After 21 years Microsoft's reign at the top of the browser market has officially come to an end! According to the most recent analytics Microsoft's Internet Explorer (IE) continued its downward spiral and has officially relinquished the No. 1 spot to Google's Chrome browser. Marking a major milestone not only in IE's 21-year lifespan, but a dramatic changing of the desktop browser guard.
Over the past several years Microsoft has seen Internet Explorer's market share repeatedly dip in favor of up and coming browsers from Google, Mozilla and Opera. However, not once have we seen any of those companies manage to topple Microsoft from the number one spot. According to U.S. analytics vendor Net Applications, during the month of April we saw Chrome do just that.
Net Applications reports that "IE" -- fell 2
percentage points in April, the fifth straight month of a loss greater
than a point, and the 16th of any size -- to end at 41.4% of the total
global browser user share. Meanwhile, Chrome climbed 2.6 percentage points to take a narrow lead with 41.7%.
Computerworld has attributed IE's decline to Microsoft's August 2014 announcement that users of older versions had to upgrade,
in most cases, to IE11, by Jan. 12, 2016. Since the announcement, IE
has lost more than 17.1 percentage points of user share, representing a 29%
decline.
By forcing customers to upgrade to a newer version of IE -- or
alternately, turn to Windows 10 and its default browser Edge -- Microsoft
demanded that users change browsers. That had appears to have had a disastrous impact on
IE's user share as people rethought their browser choice, and then
abandoned Microsoft's browsers for rivals' -- notably Chrome.
Another very plausible cause for users making the change, and one I see as being slightly more likely, is that more users are becoming more familiar with Chrome from the uptake in usage of Google's other services and through Android on their mobile devices. As more companies incorporate Google's services like Drive and Docs, more users are finding it easier to migrate to Chrome and its built in cross functionality. The same with Android users that may in the past have not seen the benefit of using Chrome but now are as they typically have a Google account and use Google's services through Android.
Showing posts with label internet explorer. Show all posts
Showing posts with label internet explorer. Show all posts
Sunday, May 01, 2016
Friday, January 08, 2016
Microsoft Officially Drops Security Support For Internet Explorer 8, 9, 10
We are at yet another Microsoft-imposed deadline, which heralds the end of support for outdated software. Next Tuesday will bring the first batch of Microsoft security bulletins for 2016 and it will also mark the end of security support for Internet Explorer versions 8, 9 and 10. Microsoft made the call almost 18 months ago, giving all of their customers and businesses ample time to prepare for the day when those versions of IE, battered by zero-days, exploit kits and targeted attacks, should be retired.
In reality, however, many users out there are either unwilling or unable to comply with these deadlines. This does not mean that we shouldn't take notice and shouldn't take Tuesday’s deadline seriously. In fact even if you aren't using IE on your own machine you should still be aware of the risks as they may potentially put businesses at risks and therefore may put your own personal data at risk as well!
Statistics from a number of sources show us that there is still a significant percentage of web traffic moving through IE. Netmarketshare.com, for example, says that while IE 11 holds more than 25 percent of market share, IE 8, 9 and 10 combined still account for more than 20 percent. Researchers at Duo Security, examining traffic moving through their services, put the percentage a bit higher for IE 9 and 10—almost 36 percent—running on Windows 7, 8, or 8.1.
Given that browsers historically offer hackers a much juicier attack surface than operating systems, folks may want to take Tuesday’s deadline seriously.
“In most cases an attacker will need to already have access to a local network or be able to trick users into opening malicious files as part of a successful attack leveraging Windows XP vulnerabilities,” said Tripwire security researcher Craig Young. “The web browser on the other hand is of course used to constantly process data from potentially untrusted sources leaving users exposed to a wide range of attack.”
Microsoft warns IE users that without action, after January 12, 2016, they will no longer provide security updates or technical support for older versions of Internet Explorer. Noting that security updates patch vulnerabilities that may be exploited by malware, helping to keep users and their data safer. Regular security updates help protect computers from malicious attacks, so upgrading and staying current is important.
For full details on the end of life cycle of Internet Explore and how you can update and protect own system you can read the Windows lifecycle FAQ sheet to learn more. If you have not yet updated to Internet Explorer you can do so via the Windows Update portion of the control panel or via Microsoft's Download Site.
Thursday, May 01, 2014
Microsoft Issues Internet Explorer Security Fix, Includes Windows XP One Last Time!
In light of recent news coverage over the last few days about a highly publicized vulnerability in Internet Explorer (IE) Microsoft has issued an emergency patch for the company's browser, which despite the end of support even includes Windows XP users.
"The security of our products is something we take incredibly seriously, so the news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us," said Adrienne Hall, general manager with the company's Trustworthy Computing section on a Microsoft tech blog.
The fix, which went live today at 10 a.m. PDT, is coming outside of Microsoft's usual monthly security update cycle and is a direct response to ongoing attacks of a security vulnerability that plagued all version of Internet Explorer. The security flaw allowed malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.
Today's update is being pushed out via automatic updates for those with the featured enabled. If for some reason you aren't running automatic updates you can click the “Check for Updates” button on the Windows Update portion of your Control Panel to manually get the update process going.
Even though Windows XP is no longer supported by Microsoft the company has decided to give users a reprieve and update their systems as well. Stating:
Despite making today’s patch available for XP users as well, Microsoft still recommends users upgrade to new versions of Windows, Windows 7 or 8. Security experts, including U.S. CERT, recommended that users avoid using the maligned browser until a patch was made available. It is also recommended that even if you aren't running Internet Explorer as your main browser that you still install the update as it is always vital to keep your entire system patched to the fullest possible extent.
"The security of our products is something we take incredibly seriously, so the news coverage of the last few days about a vulnerability in Internet Explorer (IE) has been tough for our customers and for us," said Adrienne Hall, general manager with the company's Trustworthy Computing section on a Microsoft tech blog.
The fix, which went live today at 10 a.m. PDT, is coming outside of Microsoft's usual monthly security update cycle and is a direct response to ongoing attacks of a security vulnerability that plagued all version of Internet Explorer. The security flaw allowed malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.
Today's update is being pushed out via automatic updates for those with the featured enabled. If for some reason you aren't running automatic updates you can click the “Check for Updates” button on the Windows Update portion of your Control Panel to manually get the update process going.
Even though Windows XP is no longer supported by Microsoft the company has decided to give users a reprieve and update their systems as well. Stating:
Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today. We made this exception based on the proximity to the end of support for Windows XP. The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown. Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously. We absolutely do.
Despite making today’s patch available for XP users as well, Microsoft still recommends users upgrade to new versions of Windows, Windows 7 or 8. Security experts, including U.S. CERT, recommended that users avoid using the maligned browser until a patch was made available. It is also recommended that even if you aren't running Internet Explorer as your main browser that you still install the update as it is always vital to keep your entire system patched to the fullest possible extent.
Monday, April 28, 2014
The Department of Homeland Security Issues Internet Explorer Warning
Amidst ongoing reports that a recently discovered zero-day exploit is being used to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. The US Department of Homeland Security has issued a warning urging everyone to stop using IE until the exploit is patched!
The vulnerability, which was first discovered over the weekend has been confirmed by numerous sources an advisory issued by Microsoft to be currently active in 'limited attacks' in the wild. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm FireEye, which first reported the flaw Friday.
The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.
While the Microsoft security advisory offers some suggested actions there was no word as to when we'll see a patch from for the flaw. Given that we feel the best course of action would be to stop using Internet Explorer entirely and switch to Google's Chrome, Mozilla Firefox or another browser of choice (not one back-boned by IE of course).
In a separate set of attacks, security researchers have also warned of an active campaign that was targeting a critical vulnerability in fully patched versions of Adobe's ubiquitous Flash media player. These attacks threatened not only Windows based PCs but OS X and Linux as well causing Adobe too issue an emergency update.
The vulnerability was fixed in the newly released Flash Player 13.0.0.206 for Windows and Mac and Flash Player 11.2.202.350 for Linux. The Flash Player versions bundled with Google Chrome, Internet Explorer 10 on Windows 8 and Internet Explorer 11 on Windows 8.1, will get the fix automatically through the respective update mechanisms of those browsers.
US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.
US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available.
For more details, please see VU#222929.
The vulnerability, which was first discovered over the weekend has been confirmed by numerous sources an advisory issued by Microsoft to be currently active in 'limited attacks' in the wild. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm FireEye, which first reported the flaw Friday.
The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.
While the Microsoft security advisory offers some suggested actions there was no word as to when we'll see a patch from for the flaw. Given that we feel the best course of action would be to stop using Internet Explorer entirely and switch to Google's Chrome, Mozilla Firefox or another browser of choice (not one back-boned by IE of course).
In a separate set of attacks, security researchers have also warned of an active campaign that was targeting a critical vulnerability in fully patched versions of Adobe's ubiquitous Flash media player. These attacks threatened not only Windows based PCs but OS X and Linux as well causing Adobe too issue an emergency update.
The vulnerability was fixed in the newly released Flash Player 13.0.0.206 for Windows and Mac and Flash Player 11.2.202.350 for Linux. The Flash Player versions bundled with Google Chrome, Internet Explorer 10 on Windows 8 and Internet Explorer 11 on Windows 8.1, will get the fix automatically through the respective update mechanisms of those browsers.
Tuesday, February 26, 2013
Internet Explorer 10 Now Available On Windows 7
Microsoft has officially released Internet Explorer 10 for Windows 7. The browser which offers a few new features over the current latest release, IE9, has been available since late October for users of Windows 8, but now becomes available for the 700 million or so users of Windows 7.
Internet Explorer 10 for Windows 7 packs some new usability features, including integrated spell checking and auto-correct features. There is also better support for the latest Web standards such as HTML 5, and "Do Not Track" which asks websites not to track the users’ browsing history in order to serve targeted ads—is enabled by default. For those looking for more speed and better efficiency Microsoft claims that IE 10 offers improved JavaScript performance that helps IE 10 run at up to 20 percent faster speeds than IE 9.
Microsoft said they will begin auto updating Windows 7 customers to IE10 in the weeks ahead, starting today with customers running the IE10 Release Preview. For those of you that don't want to wait for the update to hit Windows Update you can download the new browser directly from Microsoft and for more details on the changes and improvements Internet Explore 10 offers check out Microsoft's official blog posting of the release.
Internet Explorer 10 for Windows 7 packs some new usability features, including integrated spell checking and auto-correct features. There is also better support for the latest Web standards such as HTML 5, and "Do Not Track" which asks websites not to track the users’ browsing history in order to serve targeted ads—is enabled by default. For those looking for more speed and better efficiency Microsoft claims that IE 10 offers improved JavaScript performance that helps IE 10 run at up to 20 percent faster speeds than IE 9.
Microsoft said they will begin auto updating Windows 7 customers to IE10 in the weeks ahead, starting today with customers running the IE10 Release Preview. For those of you that don't want to wait for the update to hit Windows Update you can download the new browser directly from Microsoft and for more details on the changes and improvements Internet Explore 10 offers check out Microsoft's official blog posting of the release.
Tuesday, November 13, 2012
Internet Explorer 10 Preview For Windows 7 Now Available
Microsoft has officially released the "Preview Version" of Internet Explorer 10 for Windows 7. This latest version of Microsoft's web browser made its debut with the Windows 8 consumer preview and later in the full blown releases of Windows 8 and Windows RT.
For the most part Windows 7 users won't see much of a difference between IE10 and IE9. Microsoft hasn't done much to change the UI and most of the significant changes were targeted mainly for the "metro" styling and touch friendliness of Windows 8. Some of the significant changes are largely about performance improvements and security rather than big features. The browser has support for more standards-based features, such as 3D transforms, transitions and animations in CSS, and HTML5 spell-checking. Microsoft has also worked on improving JavaScript performance.
Internet Explorer 10 adds more security with Do Not Track enabled by default and full support for HTML5 Sandbox technology. This feature allows developers and users to lock out specific attributes. Another main feature is an optional “Enhanced Protected Mode,” which completely locks down parts of the operating system that the browser typically doesn't need to access. For instance, with this protected mode enabled, the browser can't access your Documents folder unless you're performing a specific action, such as choosing a file through Explorer dialog. The idea is to keep documents safe even if an attacker has exploited a vulnerability in the browser or an add-on. This feature can be enabled through Internet Options > Advanced > “Enabled Enhanced Protected Mode.”
The Internet Explorer 10 Preview comes in both 32 and 64 bit variants and can be downloaded at the following links: 32-bit IE 10 Windows 7 and 64-bit IE 10 for Windows 7.
Microsoft is not providing a date as to when it expects to release the final version of IE10 for Windows 7. It's also not known if there will be additional preview builds before the final is out. Company officials say all of this will be determined by customer feedback.
For the most part Windows 7 users won't see much of a difference between IE10 and IE9. Microsoft hasn't done much to change the UI and most of the significant changes were targeted mainly for the "metro" styling and touch friendliness of Windows 8. Some of the significant changes are largely about performance improvements and security rather than big features. The browser has support for more standards-based features, such as 3D transforms, transitions and animations in CSS, and HTML5 spell-checking. Microsoft has also worked on improving JavaScript performance.
Internet Explorer 10 adds more security with Do Not Track enabled by default and full support for HTML5 Sandbox technology. This feature allows developers and users to lock out specific attributes. Another main feature is an optional “Enhanced Protected Mode,” which completely locks down parts of the operating system that the browser typically doesn't need to access. For instance, with this protected mode enabled, the browser can't access your Documents folder unless you're performing a specific action, such as choosing a file through Explorer dialog. The idea is to keep documents safe even if an attacker has exploited a vulnerability in the browser or an add-on. This feature can be enabled through Internet Options > Advanced > “Enabled Enhanced Protected Mode.”
The Internet Explorer 10 Preview comes in both 32 and 64 bit variants and can be downloaded at the following links: 32-bit IE 10 Windows 7 and 64-bit IE 10 for Windows 7.
Microsoft is not providing a date as to when it expects to release the final version of IE10 for Windows 7. It's also not known if there will be additional preview builds before the final is out. Company officials say all of this will be determined by customer feedback.
Thursday, June 14, 2012
Australian Tech Retailer Taxes Internet Explorer 7 Users
Any webmaster out there knows that developing websites with cross browser support can at times be messy. A site that looks and performs great on one browser might not performs so well on another. Well one internet guru is taking matters into his own hands by implementing what he believes to be “the world’s first ‘Internet Explorer 7 Tax.’”
Ruslan Kogan may not be a known entity in the U.S. (yes I had to look it up when I first read this story), is well know in the land down under. The Australian entrepreneur is a pioneer of online retail and happens to be the country’s wealthiest self-made person under the age of 30. Kogan founded Kogan.com, a manufacturer and direct retailer of consumer electronics that’s projected to hit over $100 million in sales this year. But, more importantly, the guy seems to hate the fact that his developers have to spend added time, and money developing his sites that already run seamlessly on Firefox, Chrome and Opera by building a friendly version of the site for Internet Explorer 7 users.
He hates it so much that he is willing to wage war against IE7 and charge his customers a 6.8% tax on any item purchased on his site.
In a posting on his official blog Kogan explains his reasoning
Now we may all laugh at this at first, but think about it. If it takes me an extra hour or two to develop a site for an older browser. That is cost out of my pocket. So why not pass some of the expense on. By means of telling you you need to upgrade, Kogan is actually doing you a favor. Once, by added security, and again by saving you the cost he is imposing.
Now obviously this is a bit of a PR stunt. Those Aussie's are well known for pulling off lavish stunts like this just to garner a bit of fame around the world. But it does have some merit. I'd just like to seem him take it a step further and add in a warning for users of any dated browser not just IE7. I mean IE7 isn't really that old, or that bad. It has been a bit of a P.I.T.A. to code for but at least its not IE6 or early editions of some of the other browsers with loads of security holes.
Ruslan Kogan may not be a known entity in the U.S. (yes I had to look it up when I first read this story), is well know in the land down under. The Australian entrepreneur is a pioneer of online retail and happens to be the country’s wealthiest self-made person under the age of 30. Kogan founded Kogan.com, a manufacturer and direct retailer of consumer electronics that’s projected to hit over $100 million in sales this year. But, more importantly, the guy seems to hate the fact that his developers have to spend added time, and money developing his sites that already run seamlessly on Firefox, Chrome and Opera by building a friendly version of the site for Internet Explorer 7 users.
He hates it so much that he is willing to wage war against IE7 and charge his customers a 6.8% tax on any item purchased on his site.
In a posting on his official blog Kogan explains his reasoning
Today at Kogan we've implemented the world's first "Internet Explorer 7 Tax". The new 6.8% tax comes into effect today on all products purchased from Kogan.com by anyone still insistent on using the antique browser.
The way we've been able to keep our prices so low is by using technology to make our business efficient and streamlined. One of the things stopping that is our web team having to spend a lot of time making our new website look normal on IE7. This is an extremely old browser, so from today, anyone buying from the site who uses IE7 will be lumped with a 6.8% surcharge - that's 0.1% for each month IE7 has been on the market:
As Internet citizens, we all have a responsibility to make the Internet a better place. By taking these measures, we are doing our bit. This will help us increase our efficiency, help keep prices for all smart shoppers down, and hopefully help eradicate the world of the pain in the rear that is IE7!
So, what are you waiting for? Time to upgrade your browser!
Now we may all laugh at this at first, but think about it. If it takes me an extra hour or two to develop a site for an older browser. That is cost out of my pocket. So why not pass some of the expense on. By means of telling you you need to upgrade, Kogan is actually doing you a favor. Once, by added security, and again by saving you the cost he is imposing.
Now obviously this is a bit of a PR stunt. Those Aussie's are well known for pulling off lavish stunts like this just to garner a bit of fame around the world. But it does have some merit. I'd just like to seem him take it a step further and add in a warning for users of any dated browser not just IE7. I mean IE7 isn't really that old, or that bad. It has been a bit of a P.I.T.A. to code for but at least its not IE6 or early editions of some of the other browsers with loads of security holes.
Saturday, March 10, 2012
Firefox, Chrome And IE9 All Fall At Pwn2Own 2012
This year's Pwn2Own hacking contest saw almost all of your favorite browsers falling to "zero-day" exploits with only Apple's Safari standing untested at the end of the day.
HP TippingPoint's Zero Day Initiative (ZDI), Pwn2Own's sponsor, as well as Google who sponsored their first-ever hacking event called "Pwnium," have confirmed that Chrome, Internet Explorer 9 (IE9) and Firefox have all fallen to zero-day attacks exploiting a previously unknown vulnerability in the most up-to-date versions of each browser. In each case the security teams were able to bypass the browsers security to take complete control of the target machine and run malicious code.
ZDI has confirmed that for the first year Safari was the only browser not attacked.
This marks a significant change for Google. As to date, there are no known reports of a zero-day attack ever hitting Chrome in the wild, and at the previous three years' contests, Chrome was the only browser to escape unscathed. With Internet Explorer, Firefox, and Safari all being brought down by exploits.
Final results from Pwn2Own 2012: 1 Chrome and 1 Internet Explorer 0day from @VUPEN and 1 Firefox 0day from @_snagg and @_dvorak_. @VUPEN took 1st place netting $60k while @_snagg, and @_dvorak_ too 2nd places netting $30k.
Google also paid out $60k to Sergey Glazunov, a regular Chrome bug hunter, who during the first day of the contest, demonstrated an exploit that completely bypassed Chrome's sandbox. This exploit was later fixed and detailed by Google's Chrome team in a security update.
HP TippingPoint's Zero Day Initiative (ZDI), Pwn2Own's sponsor, as well as Google who sponsored their first-ever hacking event called "Pwnium," have confirmed that Chrome, Internet Explorer 9 (IE9) and Firefox have all fallen to zero-day attacks exploiting a previously unknown vulnerability in the most up-to-date versions of each browser. In each case the security teams were able to bypass the browsers security to take complete control of the target machine and run malicious code.
ZDI has confirmed that for the first year Safari was the only browser not attacked.
This marks a significant change for Google. As to date, there are no known reports of a zero-day attack ever hitting Chrome in the wild, and at the previous three years' contests, Chrome was the only browser to escape unscathed. With Internet Explorer, Firefox, and Safari all being brought down by exploits.
Final results from Pwn2Own 2012: 1 Chrome and 1 Internet Explorer 0day from @VUPEN and 1 Firefox 0day from @_snagg and @_dvorak_. @VUPEN took 1st place netting $60k while @_snagg, and @_dvorak_ too 2nd places netting $30k.
Google also paid out $60k to Sergey Glazunov, a regular Chrome bug hunter, who during the first day of the contest, demonstrated an exploit that completely bypassed Chrome's sandbox. This exploit was later fixed and detailed by Google's Chrome team in a security update.
Tuesday, April 12, 2011
Internet Explorer 10 Platform Preview Now Available
Many of us are still getting use to using the newly released Internet Explorer 9 but Microsoft isn't resting. The company has recently made available the Internet Explorer 10 Platform Preview.
Much like the IE9 Platform Preview that was released before the browser's beta, RC, and final release builds, there isn't a whole lot going on with the IE10 preview at this point. There isn't any real UI to play with and no amenities like tabbed browsing, though you can run Microsoft's HTML5 demos, including brand new ones like Fishbowl, an update to the original FishIE tank.
There are several other tests avaialbe that show off some of the HTML5 and CSS3 features as well as speed demos showing off gpu acceleration. You can run these at www.ietestdrive.com to see emerging standards like CSS3 Multi-column Layout (link), CSS3 Grid Layout (link) and CSS3 Flexible Box Layout (link), CSS3 Gradients (link), and ES5 Strict Mode in action. MS also demonstrated additional standards support (like CSS3 Transitions (link) and CSS3 3D Transforms (link)) that will be available in subsequent platform previews of IE10, which we will update every 8-12 weeks.
For more details checkout the IEBlog -
Native HTML5: First IE10 Platform Preview Available for Download
Much like the IE9 Platform Preview that was released before the browser's beta, RC, and final release builds, there isn't a whole lot going on with the IE10 preview at this point. There isn't any real UI to play with and no amenities like tabbed browsing, though you can run Microsoft's HTML5 demos, including brand new ones like Fishbowl, an update to the original FishIE tank.
There are several other tests avaialbe that show off some of the HTML5 and CSS3 features as well as speed demos showing off gpu acceleration. You can run these at www.ietestdrive.com to see emerging standards like CSS3 Multi-column Layout (link), CSS3 Grid Layout (link) and CSS3 Flexible Box Layout (link), CSS3 Gradients (link), and ES5 Strict Mode in action. MS also demonstrated additional standards support (like CSS3 Transitions (link) and CSS3 3D Transforms (link)) that will be available in subsequent platform previews of IE10, which we will update every 8-12 weeks.
For more details checkout the IEBlog -
Native HTML5: First IE10 Platform Preview Available for Download
Tuesday, March 15, 2011
Internet Explorer 9 Officially Released
I've been running the beta and release candidate and have to say IE9 is by far my favorite version to date. It is far snappier than previous version. The tab function is much improved, there are more add-ons that have greater functionality and feel and the overall fit and finish of the browser seem much cleaner than previous releases.
As expected IE 9 features almost all of the enhancements shown in both the beta and release candidate. With improvements made to the new Tracking Protection feature, several user interface tweaks, more support for the emerging web standards like HTML support as well as support for Canvas, SVG and CSS3 properties. There were also improvements made to the InPrivate filtering feature. This new feature allows users to filter out content from external domains, such as Google Analytics scripts, Facebook buttons, counting pixels and externally hosted scripts. It uses blacklists and whitelists, making it similar to ad blocker extensions such as AdBlock Plus. Microsoft does not itself intend to publish tracking protection lists, but does host them.
On the performance end Microsoft has tweaked the JavaScript engine which according to MS now offers JavaScript performance comparable to that of Google's Chrome 10 and Firefox 4. During my initial use I can say it feels faster than previous versions of IE but I don't see it being anywhere near the speeds of Chrome. MS is also boasting greater hardware acceleration with additional tuning for low-end GPUs
More information is available at http://www.BeautyoftheWeb.com and for more on the new features and design changes see what's changed.
Wednesday, March 09, 2011
Pwn2Own Day One: No Surprises Here Safari, IE Both Hacked
For followers of the now highly publicized Pwn2Own hacking contest it should come as little surprise that both Apple's Safari and Microsoft's Internet Explorer have fallen of the first day.
Taking just short of 5 seconds and despite a last-minute update from Apple, Safari was the first to be cracked by security researchers from the French penetration test company VUPEN. Reportedly the team used a known flaw in Apple's Calculator program to execute a bypass of ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two key anti-exploit mitigations built into Mac OS X.
Apple had released a last minute update that patched 62 vulnerabilities in various aspects of Safari 5.0.3. This however was of little consequence to the contest at the MacBook Air used in the contest was still running the older un-patched version. TippingPoint can not disclose the nature of the vulnerability but has said the vulnerability used by Vupen to hack Safari has not been fixed in 5.0.4, otherwise they would not have awarded the $15,000 prize.
VUPEN won a $15,000 cash prize and an Apple MacBook Air 13″ running Mac OS X Snow Leopard.
A second researcher, Stephen Fewer, successfully hacked into a 64-bit Windows 7 machine running Internet Explorer 8 using three different vulnerabilities and custom exploits. Fewer used two different zero-day bugs in IE that he’d found previously to get reliable code execution, and then exploited a third vulnerability that allowed him to jump out of the IE Protected Mode sandbox to get to the operating system.
Like VUPEN, Fewer’s attack also successfully bypassed DEP and ASLR in Windows 7. Fewer won a $15,000 cash prize and a new Sony Vaio laptop running Windows 7 for being the first contestant to hack the Windows browser.
Firefox and Google Chrome stood untested, with the attempts at hacking Firefox being rescheduled to Thursday and the contestants scheduled to test Google Chrome being no shows. Thursday will also feature attempts at hacking the four smartphones slated for this year including and iPhone 4 running Apple's iOS 4.2, a Nexus S running Google's Android (version unknown), a Dell Venue Pro running Windows 7 and a Blackberry Torch 9800 running the Blackberry 6 OS. TippingPoint will award $15,000 for the first hack of each of the smartphones.
The contest will continue through the CanSecWest conference ending March 11th.
Taking just short of 5 seconds and despite a last-minute update from Apple, Safari was the first to be cracked by security researchers from the French penetration test company VUPEN. Reportedly the team used a known flaw in Apple's Calculator program to execute a bypass of ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two key anti-exploit mitigations built into Mac OS X.
Apple had released a last minute update that patched 62 vulnerabilities in various aspects of Safari 5.0.3. This however was of little consequence to the contest at the MacBook Air used in the contest was still running the older un-patched version. TippingPoint can not disclose the nature of the vulnerability but has said the vulnerability used by Vupen to hack Safari has not been fixed in 5.0.4, otherwise they would not have awarded the $15,000 prize.
VUPEN won a $15,000 cash prize and an Apple MacBook Air 13″ running Mac OS X Snow Leopard.
A second researcher, Stephen Fewer, successfully hacked into a 64-bit Windows 7 machine running Internet Explorer 8 using three different vulnerabilities and custom exploits. Fewer used two different zero-day bugs in IE that he’d found previously to get reliable code execution, and then exploited a third vulnerability that allowed him to jump out of the IE Protected Mode sandbox to get to the operating system.
Like VUPEN, Fewer’s attack also successfully bypassed DEP and ASLR in Windows 7. Fewer won a $15,000 cash prize and a new Sony Vaio laptop running Windows 7 for being the first contestant to hack the Windows browser.
Firefox and Google Chrome stood untested, with the attempts at hacking Firefox being rescheduled to Thursday and the contestants scheduled to test Google Chrome being no shows. Thursday will also feature attempts at hacking the four smartphones slated for this year including and iPhone 4 running Apple's iOS 4.2, a Nexus S running Google's Android (version unknown), a Dell Venue Pro running Windows 7 and a Blackberry Torch 9800 running the Blackberry 6 OS. TippingPoint will award $15,000 for the first hack of each of the smartphones.
The contest will continue through the CanSecWest conference ending March 11th.
Thursday, February 10, 2011
Microsoft Says IE9 Is Now 'Feature Complete' Gives Users A Release Candidate
According to Microsoft the latest version of Internet Explorer (IE9) is all but ready to be released to the masses. So today the company release what it is calling a Feature Complete Release Candidate (RC). Readers wanting to checkout the new RC can download it via Beauty of the Web.
“The release candidate is a major milestone that signals it’s time for developers to start taking advantage of IE9’s features,” Ismail said. “Our focus with IE9 has been on creating the platform for the next class of Web experiences built around HTML5 and tapping into the power of the whole PC.”
“The release candidate is a major milestone that signals it’s time for developers to start taking advantage of IE9’s features,” Ismail said. “Our focus with IE9 has been on creating the platform for the next class of Web experiences built around HTML5 and tapping into the power of the whole PC.”
The IE9 RC introduces several features that build on those themes and on extensive feedback from users. These include smaller changes like being able to close a tab without making it active – a small addition that users really care about, Ismail said.
But there are also bigger changes. IE9 has made improvements to Pinned Sites, which enables users to take their favorite sites and place them directly on the Windows 7 Taskbar like any other application. “A pinned site is more than just a shortcut,” Ismail said. “We have already seen sites use this to create experiences that are always visible to the user and pull the users back into the experience with notifications as important things happen.”
Other major improvements include the new Tracking Protection feature, some user interface tweaks, more support for the emerging HTML5 Web standard, and even faster performance on standard benchmarks.
The Tracking Protection feature is the new privacy feature in Internet Explorer 9 designed to help keep third-party websites from tracking your Web behavior. With Tracking Protection, consumers can filter content in a page that may have an impact on privacy. Here you see a stock ticker, links for social sharing, videos, advertisements and single pixel images used for tracking page usage by third parties.
Wednesday, January 05, 2011
Firefox Dethrones Internet Explorer, In Europe Anyways
According to data compiled by web analytics company StatCounter, Firefox bumped Internet Explorer (IE) as the dominant browser in Europe at the end of 2010. According to the numbers compiled by StatCounter's research arm StatCounter Global Stats during December 38.11% of internet page views involved Mozilla's Firefox web browser, while Internet Explorer fell back to second place with 37.52%. Google Chrome made a strong showing coming in third place at 14.58%.
"This is the first time that IE has been dethroned from the number one spot in a major territory," commented Aodhan Cullen, CEO, StatCounter. "This appears to be happening because Google's Chrome is stealing share from Internet Explorer while Firefox is mainly maintaining its existing share."
Google Chrome is gaining market share in Europe which shows with their strong third place ranking. The 14.58% share Google Chrome holds is nearly triple that of 2009 which in comparison was 5.06% in December last year. "We are probably seeing the impact of the agreement between European Commission competition authorities and Microsoft, to offer EU users a choice and menu of browsers from March last," added Aodhan Cullen.
The news comes on the heels of reports that IE lost 1.4 percentage points of overall usage share in December which accounts for one of the largest one-month decline in more than two years. Chrome was again the prime beneficiary of IE's slide, as Google's browser reached the 10% milestone worldwide for the first time ever. According to Aliso Viejo, Calif.-based Net Applications, IE's total share fell to 57.1%, another record low for the Microsoft-made browser. IE has lost 5.6 percentage points in the last 12 months, and 10.7 points since IE8 was introduced in March 2009.
"This is the first time that IE has been dethroned from the number one spot in a major territory," commented Aodhan Cullen, CEO, StatCounter. "This appears to be happening because Google's Chrome is stealing share from Internet Explorer while Firefox is mainly maintaining its existing share."
Google Chrome is gaining market share in Europe which shows with their strong third place ranking. The 14.58% share Google Chrome holds is nearly triple that of 2009 which in comparison was 5.06% in December last year. "We are probably seeing the impact of the agreement between European Commission competition authorities and Microsoft, to offer EU users a choice and menu of browsers from March last," added Aodhan Cullen.
The news comes on the heels of reports that IE lost 1.4 percentage points of overall usage share in December which accounts for one of the largest one-month decline in more than two years. Chrome was again the prime beneficiary of IE's slide, as Google's browser reached the 10% milestone worldwide for the first time ever. According to Aliso Viejo, Calif.-based Net Applications, IE's total share fell to 57.1%, another record low for the Microsoft-made browser. IE has lost 5.6 percentage points in the last 12 months, and 10.7 points since IE8 was introduced in March 2009.
Thursday, November 04, 2010
Facebook's New Font Size To Small? I've Got A Quick Fix
Facebook users out there might have noticed that Facebook has recently adjusted their page settings using not only a smaller font but what also appears to be smaller images. At first I thought it was just me until I saw a slew of complaints over on Twitter. Well no fear there is a quick easy remedy for anyone out there that is having issues.
For those of you with a scroll mouse the quickest easiest way is to hold down the control (CTRL) key and scroll the wheel up or down. This will adjust the entire page zoom so be prepared your images and everything will get bigger.
For you Firefox users out there look at your command tool bar select View (or alt V) then Zoom. Again this zooms the entire page in or out so your fonts and images will get bigger or smaller. If you just want to change font sizes select zoom just text.
IE users need to select Page from the command tool bar. There you'll see the zoom options or text options and similar to FF you can adjust just the text or the whole page.
Tip: You may want to adjust the font size only otherwise your pictures will look a little fuzzy.
All browsers including Google Chrome and Opera should have similar settings that allow a quick page zoom. Alternatively you can adjust your browser settings to set custom fonts and size, however the above described options are the easiest route for most users. They also allow you to change your zoom back and forth if another page is too large.
For those of you with a scroll mouse the quickest easiest way is to hold down the control (CTRL) key and scroll the wheel up or down. This will adjust the entire page zoom so be prepared your images and everything will get bigger.
For you Firefox users out there look at your command tool bar select View (or alt V) then Zoom. Again this zooms the entire page in or out so your fonts and images will get bigger or smaller. If you just want to change font sizes select zoom just text.
IE users need to select Page from the command tool bar. There you'll see the zoom options or text options and similar to FF you can adjust just the text or the whole page.
Tip: You may want to adjust the font size only otherwise your pictures will look a little fuzzy.
All browsers including Google Chrome and Opera should have similar settings that allow a quick page zoom. Alternatively you can adjust your browser settings to set custom fonts and size, however the above described options are the easiest route for most users. They also allow you to change your zoom back and forth if another page is too large.
Tuesday, September 14, 2010
Internet Explorer 9 Beta Available Tomorrow
The Internet Explorer 9 Platform Preview has been available for quite awhile and gives users a pretty good look at what the new browser will look like. This however will be a full beta release that should have most of the new features that will be packaged into the final version.
You can checkout the countdown to the Internet Explorer 9 Beta celebration at MS' Beauty of the Web page which will provide full details on download information on 9/15.
Keep in mind this will be a beta release so you may want to hold of installing it on any critical machines.
Wednesday, March 24, 2010
Windows 7 And IE8 Fall At Pwn2Own
So far the hackers are three for three at Pwn2Own, with the ZDI now confirming that Windows 7 and Internet Explorer 8 have fallen.
It'll be interesting to see if the rest of the smartphones the, RIM Blackberry Bold 9700, Nokia E72 device running Symbian and HTC Nexus One running Android as well as the two browsers Google Chrome 4 and Mozilla Firefox 3 can withstand the onslaught.
Update: Via Threat Post
Dutch hacker Peter Vreugdenhil pulled off an impressive CanSecWest Pwn2Own victory here, hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.
Vreugdenhil, an independent researcher who specializes in finding and exploiting client-side vulnerabilities, used several tricks to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two significant security protections built into the Windows platform.
“I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP bypass,” he added.
Update: Via PCWorld
"[The exploit] reuses Microsoft's own code to disable DEP," said Vreugdenhil. "You can reuse Microsoft's own code to disable memory protection."
In a paper he published today ( download PDF ), Vreugdenhil spelled out how he evaded both ASLR and DEP in more detail.
"It was a two-step exploitation," Vreugdenhil said of the unusual attack. "I could have done it with one, but it would have taken too long." Using the double-exploit technique gave him control of the machine in a little over two minutes; if he had used only one exploit, the task would have required 50-60 minutes.
"I didn't know how much time I would have at Pwn2Own," he said, referring to the constraints of the contest, where hackers had limited time slots. And he didn't want to bore his audience. "I put some eye candy in the exploit," he said, referring to a progress bar he inserted that read "Please be patient while you are being exploited..."
@thezdi Peter Vreugdenhil (@WTFuzz) succeeded against Internet Explorer 8 on Windows 7 with a technically impressive exploit bypassing DEP.
It'll be interesting to see if the rest of the smartphones the, RIM Blackberry Bold 9700, Nokia E72 device running Symbian and HTC Nexus One running Android as well as the two browsers Google Chrome 4 and Mozilla Firefox 3 can withstand the onslaught.
Update: Via Threat Post
Dutch hacker Peter Vreugdenhil pulled off an impressive CanSecWest Pwn2Own victory here, hacking into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.
Vreugdenhil, an independent researcher who specializes in finding and exploiting client-side vulnerabilities, used several tricks to bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), two significant security protections built into the Windows platform.
“I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP bypass,” he added.
Update: Via PCWorld
"[The exploit] reuses Microsoft's own code to disable DEP," said Vreugdenhil. "You can reuse Microsoft's own code to disable memory protection."
In a paper he published today ( download PDF ), Vreugdenhil spelled out how he evaded both ASLR and DEP in more detail.
"It was a two-step exploitation," Vreugdenhil said of the unusual attack. "I could have done it with one, but it would have taken too long." Using the double-exploit technique gave him control of the machine in a little over two minutes; if he had used only one exploit, the task would have required 50-60 minutes.
"I didn't know how much time I would have at Pwn2Own," he said, referring to the constraints of the contest, where hackers had limited time slots. And he didn't want to bore his audience. "I put some eye candy in the exploit," he said, referring to a progress bar he inserted that read "Please be patient while you are being exploited..."
Thursday, March 19, 2009
Internet Explorer 8 Officially Released
Microsoft Announces Availability of Internet Explorer 8
New browser focuses on top customer needs, including security, ease of use and performance.
New browser focuses on top customer needs, including security, ease of use and performance.
REDMOND, Wash. — March 18, 2009 — Today Microsoft Corp. announced the availability of Windows Internet Explorer 8, the new Web browser that offers the best solution for how people use the Web today. It can be downloaded in 25 languages at http://www.microsoft.com/ie8 starting at noon EDT on March 19. Internet Explorer 8 is easier to use, faster and offers leading-edge security features in direct response to people’s increasing concerns about online safety. A new study commissioned by Microsoft and the National Cyber Security Alliance and conducted by Harris Interactive Inc. shows that 91 percent of adults in the U.S. are concerned about online threats in the current economic climate, and 78 percent are more likely to choose a Web browser with built-in security than they were two years ago.
In response to extensive customer research and input from tens of millions of customer sessions, Microsoft developed Internet Explorer 8 to focus on what matters most to people. The security enhancements offer protection against existing and emerging security threats online. It blocks two to four times more malware attacks than other browsers; cuts down on the time it takes to complete common tasks on the Web such as searching, mapping and sharing, including navigating 15 of the 20 top worldwide sites; and blurs the lines between the services they use daily and the browser used to access the Internet.
Helps Protect People From Online Threats
The new study released today reinforces the importance of safety in browsing, indicating that 78 percent of people are more likely than they were two years ago to choose a browser that includes built-in protection against security threats without them having to go online to download additional programs or browser add-ons. It also showed that 91 percent of adults in the U.S. are concerned about online fraud and identity theft in today’s economic climate, and 37 percent are less likely to shop online because they would have to give their personal information.
Internet Explorer 8 offers the best security protections among leading browsers: a study released today by NSS Labs indicates that Internet Explorer 8 blocks two to four times as many malicious sites as other browsers on the market today.
Makes Common Online Tasks Faster and Easier
In addition to offering improved security and privacy protections, Internet Explorer 8 is one of the fastest browsers on the market today, beating other top browsers in page load time on almost 50 percent of the 25 top comScore Inc. Web sites.* It also helps people save time while using the Web with easy-to-use new features, including the following:
- Accelerators. Accelerators make it faster and easier to perform common tasks online by making Web-based services such as ESPN.com, Live Search and Sina available for use directly from the page people are viewing. Users can simply right-click a word or phrase and instantly map, e-mail, or share it.
- Web Slices. Web Slices in Internet Explorer 8 makes favorite information from sites such as Digg, Yahoo! Mail, OneRiot, and eBay instantly available wherever someone goes on the Web.
- Visual search suggestions. The Instant Search Box in Internet Explorer 8 enables rich, real-time search from sites such as The New York Times, Amazon.com and Wikipedia, as well as sites from people’s own Favorites and History, complete with visuals and detailed information that saves time.
“The new ESPN Web Slices on Internet Explorer 8 make it easy for sports fans to check on the latest news and sports videos in a new and exciting way,” said Jason Guenther, vice president of technology and product development at ESPN Digital Media. “We have a heritage of leveraging technology to deliver the best sports content to fans, and this is another example of our dedication to that.”
Available for Download
Internet Explorer 8 will be available for download at noon EDT in 25 languages, including Arabic, Chinese (Traditional, Simplified and Hong Kong), Czech, Danish, Dutch, English, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean, Norwegian, Portuguese (Brazil and Portugal), Polish, Russian, Spanish, Swedish and Turkish. More information and a download of Internet Explorer 8 (as of noon EDT on March 19) can be found at http://www.microsoft.com/ie8.
Microsoft will showcase the final browser and outline benefits and opportunities for a variety of audiences on March 19 at Microsoft’s MIX09 conference for web designers and developers in Las Vegas.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
*comScore data based on December 2008
For more information about the research studies:
National Cyber Security Alliance and conducted by Harris Interactive study: http://www.microsoft.com/presspass/newsroom/windows/factsheets/BrowserSecurityFS.mspx
NSS Labs study: http://nsslabs.com
For more information about Internet Explorer 8 performance:
See the Internet Explorer 8 white paper
Source: Microsoft Press ReleaseMonday, January 26, 2009
Internet Explorer 8 Achieves Release Candidate Status
Microsoft took the "beta" tag off Internet Explorer 8 today with the announcement of Windows Internet Explorer 8 Release Candidate 1. IE8 RC1 is the next best thing to a full release of the software. Stocked with all the features, functions and most of the bug fixes you'll see in the final version.IE8 for the most part appears nearly ready for widespread release, so don't be surprised if the final version arrives relatively soon.
The release candidate software comes in bot 32-bit and 64-bit versions for Vista as well as a 32-bit Windows XP edition. There is no installer for the Windows 7 Beta and RC1 will not work properly on the new OS. Microsoft has said the version of IE8 currently running on the Windows 7 Beta and the current IE8 revision are two seperate builds and should remain so.
If you aren't running Windows 7 and would like to get the latest version of IE8 the Windows Internet Explorer blog has a great post for upgrading to IE8 RC1.
As previous mentioned for Windows XP users if you are not running service pack 3 it is recommend that you install it before upgrading to IE8 or you will not be able to roll back to a previous version.
Sunday, January 04, 2009
Internet Explorer Losses More Market Share
Internet Explorer's market share has dropped for the fifth straight month to reach a new record low. The browser lost 1.6 percentage points ending December with a 68.2% share, down from November's previous record low of 69.8%
According to Web analytics company Net Applications IE ended the year down 7.9% points, a 10.4% decline from December 2007. This marks the second straight month of record lows for IE and record highs for FireFox, Google's Chrome and Apple's Safari.
Chrome ended the year above 1% for the first time, while Safari neared an 8% marker share. FireFox is steadily gaining ground staying above the 20% level at its new record high of 21.34%.
Net applications notes that the December holiday season strongly favored residential over business usage. Meaning the results might be skewed, as Net Applications says usage of non-Microsoft browsers climbs after work hours, on weekends and during holidays, as users surf from home computers rather than from work machines, which are far more likely to run Microsoft's IE. This in turn increases the relative usage share of Mac, Firefox, Safari and other products that have relatively high residential usage.
According to Web analytics company Net Applications IE ended the year down 7.9% points, a 10.4% decline from December 2007. This marks the second straight month of record lows for IE and record highs for FireFox, Google's Chrome and Apple's Safari.
Chrome ended the year above 1% for the first time, while Safari neared an 8% marker share. FireFox is steadily gaining ground staying above the 20% level at its new record high of 21.34%.
Net applications notes that the December holiday season strongly favored residential over business usage. Meaning the results might be skewed, as Net Applications says usage of non-Microsoft browsers climbs after work hours, on weekends and during holidays, as users surf from home computers rather than from work machines, which are far more likely to run Microsoft's IE. This in turn increases the relative usage share of Mac, Firefox, Safari and other products that have relatively high residential usage.
Wednesday, December 17, 2008
IE8 Release Candidate Almost Ready
Good news for the Internet Explorer fans out there, Microsoft has said they are almost ready to make public their first release candidate of IE8.
In their exclusive first look of IE8 RC1 TgDaily writes
Microsoft quietly released the first update to its IE8 beta 2 to its closest partners last week. This new version is marked as “Release Candidate 1” and is expected to be the final IE8 pre-release update Microsoft intends to make available to the public sometime in the first quarter of 2009
In an interview with eWEEK, Dean Hachamovitch, general manager of Internet Explorer for Microsoft, said, "If I had a bumper sticker in mind for this it would say: 'Developers, start your engines.'" Hachamovitch declined to provide details about what kinds of new functionality and fixes will be in the RC, only stating the RC is just around the corner.
Internet Explorer 8 has been in public beta testing since back in March. As reported at that time, Microsoft was adding several new features to the browsers. Private browsing, search suggestions, automatic crash recovery and a new favorites bar are listed amongst the new user features.
Users wanting to try out the current IE 8 beta can get it via the IE 8 download page.According to TgDaily a final public and feature-complete pre-release won't become available until some time in the first part of 2009.
Subscribe to:
Posts (Atom)