New Training and Whitepaper on Internet Explorer 7 Security Now Available


A while ago I talked about Internet Explorer sessions we were giving at Tech-Ed 2007. And while it was a great pleasure for me to see many of you there, not everyone could make it to Tech-Ed. Working with TechNet’s IT Showtime, we’ve made my presentation Windows Internet Explorer 7 Security In-Depth available to watch online, as well as a selection of other Tech-Ed presentations.

A new feature of this year’s Virtual Tech-Ed was the FishBowl, which showcased 15 minute interviews with speakers and evangelists. Tune in to watch any one of the sixty video interviews, including my interview on Building Trust with Internet Explorer 7 and Extended Validation SSL Certificates.

As more and more enterprises adopt Internet Explorer 7, we’ve been getting more questions about deploying and securing IE7 on the desktop. Even though IE7 installs with secure settings by default, there are a number of security features that you can tweak to accommodate specific security needs of your organization. We have just released the Internet Explorer Desktop Security Guide that discusses many of the new security features along with recommended settings.

I hope you will find all of this information useful. I look forward to your feedback or any requests about new material that you may have.

Markellos Diorinos
Product Manager

Comments (30)

  1. Anonymous says:

    tnx for another blogpost! will check the videos soon can you give us some info about IE 8, javascript,css support the next post?

  2. Anonymous says:

    *****************************************

    WHAT ON EARTH DOES THIS HAVE TO DO WITH TRANSPARENCY FOR IE7 BUGS, IE8 DEVELOPMENT, OR OPENING UP A BUG TRACKING SYSTEM?

    DOES THE IE DEVELOPMENT TEAM NOT READ THIS BLOG?!?!!

    *****************************************

    *****************************************

    WHAT ON EARTH DOES THIS HAVE TO DO WITH TRANSPARENCY FOR IE7 BUGS, IE8 DEVELOPMENT, OR OPENING UP A BUG TRACKING SYSTEM?

    DOES THE IE DEVELOPMENT TEAM NOT READ THIS BLOG?!?!!

    *****************************************

    *****************************************

    WHAT ON EARTH DOES THIS HAVE TO DO WITH TRANSPARENCY FOR IE7 BUGS, IE8 DEVELOPMENT, OR OPENING UP A BUG TRACKING SYSTEM?

    DOES THE IE DEVELOPMENT TEAM NOT READ THIS BLOG?!?!!

    *****************************************

  3. Anonymous says:

    Thanks man, just what I was looking for. Worked like a charm Thanks so much

    http://www.top-directories.net/category/internet-explorer/

  4. Anonymous says:

    For Dave;

    Alexa was shouting because every single time a post is added to the IE Blog it has nothing to do with the stuff that developers care about.

    Developers have been saying, shouting, cursing, and screaming at the IE team (juvenile as it may be) to get some info on bug fixes for IEs rendering issues, new support for Javascript features (ECMASpec stuff & broken DOM implementations), IE8 info, and of course for the number one issue – bug tracking.

    Every other post on this blog, is about this.  asking when is the bug tracking going to be back online? when are we going to get info on IE8? when are fixes going to be done? what new features *might* be in IE8? etc.

    So we ask once again! Please post something, anything about IE8, public bug tracking, and fixes that are done/slated for/likely/wanted/hopefully in IE7+?

    To be brutally honest, we don’t want any more post on any other topics, until these items are discussed.

  5. Anonymous says:

    I could not find a fix for the privilege escalation issue described here:

    http://lcamtuf.coredump.cx/ierace/

    When I looked at the preliminary August 2007 Security Bulletin, which can be found here:

    http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx

    Can someone *please* tell me whether a fix will be released for this issue the second Tuesday of September?

  6. Dave Massy says:

    jasper,

    Web developers should really care much more about postings here that have to do with released versions of IE than anything regarding IE8. Particularly when the topic is security.

    I’m sure the IE team will post something on IE8 when they are ready. Until then yelling and shouting and throwing a tantrum isn’t really likely to help.

    As a web developer I care about the product that my users are currently using much more than a product that they might use at some undetermined time in the future. All web developers should care about and understand  security and I strongly suggest they examine the useful resources that Markellos points to in this post.

    I totally agree that it would be great to hear about where IE8 is going and what we can expect in teh future. I’d love to see a roadmap so that we can have some confidence that issues raised are being addressed. I’d also love to see a properly supported public bug database. That still doesn’t make throwing a tantrum the correct way to have a conversation. It doesn’t work with my two year old son and I see no reason why it shoudl work here!

    As an ex-member of the IE team I know what it is like to be on both sides of this debate and I can assure you that yelling does not help. Why should the IE team spend time responding to people here when they have other work to do developing IE8? When they do post or comment here they get beaten up over issues that they are not responsible for. A decent and reasoned argument about why you need something to help you as a web developer do your job is more likely to get some sort of response here. I can think of good reasons why a public bug database linked to resources to help work around issues might help web developers in their every day jobs. I’m unclear how details of IE8 which are totally likely to change help web developers do their jobs with the resources available today.

    I actually think we should thank those members of the IE team who do bother to post and comment here. Whenever they do post it inevitably results in abuse being thrown in their direction. They all have other jobs to do so why should they bother putting themselves up here unless they have masochistic tendancies 🙂

  7. Anonymous says:

    @Dave snipped.. "I can think of good reasons why a public bug database linked to resources to help work around issues might help web developers in their every day jobs."

    Exactly!

    We can’t plan a single thing.  There will not be any info on IE8, until betas are out.

    This means that "IE is locked down" by the time we get a chance to test it, and once again, the hundreds/thousands of bugs, issues, etc. will be completely ignored.

    A PUBLIC bug tracking system is the ONLY way to fix this.

    I can’t count the number of times on this blog/any forum where someone posts an issue, only to have a MICROSOFT employee go "interesting, we’ll have to look into that", while the rest of us developers roll our eyes because this bug has been known for ages.

    Just the other day Dave, you posted that the button stretching bug was hardly an issue.  Are you serious? Have you not been inside a software company that makes applications either for the web, or using the web browser control?

    Have you not talked to these developers?

    As a developer of web applications, this was THE VERY FIRST bug I noticed in IE.  It was the VERY FIRST bug I started tracking when IE Feedback was up.

    Did it get fixed? No.  Was I at least able to track when it was going to be fixed? Yes.  Has that functionality been ripped from the hands of all developers developing for the web/IE platform? Yes.

    Was it a smart move? No.  Did it earn the respect of the development community? No. Did it in fact do the exact opposite, causing even more unrest and complaints about the IE browser, the IE Team, and Microsoft’s complete lack of transparency as a whole? Yes.

    I do appreciate every IE member that posts here.  What we don’t appreciate, is that there is nothing here to aid us developers in improving IE.  We use it far more often than anyone in Microsoft does, we test the living daylights out of it, because our applications/sites test every aspect of it, many thousands of cases that MS likely never even dreamed of.

    We ARE the best testing team MS could ever have, yet we are shunned.  Our only option for providing 2 way feedback was ripped from our grasp.  Our only option to be able to provide test cases. Gone. Our only 1-source option to find workarounds for IE bugs, gone.

    I don’t know if the IE Team realizes how incredibly serious we are about this, this isn’t a joke.

    We absolutely need bug tracking. Period.  There is no debate on this.

    That is why, with each and every single post that an IE team member makes to this Blog, that doesn’t even acknowledge that the developers in the community are extremely frustrated with the lack of response to the public bug tracking questions drives us up the wall!

    If you don’t want/plan to ever re-open a public bug tracking system, then STATE IT!

    If you plan to, but need input, STATE IT!

    If you are not sure, STATE IT!

    If you are planning something, STATE IT!

    If you think that leaving us developers hanging in the wind wondering, will keep us from getting upset that there isn’t a bug tracking system, STATE IT!

    And if you haven’t guessed by now, since the IE Team first started this Blog, NOT providing a bug tracking system, or at least a worthy explanation of why you are not, is like telling your best customers that "Hey, you know what, we really don’t care."

    I’m DISGUSTED with the lack of any progress whatsoever on a public bug tracking system for IE. (words really don’t even begin to describe the mood in the community)

  8. Anonymous says:

    I have to take issue with Dave Massy’s comments on the last post about long buttons too.

    1.) There most certainly was TONS and TONS of complaints about the stretched buttons!

    2.) Long buttons are not typically part of most web designs, but you are forgetting that we are not just talking web sites, we are talking about web based applications, front-ends to large enterprise systems etc.

    In those applications, longer buttons are very common, to describe the exact nature of a complex task.

    Here are a bunch of buttons that would trigger the ugly buttons

    "Download Spreadsheet" – Fails (only in IE)

    "Validate Order 123" – Fails (only in IE)

    "Configured Devices" – Fails (only in IE)

    "Transportation Details" – Fails (only in IE)

    "Preprocess Order 6" – Fails (only in IE)

    "Restrict Privileges" – Fails (only in IE)

    "Upload Attachments" – Fails (only in IE)

    It takes very little, to get a button to 18 characters in length.

    Even Google’s "I’m Feeling Lucky" is *JUST* under the wire… one more character and I assure you… the whole planet would know about this bug!

    You reason you don’t hear about it that much, is because we developers, have found the bug, realized that Microsoft is either too lazy, or un-motivated to fix it, so we have altered our designs (once again), to accommodate IE.

    And I for one, am tired of it!

    simon

  9. Anonymous says:

    A bug tracking system or even frequent blog posts could make it easier to find fixes for stupid bugs like this: http://www.dgx.cz/trine/item/the-stretched-buttons-problem-in-ie

    My issue is that it’s too hard to find reliable workarounds for IE bugs. Even if the bugs don’t get fixed, at least help us solve the issues like positioniseverything.net started to do.

  10. Anonymous says:

    comments link on http://www.ieblog.com/ does not work.

    and Len, go make your own bug tracking system, post the link inhere and damn I would love to fill it up and give it to the IE-team.

    you go boy

  11. Anonymous says:

    @DMassy

    Maybe then it is worth to prohibit user comments to this blog? Or maybe close this blog at all? It was useful when the entries were about issues really interesting to readers. Now ALL PEOPLE are most interested in news about IE 8 and a bug tracking system. If you aren’t going to write about it, then it is better not to write at all. If you don’t give what people really need, you should don’t give anything.

  12. Dave Massy says:

    rc,

    Why are you addressing that comment to me? I do not control this blog and I no longer contribute to it as I no longer work at Microsoft. I’m simply expressing my opinion that there are things other than IE8 that can be discussed here that are interesting regarding IE.

    I fully agree that it would be nice to hear things about IE8. However to suggest that IE7 related topics are not of interest to the readership here seems wrong to me. But of course I forgot that you speak for all web developers everywhere. Silly me!

    -Dave

  13. Anonymous says:

    We care about IE7 topics too.  However as rc mentioned first and foremost we care about a bug tracking system, which in turn will tell us all we need to know about IE8.

    rc is right.  Either post an entry about the bug tracking system you are making available, and when it will be available…… or post that you haven’t heard a word we’ve said for 4 and a half years and that you are not making a bug tracking system available.

    We’ve reached that point of no return now.  If you want the support of the community open up public bug tracking!  If you don’t care anymore announce that you are not putting up bug tracking. Either way, make a statement, and soon.

    Toby

  14. Anonymous says:

    @ rc,

    When I look at the comments made on the most recent posts, I see a huge amount of discussion that’s NOT about IE8 or a public bug tracker.

    Sure, sure, I have to admit it would even be convenient for me, as I still have a list with bugs lying around. And yeah, I’m interested in IE8.

    But you know what? For all we know, IE8 will only be released six years from now – I don’t think I’ve heard anything that would contradict this, anyway.

    No longer accepting comments on this blog would be a pretty sad thing, in my opinion. I think comments are the main reason I subscribe to this blog now, not the actual posts (but they’re still really interesting, most of the time).

  15. Anonymous says:

    @DMassy

    I apologize; I thought you are responsible for this blog by mistake.

    As for "speaking for all web developers everywhere", you may ask EVERY reader of this blog: "What right now seems more interesting to you: current entries or news about IE 8?"

  16. Anonymous says:

    @rc

    I only care about workarounds to Internet Explorer quirks and bugs.  For posts I would therefore only care about bug tracking and workaround sites and information about IE7.5 or 8.

    The current entries about security, RSS, extending IE with new plugins therefore bores me to death.

    I came to this blog looking for answers, but I’ve yet to find any.

    ryan g.

  17. Anonymous says:

    @rc

    I think there is plenty to know about IE7, so I am happy about the IE7 blog.

    What does indeed interest me more, IE7 or IE8? Well, I have IE7 to cope with right now, and I will face tomorrows issues tomorrow!

    @ all, who want a public bugtracking

    Somewhere further up, I read a suggestion, to create one. Why dont you?! If it is REALLY the most IMPORTANT issue, why not solve it yourself? Especially, as this is an issue, that CAN be solved by anyone, not only by MS!

    @DMassy

    Sorry, that you are no longer in the team! But thanks for continuing to write in here!

    cheers

    Harry

  18. Anonymous says:

    Can anyone at microsoft please tell me why every month i get a update for i.e 7 which involves completly redownloading the program….what happened to the usual system of updates like we get with xp ?

    its a pain having to reinstall ie7 every month….

    i can be contacted at : terahydrocannabinol.uk@gmail.com for your replies on this matter.

    thank you and as life gets easier your updates get harder!!!!

  19. Anonymous says:

    When I looked at the preliminary August 2007 Security Bulletin, which can be found here:

    http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx

  20. Anonymous says:

    http://www.ie7pro.com/

    hah they made it :’)

  21. jbeall says:

    Totally different topic but — are we going to get refreshes of the IE7 VPC images?  August 17th is just a few days away (that’s when the images quit working), and we have a great need to continue testing in IE6.  We have a lot of users still on IE6, and we would like to be able to do all our testing on one machine.

     -Josh

  22. Anonymous says:

    Josh – Eric Law (Of Microsoft) stated "We expect to drop new VPC images for IE6 by Monday, August 13th." so hopefully as that date has come and gone, it means it’ll become available today.

  23. Anonymous says:

    Josh – Eric Law (Of Microsoft) stated "We expect to drop new VPC images for IE6 by Monday, August 13th." so hopefully as that date has come and gone, it means it’ll become available today.

  24. Anonymous says:

    @Chris– Unfortunately, the updated images won’t be available today.

    We’re working on getting the new images out before the 8/17 deadline.

    @Simon– We’re well aware of the stretched button issue, and we understand that the appearance of these buttons does matter.

  25. Anonymous says:

    Glad to hear the new images are on there way.  Where will they be posted?

  26. antisexy says:

    Developers have been saying, shouting, cursing, and screaming at the IE team (juvenile as it may be) to get some info on bug fixes for IEs rendering issues, new support for Javascript features (ECMASpec stuff & broken DOM implementations), IE8 info, and of course for the number one issue – bug tracking.

  27. Anonymous says:

    看过了,谢谢

    http://www.solarain.cn

    文学诗词情感

    http://www.suilu.com

    网站建设及推广