Cenzic 232 Patent
Paid Advertising
web application security lab

Say Goodbye to IE6.0! Hello IE7.0!

There’s an interesting article over on PC World about an auto-update that Microsoft is pushing on Feb 12th. This update will be an automatic update of IE6.0 to IE7.0. That’s right, folks… all you people who were writing exploits against IE6.0 will have little to no market share left. Here comes IE7.0. IE7.0 has a few significant improvements for XSS but probably the most notable change beyond the user interface is the anti-phishing technology.

I can completely see why Microsoft is taking this approach - although I think people who aren’t used to IE7.0 will revolt until they get used to it. But if you think about it from their biggest customer’s perspective - they want their users to stop getting exploited. It’s bad for business, it’s bad for security and it’s bad for public relations. So for all of you who had come to know and love IE6.0, you might as well go download it now and beat the curve. Resistance is futile! Although there are instructions on how to stop the upgrade if you really need swim upstream.

11 Responses to “Say Goodbye to IE6.0! Hello IE7.0!”

  1. Phil Says:

    Oh?. :(
    why not update to FireFox?
    _____________________________
    Firefox download.
    http://www.spreadfirefox.com/node&id=215121&t=209

  2. Ned Batchelder Says:

    This will decrease the ie6 share, but perhaps not enough: big companies can still require their desktops to stay on ie6 until they are ready to shift the whole company over.

  3. just a lurker Says:

    if microsoft were *that* bothered about security they’d make ie6 et al upgrade to firefox ;)

  4. Disaster Says:

    Wow, was about time :o I’ve been wishing for so long that M$ released at least a fix for IE6, if not an update like this one. Not that I love/use IE6, but being a web designer, I guess you get my point.

  5. Dan Weber Says:

    How will this be different than before? I’ve had two “automatic updates” try to install IE7 on one of my Windows machines, and I’ve simply said “do not upgrade” each time.

    This time will I have no choice?

    (I’m not averse to IE7, it’s just that I like having older stuff around for testing.)

  6. kuza55 Says:

    “but probably the most notable change beyond the user interface is the anti-phishing technology.”

    The same anti-phishing technology which is “not a security feature” according to the MSRC? The same security feature which can be bypassed trivially in many ways including this one: http://kuza55.blogspot.com/2007/05/universal-phishing-filter-bypass.html

    Don’t get me wrong, IE7 is in a much better shape than IE6, but the phishing filter is only a step above useless.

  7. Ronald van den Heetkamp Says:

    I doubt that pirated copies are updated, well let’s say: 32% marketshare? ;)

  8. Krijn Hoetmer Says:

    @Ronald:
    The second paragraph on http://blogs.msdn.com/ie/archive/2007/10/04/internet-explorer-7-update.aspx says “With today’s “Installation and Availability Update,” Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users.” But I can’t check that, of course :)

  9. Deb DeLucia Says:

    I don’t have a problem going to IE7, however, I have several support sites that I use regularly that do not support IE7. I have to keep one machine at IE6 to go to these sites. Should they have to fall into compliance before Microsoft forces it’s users to?

  10. Adrian Says:

    Oh man. I don’t know anyone that loves IE6. And this push, if it goes through in February, will bring a chorus of hallelujahs from web designers, me included.

  11. Someone Says:

    Hmm… IE7 actually has more vulnerabilities than IE6 because it’s newer (duh). But who cares? If you are going to use IE you might as well just get rid of your firewall and a/v because you are going to get pwnt.