Microsoft releases final IE 7 beta

A new Internet Explorer beta shows that Microsoft is trying to put its browser security woes behind it.

The software maker released the third and last beta version of IE 7 on Thursday, getting closer to final delivery by the end of 2006. That will be the first major update to the popular Web browser in five years, and much of the focus for the new version is on security.

"Security was the No. 1 investment we made in IE 7, in terms of our development resources," Tony Chor, Microsoft's group program manager for the browser, said in an interview.

Critics have likened IE 6 to "Swiss cheese" because of the many security vulnerabilities in it. These flaws have been exploited in cyberattacks to drop malicious code onto people's PCs and commandeer their Windows systems, often turning them into remote-controlled "zombies" used to send spam and launch attacks on Web sites.

Microsoft left the browser relatively unchanged after the 2001 launch of IE 6 and even reassigned IE developers to work on other projects. But with IE users under attack and increased competition in the browser space, largely from Mozilla's Firefox, the company restarted its efforts and introduced IE 7 at a major security show last year.

"We did not spend a lot of time working on the IE browser for a few years," Chor said. "The increase in security attacks and the threat that our users were under really necessitated a reinvestment in IE...primarily around security."

The IE 7 beta 3 makes some feature changes from the beta 2. The new version also provides reliability, compatibility and security fixes--more than 1,000 bugs have been dealt with in total, according to Microsoft.

Fixing bugs found in the beta process is one of the ways Microsoft looks to improve browser security. Its two main methods of securing the browser are reinforcing the core of the IE application and adding features meant to help the user stay safe online, Chor said.

On the core side, IE 7 is built in large part on the same underpinnings as IE 6. There are parts of the browser it has rewritten from scratch, primarily for security reasons, Chor said. For example, earlier versions of IE had 14 different routines, or code sections, used to handle Web addresses. This resulted in security flaws, he said.

"In IE 7, we have exactly one routine. We get consistent results and a consistent security evaluation," he said. "There are other places where we have rewritten code or just removed code. With all those things, we reduce the surface area of IE to attack."

Despite the effort, some recent flaws that hit IE 6 also affected early releases of IE 7, leading some to question the security level of the new browser.

"It appears that Microsoft has put a few security features in IE 7, but the core of the Web browser, I am sure, will have just as many flaws as IE 6 has," said Tom Ferris, a security researcher who earlier this year found a bug in an IE 7 preview release.

Chor said Microsoft tries to think of all possible attack possibilities and thwart those when building the product. Also, he said, in many cases, Microsoft was hot on the tail of the problem, and had actually discovered the bug and fixed it in later builds of the browser.

"Of course we'd like to ship a product that is not affected by any vulnerabilities, but that's probably a lofty goal. I think it would be unrealistic to believe that any product would be 100 percent secure," Chor said.

[Llib Setag]

IE7 = HIGH IMPACT RATING?

Really.
Maybe to the success of Microsoft, but to the rest of the world..."yawn".

Is it really a big deal anymore about MS-IE whatever? The Internet is the great democracy & with so many other browsers & ways to access the Internet WITHOUT using Microsoft OR IE whatever, why is this news?

This should just be on the MS Blog, not the main news page with a HIGH IMAPCT!!! announcement & rating C|NET.

Windoze Browser...zzzzzzzzzzzzzz.

[mystereojones]

Final Beta

This better be good because they're already losing tons of surfers to Firefox.
http://www.techknowcafe.com/content/view/554/42/

[Earl Benser]

One more uselss MS product.....

... but it does keep Ballmer happy.

And someday, I might care.... someday....

[sidewinder]

High impact

Well, this is High Impact. IE still has about 80% of the market, and as such this becomes high impact. I use FireFox, which is growing in popularity quite quickly, but IE is still much bigger

[Lex Man]

The big question

The main question is when IE 7 finally hits, well Microsoft update, will enough people move back to IE 7 to make it worth Microsoft's time?

Somehow I doubt it.

[ggupta7]

but still...

It is IE is the most popular browser and more poeple use IE than all other browsers combined! I know this is because it comes default with windows, but then, if it was a really horrible browser, people would have shifted to other browsers in great numbers.

I have come across a lot of websites which are designed specifically for IE and they don't work in other browsers... read this story for example http://news.bbc.co.uk/2/hi/technology/4115806.stm There are much fewer websites which work the other way round. With introduction of firefox, web designers have to put more code in their websites to make it work with both browsers.

Besides, firefox has a big problem rendering Indic fonts. Opera also suffers from the same problem.

With introduction of IE7, Microsoft has really narrowed the gap between IE and other browsers featurewise. The only concern now is security issues, which might be the only reason for people to switch to other browsers. BTW, I remember installing version 1.5.0.1 and after couple of days was asked to update it to 1.5.0.2 because of sucurity flaws... within weeks Firefox people released 1.5.0.3 to fix flaws in the previous one (http://news.com.com/Firefox+gets+a+fresh+security+update/2100-1002_3-6067889.html?tag=nl) and within a month they found "a dozen security vulnerabilities, five of which are deemed "critical."" with version 1.5.0.4 This is no different than Microsoft's IE.
Think about it...

[Tui Pohutukawa]

This story was first published on June 29.

Why is it news now? Or is anything that MS does, or doesn't do,
news - several times over?

[qwerty75]

Does anyone really care

MS left IE to rot for years and now that they have competition are releasing a copy-cat version. How is this important? MS is a follower and irrelevant.

Anyone who thinks that IE7 will come close to other browsers in terms of security, flexbility, standards complaince and performance are seriously deluding themselves.

[t8]

Firefox

Firefox is more secure because it isn't part of the OS kernel. It is an application that sits on the kernel.

IT doesn't matter how secure they make IE, it is fundamentally flawed because IE is part of the Windows kernel, the heart of that operating system.

That means that there remains a path between hackers and your computer via the Internet. They may say it is secure, but the path exists, that is the problem that won't go away.

[t8]

Firefox is more secure

Firefox is more secure because it isn't part of the OS kernel. It is an application that sits on the kernel.

IT doesn't matter how secure they make IE, it is fundamentally flawed because IE is part of the Windows kernel, the heart of that operating system.

That means that there remains a path between hackers and your computer via the Internet. They may say it is secure, but the path exists, that is the problem that won't go away.

[nah40]

IE 7 B3

I do not know anyone that has been able to install this.