsighted than some of the people who have commented here. My congatulations!



    If you find spelling mistakes, you can keep them. They are there for free!

  67. Anonymous says:

    Eric, yes, I had missed the CA name being rotated, thanks for the polite correction!

    Your comment on "the simplest route for users:" Any security system that doesn’t involve humans is generally considered weak against a motivated attacker. This is as true in software security as it is in building alarms and military defence.

    Unfortunately, there is a common misconception that browser users will do nothing to protect themselves. This dates back to the beginning of the browser security model days when users almost universally ignored all the security warnings, and anything on the chrome that spoke of security. The resultant "wisdom" was that our users have to be given a security system that does so without their participation because they won’t participate in their own security.

    But the users were right and the security community was wrong. In those days there was no threat and the users knew it. So the users did the economic thing – they simply ignored the security system because it was not providing any security.

    Now things have changed, we’ve had mainstream phishing for about 3 years now, and the browser community is having to respond (better late than never). The users are already well ahead and are learning how to deal with it, including not to use browsers for banking (so the surveys would have it).

    Again, the users are right, and the security community has to re-learn. Users will participate in securing themselves – when there is a good reason like phishing. The petname idea is small, easy to implement, and gives tremendous bang for buck, more more bang than the shared phishing reporting idea that Microsoft and Comodo have implemented. It’s really easy to explain to your grandma by showing her how it works, it is no more complicated than anything else to do with entering URLs in the browser.

    Check out Trustbar and Petname toolbar – they both implement the idea. Petname toolbar is simplistic – it just does the petnames idea. Trustbar is more complex and shows good ideas on how to integrate with other things like the shared repository of phishing info.

  68. Anonymous says:

    Will IE 7 still use the Revocation information provider API for automated OCSP checks on websites ssl certificates ?


    How will the results be displayed by IE 7 ?

  69. Anonymous says:

    Everything to avoid scammers is good, but think about all the sites that use popups without navigation bar because they are just a helper window or the like, putting an address bar and cutting part of the content as happened with the status bar isn’t nice.

    You can put the url in the status bar (and block changes of status bar in popups), in the title bar like Firefox does, and even provide an easy way like Opera does to bring back the navigation bar, remember that in some situations the navigation bar isn’t useful and just showing that info in another place wouldn’t be bad.

    Or if you force the navigation bar to appear then resize the window properly so the content has the same height as it would have had without the navigation bar. Please!!!

  70. Anonymous says:

    Well guys… I can see here Microsoft fans only… With some sugar and honey on their mouths… "Oh, lovely colors, Microsoft! Love them!".

    The only good thing about this is that Microsoft was staying on one table with Konqueror, Opera, Mozilla. For the first time we don’t see things like "We are the only one!". Because you’re not.

    And if this comment will stay here /I suppose someone will delete it/, please guys! Begin to produce more normal products like browsers and operating systems. Please!

    I hope someone will read it!

    Have a nice day! And a lots of luck, using IE and Windows 🙂

  71. Xepol says:

    No question, if I was to use the phishing filter, that would be effective and look good.

  72. Anonymous says:

    To Victor. Well, I use IE, antivirus and firewall, no realtime antispyware and for about 2 years I got 0 infections, so why should I change?! 😉

    By the way, it would be nice, if it would be possibility to turn off the coloring of the whole link (that is good for newbies). The coloring of the square behind the link is noticable enough. As I have heard, then in IE 7 beta 2, the Favorites menu will be put above tabs, such a pity, it would be great, if its position would be changeable.

  73. Anonymous says:

    To all those who design the Internet Explorer 7 Browser… Although I am not one who can use the browser (it really is a pity, I like actually testing stuff and then bashing bad things about it >:) I applaud your determination to try to bring IE up to snuff… However, you cannot say that IE is really secure until you offer people the ability to have the OS run standalone from the MSHTML/IE engine… Also, ActiveX should not be permitted to run directly onto the system unless it has a special cryptographic code attached to it in several forms in order to maintain genuine code from ONLY Microsoft Corporation (I know that the system’s update function requires ActiveX controls)… Give some thought to changing the rules of ActiveX… Also I want to congratulate Microsoft for actually attempting to satisfy the customers’ requests for stability, security, and overall clean, streamlined, and backward-compatible OSes… Maybe Microsoft will now restart their IE for UNIX? (Goes to catch some flying pigs)

  74. Anonymous says:

    I forgot where I saw this idea first.

    The idea was to make popups have a different style of address bar. Make an alternate, slim, read-only address bar that looks perhaps more like the status bar than like a text box.

    That way you can still see the URL but it’s unobtrusive

  75. Anonymous says:

    Angela– The RTSP protocol isn’t provided by IE, but rather by a plugin to IE. Perhaps RealPlayer or QuickTime was removed from your system?

    Amir– The new API we’ve added in IE7 will make it much easier to get the certificate for the page. Of course, as noted above, any mechanism which displays logo/O information out of current certificates is potentially problematic (if the information in certificate hasn’t been strongly validated by the issuer).


    <<Any security system that doesn’t involve humans is generally considered weak against a motivated attacker>>

    True. Of course, there’s always a balance; much of security literature notes that humans are very often the weakest link.

    <<The petname idea is small, easy to implement, and gives tremendous bang for buck>>

    I’m in agreement that it’s a clever and potentially powerful tool; I’m not sure I agree that it’s more valuable than the Antiphishing service.

    I spent some time talking to Tyler Close about his implementation at Blackhat this year. I’m optimistic that the new API we’ve added that allows plugins to grab the page’s certificate will quickly lead to an IE plugin for petnames.

    Huygens– Revoked certificates will result in a blocked navigation and a full-page error notification.

    Alfonso– I believe that the window size calculations are updated to prevent inadvertent truncation of popup content.

    Victor– No one’s going to delete your comment, although if you could elaborate on what you mean when you say "normal products" it might be more meaningful.

    LinWinOverlord– All versions of IE have the ability to block installation of ActiveX controls. Simply click the option in Tools | Internet Options | Security.

    DanaG– For what it’s worth, I know that Opera does this. We’re taking various measures to make the mandatory minimum addressbar unobtrusive.

  76. Anonymous says:


    Of course that is there, but do you think the average user knows about all the nooks and crannies of the system? Or even just IE? ActiveX controls can still run, but in order to access the computer, they should require special cryptographic keys for access permissions along with Administrator permission… That ensures greatest security… Of course that could be made optional… Also, you should move IE’s info bar to somewhere that is locked in place because as I am browsing in FIREFOX, I saw the IE info bar appear just below the bookmark bar to install "ActiveX controls" from Yahoo!…. Maybe merge info bar with a locked status bar at bottom of screen that turns Dark Blue with white text for info bar…

  77. Anonymous says:

    It amazes me how many people still fall for phishing attempts when I’m doing awareness training.

    It will be good to have something that can combine education with prevention.

  78. Anonymous says:

    Any word on when BETA 2 will be released. I’m not a tester.. but i’ve got several projects on the go which i’d like to test in IE7.

  79. Anonymous says:


    7th december is the date that I have seen for Internet Explorer Beta 2.

    I hope that the IE team can deliver on the so far scheduled month of march 2006. 🙂

  80. Anonymous says:

    Images don’t load, the server just waits doing nothing, so downloading the images eventually fails on timeout.

  81. Anonymous says:

    <<Images don’t load, the server just waits doing nothing, so downloading the images eventually fails on timeout.>>

    Sorry about that. Through a quirk of our current blogging system, images are hosted on a different server which has been having problems since yesterday. We’ve notified the operations team.

    For the moment, you can see an archive of the images here:

  82. Anonymous says:

    Will IE 7 provide any specific support for podcasts, vodcasts, or torrents?

  83. Anonymous says:

    It’s great to see you folks working with other browser vendors. I expect that’ll benefit everybody.

    I’m also really happy that you’ll always be showing the address bar. I’ve long found the ability of websites to disable browser functionality to be an incredibly annoying usability problem – especially when the browser doesn’t let you (eg) right click on the title bar for options to re-enable the nav bar, address bar, and so on. There are legitimate reasons to hide these UI elements by default, but I see no reason the user should not be able to bring them back.

    If the user could right-click in the address toolbar to get a menu giving them the ability to re-enable the other toolbars, that’d be very nice indeed.

  84. Anonymous says:

    <<Will IE 7 provide any specific support for podcasts, vodcasts, or torrents?>>

    IE hasn’t announced any plans to natively operate on torrents, although, of course, existing torrent plugins for IE should continue to work.

    As for *-casting features, you might take a look at our RSS team’s blog:

  85. Anonymous says:

    From what little I have read, it appears that the "colors" and other notification mechanisms proposed and debated here come from a hosted repository of known phishing sites or if a site has a suspicious SSL certificate. Is this the gist of the various proposals?

    If so, does this go far enough or are there a few other techniques that can be used to minimize risk when a site/URL has yet to be "graded/rated" or if the naughty site is not using SSL in guarding form posts?

    And are we putting too much burden on CA’s to manage more than the identity of a web site has not been stolen? Since the identity of the content is much stronger than any URL, does this mean that a CA has to inspect the pages of a site in addition to the owner and location of the site to make sure it isn’t infringing or copying another?

    Some people suggest that navigating to domains that have been up for only a short time (or have no registered DNS name – IP address only) should result in a warning. While this might help a bit, it won’t be long before an evildoer will figure out how to hoard domains and "ferment" them much like one would age a wine.

    Has there been any thought or discussion amongst both the browser world and the http server world on other techniques for identification of sites in the absence of SSL?

    For example, is it time to resurrect PICS and use signed labels to rate sites. One could then use PICSRules to filter them, color them, or iconify them in various ways (with good defaults of course)? The idea being that a site must create a label that describes it (mostly meaningless unless site filtering becomes popular) and then signs the label. The lack of such a label makes a site suspect. A signed label that isn’t signed by a trusted CA gets a big warning. A label that is not properly signed (likely stolen or missing a signature) gets a big error.

    Obviously, there are other ways to do this, but at present, outside of SSL, there is no way for sites to actively support the rating and securing of their content/brand/images other than using SSL properly and hoping you guys treat them nicely.

  86. Anonymous says:

    I’m glad MS is being bold and working from a clean slate when thinking about the colors, rather than being limited by what is already out there. And kudos for working with the other browsers. But the confusion over yellow will be real, and I would propose addressing it by building consensus around red/yellow/green, and then phasing in the rollout as follows:

    If Firefox, Opera, and Konqueror can get green in in the near term (say, for Firefox, in 1.5 or 1.5.1), then IE7 can be released with the new color scheme.

    But let’s say that it will take longer for adoption by the other browsers, or we want to have a delay to "cleanse the palate" of the users, give them time to upgrade, and let them forget that yellow used to be good. IE7 could be released with red and green, but leave the suspicious sites white for the time being. Then, when the time was ripe, a minuscule Windows Update could activate the dormant yellow in IE7.

    Re yellow – it was chosen to match the lock icon, but red/yellow/green is a powerful meme.

    Re rotating the CA – this is good; users initially won’t know Contoso from Callahan’s, but they will become accustomed to seeing a particular name alternating with the name of their bank. But it must be noticeable but not demanding! (of the user’s attention)

    I want to second what Craig said: give the user a way to get the chrome back (and restore resizability and scrolling) in ANY popup.

    Eric: I think the typo Brett was referring to may have been "bellow" for "below" in the screenshots. I initially also thought that came from IE, asking the user to enter info on the suspected phishing site, but I guess not.


    (Posted with Firefox 1.5RC3)

  87. Anonymous says:

    <<Eric: I think the typo Brett was referring to may have been "bellow" for "below" in the screenshots. >>

    Yes; this spelling error is in the original text of the <TITLE> tag from a phishing page that we harvested and archived for demonstrations of the phishing filter. Phishing sites very often have subtle (or major) typographical or spelling errors.

  88. Anonymous says:

    Using the traffic light colors provides an additional bonus, it solves the colorblindness issue. The issue of colorblindness is a real problem. Software developers, especially for something as widely used as IE, should always be mindful of those with disabilities. The traffic light scenario solves this issue in a way that people will already be familiar with. In addition to the colors of a traffic light being standardized, so are the order of the lights (red at top, yellow in the middle, green at the bottom). Hence, if a motorist sees all red, yellow, and green as the same color, it is not an issue since he/she knows if the top bulb is lit it’s red, and so forth.

    This same idea could be implemented in IE. Rather than the icons of red X, yellow !, and a lock (the lock is also confusing since it doesn’t keep with the other Windows security icons of using a green shield with a check), a small traffic light icon could be used. The icon would have the respective light lit up for the appropriate color. Hence, if someone is color blind, he/she need only look at the icon and it will be clear which color is shown.

    Rather than inventing some new system to solve an old problem, I think it’s best to use the solutions that have already been tested for many years.

  89. > In addition to the colors of a traffic light being standardized, so are the order of the lights (red at top, yellow in the middle, green at the bottom)

    Well, except in Chicago, where red is on the left, yellow in the middle, and green on the right.

  90. Anonymous says:

    I could only parse about half the comments, but I reiterate:

    1. Only two colors/states/warning levels. Simplify people! Jeesh.

    2. Yellow is already the standard because Firefox did it first. Sorry people. Release more often and you wouldn’t have to redo stuff. I have similar problems because I can’t release as quick as other ppl.

    3. No need to always show the cert info in the address bar.

    4. People who want to continue to f’ with the address bar etc. and/or "configure" their users’ experience. Go away. Please. Pop-ups should have never been allowed in the first place, yet alone getting rid of the address bar. I read some of these comments and cringed because I knew these were the ppl responsible for some of the cringe-inducing experiences I’ve had on the web.

  91. Anonymous says:

    oh for the love of God shut up about Firefox.

    If you’re using Firefox then what do you care what colors ie uses.I’m not gonna use 2 browsers and i like the colors just fine.And i find it completely insane that ie should change colors because of firefox…which btw has the most unprofesionally designed gui and color scheme of all the browsers.

    Next thing you’re going to want to make it as unstable as firefox…giving it theme support and then having it break with each version.

    Not that firefox actually has a theming engine(a few button changes doesn’t really make a theme).

    Basically stop comparing it with Firefox stop expecting it to change because of Firefox.

    You’re making a browser for Microsoft not Mozilla.So if they go with pink yellow and red color schemes and those colors mean the exact oposite of the colors in IE then so be it.

    Normal users use one browser.Developers don’t care about colors.And that’s about it

  92. Anonymous says:

    firefox 1.5 is officially out. yay ya.

  93. Anonymous says:


    Jeez, you have no idea… Firefox is the FIRST browser in nearly 13 years that has been able to withstand Microsoft’s power of Internet Explorer… It must have been doing something RIGHT in order to dislodge Microsoft’s near monopoly… Normal users, or ones who care for ease of use, want to know if they are in a bad site because they do not want their private data compromised… And for Firefox’s GUI, which is designed for people who want simplicity, is near-perfect for its purpose… Developers may not care about colors, but everyone else will. I know that Mozilla will adopt the Red/Yellow/Green system (they may change Yellow to some other color that is more distinguishable) simply because people will begin to clamor for it, and the software is ruled by people, not a mess of a company ruled by one person. That means that all ideas are considered and usually implemented, not just those of a small group or one person’s interests… NEVER DISREGARD POWER OF THE PEOPLE!!! The reason IE is changing is BECAUSE OF FIREFOX!!! You are very ignorant… Sure, Firefox has quirks, but IE has (hopefully no longer) dangerous problems…. AND THAT IS ABOUT IT!!

    BTW Yahoooooo! Firefox 1.5 is finally out! (Goes and runs yum and FF update)

  94. Anonymous says:


    "2. Yellow is already the standard because Firefox did it first."

    Firefox went against the standard when they decided to move the padlock from the toolbar to the address bar. How is that any different from what you’re complaining about now?

  95. Anonymous says:

    "Yellow is already the standard because Firefox did it first. "

    Why am I reminded of my mother saying, "If Johnny jumped off a bridge, would you do it too?" Just because Firefox did it doesn’t make it a good thing to do. Did you ever think maybe Firefox made a bad decision? Rather than perpetuating the bad decision, maybe we should solve it.

    And just because Firefox does something first doesn’t make it a standard. By that definition, IE is a fully standards compliant browser – after all, many of the incompatibilities in IE exist because IE added the feature before the W3C "standardized" it. Hence, anyone following W3C standards is actually breaking the standards set by IE… doesn’t that sound stupid to you?

    A standard is a mutually agreed upon set of rules to provide some service or accomplish some task. Firefox saying "this is what were doing and everyone else better follow," is not a standard. A standard is yellow = caution/yield. Not yellow = everything is A OK! Hence, Firefox broke the standard. So if you want to yell at anyone, go yell at the Firefox team.

  96. Anonymous says:

    FF was relatively small compared to mozilla and it worked on several platforms, while IE was locked to Windows (except older versions of IE which exists on Mac).

    If you want simple, then it will always be links and lynx for me. You can’t get more simple then just text.

    I like the colors, will be annoying at first like the yellow in FF. We will adapt.

  97. Anonymous says:

    I rather like this UI. But I was a bit put off by the idea of using yellow to indicate a suspicious site. Yellow simply does not say "suspicious" to me. In fact, I tend to associate yellow with "the gold standard", implying something you can rely on.

    But I notice, from some of the other comments, that yellow does suggest a warning to some people. Am I right in thinking that road signs warning of danger are yellow in the US, perhaps explaining this association?

    However, here in the UK, yellow has no such association. Not for me anyway. In traffic lights I see yellow as meaning "prepare to stop" or "get ready to go".

    So I’m not keen on the use of yellow to mean a suspicious site.

    I’m also aware that some parts of the world rate red as a lucky colour. Whereas in my culture, red signifies danger.

    Are we potentially muddying the waters by using these colours? Perhaps they work ok for an American user. But the further removed from US culture the user is, the less appropriate these colours become.

    Web browsers are used the whole world over.

  98. Mike_J says:

    As continuing my previous post regarding to using less colors, it is wrong direction if IE uses multiple colors to distinguish message type as suggested in this blog.

    Let me give the evidence, to see how many people will be affected by the colors.

    Roughly 1 out of 200 women and 1 out of 12 men (particularly over the age 40) simply can’t detect some color distinctions because of the color-blindness. This is from Steve Krug’s book Don’t Make Me Think ,page 83, a very good book for Web design (although our web site hasn’t come up with this great guide, it will be updated soon).

  99. Anonymous says:

    This is a classic thread.

    "I think the bikeshed should be green!"

    "No! It must be cyan!"

    "No way! My bikeshed is orange, so ALL other bikesheds MUST be orange!!"

    "Bikesheds shouldnt be painted! The bike owner will get confused!!!"

    etc etc etc.

    Anyway – regardless of the ‘useful’ comments, keep up the good work, IE team. 🙂

  100. Anonymous says:

    To my eyes, the green "everything is ok" address bar is a rather difficult to read. There is poor contrast between black text and a green background. The attempt to improve this by adding a white glow around the letters makes them look fuzzy to me. It looks particularly bad compared to the other two styles where the letters stand out much better.

  101. Anonymous says:

    Richard, yes, in the US warning signs are yellow. I’ll admit that I had forgotten that only the *shape* of road signs is standard, not necessarily the colors. However, I would still have thought that in the UK yellow indicated "slow down." I mean aren’t all those Gatso cameras required to be painted yellow?

    Looking at some UK sites it seems many warning signs (not necessarily road signs) are still yellow, "caution wet floor," "risk of electric shock," "biohazard," all of those are yellow (and indeed appear to be the exact signs used in the US).

  102. Anonymous says:

    I dont understand what the big complaint about the yellow is all about. Have some of you forgotten that Red-yellow-green system is ALREADY used within Windows XPSP2. The Security Center uses green for on/up to date….yellow for not sure/not monitored and red for off/critcal issue. I dont see any complaints about that. This is a similar type extension and is logical concept.

    I think either most people wont care about the color, or Firefox can change the default to green. In fact the theme I am using in Firefox now, makes it already green. In essence yellow isnt even a "standard" in Firefox. It’s the default that changeable with themes. Sounds more like people wanting to complain.


  103. Anonymous says:

    If this actually goes ahead could you possibly suck the horrid background colours out of web forms please? Just an example of how these good intentions could go wrong in future.

    Leave the address bar background alone, keep the readablity of the text as high as possible, or have a whole new range of users thinking the Google search box is the address bar. Have an icon in there by all means and a tool tip on :hover to explain the details, avoid cluter and needless distractions.

  104. Anonymous says:

    To EricLaw [MSFT] : Well, it’s just that we need to upload our RTSP file onto the server and run it using IE. But we aren’t able to do it..

  105. Anonymous says:

    and still waiting for another version of IE…


    keep up Microsoft!

  106. Anonymous says:

    New Firefox released – and now none of my extensions work! When will Microsoft consider third party developers and stop trying to kill off their extension-writer competition!!!

    What? MS dont write Firefox? So this isnt about MS sucking? I’ll have to go back to the drawing board with my pallette of knee-jerk reactions…

  107. PatriotB says:

    Mike_J — regarding colorblindness, it’s only bad if color’s the only thing used to differentiate. In the screenshots, it shows icons and text which are also displayed within the address bar to differentiate.

  108. Anonymous says:

    Is there some way to downgrade back to Internet Explorer 6? There doesn’t seem to be much assistance anywhere on the Microsoft site nor on the internet on how to do this. The current release of IE7 Beta doesn’t work with the visio viewer.

  109. Anonymous says:


    Go to add/remove programs then select the checkbox at the top of the add/remove programs window which says "Show Updates". Then scroll down to Windows Software Updates and look for IE7.

    When you remove IE7, IE6 will take its place automatically.

  110. Anonymous says:

    As a corporate security architect I would like to pose another problem for the browser community to address. We have deployed one of the many enterprise web single sign-on solutions available in the marketplace. Our product, as well as most of its competitor products, use encrypted cookies to maintain user state (primarily authentication). The cookies are encrypted, and have limited lifetime, and can be attached to a sender IP address.

    Problem with this model is IP addresses are now proxied in many situations and have no real connection back to the end client. To make these solutions work in large international environments means we must trust that the encrypted cookie is actually coming from the client browser to which it was originally issued. An intercepted cookie can be replayed to impersonate the original user for the remaining lifetime of the cookie.

    It would seem the only way to secure these cookies is to have some smarts on the client side so cryptography can be used to ensure the cookie can only be used by the client browser to which it was originally issued.

    Yes, we can do that with browser plug-ins, but in our environment we interact with many clients outside of our control. What are the chances this group of browser developers (meaning the group that met in Canada a while back) could address this issue. I think in a nutshell we are talking about industry standard, product agnostic secure session management.

  111. Anonymous says:

    <<It would seem the only way to secure these cookies is to have some smarts on the client side so cryptography can be used to ensure the cookie can only be used by the client browser to which it was originally issued.>>

    You can’t solve this problem without providing message-integrity.

    SSL with Client Certificates is the right architecture for this scenario. SSL+Kerberos would be effective as well.

    (Why would a bad guy bother replaying the encrypted cookie if he can just rewrite the client and server HTTP traffic?)

    For what it’s worth, you can slightly reduce the risk of the non-SSL architecture by using the HTTPOnly attribute on cookies; this reduces the risk of cross-site scripting attacks.

  112. Anonymous says:

    this ideas sound very interesting! :->

  113. Anonymous says:

    <<It would seem the only way to secure these cookies is to have some smarts on the client side so cryptography can be used to ensure the cookie can only be used by the client browser to which it was originally issued.>>

    <You can’t solve this problem without providing message-integrity.>

    Not sure I understand/agree. We are talking about an authentication token as represented by an encrypted cookie. This token allows me access to web resources that may or may not be sensitive. I am not typically talking about a transaction that requires integrity, although frequently confidentiality.

    <SSL with Client Certificates is the right architecture for this scenario. SSL+Kerberos would be effective as well.>

    SSL tends to be expensive (CPU) and is not suitable to all our web sites. Client certificates are not scalable or manageable when you must support user communities that include suppliers, customers, retirees. SSL+Kerberos, in my understanding, is not a platform independent, HTTP protocol friendly option for a diverse, multi-company user community.

    <(Why would a bad guy bother replaying the encrypted cookie if he can just rewrite the client and server HTTP traffic?)>

    We are talking about an authentication token. The bad guy assumes the identity of the user identified inside of the cookie. The bad guy cannot alter the cookie, or create his own, but for the lifetime of the hijacked cookie he/she can access any information or act as the legitimate user at any site that is a part of the SSO environment.

    This is a known security problem. I have socialized this with many in industry (including MSFT). General agreement is the problem could only be solved by a new generation of browser (to quote one of my MSFT contacts). I thought that is what this might be all about, so I bring this up.

    For what it’s worth, you can slightly reduce the risk of the non-SSL architecture by using the HTTPOnly attribute on cookies; this reduces the risk of cross-site scripting attacks.

  114. Anonymous says:

    <<I am not typically talking about a transaction that requires integrity, although frequently confidentiality.>>

    Without SSL, how are you providing confidentiality? The bad guy in the middle can read whatever the client reads. Worse still, he can simply change a client’s GET request from http://server/somethinginnocuous.htm to http://server/showmemysecrets.htm, and boom, it’s all over.

    I don’t dispute that the replayability of authorization cookies is a known security problem, but I do not think you can solve the problem without first guaranteeing message integrity and confidentiality. SSL provides both of these, as you noted, with a tradeoff of CPU time.


  115. Anonymous says:

    I agree with this:

    >Red – Severe risk of phishing attack

    >Orange – High risk of phishing attack

    >Yellow – Elevated risk of phishing attack

    >Blue – Guarded risk of phishing attack

    >Green – Low risk of phishing attack

    In addition please make these changes: Teal – phpBB board (maybe generic forum?) being viewed; Bone – Site identified as mature content; Light Blue – Site is from an .edu address; Pink – Site contains JavaScript.

  116. Anonymous says:

    Why stop there?

    > brown – contains advertising

    > white – contains google ads

    > purple – contains feminine content

    > silver – for disabled people

  117. Anonymous says:

    to johnj and Ron, your arguments are assinine.

    Have you ever heard of the slippery slope argument? Because that’s what you’re using. Not a single person with any understanding of logic would use the slippery slope argument – it’s completely invalid. Allow me to illustrate:

    Lets make a law banning murder

    But if we ban murder next we’ll ban attempted murder

    Then we’ll be assault

    Then we’ll ban threats of violence

    Then we’ll ban all speech that could be offensive

    Then we’ll ban thinking about speech that could be offensive

    So clearly, banning murder creates a government in which people are not allowed to think what they want, nor do or say anything. Hence, the only way to have a society that respects freedom is to legalize murder. Don’t you see how stupid that is? Well it’s exactly what you’re saying. You’re saying "don’t use any colors, because if you use some colors, you will use more colors, and if you use more colors, then the system becomes useless!" So let me use your same argument, for now on when we approach a traffic light, just close your eyes and say a prayer, because clearly having red, yellow, and green lights will lead to having blue and purple and orange lights, so it’s just better to not have any traffic lights at all.

    If you don’t like the idea, that’s fine. But at least make a real argument, not something as stupid as that was.

  118. Anonymous says:

    Please don’t complicate things by giving in to all these crazy demands for more / different colours. Also, I would be hesitant about allowing customers to customise the colours; the purpose of colourising the address bar in the first place is to convey information, and so inconsistancy would undermine that. Moreover, after spending some time playing with the Windows OneCare Beta, it has occured to me that the right thing to do would be to be consistent with other Microsoft security technologies. While I haven’t seen the latest Windows defender, the Security Center in XP/SP2 uses a green / yellow / red scheme, and OneCare uses a green / orange / red scheme. I think the scheme you originally outlined works well with these terms. While there may be some people that get confused coming back from Firefox to IE7, I believe that the population of users who will want a consistant message within their system about the state of a machine’s security to be far larger.

  119. Anonymous says:

    The cache blog post is closed, so although it doesn’t belong here, I can’t but post this here.

    When emptying the cache, selecting the option to empty the cache contents which is not in line, too obviously eliminates also the *.ico files that are used to better identify bookmarks.

    Any chance a future IE version would add 1 more checkbox when completely emptying the cache: delete favicons files too? In this way one could perform a full cache clean up and yet still opt to keep the icons – so useful for the bookmarks.

    I feel like favicon files should be differentiated and dealt with separately like cookies already are.

  120. Anonymous says:

    Codemastr, I have no problem with a few colours being used in the address bar, I was merely responding to Johnj’s post because I wasn’t sure if he was joking or serious.

    btw, you need to update that theory, it should be "We have banned…".

  121. Anonymous says:

    <<I am not typically talking about a transaction that requires integrity, although frequently confidentiality.>>

    <Without SSL, how are you providing confidentiality? The bad guy in the middle can read whatever the client reads. Worse still, he can simply change a client’s GET request from http://server/somethinginnocuous.htm to http://server/showmemysecrets.htm, and boom, it’s all over.>

    <I don’t dispute that the replayability of authorization cookies is a known security problem, but I do not think you can solve the problem without first guaranteeing message integrity and confidentiality. SSL provides both of these, as you noted, with a tradeoff of CPU time.>

    OK, I agree with your confidentiality and SSL claim. However, we are talking about domain-level cookies. So, the concern we have is with 2 situations:

    First, the cookie can be used for personalization where confidentiality would not be required and we resistance to SSL in those circumstances. This potentially leaves the cookie open to hijack (maybe that is just our problem).

    Second concern is with the "evil administrator" – meaning even if everything was SSL-enabled the cookie (authentication/identity token) is still subject to hijack by the endpoint.

    So what I was looking for is some means by which a browser could "prove" it is the one to whom the cookie (or some other platform independent, web protocol friendly identity token) was originally issued.

  122. > … some means by which a browser could "prove" it is the one

    SSL with client certificates should fit the bill. If it’s a low-risk concern, cookies should be fine too.

  123. Anonymous says:

    as David Letterman put it,

    ‘did you know the homeland security level is now ‘peanut’ in NY’,

    seriously, sounds like someone just looked up from digging too deep in a GUI book,

    truth is, in RL ideas might not apply as cleanly as they looked on paper, this seems to me as one of those,

    in the dev teams quest for details to improve security in IE they’ve come up with a scheme which involves ‘weighing’ the goodness of an URL/ipnumber, and then color-coding it!

    I mean it sounds silly already,

    who will ‘judge’ these ipnumbers,

    where can I complain if my ip was judged ‘bad’,

    who will manage the database that stores this information, (so in the future all my surfing will go through a ‘validating’ microsoft server ?)

    wasn’t the consensus on IDN’s that they should be fullworthy domains (ie not worth less/less functional than ‘ordinary’ domains)

    IE team, for once don’t go off the trail making own solutions/standards that noone will adhere/follow/respect.


    /B [refraining from making any ‘polka’color jokes]

  124. IMarvinTPA says:

    Is there any way to get the DoD root certificates added to the default roots list?


  125. IMarvinTPA says:


    We need a way to filter out expired certificates and to quickly identify which certificate is which. With the Navy’s PKI policy, I get a new certifcate each year, so I have about 5 in my list whenever I log into a navy site to choose from. Only one is current but they all say "Andrew T Bay" and I can’t tell the difference between one and another without looking at the deatails.

    Please, add a check box to filter out expired ones (or to show un-expired ones.) The expired ones are still needed for reading old e-mail.


  126. Anonymous says:

    For a framework of how IE7 might support levels of trust for web sites, see IETF RFC 3647, which builds on schemes that different countries use to map assurance levels. The only official mapping in the US is by the Federal Bridge Certification Authority, which implements cross-certification for the Federal Government. Federal PKI is pretty far along in this area because of the e-Gov initiative.

    In fact, IE7 should make this assurance level visible for all HTTPS sessions, even if it has to check validation chains back to their "trust anchors" in background threads. This is probably more important to the user experience than displaying the "security zone" in the status bar. IE7 probably should restrict assignment of a low-assurance site to a high-trust zone, since the site may represent a higher spoofing risk.

    IE7 should also take into account the tendency of large web sites to minimize their use of HTTPS for performance reasons. A site might use HTTPS to authenticate a user (and itself to the browser), but then fall back to non-SSL content. Within a user session (or short time frame), the identity of the site should still be assured.

    To identify this level of assurance to the user, the red-yellow-green scheme is fine, though I think a key makes a better icon than a padlock or a shield, with a circle-slash over it to indicate a non-SSL session with a high-assurance site.

    I think that IE should display the URI scheme and hostname at the beginning of the title bar, with the full path an option (like Windows Explorer).

    The ability to open a window without chrome should be a custom security option, in case the user really needs it. At the very least, though, a chrome-free window should display the first parts of the URI, maybe in a translucent bar. (Say, translucent chrome would be a good appearance option for a crowded desktop; an autohide option that doesn’t cover your work suddenly…see the Media Player skin "faded blue subcompact.")

  127. Anonymous says:

    MS does it again. I’m an access enthusiast and the first thing I noted about the phishing feature is it’s inaccessability. Go here and use the URL of this page to see what I mean.

  128. ieblog says:


    I’m looking at your site and I fail to see how the feature is not accessible. Regardless of whether you can see colors or not (and I am mildly color blind), you still have access to the feature. The colors are just an additional marker but not essential to it.

    – Al Billings [MSFT]

  129. Anonymous says:

    Good idea to get together and look for standards, so the web gets easier to ceate and use.

    However, your blog entry can’t be viewed with Firefox. The images are empty (non existent, not even broken as images).

    What ‘technology’ breaks this?


  130. Anonymous says:

    <<and will deter developers from pop-up windows>>

    You say that as if it’s a bad thing.

    Even for sites where the new window is somethign I want to see, I HATE pop up windows. I’d much rather have a new tab opened up instead.

  131. Anonymous says:

    I believe instead of yellow, it should be more an amber/orange as yellow is not the middle colour on traffic signals. least not in the uk.

  132. Anonymous says:

    Red/yellow/green might sound ok, but people have to understand that there is a whole generation of people who got used to YELLOW PADLOCK!

    That’s why URL bar in Firefox is yellow, not green. Because we all got used to associate "safe sites" with yellow lock.

    Yellow was not chosed becuase developers rolled the dice, but because yellow color was synonym for "secure", for ages.

    I have nothing against color change, but don’t do it just because you think yellow sucks (or is used by another browser).

    Additionally, "yellow" traffic light is actually more orange than not yellow (at least in places I’ve been), so it would make a lot of sense to use orange color for "suspected phishing sites", for example. Orange also takes attention (the yellow color ‘relaxes’) and leads towards red – which is what phishing (or other) warning should be about.

    Keep up the good work.

  133. Anonymous says:

    Glad to see the major browser vendors working together towards standards. Here’s hoping this becomes routine.

  134. Anonymous says:

    IMHO the one for suspicious sites (yellow) is a terrible idea. In Firefox, this color is used to indicate sites which use an encrypted connection (HTTPS). MSIE, being the one which follows up, should adapt to the colors firefox has chosen, as to make everything as easy and standard for the end user.

  135. IEBlog says:

    One of the biggest challenges in making software more secure is maintaining compatibility with the existing…

  136. IEBlog says:

    As we’ve described

    previously, we’ve made some major architectural improvements to improve browsing…

  137. IEBlog says:

    I’m really excited for my talk tomorrow here at Mix06. This conference feels more like a party than work….

  138. IEBlog says:

    One of the best parts of IE7 is actually yet to come. High Assurance SSL certificates, now known as Extended

  139. IEBlog says:

    Hi, I’m Kelvin Yiu, a program manager with the Windows Crypto team, and I’m very excited to be posting

  140. SSiTE News says:

    Hi, I’m Kelvin Yiu, a program manager with the Windows Crypto team, and I’m very excited to be posting today on the IE blog, announcing plans to make Extended Validation (EV) SSL Certificates available in January 2007. For over a year, we’ve been working

  141. how to make a small business feasibility study

  142. We’re notably delighted that you’ve found our webpage dealing with get more traffic.