Is Internet Explorer 8 Ready for You? PDF Print E-mail
Application Software - Microsoft
Written by Chris Smith   
Wednesday, 25 March 2009 19:00

Support MC Press - Visit Our Sponsors

 

Forums Sponsor

 

 Popular Forums

POPULAR FORUMS

Forums

 

Search Sponsor
  
 

 Popular Searches

Search

Bad timing underscores vulnerability in the gold release of IE 8.

By Chris Smith

Microsoft released Internet Explorer 8 to the Web last week, prompting a rousing debate about which product is leading the pack in the browser wars.

 

But system administrators have questions they want answered: is it safe, and is it stable? Our considered reply: compared to what? They're all a bit soggy.

 

Being a bachelor has its advantages, but having good-quality, hot food available at a minimum of one refueling session a day is not one of them. I approach the refrigerator with the knowledge of too many stories written as a newspaper reporter about entire families being wiped out by food poisoning. I have been accused of relentlessly picking through my food with a fork, a habit acquired from eating at a potpourri of low-priced restaurants where finding foreign matter is not a fear; it's a duty.

 

I open my refrigerator door with one question in mind: is it fresh? Then the subordinate question floats up in my brain: compared to what? It's all relative. Do I discard the eggs that are two weeks out of date in favor of those only a week past their sell date? Or do I just assume they're all stale so I might as well consume the oldest ones first? It's a dicey game, and there are no winners. In fact, you could wind up a very big loser.

 

Having the bachelor experience surely is a prerequisite for being a sage IT administrator. Give it to Mikey; he'll eat anything. In short, go test your new browser on some poor department that is used to getting the worst products and service--like your own IT department! Microsoft drank its own Kool-Aid and has been using IE 8 internally for some time. They've survived, so go for it!

 

But wait...perhaps not yet. It's your job at stake, remember? I wrote about how to manage the Automatic Update release of IE 8 in "Ready or Not, Internet Explorer Is Headed Your Way" in the January 30, 2009, issue of MC Tips 'n Techniques. The question of when Microsoft will release IE 8 to AU depends on who you are. There are a series of dates for different sets of users. Microsoft's March 19 RTW was the first step in what one writer called, "a complex availability ballet for the browser that will stretch well into mid-2009." The first release wave (Wave 0) includes, in addition to English, a number of localized versions focused on Western and Eastern Europe.

 

During the week of April 20, Microsoft intends to release Wave 1 with localized versions for users in other Eastern European and several Far Eastern countries. For a complete listing, visit TechARP. Automatic Updates are slated for April 27, May 5, and June 24.

 

Currently, IE 8 is available for manual download and integration with 32-bit and 64-bit versions of Windows XP, including SP2 and SP3, Windows Vista RTM/SP1, Windows Server 2003, and Windows Server 2008.

 

The problem is, no sooner did Microsoft release the final version of IE 8 with its advanced security technology called Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) than someone hacked through them during a competition in Vancouver, B.C. I kid you not. The CanSecWest conference hosted its annual Pwn2Own contest where they pitted the major browsers--IE 8, Firefox, Safari, and Chrome (but not Opera)--against each other. According to Terri Forslof, manager of Security Response for TippingPoint, as reported in her blog, last year's winner, Charlie Miller, and a contestant known only as Nils knocked off three of the four browsers in a matter of minutes. Safari appeared to be the easiest to hack into, with IE 8 taking a little longer. Zero-day vulnerabilities were their Achilles heel, according to Forslof. The only browser that survived intrusion attempts all day was Google's Chrome.

 

As reported by Marius Oiaga in Softpedia, Microsoft later confirmed the zero-day vulnerability in IE 8. According to Forslof, a former security program manager at the company, the Microsoft Security Response Center (MSRC) had been able to reproduce and validate the vulnerability.

 

So far, no patch for IE 8, so I don't know if I'd want to consume that pizza quite yet. But then, who's really worried about a little dirt in their food anyway? So here is a download link for IE 8.

 

 


Chris Smith
About the Author:

Chris Smith was the Senior News Editor at MC Press Online from 2007 to 2012 and was responsible for the news content on the company's Web site. Chris has been writing about the IBM midrange industry since 1992 when he signed on with Duke Communications as West Coast Editor of News 3X/400. With a bachelor's from the University of California at Berkeley, where he majored in English and minored in Journalism, and a master's in Journalism from the University of Colorado, Boulder, Chris later studied computer programming and AS/400 operations at Long Beach City College. An award-winning writer with two Maggie Awards, four business books, and a collection of poetry to his credit, Chris began his newspaper career as a reporter in northern California, later worked as night city editor for the Rocky Mountain News in Denver, and went on to edit a national cable television trade magazine. He was Communications Manager for McDonnell Douglas Corp. in Long Beach, Calif., before it merged with Boeing, and oversaw implementation of the company's first IBM desktop publishing system there. An editor for MC Press Online since 2007, Chris has authored some 300 articles on a broad range of topics surrounding the IBM midrange platform that have appeared in the company's eight industry-leading newsletters. He can be reached at chriswriting@cs.com.

Read More >>
Last Updated on Friday, 06 May 2011 14:14
 
User Rating: / 0
PoorBest 
   MC-STORE.COM