IE Automatic Component Activation Preview Now Available


A couple of weeks ago, we announced that an optional preview for the Internet Explorer Automatic Component Activation was coming in early December, and I’m happy to say that it is now available. Read Knowledge Base article 945007 for full details, along with links to the specific downloads for each operating system.

If you don’t recall, in April 2006, we made a change to how Internet Explorer handled embedded controls used on some webpages. Some sites required users to “click to activate” before they could interact with the control. Microsoft has now licensed the technologies from Eolas Technologies inc, removing the “click to activate” requirement in Internet Explorer.

This change will require no modifications to existing web pages, and no new actions for developers creating new pages. We are simply reverting to the old behavior. Once Internet Explorer is updated, all pages that currently require “click to activate” will no longer require the control to be activated. They’ll just work.

The preview we are shipping today will not be widely distributed to users unless they download and install it. This preview is for customers to test this upcoming behavior before it is widely distributed in the April 2008 Internet Explorer Cumulative Update where all customers who install the update will get the change.

Thanks,

PEte LePage
Product Manager

PS: The IE VPC images have been updated with a new expiry of April 1, 2008, and can be found on the Microsoft Download Center.

Comments (65)

  1. great thanks says:

    Great, Thanks, Now how about IE8?

  2. Al Billings says:

    I am overwhelmed with excitement by this forward thinking news of upcoming IE versions… oh wait.

  3. loginvovchyk says:

    Когда начнется тестирование Internet Explorer 8 ?

  4. rob@cannonsoftware.com says:

    I tried to apply the patch and it said it was not needed.  Is the patch included in the Vista SP1 preview?

  5. ieblog says:

    @ Rob Cannon

    The IE ACA preview functionality removing the click to activiate behavior is already included in future OS service packs (Vista SP1 and XPSP3)

  6. Al Billings says:

    Hey, Mr. ieblog,

    You forgot to log out of the ieblog account and sign your name. Back when I ran this blog, we were supposed to sign our names to comments so the community knew to whom it was speaking.

    Who just posted? It’s obviously the person with the account login here. Of course, the IE team has never stated who took over running the blog after I left so I’m actually curious as to who you are… Who runs the blog now and puts up the posts that the IE team writes?

  7. Al Billings says:

    Hmm… the hyperlink on the word "ieblog" is "http://kristen%20[msft]/" so I suppose, using great powers of reason, that the person running the ieblog is "Kristen," whom I don’t know.

  8. Ben Buchanan says:

    Thanks for the VPC update. We were wondering if you’d discontinued that scheme. Please stop time bombing the images, or at least ensure there’s continuity! We need these test images 🙂

  9. Niyaz PK says:

    I think opera employed a better strategy. They did not show the border aound the components which needed activation. Just a tooltip.

  10. TJ says:

    Geez Al seems you have an axe to grind with your old masters now that you have switched teams! A simple search through this blog shows many responses (to commenter’s) by an "ieblog" over the years. Not to mention your continued sarcasm at IE8. Guess that Mozilla Kool-Aid is quite intoxicating!

  11. david harrison says:

    I can’t see this listed in Windows update – will it be included in a Windows Update rollout, and if so, when?

  12. Lionel says:

    @david harrison:

    That’s in the post: it will be provided later through Windows Update (April 2008 Cumulative Update).  It is also mentioned on PEte LePage’s blog (http://blogs.msdn.com/petel/archive/2007/11/08/i-m-not-going-to-click-to-activate-anymore-soon.aspx).

  13. Matt says:

    All i can say is "It’s About Time." I got the ACA and now that annoying Click to Activate screen is gone from sites that i have visited which did not add that Cta Feature to there sites to begin with.Heck if i hated the Click to Activate i am sure not going to make my site visitors suffer the same fate so this ACA was needed Very badly.Even if not many pcs suffered the CTA screen sure know how friends and family suffered from it clicking a mini screen telling you to click to activate just to get embeded files Media wise was very annoying to me and my friends as well.So in closing i am sure it bothered every other commentter who replied to this as well.

  14. DM says:

    @Al and TJ… are my contributions to the Mozilla Foundation paying for you to troll here? Lots of other people are doing that for free…

  15. anonymous says:

    Good gracious why April!!!! And by the sound of "The IE ACA preview functionality removing the click to activiate behavior is already included in future OS service packs (Vista SP1 and XPSP3)", it looks like Vista SP1 and XPSP3 won’t be released till April 2008.

  16. Rex says:

    @TJ: Al can post here every day as far as I’m concerned.  He worked with the IE Team, thus knows the in and outs of how MSFT works behind the scenes.

    He was pivotal in getting the IE Blog and IE Feedback systems into the community and getting them well oiled.

    Since his departure (and Dave Massy’s), the IE Team, Blog, and Feedback has spiraled into the ground with little hope of revival.

    In terms of PR (Public Relations), this is a companies worst nightmare.

    IE effectively has 2 customers.

    1.) The end user (me, you, my grandma, and her little grandson Timmy)

    2.) The Developer

    Now granted, the size of the #1 Customer is massive, and they are generally content (or naive, take your pick)

    However their #2 Customer is angry, upset, disappointed, flabbergasted, and all around bewildered at the apparent total lack of concern or sympathy.

    As a *reasonable* customer, we understand that software isn’t perfect, it will have bugs, we will have to wait for new versions to get certain features.

    What drives us batty is that we don’t know what the new features are (cause they won’t tell us, and they won’t open Feedback so we can tell them what we want!).

    We don’t have a 1-stop resource to find workarounds for the bugs that are in the current version(s) we need to support.

    We don’t have a "channel" to communicate with the IE developers (the IE chats died the day IE7 shipped), there is no dedicated IRC channel, IM name/channel, 2way blog, 2way newsgroup, 2way forum, nothing!

    Worst of all, we bring bugs to the attention of IE as best we can (on this blog, postings on public sites all across the internet etc., but we have no way of knowing if (a) we are even being heard (read: bug verification) or (b) a way to track the progress (read: bug tracking)

    Both of the above items are solved by having a public bug tracking system (in fact so is Feature Requests and Workarounds), but at a bare minimum, posting meaningful info on this blog about IE8 would at least keep us slightly informed about fixes and features.

    -=-=-=-=-=-=-=-=-

    I find it quite ironic, that this only appears to be happening because we don’t *pay* for IE as a development platform.  If it was Visual Studio, then we could ask for, and expect support (and have a right to demand it, if it never materialized).  However since we don’t *pay* for IE, the IE Team (and/or MS MGMT) deems it quite alright to not provide support to developers.

    I’m quite glad I don’t pay for IE to develop, because if I did I would be demanding a refund.  I get tons of support for the other browser platforms I develop on, why not on IE? (esp. when I have more issues with IE than all other browser platforms combined!)

    Sincerly

    Rex

  17. Al's Relationship Counselor says:

    Al– Stop!  We talk about this in every session, but you always end up right back here, up to your old tricks.

    IE keeps telling you it’s over, but you just don’t listen.  If you keep bothering IE, she’s going to have to get a restraining order!  

    Besides as you said, your new girlfriend’s a "Fox", and she’s going to get jealous if you keep skulking around IE, trying to stir things up, reminiscing about old times, and insulting her life since she dumped you.  I’m sure your life together was really special, but it’s over now.

    It’s time to move on.

  18. mfelix says:

    why is it that when I tell an element to be 9px in height, IE 6 refuses to do so? I mean how hard can it really be to make an element render based on some simple instructions.

    Take a look at Firefox (http://firefox.com) and Safari (http://webkit.org) to get some ideas on how to make this work right.

    Maybe you can base IE8 off of webkit.

  19. Al Billings says:

    I actually posted a longish response to why I posted my initial comments above. Fortunately for you all, since I posted two links in it, it must have been marked as spam and was thus blocked until someone from the IE team unblocks it (which would be unlikely).

    TJ, the reason why it matters who is running the blog here is that that person would be working with people on the IE team, who write posts for the blog, to get them posted and to get them to respond to comments. Since I quit running the blog in May, 2006, there has never been an announcement about who took it over or who is running things here. That is actually important.

    Since, outside of Eric, almost no one from the IE Team *ever* responds to anything said here and because this is now the *only* channel of communication developers have with the IE team, it is important that IE members who post to the blog to actually engage with people.

    The IE team used to have developer chats but that ended after IE7 shipped. Since Dave left the team and he ran those, I somehow doubt that someone else has picked up the ball. The same goes for the bug database, which was "temporarily" closed over a year ago. When will that reopen? Likely never. It was my idea to create it in the first place and some of the leaders on the IE team thought it was a great idea and backed it. Obviously, the winds have shifted and it isn’t coming back after this long.

    As to the Mozilla Kool-Aid, it is quite tasty and refreshing. All of our bugs are open to the public, outside of current security issues. Our roadmaps and project plans are freely available on our wikis and in docs. If you want to know what is going on with Firefox 3, you can call into the weekly meeting’s conference line and listen to the discussion and even ask questions if you have cause to do so. People who work on Firefox and Thunderbird blog and quite openly about things. The Mozilla community is also a lot larger than the subset that works at MoCo and people do work together.

    Contrast that to working with the IE team, especially as a web developer, and I think you’ll see the difference.

    I don’t actually dislike anyone in particular on the IE team and because it ships with every copy of Windows (and I worked on earlier versions), I do care what happens with it. I’m as frustrated as everyone else here at the lack of engagement by people at Microsoft. This is ESPECIALLY frustrating because it goes back against the work that was done during IE7 to try to be more open.

  20. Jax says:

    I recall when this blog started, that there was supposed to be a bit about the team structure, so that we all understood who was who, and who did what kind of thing.

    I see that almost everyone is a Program/Product Manager, but it gives no insight as to the hierarchy of the IE Team.

    The reason I ask, is twofold.  One, I would really like to know how things are laid out, thus if I have a security based question, which "team" within IE is likely to be able to answer me/ have the info.

    Two, I’m curious "who" is at the top of the IE Team Hierarchy?  Apparently the comments on this blog aren’t reaching him/her, or their version of IE7 doesn’t render the IE Blog, thus I’d like to know who is "in charge" and possibly direct questions towards them as to why we are being shunned on this blog?

  21. Matthew Raymond says:

    So, guess it’s safe to add Netscape Plug-in support back into IE, now that you’ve licensed that troublesome Eolas patent. 😉

  22. webeame.net says:

    Hoy, el blog de Internet Explorer, ha anunciado que está disponible una actualización para todo el usuario que lo desee para activar automáticamente los controles embebidos en un sitio Web. Esta actualización será masiva año que viene.

  23. Jason says:

    Sorry to go off-topic, but I have a question about IE’s certificate handling. My search-fu has failed me, so the people here are probably my last shot at this before I go to a less-than-optimal solution.

    I have a wildcard SSL (normal) cert for my company’s domain. Let’s say it’s *.mycompany.com. We’d like to set up a client area for people to use, with the format clientname.clients.mycompany.com just to keep things in DNS nice and tidy.

    My gut feeling, which Firefox and Opera agree with, is that the * covers any subdomains, sub-subdomains, etc. for mycompany.com, and when I view the prototype client site in those browsers everything works fine.

    IE (and Safari, for what it’s worth) disagree, and puke up an error about the domain name not matching the cert. I don’t really care about Safari, since these are corporate users almost universally running PCs, but IE getting this wrong basically sucks.

    If I have to I’ll just go with clientname.mycompany.com, but I can’t think of any reason that my preferred solution wouldn’t work. Is there some voodoo I can work at the server side of things, or am I screwed?

  24. EricLaw [MSFT] says:

    @Jason: IE is behaving by design in this regard.  

    Our constrained matching is by-design and is required by RFC2818. Firefox is out of compliance here.

      Matching is performed using the matching rules specified by

      [RFC2459].  If more than one identity of a given type is present in

      the certificate (e.g., more than one dNSName name, a match in any one

      of the set is considered acceptable.) Names may contain the wildcard

      character * which is considered to match any single domain name

      component or component fragment. E.g., *.a.com matches foo.a.com but

      not bar.foo.a.com. f*.com matches foo.com but not bar.com.

  25. Al Billings says:

    Jax,

    Microsoft divides most product teams into three core disciples: Development, Quality Assurance, and Program Management. There are also Project Managers, Products Managers, etc. but there are three core disciplines.

    In a classic sense, that all teams don’t always follow, when a release is being created for a product, program managers develop the specifications and vision for a particular feature area (like there was a Program Manager who designed how tabbed browsing would work in IE). Developers give input to the PM, who writes the spec. Developers take the spec and write the code to do what the spec says. Often, there is a back and forth to update the spec based on the details of how things are implemented or when developers find better ways to do things. Quality Assurance (testers) take the spec and develop test plans and then test cases that test the code developed from the spec to see that it is working correctly and to find bugs.

    Round and round it goes.

    So, program managers post here the most because they are usually the ones that designed or are responsible for the design of a feature in IE. They also happen to be the ones who do many of the other roles outside of development and testing and are often charged with communication regarding their feature area in a product.

    If you go back far enough in the blog archives, you will find introductions from many IE people who post here. Once upon a time, people introduced themselves when they posted to the blog for the first time ever.

    Dean Hachamovitz runs the IE team and reports to the wider group that IE is within. Tony Chor, who posts here on occasion, is in charge of the Program Management team for IE (I assume). Most of the people that post to the blog work either directly for Tony or indirectly (via a manager between them and Tony).

  26. Al Billings says:

    That would be "disciplines" and not "disciples," which has other connotations at this time of year…

  27. David says:

    Use the Google, Al?

    "http://msdn2.microsoft.com/en-us/ie/default.aspx"

    I’m Kristen Kibble, a Program Manager on the IE Team working with the IE Community and editor of the IE Team Blog.

  28. thacker says:

    Will break with tradition here and do something different and without condition.

    LePage–

    Thank you.

  29. Al Billings says:

    Ah, they added a section to the MSDN page that summarizes the blog. That’s new but good to know.

    Now, if we could get her to start responding to comments here, we’d be set. Maybe she can reopen the bug database too.

  30. Jason says:

    EricLaw: Thanks for the info. I’d argue that the DWIM-style behavior I’m expecting seems more logical if you just think of it as a string match (i.e. "*.a.com" would match "x.y.z.a.com"), but if IE’s spec-compliant I’ll just have to grin and bear it.

  31. anphanax says:

    mfelix:

    Tried font-size?

    "Use the Google, Al?"

    Don’t you mean use the "Windows Live"? =)

    Any chance IE 8 will use XAML instead of the "undocumented" DirectUI stuff for parts of Internet Explorer? Those UIFILEs stored in IEFRAME.DLL sure look like DirectUI XML files (I REALLY wish you guys would document this stuff, even if it "encourages" bad programming practices). I was able to find this DUI documentation, but it’s unofficial and primarily for MSN Messenger (http://memskin.fanatic.net.nz/?page_id=6)

  32. game kid says:

    While I’d have preferred to see the mess resolved without Microsoft (or Opera) validating a silly software patent, I won’t argue with reverting an annoyance like "Click to activate".

    I won’t miss the patent owners when they’re gone.

  33. oyun says:

    Please do not require more modifications to existing pages

  34. Ajo says:

    Works great (IE6 on XPSP2). Thanks! Jut like the old days… 😉

  35. I just wanted to say thanks for this change – saves a click or two during my day!

  36. Brent says:

    Quote from Channel 9 with Steve Balmer:

    "Q: You’re famous for the "developers, developers, developers" speech. Why are developers so important for Microsoft?

    A: At the end of the day the innovation in the software business and the IT business comes because someone writes a great piece of code. Even in the hardware frankly most of the innovation comes because someone writes a great piece of code. An important piece of code. A great piece of code.

    All the solutions, whether we create them ourselves, whether they are created by our partners, or our ISVs, it all starts with developers, developers, developers."

    +++++++++++++++++++++++

    Any Idea when those important developers are going to be heard on this blog?

    Any Idea when those important developers are going to be given info on IE8?

    Anyway, I was reading about the IE team structure and was trying to get my head around it.  I created a Mind Map (you can use freemind if you don’t have a viewer) to try and connect the dots.

    http://www.megaphile.com/file/12684/IE-Team-mm.html

    Feel free to add to it/correct it, and re-publish the revised file here on the IE blog.

    Thanks and looking forward to more info,

    Brent.

  37. web developer says:

    Hey, no one cares about your stupid browser.

    Learn to support standards you arrogant morons.

  38. Dan says:

    Opera CTO Håkon Wium Lie comments on Opera’s antitrust action against Microsoft around IE:

    http://www.dailymotion.com/video/x3qx5b_opera-cto-on-operas-antitrust-actio_news

  39. OtherDan says:

    Opera CEO’s plan to swim across Atlantic Ocean:

    http://www.newsfactor.com/story.xhtml?story_id=12100B4AGUD7

    I want some of what they’re smokin’.  🙂

  40. Mike says:

    @OtherDan – that story is 2.5 years old! Still, I guess we’re used to feeling like we’re stuck in the past when talking about IE 🙂

  41. Microsoft had a really busy week this week. Unfortunately, it coincided with an IPv6 class I was taking

  42. Oliver says:

    @Dean

    I am in serious danger of mistaking silence for inactivity.

  43. @Al

    Quality Assurance? I really try to keep it positive here but TABS don’t even work in IE7! The "a new tab in the current window" effectively does nothing. Links from other programs and links designed to open in a different window are not forced in to a new tab, they always create a new window. They obviously went through the pains of implementing it, why not the pains of making it work correctly?

    @ Rex

    Microsoft effectively has one customer: businesses. Businesses are large and slow moving beasts that hate change and having to spend any money.

    Developers? They work on serverside code. Designers work on clientside code. It’s designers that have to deal with IE! I wouldn’t expect a PHP/ASP/CF developer to understand liquid CSS and AAA WAI compliance for example. Of course companies cheap out any way and force their developers to handle the jobs of designers. We can thank the bending-over-backwards of browsers for effectively killing web designers in the business world.

  44. LW Swift says:

    I just find it so funny. If the computing community wants to blame someone, blame yourselves. You, who advised the purchasing decisions for corporate America. You, who bought into the "no one ever got fired for using Microsoft" line. You, who belittled and bashed the Mac or Linux or whatever alternative threatened to bring OUTSIDERS (!) into your filthy little tree house. YOU put Microsoft on the global throne. YOU created the monster that will either gobble every good idea and break it, or stomp it into oblivion. YOU have made the web in Rube Goldberg mess that it is today. So from the users out here who wind up breaking our keyboards with out pounding fists because we have to use this Microsoft garbage at work, SCREW YOU ALL! YOU DID THIS TO YOURSELVES, AND NOW WE ALL HAVE TO PAY FOR IT!

  45. Evan says:

    @Rex you summed it up quite nicely. 1/2 of IE’s customer base may be relatively content, but the other 1/2 of IE’s customer base is fuming mad.

    I’m in the other 1/2.  The half that can’t believe there has been zero progress to fix the DOM in IE in (by my calculations) 7 (seven) years.

    It boggles my mind.  The DOM methods is a simple set of well defined specifications.  I’m sure if any developer team needed to implement the entire spec correctly, it would take them a week at most.

    Unbelievable that this has not been fixed, with all the resources and time that MS has had available.

    evan

  46. Phil Metham says:

    Hundreds of phishing websites are circumventing the IE7 phishing filter by redirecting the user once they go to the target page. So you see "Phishing website" but only for a split-second and you’re taken to another site which isn’t blacklisted.

    Something REALLY needs to be done about that – it lulls users into a false sense of security and is an outrage.

  47. EricLaw [MSFT] says:

    @Phil Metham: If the Phishing Filter blocks a site, its code no longer runs and hence it’s not possible to redirect to another site.  

    If you believe you’ve found a counter-example, please send the original link to me via email.  

    @John A. Bilicki III: What OS, and what program?  The "open windows in new tabs" setting is effective for ShellExecuted URIs, but there’s no way to make it work for older applications that would CoCreateInstance on an IE object; that always creates a new window.  Fortunately, I don’t think the current versions of any MS applications do this anymore.

  48. @Eric, this was on the IE7/XP Virtual PC image with IE 7.0.5730.11 using the top external link on my website (uses rel="external" attribute on anchors that JavaScript replaces with target="_blank" due to the W3C’s incompetence in providing an alternative to the target attribute). I would imagine that would count as a ShellExecuted URI?

    I just downloaded the latest refresh with IE 7.0.5730.11 as well and it does the exact same thing. Just click on any external links (red text with + icon) that should load in a new tab.

  49. EricLaw [MSFT] says:

    @John, I’m not able to reproduce this issue on your website if the IE setting in Tools / Internet Options / General / Tab Settings is set to "Always open popups in a new tab."

  50. I spent very long time to make function out of this  unfortunite product

    PLEASE INSTALL it

  51. @ Eric, a video response! So you can visually see exactly what I’ve tried without having to read a book. 😉

    http://www.youtube.com/watch?v=TCPtYDBIYmU

  52. Harliem says:

    I watched John’s video… (I’m not familiar with the rel="external" stuff, so I won’t comment on that) but I wanted to add my 2 cents on the IE8 stuff.

    I (sorry John) do not agree, that there is any reason to hold back.  Mainly because for most people on this blog, ***I Couldn’t CARE LESS*** about new browser features in IE.  The ONLY thing we care about at the moment, is fixes to what has been broken in IE for over half a decade!

    I don’t care what I have to set, but when I call document.getElementById() It better darn well provide a way for this to work.. ***FLAWLESSLY*** I want to be able to use setAttribute() for ***ALL*** attributes!, and a W3C Event model, DOM Mutation events, Prototyping on HTML Elements, and some decent CSS support.

    Yeah, I want SVG too, and / or Canvas, and higher ECMAScript support, but I’m willing to wait for that, as long as the broken stuff gets fixed!

    If you start telling us that the fixes are NOT in, but you’ve added 3D animated Quick Tab switching or some nonsense like that, you are going to have one heck of an angry developer base to deal with.

  53. Let me clarify; I think we can be objective and critical of any browser without being outright hostile when we post (specifically on the IE Blog). The inherent anonymity that comes with the internet is no excuse for rude behavior. I don’t recall Microsoft rising to it’s monopoly based on IE but the Windows operating system in general. If any even objective hostility should be given it shouldn’t be the to IE team but those who decide when or even if there is an IE team at Microsoft. Frankly I don’t think any one on the IE team would have the nerve to call Bill up and start telling him what he is doing wrong by not letting them work on IE at certain times. So if you’re going to voice your opinions please do so without misplaced hostility.

    As far as what the IE team could do, well I’m not really sure since they are working on a whole new engine. I would like to emphasize to other IE Blog posters that it’s going to take some time to get it right, give them the time. The last thing we want is massive public pressure to release it a week or two too early and then having to deal with a whole new set of bugs. We know we’ll have to deal with something, let’s give them time to minimize it and in the mean time return to civil and objective conversations here.

  54. I walk alone under a desolate sky says:

    I’m with you Harliem, if there’s things that would be easy to fix and they leave it out for more eye candy I’m going to be more angry that I think I’ve ever been in my life. The whole developer base that isn’t being paid by MS or trained by someone indoctrinated by MS propaganda (yes they exist, and they are obvious by the way they talk, and their existence sickens me, but anyways…), this whole real developer base is already angry and has been angry for a while, MS however has done little to appease us. Basically just enough to stop the formation of a mob with torches and pitchforks coming after them. This whole silence really isn’t helping anything either, they’re going to have to post something that will make devs happy or the pitchforks will be coming out anyways.

    Also, John, where exactly is the official MS post saying they’re working on a new engine?

    I didn’t see anything but the fact that they decided on what name to use for IE 8, in a failed attempt at humor that was posted around the time we were told to be expecting news about IE 8 actually coming out. I think the time for not being outright hostile is at an end and we should be looking at very publicly outing MS and IE. It looks like the only way to get MS to do much of anything is to hurt them in some way affecting their bottom line/user base. Maybe some time can be given to the IE team if they can confirm this week that a new engine is in the works, otherwise I say it’s time to start itemizing bills to show time spent working around IE bugs and really pushing other browsers. Get permission to have a link to the better browser project on sites you create, I’m sure plenty of reasonable clients wouldn’t mind hosting the small link if it could get their IE user market to drop low enough to not need to support them anymore (saving them a lot of cash). I’m also sure that if IE were to drop down to 25% use or less that MS would either discontinue it entirely (realizing they’re too far behind to ever catch up) or get serious enough that they make a truly good browser. Really, I want IE to be good, but I’ve lost any hope of that happening (in part thanks to the lousy information on this blog and lack of follow through on anything) unless MS sees some damage to its position.

    MS has spent years building up ill will, to the point that even calm developers I know can be described as some point past livid at MS. A lot of this anger is based on them never posting anything worth reading here about their work on IE upgrades/bug fixes/CSS implementations/actually using real JavaScript/etc, and it would mostly go away if IE team members actually answered the real questions and kept answering them. Instead we got Dean saying they picked a name and expect more soon, and are now one day away from our second full week of silence on the matter. I’d bet there’d be a lot less hostility if MS hadn’t already spent all this time pissing us off, but they fully deserve it especially since Dean’s been keeping everyone silent, Bill said to be open and talk about stuff. Some hostility belongs elsewhere, but at present the last years worth lies directly at the feet of the IE team and won’t go away till something changes.

  55. About the Phishing filter says:

    I believe I heard about an exploit that relied on server redirects, not anything like JavaScript, and could reliably beat the phishing filter in IE. I remember it was on a security blog, but can’t remember which one it was off hand, going to go look through the ones I do read and see if I can find it again. If I do find it I’ll post it here or whatever the latest IE blog entry is should this be closed by then (do still have work to do so it may be a while before I find it).

  56. About the Phishing filter says:

    Found it. Not really any details there, and it appears to affect all browsers, but I’m sure if someone able to work on fixing the phishing filter were to talk to him he’d explain the exploit and probably a possible fix or two. Luckily it was recent on the second blog I read, else it would be a while before I found it.

    http://kuza55.blogspot.com/2007/05/universal-phishing-filter-bypass.html

  57. EricLaw [MSFT] says:

    @About:  Thanks for the link.

    The description of the issue in the linked blog is different than what was posted here, and it is a threat that we’re aware of and have defenses against.  

    Our data providers have the ability to collect data on the final landing pages and block access to those, in addition to blocking redirection pages.  

    The integration of phishing filter data into mail scanners enables sites like Hotmail and products like Exchange to block the initial URI before it’s ever delivered to the user’s inbox.

  58. David says:

    Off-topic, sorry, but is there another refresh of the XP/IE6 VPC installation being prepared? The current one expired earlier this month, whereas Microsoft has previously been good in releasing refreshes before each one expired.

  59. EricLaw [MSFT] says:

    @David: There’s a link to the new VPCs at the bottom of the post in the "PS" section.

  60. EricLaw [MSFT] says:

    @John A. Bilicki III: Thanks for the video.

    Vis-a-vis the address bar opening the wrong browser…. I hate to harp on it, but there’s a reason that we always recommend not to play with the various "standalone IE" hacks out there.  Internet Explorer is an integral part of Windows, and the hacks break both IE and Windows in unexpected ways.  This is one of them.

    Vis-a-vis the links on your site opening in a new window rather than a new tab… In your VPC video @02:45, your Tab Settings option dialog clearly shows "Always open popups in a new window."  

    Note that you’re focusing the camera (and your attention) on the group of settings ~below~ the relevant ones.

    Best wishes!

    -E

  61. Hey that worked! Both in the XP/IE7 image in Virtual PC and in the IE7 standalone. Thanks so much for the help!

  62. Salut ! 🙂 Vous en aviez marre de devoir utiliser Javascript pour réaliser les incrustation de media

  63. IE Automatic Component Activation Preview