The largest bank in the United States has officially ignored the second most popular Web browser--until recently.
A tipster for Networkworld.com pointed out recently that Bank of America's Web site did not list the Mozilla Foundation's Firefox as a "supported browser," even though Firefox now commands almost 20 percent of the browser market. The bank's site lists Microsoft's Internet Explorer, Apple's Safari, and Netscape as acceptable browsers.
Netscape? Even AOL, Netscape's former owner, doesn't support Netscape Navigator anymore.
Of course, Firefox, which was released in 2004 and recently set a Guiness record for downloads in a 24-hour period, still works on the BofA Web site--just not officially. The issue apparently came up when a BofA customer contacted the bank about problems he was having accessing the site using Safari. "Please don't tell me to just use Firefox instead," the Networkworld.com reader told BofA customer support.
Not a problem, according to customer support.
"Please note Bank of America does not support Firefox," was customer service's reply.
When posed with the question of why the No.1 bank's Web site did not whole-heartedly embrace the No. 2 browser's 180 million users, a spokeswoman told Networkworld.com that "there is a process that we go through to 'officially support' a browser type and version, which includes in-depth functional and regression testing cycles.
"As the usage of Firefox browsers has increased with our customer base, we will be initiating a full support model for Firefox version 2.x in the very near future," spokeswoman Tara Burke told Networkworld.com.
Think "the very near future" will prove to be very soon? Don't bank on it.
The Delicious plug-in makes it easier to add descriptive tags to bookmarks stored at the Delicious site.
(Credit: Yahoo)Investors and industry watchers may have their eyes on Yahoo's executive departures and coming reorganization, but for most people involved with Yahoo are just users of the company's technology.
Which is why it's interesting that Yahoo released a version of its Delicious plug-in for Internet Explorer on Thursday. (Download Delicious Internet Explorer extension 1.0 for Windows.)
The plug-in, which Yahoo released in beta form in May, makes it easier for people to use the Delicious "social bookmarking" site. Delicious lets people store Web page bookmarks on a central server, label them with a description and tags, and share them with others.
Delicious got its plug-in start with the open-source Firefox browser, but the site can be used by anyone with a browser without plug-ins. The Yahoo plug-in works with IE 6, IE 7 and should work with the IE 8 beta, but Yahoo isn't making any promises.
Update 12:23 p.m. PDT: The official Firefox 3 download site is live; the record-setting attempt began at 11:16 a.m. PDT. Update 10:53 a.m PDT: See this separate blog post on the Mozilla download site troubles. Update 10:02 a.m. PDT: Mozilla is having some technical issues with the site but expects the download to be available shortly. Update 6:43 a.m. PDT: I added the scheduled launch time, 10 a.m. PDT.
Mozilla plans to release Firefox 3 on Tuesday, and the open-source project is opening a new front in the browser wars.
As the Web transforms from a static repository of content into a foundation for applications such as word processors and graphics editors, browsers are growing up from mere gateways into the tool that makes those applications possible. In this new era, it's Firefox--the heir to the Netscape legacy--that's going up against the victor of the last era, Internet Explorer.
"It gives you the horsepower you need to experience rich Internet apps as they should be from a performance standpoint," said Damon Sicore, Mozilla's director of platform engineering, mentioning Gmail and Google Maps specifically as applications where users don't want to wait. "As these apps get bigger and more complicated, faster browsers are going to become more critical."
The Firefox 3 'awesome bar' can give faster access to Web addresses.
Specifically, it takes 60 milliseconds to change Gmail from showing one message to another with Firefox 3, Sicore said, compared with 413 milliseconds for IE 7 and 227 for Firefox 2.
Microsoft is toiling away on IE8, though, with a first beta released and a second scheduled to emerge in August. The program has been reworked to improve performance, said Dean Hachamovitch, Microsoft's general manager in charge of IE. With no prompting, he mentioned Gmail as one area where the company has received favorable feedback, and he clearly welcomes the competition.
"IE is the browser of choice for more people on the Web than anything else," Hachamovitch said. "There's an all-around quality, whether in ease of use, reliability, the security we stand by, that makes it a better choice."
Vying for share
Mozilla is a force to be reckoned with, with 18 percent market share to 74 for IE, according to Net Applications statistics. That's enough to ensure that major Web sites have to support Firefox.
Apple's Safari--now available for Windows, too, is in third place with 6 percent share. The next contender, Opera, has less than 1 percent, but it's scrappy: "The browser is the single most important piece of software made today, so innovation is incredibly important if you want to extend the reach of the Web," the company said in a statement.
Firefox is the second-ranked browser in market share for May 2008.
(Credit: Net Applications)Microsoft knows the stakes are high, with a richer Web coming into being. "It is a particularly fertile period. A bunch of pieces started lining up magically in the last couple years to get some innovation going here," Hachamovitch said
Firefox isn't shying away from competition either. To try to heighten its profile, Mozilla hopes to set a 24-hour download record with Firefox 3, which has been code-named Gran Paradiso. The download period is scheduled to begin at 10 a.m. PDT.
Perhaps a more fruitful alternative to whipping fans into a lather through, though, would be to court business users.
"Mozilla needs to show corporations some love," said Forrester analyst Thomas Mendel in a recent report. "Large-scale, companywide deployments are not yet typical. Mozilla continues to expend little energy on wooing IT managers to formally adopt Firefox," for example by offering paid support services, he said.
Firefox 3 features
Faster performance is one Firefox 3 improvement Sicore points to. Two others are better memory handling and what's known as the "awesome bar."
To test memory use, Firefox programmers load 500 pages from top sites on the Web then closes and opens them thousands of times. Through that process, Mozilla stamped out many memory "leaks" under which Firefox 2 wouldn't relinquish memory once it was no longer needed, Sicore said. The company also reduced the amount of memory the browser requires overall.
But memory is hidden under the covers. Front and center is awesome bar, officially called the Smart Location Bar, which lets users type real words rather than sometimes abstruse URL addresses to call up Web sites.
For example, typing "maps" into the bar on my computer retrieves a list of some recent stories I've written involving maps as well as recent maps I've requested off the Internet. That's handy for retrieving recently visited Web sites quickly. Another example of how the feature worked well: I was trying to relocate a Web site I used to monitor Amazon.com's Web site performance, and typing "Amazon" into the bar showed the site--GrabPerf--as one of the options.
Mozilla uses its own formula to determine what results pop up in the list, weighting by factors such as how recently and how frequently you visited various sites. Typing "n" gets me to News.com in no time flat, but your own results will vary according to your browsing habits.
Firefox 3 has been steadily climbing in usage through its testing period.
(Credit: Net Applications)The awesome bar has its detractors who'd like the feature to be optional. (Tweakers can disable the awesome bar by editing their Firefox configuration.)
Among other features in Firefox 3:
• A prominent warning when a user tries to open a page that has been shown to host malware such as viruses or spyware or that's involved in phishing--the attempt to fool people into entering personal information into a counterfeit Web site.
• Offline data access, a feature that can make Web applications usable even when the network is unavailable. That's a potential boon for Web apps, but future versions of IE 8 and Safari also support the technology.
Web-based protocol handlers, which lets the browser launch a Web application rather than a PC program for certain actions such as a Web site "mailto" link that otherwise would create an e-mail in software such as Outlook.
• The Cairo graphics engine that lays the foundation for better direct integration with a computer's video hardware. "Video inside the browser is coming," Sicore said.
• animated PNG (Portable Network Graphics), another nail in the coffin of the GIF (Graphics Interchange Format) image type.
• A better full-page zoom feature that devotes maximum screen real estate to the browser. Moving the mouse pointer over a thin strip across the top of the screen temporarily pulls down the browser controls.
• A star button to quickly add bookmarks; double-clicking opens a dialog box that lets users describe bookmarks with tags.
• Support for Windows Vista's parental controls.
• And better support for Mac OS X. For example, it has a Mac-native appearance and has been re-plumbed internally to use Apple's Cocoa technology, a necessary step on the road toward 64-bit support.
Plug-in problems
One of Firefox's claims to fame is the wide collection of add-ons that are available. It's been a bumpy ride coaxing coders to support the new browser, though.
Some major add-ons now have arrived, including Yahoo's Delicious and the Firebug tool for Web site developers.
However, not everybody made the leap. One is Google Browser Sync, which synchronizes bookmarks, passwords, and other settings across multiple installations of Firefox 2. "Phasing out Google Browser Sync was a tough call, but we have decided to focus our efforts on other products, like Toolbar and Gears, that also extend the capability of multiple browsers," Google said of the Labs project in a statement. Happily, there are other alternatives--I like Foxmarks.
Of the top add-ons, "the majority have upgraded 3.0," Sicore said. The laggards will have a grace period "on the order of months" before Firefox 2.0 versions will automatically suggest installing the upgrade.
Web browser updates in development from Microsoft and Mozilla will include better built-in protection against phishing, viruses, and other maladies.
At its Mix conference in Las Vegas on Wednesday, Microsoft demonstrated IE 8 for the first time publicly.
Larry Dignan at ZDNet points out that IE 8 will include better malware protection through a new feature called the Safety Filter, which improves on IE 7's phishing filter.
IE 8's Safety Filter
(Credit: Microsoft)A beta test version of IE 8 is available for download now. Microsoft executives told News.com's Ina Fried that a broader test release of IE 8 will come this summer.
Likewise, Mozilla plans improved malware protection in Firefox 3, currently in beta testing. Mozilla says the new release warns users when they arrive at sites which are known to install viruses, spyware, trojans or other malware.
Stop back later on Thursday to read a more detailed first look at IE 8 by Robert Vamosi from CNET Reviews.
Social Web surfing tool Me.dium is one of the first apps ready for Internet Explorer 8 beta, which Microsoft unveiled at Mix '08 in Las Vegas Wednesday.
The browser add-on enables users to chat with each other and see which Web pages they're visiting. This release takes advantage of new WebSlices and Activities features within IE 8.
With WebSlices, users can subscribe to dynamic updates of specific parts of Web pages they visit, with new content displaying within the Me.dium sidebar.
Activities capabilities enable users to bring up maps or Web searches of highlighted text on a page. The Discovery activity offers real-time content recommendations related to the pages users are browsing. The feature maps and ranks the popularity of users' ongoing activities.
Upon Microsoft's request, the Me.dium (more here) team reportedly built the tool for IE 8 within a week.
For the sake of security, Me.dium allows stealth settings so users can hide from each other, and it shuts off at bank sites.
Users testing IE 8 can download Me.dium here. Some rival social browsing tools, however, don't require installation.
The extension, also available for Firefox, added support for IE 7 in September.
Me.dium is ready for Internet Explorer 8.
(Credit: Me.dium)
Opera Software's Hakum Wium Lie says Microsoft's plans to improve Internet Explorer's support for Web standards is a step in the right direction.
But, adds Wium Lie, the chief technology officer at Opera, more work is needed. Lie told CNET News.com on Wednesday that Microsoft's move addresses only one of several concerns that the browser maker had raised with the European Commission.
"Microsoft's announcement is good news for the web. Microsoft is now back in line with other browsers. It means that IE8 will do less damage for standards on the web than we feared earlier. It can still do damage -- it seems that Microsoft will implement their misguided "version targeting" scheme where pages can request to be rendered by a certain IE rendering engine," Wium Lie wrote in an email response.
Opera CTO Hakon Wium Lie
With IE 8, Microsoft plans to have three rendering modes: the new standards-compliant mode, the IE7 rendering engine, as well as an option for displaying older Web sites. Because of the default shift, Web sites that want IE 8 to use its IE7 engine will have to add a tag to their site's code.
Wium Lie said Microsoft's standards support in IE 8 "partially addresses" concerns that Opera voiced to the European Commission.
Opera had also called upon Microsoft to support browser interoperability tests, known as Acid2 and Acid3. "IE8 also has the opportunity to do good things for the web," Wium Lie wrote. "For example, it may pass the Acid2 test by default and the IE team may have started working on Acid3. We don't know yet if this is the case. It seems that Microsoft doesn't use the word "pass" and "Acid2" in the same sentence."
"We have seen several interesting announcements lately, " Wium Lie said, referring to the IE 8 standards pledge. "However, they have a long record of saying the right things while doing something different. It remains to be seen what their products look like when they ship."
Microsoft last month also pledged better interoperability with open-source software, just days before the EU slapped the company with a $1.35 billion fine for making interoperability information too expense and difficult to access.
(Credit:
Channel 9 / Microsoft Corporation)
Standards, standards, standards.
That's the general theme of a video about the next version of Internet Explorer, which will unsurprisingly be called IE 8. Details thus far have been scarce, but in a half-hour video with IE General Manager Dean Hachamovitch and Architect Chris Wilson produced by Microsoft's Channel 9, the two discuss the importance of standards, compatibility, and interoperability with the upcoming browser.
We also get a (faraway) sneak peak at a development build of the new hush-hush browser. The key takeaway? IE will finally be able to render the Acid 2 test correctly, which has historically been one of the toughest Web standards and compliance tests around.
Microsoft originally intended to add additional compliance support into IE 7 (including the Acid 2 test), but it didn't make it into the shipping build. It was then put in a lower priority on the bottom of a large "wish list" of improvements for future updates, but to no avail, as Microsoft focused its resources on building IE 8.
No version of IE has been able to pass the test, while mainstream competing browsers like Opera and Apple's Safari have managed to be compliant for the last few years. Mozilla's upcoming Version 3 of Firefox is also set to pass the Acid 2 test, though the current shipping version of Firefox (version 2) won't cut the mustard.
The real importance of standards compliance is a two-party problem: one for developers who have to laboriously make their sites work with as many browsers as possible, and another for the users who simply may not be able to use a site because it's been designed only for a limited number of compatible browsers. The Acid 2 test isn't the final solution, but it manages to put any browser through its paces with a seven-part test.
Still no word on other IE 8 user features--or a release date.
Update: According to Paul Thurrott, we can expect the browser to make its way to users in the first half of 2008. Thurrott also has some details on potential interface changes, including a mention of it sharing some characteristics with Office 2007--sans the "ribbon."
A new security company, Haute Secure, is offering a free beta version of its safe surfing toolbar for Internet Explorer that blocks malware from downloading onto your desktop. Firefox support is expected soon. Entering an already crowded field, the Haute Secure toolbar hopes to distinguish itself by taking the best of Exploit Prevention Labs Linkscanner Pro and McAfee SiteAdvisor, and then adds additional layers of protection. If they can pull it off with the final release, Haute Secure could be a must-have add-on for both Internet Explorer and Firefox.
The Haute Secure toolbar hooks into 70 processes running on your Windows XP or Windows Vista machine. Forty of these are related to browsers (in the initial release, Internet Explorer). The remaining hooks will be used for specific applications such as Microsoft Office PowerPoint and Adobe Acrobat.
Unlike McAfee SiteAdvisor, which tends to block an infected site entirely, Haute Secure allows access to the page after stripping out the malicious elements. And unlike SiteAdvisor, Haute Secure doesn't use a database, but analyzes each page on the fly, similar to the approach used by Linkscanner Pro.
And like Linkscanner Pro, the Haute Secure toolbar is also able to block specific elements of a page that are deemed malicious, allowing you to view the page safely. Haute Secure also uses phishing reports from Stopbadware.org, and can warn you of fraudulent sites, although in initial testing Linkscanner Pro blocked more phishing sites than did Haute Secure on our test machine.
In addition to proactive scanning, the Haute Secure toolbar also uses white and black lists to block known bad sites. Haute Secure was founded in 2006 by former Microsoft security engineers.
UPDATE: Blame them both.
That's the latest update from security researchers who initially laid the blame on Microsoft's Internet Explorer for the latest zero-day exploit that also can afflict those using the Firefox Web browser.
Users could face a "highly critical" risk if they have both IE and Firefox version 2.0, or later, loaded on their computer. The trouble begins when browsing a malicious site while using IE and it registers a "firefoxurl://" URI (uniform resource identifier) handler, which allows the browser to interact with specific resources on the Web. As a result, users may find their systems remotely compromised.
Earlier Tuesday, security researcher Thor Larholm, who discovered the IE flaw, and security research giant Symantec put much of the blame on IE, while Secunia's Thomas Kristensen, chief technology officer, attributed the problem to Firefox versions 2.0 or later.
"It's a little bit of both," said Oliver Friedrichs, director of Symantec's Security Response Center. "You have two very complex applications that are not playing well together and leading to a security issue. The components themselves are secure as stand-alone products but not together."
"Firefox is the current attack vector, but Internet Explorer is to blame for not escaping...characters when passing on the input to the command line," said Larholm, in response to a reader's comments. "I agree that Firefox could have registered its URL handler with pure DDE (dynamic data exchange, the protocol for information exchange) instead and thereby have avoided the possibility of a command-line argument injection, but IE should still be able to safely launch external applications."
Friedrichs noted that while Firefox, which released version 2 in October, has gained in popularity, most Firefox users will also have IE loaded on their computers, since it comes with the Windows operating system.
The number of people who may be at risk could be substantial, he added.
Meanwhile, Kristensen of Secunia said: "A new URI handler was registered on Windows systems to allow Web sites to force launching Firefox if the 'firefoxurl://' URI was called, like ftp://, http://, or similar would call other applications."
But because of the way the URI handler was registered by Firefox, it causes any parameter--which activates a program to perform a particular task--to be passed from Microsoft's Internet Explorer, or another application, to Firefox, when firefoxurl:// is activated.
An attacker may use "chrome" context--the interface elements of a browser that create the frame around its page displays--to inject code on a user's system that would be executed within Firefox, Kristensen said.
"Registering the URI handler must be done with care, since Windows does not have any proper way of knowing what kind of input potentially could be dangerous for an application," said Kristensen. "For example, how should Windows know that the string 'chrome' could be dangerous for Firefox."
Other than avoiding malicious Web sites, system administrators could unregister, or remove, the "Firefox URL" URI handler, as well as change the way Firefox accepts the chrome input, Kristensen said.
When is your shiny new Windows Vista protected against evil Web threats? Not as often as we were all led to believe in those Microsoft Windows Vista ads.
I ran across this post from Microsoft's Internet Explorer blog site shortly after the software giant patched the animated cursor flaw in Windows Vista with the release of MS07-017. Microsoft has said that users running IE 7 under Windows Vista are better protected from the malicious effects of Web exploits such as the animated cursor exploit than users running IE 7 under Windows XP because of the introduction of a new "sandbox" element (called Protected Mode) within the new operating system.
For example, in the case of the animated cursor attack, with Protected Mode enabled, remote attackers can only view files on an infected Windows Vista machine, not run malicious code. Now it seems there are exceptions.
Microsoft says that Protected Mode for IE7 under Windows Vista is enabled by default only for sites within the Internet, intranet and Restricted zones. It is not enabled for Trusted Sites or Local Machine zones. Thus, you are likely to see the Protected Mode icon switch from on to off and back again as you move among sites that fall within different Internet Explorer zones. To remedy this, Microsoft says you must enable or disable Protected Mode for Trusted Sites or Local Machine zones yourself.
To do so, choose Internet Options, the Security tab, select the appropriate zone, then check/uncheck the "Enable Protected Mode" box as appropriate.
There are other times when Microsoft says Protected Mode is disabled within IE 7. Here's a summary:
• If you turn off User Account Control within Windows Vista, you automatically lose Protected Mode protection.
• If IE7 in Windows Vista is launched by right clicking on the IE icon and selecting "Run as administrator" or when IE is launched with administrative privileges from another application, Protected Mode is disabled. An example would be during some software installations.
• When viewing an HTML file on your hard drive (as opposed to the Internet), Protected Mode is disabled. The exception being an HTML saved from the Internet when Protected Mode was enabled; Protected Mode will still be enabled cached on your hard drive.
But the best part of the Microsoft blog comes at the end: "If you visit a page whose zone has Protected Mode enabled and you see the status is 'Protected Mode: Off,' you will want to close and restart a new instance of IE to visit the page."
Or switch to Mozilla Firefox 2.
- prev
- 1
- next
