Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IE8 May Be End of the Line For Internet Explorer

kdawson posted more than 5 years ago | from the don't-let-the-door-hit-you dept.

Internet Explorer 380

snydeq writes "InfoWorld's Randall Kennedy reports on rumors that IE8 may be Internet Explorer's swan song: 'IE8 is the last version of the Internet Explorer Web browser,' Kennedy writes. 'It seems that Microsoft is preparing to throw in the towel on its Internet Explorer engine once and for all.' And what will replace it? Some are still claiming that Microsoft will go with WebKit, which is used by Safari and Chrome. The WebKit story, Kennedy contends, could be a feint and that Microsoft will instead adopt Gazelle, Microsoft Research's brand-new engine that thinks like an OS. 'This new engine will supposedly be more secure than Firefox or even Chrome, making copious use of sandboxing to keep its myriad plug-ins isolated and the overall browser process model protected.'" The sticking point will be what Microsoft does about compatibility for ActiveX apps.

cancel ×

380 comments

Sorry! There are no comments related to the filter you selected.

Misleading headline, and ActiveX (4, Insightful)

Raindance (680694) | more than 5 years ago | (#27140119)

1. Headline should read, IE8 May Be End of the Line for Internet Explorer Engine .

2. I don't see any reason why ActiveX apps couldn't be sandboxed like anything else. Granted, it has deep hooks into the OS-- but if nothing else, given how beefy computers are going to be by the time IE9 comes out, you could give each ActiveX app its own perfectly compatible virtual copy of XP+IE8 to run on, and just parse the result into IE9 format. Destroy the virtualized OS+browser when the app closes.

Moore's Law makes some problems easy, yay. :)

Re:Misleading headline, and ActiveX (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#27140189)

I don't see any reason why ActiveX apps couldn't be sandboxed like anything else. Granted, it has deep hooks into the OS

So quick to contradict yourself.

you could give each ActiveX app its own perfectly compatible virtual copy of XP+IE8 to run on, and just parse the result into IE9 format. Destroy the virtualized OS+browser when the app closes.

It is clear you do not understand why ActiveX must be married to the operating system.

Re:Misleading headline, and ActiveX (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27140207)

Jew.

Re:Misleading headline, and ActiveX (0)

Anonymous Coward | more than 5 years ago | (#27140683)

Huh?

Re:Misleading headline, and ActiveX (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27140719)

ignorant arsehole = jew = you. duh!

faggot.

Re:Misleading headline, and ActiveX (0, Interesting)

Anonymous Coward | more than 5 years ago | (#27140753)

I just like posting "Jew" every once in a while. It's always interesting to see how it gets modded. The fact that it almost invariably turns into "troll" says a lot about those who get blessed with mod points around here. It's a simple adjective, it has absolutely no context in the conversation, and yet people take it as some sort of epithet. What does that say in the larger scheme of things, I wonder?

Re:Misleading headline, and ActiveX (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27141147)

"Troll?" Fuck you, you cock-draining homo. That was a 100% factual reply, you ball-gargling sack of jizz, and it in no way incited, inflamed, or provoked anyone who read it, unless that person was a dim-witted sack of hamster shit like you. "Offtopic?" Sure. "Overrated?" Fine. "Adds nothing to the discussion at hand?" Absolutely. But "troll?" Go suck a wet fart out of your dead mother's rotting asshole, you limp-dicked vegetable pariah.

(Now *that's* a troll, you nancy-assed bowl of steaming moose cum. Take your mod points, crawl up your own ass, and drown in a vat of my boiling diarrhea.)

Re:Misleading headline, and ActiveX (5, Insightful)

east coast (590680) | more than 5 years ago | (#27140259)

It is clear you do not understand why ActiveX must be married to the operating system.

Really? Because it's not clear that you do. Seriously, would it kill people to bring the issue to the surface in an intelligent manner that might benefit those of us who are outside the loop on this? I'm not asking for a thesis but rather a simple dialog that can be researched by people who are interested in learning more about the issue at hand.

Re:Misleading headline, and ActiveX (5, Funny)

Anonymous Coward | more than 5 years ago | (#27140307)

Because Balmer frowns on extramarital sex between software components

Re:Misleading headline, and ActiveX (1)

pxlmusic (1147117) | more than 5 years ago | (#27140343)

i LOL'ed

Re:Misleading headline, and ActiveX (4, Informative)

PitaBred (632671) | more than 5 years ago | (#27140543)

Ever been to Windows update? That's an ActiveX control. How does it get so much information about your computer? By it's deep connection to the OS. ActiveX CANNOT be sandboxed because it needs too many things to be accessible in the OS. Almost all ActiveX components make use of that integration.

Re:Misleading headline, and ActiveX (4, Insightful)

BlackSnake112 (912158) | more than 5 years ago | (#27140799)

Needing information and having full control over the system are two different things. If all activex needs is the information, then let it have read only access. Now since most activex programs want a lot more then read only access, this will not work. The question is was it lazy programming that required full root/admin access in order to work or something else?

Some programmers feel that unless they have complete control they cannot get anything done. In development this is fine. Once in testing and production stages why do people insist that they still need to run as root/admin? Run as the least privileged level as you can.

Re:Misleading headline, and ActiveX (5, Insightful)

sqlrob (173498) | more than 5 years ago | (#27140855)

You can do the same thing with a signed Java Applet. OMG! Java is tightly integrated to the OS!

Re:Misleading headline, and ActiveX (3, Insightful)

Anonymous Coward | more than 5 years ago | (#27141117)

Using quasi-mystical language like "deep connections" in a technical discussion is a good sign the person doesn't know what he's talking about.

ActiveX applications have no more "connections" than any other Win32 app.

Re:Misleading headline, and ActiveX (5, Funny)

Anonymous Coward | more than 5 years ago | (#27141231)

ActiveX applications have no more "connections" than any other Win32 app.

But I was looking at ActiveX's facebook page and it had like a million friends in common with Windows - isn't that a deep connection?

Re:Misleading headline, and ActiveX (5, Informative)

Anonymous Coward | more than 5 years ago | (#27140903)

A lot of people seem to have little-to-no understanding as to what ActiveX is. It is a plug-in infrastructure based on COM, nothing more, nothing less. It allows for a library to provide a visual component that can be loaded by another application to display content. That plug-in infrastructure was used in Internet Explorer to load browser plug-ins. Those plug-ins run within the browser process under the current user security context. There is absolutely no functional difference between ActiveX in Internet Explorer on Windows or an XPCOM plug-in for Firefox on Linux.

The problem is that in both cases those plug-ins have to have a fairly wide amount of functionality. If that plug-in is intended to display video then it has to be able to work with the video API of the platform in question. As such these plug-ins generally cannot be sandboxed too tightly otherwise they would no longer be able to function and their usefulness of being able to extend the functionality of the browser is lost.

https://addons.mozilla.org/en-US/firefox/browse/type:7 [mozilla.org]

This website lists the XPCOM plug-ins available for Firefox. There are quite a few more if you follow the link to the bottom. If a vulnerability is identified in ANY of those plug-ins a successful exploit will be fully capable of trashing the profile of the current user and there is nothing that Firefox can do to stop it, even on Linux.

Re:Misleading headline, and ActiveX (3, Interesting)

afidel (530433) | more than 5 years ago | (#27141229)

Well, because they are COM objects they don't just interact with the browser but with the entire system, you can't just sandbox them. A good example are all of the plugins my company uses, they tie functionality between our various enterprise systems ECM, ERP, CRM, etc and Office. This makes the life much easier for the user and provides all sorts of advanced functionality without needing to code up some new interface for the user to learn. Personally I think it would be fine to provide two browsers or two personalities for IE, one that loads when you access sites in the trusted sites zone that allows ActiveX and another that's used everywhere else that doesn't. Microsoft could either provide two executables or they could provide one and use sandboxing and virtualization behind the scenes.

Re:Misleading headline, and ActiveX (3, Insightful)

TheRealMindChild (743925) | more than 5 years ago | (#27141121)

An ActiveX library is not a .NET library. It is a DLL with a "Class Factory" to create your COM objects. Just like any DLL, how exactly are you going to sandbox it properly when the whole development cycle there was access to everything on the system? Can I write to the registry? Can I write to the file system? Can I load another DLL? It would just be a complete mess and still be exploitable in some corner that wasn't planned on. The alternatives being either provide a "safe" only API that ActiveX would have to use, OR you could run the control in a virtual machine of sorts...

And then you'll realize that you just reinvented .NET

Re:Misleading headline, and ActiveX (5, Insightful)

INeededALogin (771371) | more than 5 years ago | (#27140251)

given how beefy computers are going to be by the time IE9 comes out

Moore's Law be damned. People have been using this excuse for years to write bloated, crappy software. How about for once we don't try to predict the future. Instead, lets write the code for todays hardware. People seem to forget that we have sold way more computers than people in the world... no reason to replace them all to run IE9.

Re:Misleading headline, and ActiveX (1, Interesting)

icebike (68054) | more than 5 years ago | (#27140489)

Mod parent insightful.

A browser designed for a netbook ought to run just fine on my aging laptop.

Re:Misleading headline, and ActiveX (3, Insightful)

geekoid (135745) | more than 5 years ago | (#27140703)

Exactly..and Moore's law isn't exatly as reliable as it was 15 years ago when talking about a direct improvement to the desktop computers speed.

Re:Misleading headline, and ActiveX (5, Funny)

the_humeister (922869) | more than 5 years ago | (#27140915)

People seem to forget that we have sold way more computers than people in the world

Yes, especially since the emancipation proclamation was nearly 130 years ago.

Re:Misleading headline, and ActiveX (0)

Anonymous Coward | more than 5 years ago | (#27140425)

ActiveX does not have deep hooks into the OS. It is a calling convention in a DLL with a list of function pointers to defined functions. That's it.

Re:Misleading headline, and ActiveX (1, Insightful)

Anonymous Coward | more than 5 years ago | (#27140451)

ActiveX can't be sandboxed because a ton of controls rely on having access to your machine; in fact, that was kind of the point of ActiveX in the first place.

Re:Misleading headline, and ActiveX (1)

Ethanol-fueled (1125189) | more than 5 years ago | (#27140723)

Right. Everybody knows the name "Microsoft Internet Explorer" for being an insecure shell extension(or whatever it is, but it's not a standalone browser) as well as being the "browser" which is having its ass kicked by FireFox and every other real browser out there.

Microsoft will rebrand and slap a bunch of blinkenlights on their next browser, and then pay other strategic entities huge sums of money so that those others can shove it down our throats like they're trying to do with Silverlight.

Re:Misleading headline, and ActiveX (1)

Em Emalb (452530) | more than 5 years ago | (#27141025)

Most people consider internet explorer to be "the internet".

It's all they've ever known.

Re:Misleading headline, and ActiveX (1)

Darkness404 (1287218) | more than 5 years ago | (#27140979)

, you could give each ActiveX app its own perfectly compatible virtual copy of XP+IE8 to run on, and just parse the result into IE9 format

Sure, but what about the initial download + updates. Already in America not everyone can get high speed internet, even a 700 MB ISO file takes a while to download on many DSL connections so how are you going to download this Gigabyte+ browser compatibility package? It takes up about 1/4ths of a DVD so even including it on Windows 8 install media isn't going to really fly unless there is some rapid migration to Blu-Ray which I just don't see hapening.

Last Post! (3, Funny)

Anonymous Coward | more than 5 years ago | (#27140133)

Oh wait...

Nope, not webkit... (5, Funny)

mdm-adph (1030332) | more than 5 years ago | (#27140141)

...they're going to buy Mozilla. Mark my words. :P

Re:Nope, not webkit... (1)

SatanicPuppy (611928) | more than 5 years ago | (#27140191)

What a wasted buy. Firefox is dead, long live Iceweasel!

Can't kill an OSS project by buying it.

Re:Nope, not webkit... (2, Informative)

sakdoctor (1087155) | more than 5 years ago | (#27140421)

It was renamed IceCat

Re:Nope, not webkit... (5, Funny)

SatanicPuppy (611928) | more than 5 years ago | (#27140569)

Those fucking weasels. At least they didn't call it LOLcat.

Re:Nope, not webkit... (0)

Anonymous Coward | more than 5 years ago | (#27140727)

It's still iceweasel in Debian. Something I don't get, however, if the iceweasel change was made to make it completely free of trademark issues, why couldn't GNU use the name iceweasel too? Surely that would have been better than created yet another name - and a stupid one at that.

Re:Nope, not webkit... (1)

retchdog (1319261) | more than 5 years ago | (#27140841)

It's not as bad as "gNewSense [gnewsense.org] ". On many levels...

Re:Nope, not webkit... (1, Funny)

Anonymous Coward | more than 5 years ago | (#27140743)

iScat?

Please kill ActiveX (4, Insightful)

Thornburg (264444) | more than 5 years ago | (#27140155)

The sticking point will be what Microsoft does about compatibility for ActiveX apps.

KILL IT!!!

Seriously. Since IE8 does it, people will just keep using that for the next decade...

If they don't kill ActiveX after IE8, we'll be stuck with it even longer than that. Since it's going to take 10 years to actually die, please start the process now, Microsoft.

Re:Please kill ActiveX (1)

sakdoctor (1087155) | more than 5 years ago | (#27140353)

Although I agree with your KILL IT sentiments on principle, in what way are we stuck with it even today?

You don't have to use IE, and if you use windows you can't uninstall it, but you can lock it down so it's less of a security hole.
That just leaves developers...but I don't remember the last time I saw a site that used ActiveX.

I heard that some banks do, though that would be one ghetto bank. And apparently a load of South Korean websites use it, so that's pretty limited damage if it goes the same way as everything else Microsoft named ^Active(.*)$

legacy hardware (1)

way2trivial (601132) | more than 5 years ago | (#27140381)

I for example have a couple of panasonic IP cameras that use it in their internal webserver to display motion video to the end user.

Re:Please kill ActiveX (3, Informative)

truthsearch (249536) | more than 5 years ago | (#27140455)

In my experience ActiveX seems to be used most often in internal business applications (intranets). When you're on a homogeneous environment it's easy to build for the specific platform. Using ActiveX often allowed for continual updates without deployment issues. Thankfully it doesn't appear to be popular for new projects, but there's a lot of old business systems out there.

Re:Please kill ActiveX (1)

avandesande (143899) | more than 5 years ago | (#27140463)

I think the main users of active x in IE are intranet sites/applications.

Re:Please kill ActiveX (1)

el americano (799629) | more than 5 years ago | (#27140789)

I don't remember the last time I saw a site that used ActiveX.

Windows Update?

Re:Please kill ActiveX (2, Informative)

therealmorris (1366945) | more than 5 years ago | (#27140983)

Windows Update on XP and earlier yes, but Microsoft finally made it a separate app for Vista. At least I hope it doesn't still use ActiveX...

Re:Please kill ActiveX (1)

sortius_nod (1080919) | more than 5 years ago | (#27141003)

KILL IT!!!

How can you kill that which does not live?

Plays for Sure (3, Insightful)

clarkn0va (807617) | more than 5 years ago | (#27141185)

The sticking point will be what Microsoft does about compatibility for ActiveX apps.

How sticky are we talking? Sticky like trying to make PlaysForSure compatible with the Zune? [slashdot.org] Sticky like ongoing support for MSN Music? [slashdot.org]

If Microsoft has taught us anything, it's that today's lockin is tomorrow's lockout. The day MS decides that ActiveX no longer serves their purposes is the day that every site requiring ActiveX is out of luck.

ActiveX won't matter (4, Insightful)

Midnight Thunder (17205) | more than 5 years ago | (#27140197)

Given the compatibility issues that ActiveX has in IE8, then it probably won't matter what Microsoft will do in the future. In all reality no site should be depending on ActiveX. If it breaks without it, then fix the site.

Re:ActiveX won't matter (4, Insightful)

vux984 (928602) | more than 5 years ago | (#27140479)

Given the compatibility issues that ActiveX has in IE8, then it probably won't matter what Microsoft will do in the future. In all reality no site should be depending on ActiveX.

No external public facing site should rely on activeX. There is really nothing wrong with internal enterprise apps using it.

If it breaks without it, then fix the site.

You mean build the enterprise intranet application from scratch? When its working perfectly fine exactly the way it is? That will be a pretty tough sell.

Re:ActiveX won't matter (4, Insightful)

markdavis (642305) | more than 5 years ago | (#27140965)

> No external public facing site should rely on activeX. There is really nothing wrong with internal enterprise apps using it.

Um, yes there most certainly is a MAJOR problem with internal enterprise apps using it. It means that everyone is chained to running MS-Windows and IE *only* on the desktops and every possible device that connects to that internal enterprise application. Just because you might not have a choice with what is running on the server doesn't necessarily mean you want to have no choice for the client.

Perhaps a company might want some additional choice.

Re:ActiveX won't matter (0)

vux984 (928602) | more than 5 years ago | (#27141203)

Um, yes there most certainly is a MAJOR problem with internal enterprise apps using it. It means that everyone is chained to running MS-Windows and IE *only* on the desktops and every possible device that connects to that internal enterprise application.

I doubt anyone starts new projects in ActiveX today. And when those activeX projects WERE started there weren't many options.

To get that level of functionality a few years back it was either ActiveX or Java. And at the time Java was quite a bit slower, and clumsier than the equivalent solution in ActiveX, and there were all kinds of disputes between Sun and Microsoft over Java and the JVM.

So ActiveX was actually a fairly good decision at the time.

I'm sure over time, enterprises are looking to rewrite things, to support blackberries and iphones, and Mac PCs, but that's beside the point. They've ALREADY got ActiveX, and would prefer it not be turned off on them.

Perhaps a company might want some additional choice.

I'm curious why doesn't that include giving them the choice to run activeX?

Re:ActiveX won't matter (1)

IntlHarvester (11985) | more than 5 years ago | (#27140673)

Actually every single IE plugin uses ActiveX (Flash, QuickTime, Java, etc.) Any future version of IE will likely have some ActiveX support for legacy plugins.

This is also the reason Google Chrome also supports ActiveX.

Re:ActiveX won't matter (1, Interesting)

Anonymous Coward | more than 5 years ago | (#27141127)

No site should depend on javascript, flash or other client side scripts to function but that still happens.

Thinks like an os, eh? (5, Funny)

mevets (322601) | more than 5 years ago | (#27140217)

Given their history, this could be pretty funny.

Re:Thinks like an os, eh? (2, Funny)

MrEricSir (398214) | more than 5 years ago | (#27140325)

They're doing it for the lulz.

Re:Thinks like an os, eh? (5, Funny)

xSander (1227106) | more than 5 years ago | (#27140359)

Blue Page of Death

Re:Thinks like an os, eh? (1)

corprew (24232) | more than 5 years ago | (#27140375)

"thinks like an OS" == "Has Internet Explorer embedded in it."

But seriously, isn't this the third or fourth engine for Internet Explorer? If there's one thing that MSFT has taught the IT industry, it's that branding and tech aren't necessarily related and there's no reason that branding (MSIE) and engine (CERN or Spyglass or whatever == IE1, IE3, IE4...) have to be related at all. (Vista == IE6, etc...)

If you're writing summaries of articles, it would be handy to understand them.

Antitrust suit 2? (1)

mr_lizard13 (882373) | more than 5 years ago | (#27140739)

How dare they use their browser monopoly to gain market share in the OS market!!

WebKit?! (4, Insightful)

rbanffy (584143) | more than 5 years ago | (#27140221)

"Some are still claiming that Microsoft will go with WebKit"

Microsoft will never allow the browser that ships with Windows to become a commodity. They will go with Gazelle or whatever they develop that's as incompatible to official standards as possible while still being called a web browser engine.

Their goal is lock-in. A standards-based engine would negate that.

Re:WebKit?! (2, Insightful)

fuzzyfuzzyfungus (1223518) | more than 5 years ago | (#27140475)

Not necessarily: Pages that are mostly Flash blobs are not "standard" in any useful sense, even if the html/CSS/javascript that embeds the blobs is perfectly well formed.

If, for instance, MS decided to use webkit; but push Silverlight, you could easily end up with an equivalent situation.

Re:WebKit?! (1)

geekoid (135745) | more than 5 years ago | (#27140747)

But they have failed to do lock in, and if they try they will get shut down.
  They show signs of learning to keep at when they do well and sell to that market instead of trying to lock in at the puny application layer. By putting an OS on almost every box, they are getting paid to be the gate keeper.
the 1000 year view MS had isn't panning out, and all the people that bought into it when the document was created are leaving MS.

Re:WebKit?! (2, Insightful)

markdavis (642305) | more than 5 years ago | (#27141005)

>But they have failed to do lock in, and if they try they will get shut down.

Wrong. They have failed to lock in PUBLIC facing web sites. But they have done a MARVELLOUS job of lock-in for corporate web applications and inside apps with IE. Trust me, I have fought that monster over and over again.

Re:WebKit?! (1)

Dracos (107777) | more than 5 years ago | (#27140811)

More likely Gazelle is a ruse, as is interest in WebKit. I wouldn't be surprised if MS attempted a hostile takeover of Opera. Opera doesn't have that much usage share among desktops/laptops, but its share on cell phones and other mobile devices is huge.

They might.... (1)

weston (16146) | more than 5 years ago | (#27140963)

Their goal is lock-in. A standards-based engine would negate that.

Honestly, I've agreed with you up until now. Spending resources to play catch-up with what Webkit and Gecko have been able to do for years doesn't make any sense at all... unless your goal is to depart from those implementations.

However, I've wondered if someday, the resource logic wouldn't occur to Microsoft, or the trident codebase wouldn't become such a problem that it'd become stronger. They don't need to have their own rendering engine to embrace and extend. Using webkit or gecko would mean that they could lose any advantage they might have by people coding websites to IE, but they don't need that to try and get Silverlight out there or even keep the world using Active X. And rich / active components are probably about the only hope they have of being able to get any kind of lock on the web again.

Re:WebKit?! (0)

Anonymous Coward | more than 5 years ago | (#27141029)

The summary is typical Slashdot bullshit. Gazelle is an architecture for a secure web browser. MS could implement this architecture with any HTML engine they wanted to. To say that Gazelle could be used as the HTML engine is meaningless.

MS will either continue to use the current engine, or they'll switch to a different third-party one. They are not going to implement a new proprietary engine.

Coming full circle? (1)

mcrbids (148650) | more than 5 years ago | (#27140229)

First, Microsoft tried to make the browser part of their operating system, without paying much attention to security. Now, they're trying to make a browser into an operating system with security first in mind?

Looks like an about-face if you ask me...

Funny how the vendor of one of the world's most insecure operating systems now considers that they're going to one-up the competition with the most secure browser / operating system? I guess they'd have an excellent track record of finding out what not to do... ?

PS: Good luck with retro compatibility!

Re:Coming full circle? (5, Insightful)

RAMMS+EIN (578166) | more than 5 years ago | (#27140551)

``Funny how the vendor of one of the world's most insecure operating systems now considers that they're going to one-up the competition with the most secure browser / operating system?''

I wonder if Windows is still one of the world's most insecure operating systems. Microsoft have certainly been working hard to improve things, which is more than I can say for many other operating system vendors. Meanwhile, Linux user seem to be content pointing and laughing at Microsoft's efforts and pointing out that Linux is so much more secure.

I won't make any claims about which operating system is more secure than another operating system (because I think it is fundamentally impossible to measure, let alone to know), but if I see that Microsoft is introducing things like address space layout randomization and non-executable stacks, I have to wonder why those features aren't in other mainstream operating systems yet. OpenBSD has done a lot of pioneering work already, but when will we see the day that all of Debian is compiled with -fstack-protector and ships with PaX enabled?

Re:Coming full circle? (4, Informative)

mcrbids (148650) | more than 5 years ago | (#27140901)

Meanwhile, Linux user seem to be content pointing and laughing at Microsoft's efforts and pointing out that Linux is so much more secure.

Because it is. There. I said it.

The relatively simple, understandable Unix security model has a very long history, and has grown gracefully as the strength, power, speed, and ability of the individual computers have. Everything is a file, and all files have the three permissions: Users, Groups, and Other. Each of these can have read, write, and execute permissions. Simple, understandable, easy to enforce. It's so taken for granted as such that it's routinely used in embedded devices (such as routers) where updates are few and far between, yet they are rarely, if ever, compromised.

Compare/contrast that with the Windows security model, where there are actually alternate file spaces within the existing file system. With the Windows API, it's trivial to save a file that's in an alternate namespace and thus cannot be found with *any* normal Windows system call. There are many examples of strangeness like this!

There was a recent article I read about the confessions of a grey-hat programmer... he describes Windows as incredibly complex, labyrinthine, and basically impossible to secure well. He laughed at so-called "security vendors" like anti-virus.

Re:Coming full circle? (1)

INeededALogin (771371) | more than 5 years ago | (#27141223)

which is more than I can say for many other operating system vendors

Are you serious about this statement. Microsoft is only focusing on security because of all the bad PR it has gotten in losing the virus war. Meanwhile, I can still install an older RedHat version without it being exploited 5 minutes after install.

While people on here might disagree because of being partial to one OS over another... Solaris is mighty ahead of the curve when it comes to security [sun.com] and have done a lot more than Microsoft on the security front IMHO

Really? (1)

Jonah Bomber (535788) | more than 5 years ago | (#27140233)

Thank goodness!

ActiveX (1)

dedazo (737510) | more than 5 years ago | (#27140235)

The sticking point will be what Microsoft does about compatibility for ActiveX apps.

That's not going to be a problem, I think. They're being phased out all over the place in favor of Ajax foofyness. By the time IE8 is EOL'ed, I hope ActiveX will be long gone.

Doesn't microsoft say this about everything? (1)

Zakabog (603757) | more than 5 years ago | (#27140311)

Others insist that that the whole WebKit story is merely a feint and that Microsoft will in fact be adopting a brand-new engine coming out of its Microsoft Research division. Dubbed "Gazelle," this new engine will supposedly be more secure than Firefox or even Chrome, making copious use of sandboxing to keep its myriad plug-ins isolated and the overall browser process model protected.

Doesn't Microsoft scream "This one's WAAAAAY more secure than the last one!" about everything they release? When has that actually meant anything? Sure, I'd take Windows XP over Windows 95, but it's not very hard to do better than their old lousy products. Making the claim that it'll be more secure than Firefox or even Chrome, that's a bold statement and I doubt they'll be able to back it up. Plus all the security in the world is useless if the thing doesn't conform to any web standards.

Also, are they changing just the engine or is the name changing too?

Re:Doesn't microsoft say this about everything? (0)

Anonymous Coward | more than 5 years ago | (#27140521)

That's a funny statement given that Internet Explorer 7.0 and 8.0 are of the most secure browsers available on any OS given the nature of Protected Mode and UAC in Vista. If there is a bug in a plug-in any exploit is limited to execution within an exceptionally tight jailed subset of the current user context. They cannot write any files at all, not even to the profile of the current account. If/when someone finds a vulnerability in a plug-in loaded by FireFox on a Linux box an exploit can still trash the context of the current user, and there is plenty of damage that can be done even if that user is not root. There has yet to be a browser-born vulnerability that can affect Internet Explorer 7.0 on Vista when Protected Mode is enabled, which is the default state.

Google likes to advertise the isolated process job model employed in Chrome as a secure and reliable method of hosting renderers within a web browser, and they should, it's a great idea. It was a great idea when Microsoft implemented it in the public beta of Internet Explorer 8.0 more than five months before Google Chrome was announced to exist at all. It is quite clear that Google borrowed a page from Microsoft as the implementation is eerily similar. I'm sure the distortion field will give credit to Google, but that only works if Microsoft has a working time machine.

Re:Doesn't microsoft say this about everything? (1)

alexborges (313924) | more than 5 years ago | (#27140781)

I need a job. What does MS pay for astroturfing?

Re:Doesn't microsoft say this about everything? (0)

Anonymous Coward | more than 5 years ago | (#27140795)

That's a funny statement given that Internet Explorer 7.0 and 8.0 are of the most secure browsers available on any OS

LOL

How many zeros after the crooked number did it take to get you to astroturf that CRAP?

Given Microsoft's history of handling security like a Thalidomide baby with a hand grenade, how on God's good Earth can you call pre-release Microsoft code "the most secure browsers on any OS"?!?!?!

Good Lord, that's utterly whacked.

Or maybe you're the Jonathan Swift of Slashdot posters, right?

given the nature of Protected Mode and UAC in Vista.

Would that be the same UAC that Microsoft itself subverted in order to keep their stuff running?

Gee, do you think any other process could take advantage of UAC's built-in brokenness? Like, say a virus or a trojan?

"Thinks like an OS"? From Microsoft, that's scary (0)

Anonymous Coward | more than 5 years ago | (#27140361)

Microsoft's OS efforts haven't been exactly technically sound.

Look at UAC. First chance they get, Microsoft has to subvert it just to get their own crap to work.

IE8 may be end of the line for Trident (5, Insightful)

Shin-LaC (1333529) | more than 5 years ago | (#27140453)

The rendering engine. The browser itself will probably still be called Internet Explorer 9, no reason to throw away a strong brand. It will use a new layout engine with deep Silverlight integration.

Re:IE8 may be end of the line for Trident (1)

red_blue_yellow (1353825) | more than 5 years ago | (#27140567)

It will use a new layout engine with deep Silverlight integration.

I think you are spot on with this... and I dread it. Deep Silverlight integration will open a whole new world of incompatibilities.

Re:IE8 may be end of the line for Trident (1)

JazzyMusicMan (1012801) | more than 5 years ago | (#27140581)

I have always liked the word trident, it sounds awfully mighty. With IE though, its just mighty awful. I guess since trident means a spearwith 3 prongs, I'll let you decide the 3 things you thought were the most awful in IE Trident and let you 'spear' it:

1:_____________________
2:_____________________
3:_____________________

Netscape do over (1)

Dan667 (564390) | more than 5 years ago | (#27140539)

Wouldn't it be ironic if microsoft decides to rebuild IE9 from the ground up like Netscape did when they were dominant? Would be the wheel of life making a complete turn I think.

ActiveX (0)

Anonymous Coward | more than 5 years ago | (#27140553)

Abandon it. It's all viruses and spyware crap anyways isn't it?

It may contain a core of truth (1)

Daimanta (1140543) | more than 5 years ago | (#27140613)

IE has failed to do what it was designed for, dominate the standards. Internet Explorer's aim was to change the standard from the open w3HTML to MSHTML and use it to bind "The Internet" to Windows and Microsoft as its Autocrat. Now with the rise of Firefox and open standards another attempt to control the standards will only break old (IE-only) sites therefore MS has decided to throw in the towel(or so is the theory) and stop working on its rendering engine. The use of Webkit is probably because it's a widespread engine(a lot of browsers use it) and it's not Gecko(although I don't know if you can use Gecko in close sourced software). Internet Explorer is a burden now, so they will probably only do what is neccesairy for its healthy development(bugfixes and essential features).

Re:It may contain a core of truth (1)

blueg3 (192743) | more than 5 years ago | (#27140721)

Gecko is licensed under MPL, GPL, and LGPL -- two of these allow you to use it in closed-source software.

Re:It may contain a core of truth (1)

qbast (1265706) | more than 5 years ago | (#27140861)

It worked for a while. But know I guess this goal will be passed to Silverlight. Yeah, I know there is fig leaf in form of Moonlight but let's not kid ourselves - the end result will be just like Wine. Most sides almost kinda working but not really.

Not End of the Line (0)

Anonymous Coward | more than 5 years ago | (#27140623)

Ballmer: The only reason that Microsoft is stopping development of IE is because it has attained a state of perfection.

Avg /.er: Yeah, it's perfect alright. A perfect piece of shit.

Ballmer: Ha! But you still agree that it's perfect!

and just in (0)

Anonymous Coward | more than 5 years ago | (#27140655)

And, the next one will still be as insecure, and unstable as IE8, and IE7, and 6 and so on.

fp 68aa! (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27140701)

Browser as a milli-application (2, Interesting)

bluefoxlucid (723572) | more than 5 years ago | (#27140767)

http://blackfiber.wordpress.com/2008/07/06/the-web-browser-as-a-milli-application/

I am obsessed with microkernels. This idea's been in my head for years, since I looked at how KDE sandboxes Flash and thought, "Hey, this should be for every piece of the whole application!"

Silverlight to replace ActiveX? (0)

Anonymous Coward | more than 5 years ago | (#27140831)

Not that I know how ActiveX has been implemented or what people are actually doing with it, but -- reading between the lines -- I get the feeling that Silverlight might be the MS exit strategy for ActiveX.

Web Brower Like as OS? (1)

markdavis (642305) | more than 5 years ago | (#27140835)

>Microsoft will instead adopt Gazelle, Microsoft Research's brand-new engine that thinks like an OS.

Great, just what we need, a single-platform browser that thinks like an OS- something that will further guaranteed web "sites" designed in a manner that will only work with MS-Windows and their own browser. Been there, done that.

Nobody Will Use IE By Version 9 (5, Interesting)

WebmasterNeal (1163683) | more than 5 years ago | (#27140839)

I seriously doubt IE will have the majority of the market share by the time IE9 comes out. Many of the web usage reports out there are showing that Firefox is at 20% or higher and that Safari is around 5% or so.

I would also argue that a lot more 'dumb consumers' (people like my parents) are buying Macs now to be trendy which will help IEs market share drop.

Also has anyone used IE8 yet and tested sites out on it? I've used it and it rendering engine is pretty terrible, even when set in emulate IE7 mode which then introduces a complete new set of rendering bugs.

Hypothetical news? (5, Informative)

icepick72 (834363) | more than 5 years ago | (#27140885)

The author states: At least, that's what I'm hearing through the grapevine
The author is effectively saying his story is not credible! Slashdot is supposed to run with a hypothetical situation about IE8 demise instead of commenting on real news? It should be fun scanning through these comments to find out who bites (not the big one ... but the fantasy woven by the author).

Russian Roulette with a Fully Loaded Gun (3, Interesting)

wdhowellsr (530924) | more than 5 years ago | (#27140917)

I worked through thick and thin with Microsoft for over twenty years and find this to be a classic example of pure insanity. My primary work load is n-tier web application development using Asp.net, VS and C#. The .Net framework is very closely tied to the IE engine and I don't even want to think of the headaches in trying to migrate all existing applications to whatever they release.

This is obviously a dream, but it would be nice to have some sort of standard system for Internet Cloud and Browser software and hardware not unlike the telco and cellular market. There would still be billions to make for all of the Tech companies.

Re:Russian Roulette with a Fully Loaded Gun (1)

dwiget001 (1073738) | more than 5 years ago | (#27141027)

I am sure, for **enough** money, Microsoft will sell you tools to help with the migration.

And you will be grateful, Microsoft will tell you so.

Re:Russian Roulette with a Fully Loaded Gun (1)

h4rr4r (612664) | more than 5 years ago | (#27141241)

That would be a nightmare. Like the telco and cellular market everything would be expensive, locked down and closed/drmed to hell and back.

time to buy (1)

nonicknameavailable (1495435) | more than 5 years ago | (#27140961)

champagne

ActiveX Must Die (3, Insightful)

Nezer (92629) | more than 5 years ago | (#27140997)

The sticking point will be what Microsoft does about compatibility for ActiveX apps.

No sticking point... ActiveX needs to die.

What will they do with ActiveX? (1)

Millennium (2451) | more than 5 years ago | (#27141035)

Hopefully they'll do the right thing: deprecate it as of IE8's release, so people have plenty of warning, and start releasing tools for those still stuck with it to migrate it something perhaps not quite so fundamentally flawed.

Re:What will they do with ActiveX? (1)

argent (18001) | more than 5 years ago | (#27141087)

Oh, please, don't tease me like that.

They refused to get rid of it at the risk of having the company broken up. What makes you think they'll get rid of it merely because it's fundamentally insecure and inherently unfixable?

Supposedly being the key word here (1)

jocknerd (29758) | more than 5 years ago | (#27141141)

The suspense of Gazelle is killing me.

memory (1)

buchner.johannes (1139593) | more than 5 years ago | (#27141149)

Won't sandboxing be extremely memory-intense? Lots of processes not allowed to share resources?

Re:memory (1)

turgid (580780) | more than 5 years ago | (#27141237)

Doesn't matter. People are married to Windows (and all Microsoft apps) and will go along with it this time, just like like they always have for the last 15+ years.

Remember when XP was a bloated, incompatible, unusable resource-hog? Now it's the user-friendly low-spec. standard by which Vista is compared.

Peoples' expectations will be engineered. They'll get used to the new low bar in performance and usability, and it'll be double-plus good. Nothing will change. Microsoft will continue to dominate.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?