Internet Explorer 9 Will Support VP8: Apple, Now It’s Your Turn

Internet-Explorer-WebM WebM was just unveiled and already it is making its presence felt. In my previous article, I mentioned that everyone from Google, Opera and Firefox to Adobe, Nvidia and AMD will be supporting it. Given Microsoft’s recent commitment to doing the right thing, I speculated that Internet Explorer may also follow suit. However, I never expected them to do it so fast.

Microsoft’s Dean Hachamovitch has confirmed that Internet Explorer 9 will support playback of H.264 video as well as VP8 video. The rider being that the user must already have VP8 installed on his system (Windows 7 ships with H.264 computability). Re-iterating Microsoft’s commitment to supporting web standards, Hachamovitch said:

“We want to be clear about our intent to support the same markup in the open and interoperable web. We are strongly committed to making sure that in IE9 you can safely view all types of content in all widely used formats. When it comes to video and HTML5, we’re all in. In its HTML5 support, IE9 will support playback of H.264 video as well as VP8 video when the user has installed a VP8 codec on Windows.”

Internet Explorer’s backing is a big boost to WebM, since IE is still the most used desktop browser. The only major browser manufacturer that is yet to commit to WebM is Apple. With seemingly the entire industry aligning with Google on WebM, Apple will be under pressure to follow suit. Yet, Apple is known for being unpredictable and unwavering.

Microsoft Launches Campaign to Increase Internet Explorer 8 Adaption – Likens IE6 to Spoiled Milk

Even Microsoft is getting fed up with Internet Explorer 6’s stickiness. The browser, which has long overstayed its welcome, still commands around 10% (source) of the browser market share.

Microsoft-Internet-Explorer-6-Old-Milk

Microsoft Australia has launched a new campaign that likens Internet Explorer 6 to nine year old milk. In an attempt to convince reluctant users to make the switch, Microsoft harps on Internet Explorer 8’s enhanced security features.

With the latest stateoftheart security features, Internet Explorer 8 is designed to cope with today’s modern cyber crime. In fact, research studies prove it.

In a study by NSS Labs, Internet Explorer 8 caught socially engineered malware 85% of the time compared to Firefox 3’s 29%, Safari 4’s 29% and Chrome’s 17%1.

Of course, the NSS Labs Research quoted by Microsoft is most likely crap, since they are better known for clever manipulation than research. Nevertheless, Internet Explorer 8 is unarguably a much better option than Internet Explorer 6, which appears pre-historic when compared with modern day browsers.

Download Bing Optimized Internet Explorer 8

As part of a campaign to promote Bing and IE8, Microsoft UK has released a version of Internet Explorer 8 optimized for Bing.

Contrary to popular belief, Internet Explorer 8 comes with quite a few nifty customizable features. The various customizable features in Internet Explorer such as Accelerators, Web Slices and Search Provider are pre-configured to use Bing. Following are the Bing specific changes:

  • Bing Bar
  • The search box incorporates results from Ciao!
  • Various Bing Accelerators such as searching for videos, images, tweets are pre-installed.
  • Web Slices for Ciao! and Weather are bundled.

Screenshot:

Download Page

PS: The installer sports the bing logo, neat touch!

(h/t @technogranma)

Microsoft Internet Explorer’s XSS Filter Can Be Abused to Execute Cross-site Scripting Attacks

Internet-Explorer-8-VulnerabilityOh the irony! Internet Explorer’s XSS filter, which was designed to prevent cross-site scripting attacks, can be exploited to carry out attacks that wouldn’t have been possible otherwise.

XSS or cross-site scripting is a type of vulnerability that allows malicious attackers to inject client-side script into web pages. A successful XSS attack can even allow the attacker to gain unrestricted access to the user’s personal profile and other sensitive information.

The IE8 XSS Filter vulnerability affects almost every website that lets users create profiles. Google.com, Wikipedia.org and Twitter.com are some of the high profile sites, which are affected by this attack.

According to Jerry Bryant, a spokesman for Microsoft’s security response team, most of the problems were fixed in the MS10-002 security patch, which was issued earlier this year. MS10-018 cumulative security update for Internet Explorer made further changes to the XSS filter to reduce the security implications. However, not all of the issues have been fixed. Some websites like Google have begun to proactively disable the XSS filter. Until the issue is completely taken care of by Microsoft, regular Internet Explorer users may be better served by switching to an alternate browser.

Microsoft Finally Fixes Internet Explorer Zero-Day Flaw – Patches 9 Other Vulnerabilities Along With It

As expected, Microsoft has released an out-of-band update to fix critical vulnerabilities present in all versions of Internet Explorer. This cumulative update includes as many as ten patches, including one for the critical Iepeers.dll vulnerability discussed earlier.

The afore mentioned vulnerability is currently being widely exploited by hackers to infect systems through drive-by downloads. In other words if you system is unpatched, simply visiting a compromised website is sufficient to get infected.

Microsoft-Internet-Explorer

This is the second time this year that Microsoft has been forced to issue an out-of-band update. Earlier in January, it had issued an unscheduled update to fix a vulnerability, which was exploited in Operation Aurora. Microsoft Security Response group manager Jerry Bryant said, “Releasing the update early provides Internet Explorer 6 and 7 customers protection against the active attacks and provides users of all versions of Internet Explorer protection against nine other vulnerabilities”.

As mentioned earlier, this update applies to all versions of Internet Explorer. Most of the patches issues are critical or important. This patch does not however, fix the vulnerability that was exploited in the recent Pwn2Own competition to compromise a fully patched Windows 7 system.

Users who have disabled automatic update can download the appropriate files from here.

Emergency IE6 and IE7 Security Patch Will Be Released Tomorrow

Microsoft has released a security advisory which states that a emergency patch for a critical security hole in Internet Explorer 6 and Internet Explorer 7 will be released on Tuesday, 30th March.

The vulnerability that exists in IE6 and IE7 is being active exploited by hackers and users computers are being infected. However, the vulnerability does not affected users of Internet Explorer 8 and .

The out-of-band security bulletin is a cumulative security update for Internet Explorer and will also contain fixes for privately reported vulnerabilities rated Critical on all versions of Internet Explorer that are not related to this attack.

Earlier this month, Microsoft had also released a workaround to fix this vulnerability, however, this is a proper patch. If you are using IE6 or IE7, it is highly advisable to download and install the patch.

You will find more information on the patch at the Official Microsoft Security Bulletin page.

Browser Saturday: Internet Explorer, Firefox and Safari Get Pwned, Opera Puts the Ball in Apple’s Court

The big event this week on the browser security forefront is the Pwn2Own content, which challenges hackers to break through the defenses of top browsers and operating systems. As expected by most security experts, Internet Explorer, Firefox and Safari fell quite quickly. Chrome is the only browser still standing (sadly Opera was not included in the challenge). You can find more information about the exploits used by the winning participants over here.

Pwn2Own wasn’t the only thing happening in the browser-sphere. Here is a quick look at other major events from this week.

Internet Explorer

It’s been almost a month since the browser ballot screen went live. While it has definitely had a positive impact on the download rate of alternate browsers, there is still confusion regarding its effect on Internet Explorer’s dominance. According to Statcounter, Internet Explorer has managed to hold on to its market share. This suggests that a lot of users are in fact returning to Internet Explorer after checking out the alternatives. However, now QuantCast is reporting that Internet Explorer’s shares may have dipped by as much as 5% over the course of 3 weeks

Awhile, Microsoft is yet to patch the previously discussed critical vulnerability in Internet Explorer 6.0x and 7.0x. If you are still on older versions of IE, ensure that you have applied the suggested workarounds.

Firefox

Fennec-Firefox-Windows-Phone-Mobile This was an interesting week for Firefox. Following the German Government’s advisory, which warned surfers against using Firefox, Mozilla fast-tracked the release of Firefox 3.6.2 which fixed multiple security issues.

On the mobile space, Mozilla stopped development of Firefox (Fennec) for Windows Mobile and Windows Phone 7. This decision was prompted by Microsoft’s refusal to release a NDK for Windows Phone 7, which made developing native applications impossible.

Chrome

Chrome-5-Auto-Fill-Form

This was a jolly good week for Google Chrome. It proved itself to be the most secure browser in the Pwn2Own contest, and now Google has pushed through Chrome Beta 5 for Windows. Chrome 5 introduces a host of new features including Windows 7 Taskbar Tabs and an intelligent form filler. V8 (JavaScript engine) has been refined even further and according to our preliminary tests, the new build of Chrome edges out Opera 10.51 for the title of the fastest browser in the world.

Earlier this week, Google also unveiled its new ANGLE (Almost Native Graphics Layer Engine) project, which will enhance Chrome’s graphics rendering capabilities across platforms.

Opera

Opera Software finally submitted Opera Mini for iPhone to the app store for approval. Whether Apple will approve it or not is a million dollar question. However, Opera has certainly played its part well and has succeeded in getting everyone’s attention. If Apple does reject this app, it will undoubtedly have to endure another wave of negative publicity and possibly even more (we already know that the FCC has been watching ever since the Google Voice saga).

On the desktop front, Opera continued its aggressive release cycle. Opera 10.51 for Windows fixed a couple of highly critical security vulnerabilities along with a host of bug fixes and all-around performance improvement. UNIX and MAC users also had plenty of snapshot builds to keep them busy. Click here to get the latest snapshot build for Windows, UNIX and Mac.

That is all I have for this week. Subscribe to our Feed to get instant updates through the week.

Microsoft Promises To Continue Improving SVG Support in IE 9

Earlier this week, Microsoft introduced Internet Explorer 9 developer preview, which showcases the improved rendering capabilities Internet Explorer. One of the biggest improvements in IE 9 is native SVG (Scalable Vector Graphics) support.

It’s simply shocking that it took Microsoft so long to realize SVG’s potential. SVG support has been present in other browsers like Firefox and Opera for half a decade and all major browsers other than Internet Explorer have some level of support for SVG.

SVG-Internet-Explorer

Earlier this year, Patrick Dengler- a Senior Program Manager at Microsoft, joined the SVG Working Group. Microsoft will be working with the W3C (World Wide Web Consortium) to ensure that their implementation is interoperable and will assist in ironing out ambiguities present in the SVG 1.1 specification.

SVG-Browser-Comparison

It is good that the sleeping giant is finally waking up. However, as illustrated by the CodeDread chart, Microsoft has a lot of hard work ahead of itself, if it dreams of ever catching up with the likes of Opera and Chrome.

No Windows XP And Vista SP1 Support For IE9

At MIX 10 Microsoft released a Platform Preview version of Internet Explorer’s latest version. The browser shows a lot of promise with a high ACID3 score compared to previous versions and that shown at PDC09, support for CSS 3, HTML 5 and Hardware Acceleration. The FAQ page of the the IE9 Platform Preview has the following:

Q. Does Platform Preview run on Windows XP?

A. No. Internet Explorer 9’s GPU-powered graphics take advantage of new technologies available in Windows 7 and back-ported only to Windows Vista. These technologies depend on advancements in the display driver model introduced first in Windows Vista.

According to an interview on in a QnA with the press Dean Hachamovitch confirmed that Internet Explorer Platform Preview only supports Vista SP2 and above, which is effectively Vista SP2 and Windows 7 RTM. The final versions of Internet Explorer 9 will not be supporting anything below Vista SP2 as well. The reason as stated is the GPU powered hardware acceleration that IE9 uses for a rich graphics experience.

Download Internet Explorer 9 (IE9) Preview With GPU Accelerated HTML5 Support

Today at MIX10, Microsoft unveiled the next generation of Internet Explorer browser, IE9. IE9 uses a new JavaScript engine called "Chakra" which has boosted it’s performance as compared to IE8 and browsers like 10.10 and Firefox 3.6, putting it behind Safari, and Opera 10.5.

IE9 Chakra JavaScript Performance

IE9 also supports   and CSS3, however, it falls way to shot in Acid3 tests scoring only 55/100 which is worse than most of the other browsers. IE9 supports GPU or hardware accelerated HTML5, which means that graphics and HTML5 videos will play much better on IE9 because it will utilize the graphics card for better performance.

ie9_preview_version

The IE blog has a much more detailed post on the new features in IE9. If you are interested, you can download a preview version of IE9 from here.