There’s an interesting article over on PC World about an auto-update that Microsoft is pushing on Feb 12th. This update will be an automatic update of IE6.0 to IE7.0. That’s right, folks… all you people who were writing exploits against IE6.0 will have little to no market share left. Here comes IE7.0. IE7.0 has a few significant improvements for XSS but probably the most notable change beyond the user interface is the anti-phishing technology.
I can completely see why Microsoft is taking this approach - although I think people who aren’t used to IE7.0 will revolt until they get used to it. But if you think about it from their biggest customer’s perspective - they want their users to stop getting exploited. It’s bad for business, it’s bad for security and it’s bad for public relations. So for all of you who had come to know and love IE6.0, you might as well go download it now and beat the curve. Resistance is futile! Although there are instructions on how to stop the upgrade if you really need swim upstream.