June 29, 2006 8:30 AM PDT
Microsoft releases final IE 7 beta
- Related Stories
Piecing together Windows VistaNovember 8, 2006
Microsoft: Zombies most prevalent Windows threatJune 12, 2006
Microsoft adds another antiphishing partnerApril 19, 2006
'Critical' megapatch sews up 10 holes in IEApril 11, 2006
Firefox to get phishing shieldMarch 8, 2006
IE 7 bugs aboundFebruary 1, 2006
Allchin: Buy Vista for the securityJanuary 27, 2006
Firefox gets a fifth of European marketJanuary 17, 2006
Microsoft outlines IE 7 security plansOctober 27, 2005
Reversal: Next IE divorced from new WindowsFebruary 15, 2005
Gates: Security is top priorityJanuary 17, 2002
The software maker released the third and last beta version of IE 7 on Thursday, getting closer to final delivery by the end of 2006. That will be the first major update to the popular Web browser in five years, and much of the focus for the new version is on security.
"Security was the No. 1 investment we made in IE 7, in terms of our development resources," Tony Chor, Microsoft's group program manager for the browser, said in an interview.
Critics have likened IE 6 to "Swiss cheese" because of the many security vulnerabilities in it. These flaws have been exploited in cyberattacks to drop malicious code onto people's PCs and commandeer their Windows systems, often turning them into remote-controlled "zombies" used to send spam and launch attacks on Web sites.
Microsoft left the browser relatively unchanged after the 2001 launch of IE 6 and even reassigned IE developers to work on other projects. But with IE users under attack and increased competition in the browser space, largely from Mozilla's Firefox, the company restarted its efforts and introduced IE 7 at a major security show last year.
"We did not spend a lot of time working on the IE browser for a few years," Chor said. "The increase in security attacks and the threat that our users were under really necessitated a reinvestment in IE...primarily around security."
The IE 7 beta 3 makes some feature changes from the beta 2. The new version also provides reliability, compatibility and security fixes--more than 1,000 bugs have been dealt with in total, according to Microsoft.
Fixing bugs found in the beta process is one of the ways Microsoft looks to improve browser security. Its two main methods of securing the browser are reinforcing the core of the IE application and adding features meant to help the user stay safe online, Chor said.
On the core side, IE 7 is built in large part on the same underpinnings as IE 6. There are parts of the browser it has rewritten from scratch, primarily for security reasons, Chor said. For example, earlier versions of IE had 14 different routines, or code sections, used to handle Web addresses. This resulted in security flaws, he said.
"In IE 7, we have exactly one routine. We get consistent results and a consistent security evaluation," he said. "There are other places where we have rewritten code or just removed code. With all those things, we reduce the surface area of IE to attack."
Despite the effort, some recent flaws that hit IE 6 also affected early releases of IE 7, leading some to question the security level of the new browser.
"It appears that Microsoft has put a few security features in IE 7, but the core of the Web browser, I am sure, will have just as many flaws as IE 6 has," said Tom Ferris, a security researcher who earlier this year found a bug in an IE 7 preview release.
Chor said Microsoft tries to think of all possible attack possibilities and thwart those when building the product. Also, he said, in many cases, Microsoft was hot on the tail of the problem, and had actually discovered the bug and fixed it in later builds of the browser.
"Of course we'd like to ship a product that is not affected by any vulnerabilities, but that's probably a lofty goal. I think it would be unrealistic to believe that any product would be 100 percent secure," Chor said.
20 commentsJoin the conversation! Add your comment