Advantages – Security is often cited as the primary reason for users switching from MSIE to Firefox. Security is of utmost importance for software [...]]]> Most of Firebird’s advantages are MSIE’s disadvantages, and vice-versa. This article will look at some of the advantages and disadvantages of Firefox in relation to MSIE.

Advantages – Security is often cited as the primary reason for users switching from MSIE to Firefox. Security is of utmost importance for software that interacts with remote computers, in an era of high security risk activities such as online banking.

Firefox has fewer security holes and a tighter schedule of disclosing them. The enhanced security in Firefox is due to a multitude of factors the system’s inclusion of more source code reviewers and a better bug reporting system and exclusion of VBScript/ActiveX, often the source of vulnerabilities.

Meanwhile, Microsoft has been clamoring for years to try to clamp down on the MSIE security holes. It acquired an anti-spyware product, which it released under the banner of Microsoft AntiSpyware. It also promises its new Windows Vista platform will be more secure. However, Microsoft’s track record to date has done little to boost the confidence of today’s user.

Standards compliance – Firefox has vaulted ahead of MSIE with improved support for standard web protocols, such as its superior stylesheet compatibility. Since MSIE had a leading marketshare, the company had less interest in conforming to web standards, and instead focused on proprietary protocols, with the goal of maintaining their market position. That is, the focus of Microsoft was to try to convert as much of its userbase to writing webpages and web applications that required a proprietary MSIE-approach, so that down the road, users would be less able to move off a Microsoft platform.

As a result, Microsoft neglected for years to improve support for basic open standards. For example, transparent PNG graphics did not work all the way through to MSIE version 6.

Multiple operating system platforms – Firefox is available for users who runs Windows (Windows 98 through to Windows XP), Mac OS X, all the leading versions of Linux, as well as some lesser-used operating systems. In comparison, Microsoft has dropped development for Mac, and other non-Windows systems. Furthermore, Microsoft has ceased new development even on their own versions of Windows, making the new MSIE only available to users who have a license for Windows XP.

Firefox also has a similar user interface among the different operating platforms. For deployments that have a mix of operating platforms (such as Linux for the techs, Macs for the graphic designers, and Windows for the accounts department), moving to Firefox for everyone thus brings technical support costs down.

Time-saving browser innovations Internet communication and interaction is a core component for most modern businesses. Efficient use of web browser time translates to increased profits, so innovations to help workers do their tasks faster are welcomed. Firefox leads MSIE in this regard, with out-of-the-box features such as integrated Google search in the toolbar, placing the find-within-page box at the bottom of the browser window so as not to obscure the text, and so on.

Disadvantages Retraining – Any switch of software incurs a retraining cost. However, a switch from MSIE to Firefox requires only a mild amount of retraining. The switch from MSIE to Firefox is designed to be easy, with proper import of bookmarks and other settings. Browser interfaces are becoming standard, so understanding how to get up and running is not usually a problem. There are some only minor adjustments. For example, “Internet Files” in MSIE is called “Cache” in Firefox. One can use a downloaded MSIE theme so that the Firefox user interface even more closely resembles that of MSIE.

Incomplete migration – In a business with Windows computers, if the switch from MSIE to Firefox is incomplete, it can cost more to offer technical support for both browsers. This argument would only apply to shops whose Windows computers are all Windows XP. Since the new MSIE is only available for Windows XP, if there are different Windows versions (such as Windows NT or 2000), then the technical support team already needs to support different types of MSIE browsers. Another consideration, however, is that even an incomplete switch from MSIE to Firefox could result in less technical support, since the Firefox users would be less likely to need help with fixing their computer after an MSIE-related security breach.

The principle behind Protected Mode is to limit the [...]]]> Adobe Reader X and Google Chrome also potentially vulnerable

Researchers have found a chink in Internet Explorer’s ‘protected mode’ security armour that hints at trouble for other Windows apps built around the technology, including Google’s Chrome and Adobe’s new Reader X.

The principle behind Protected Mode is to limit the privileges of an application process, which first appeared with the advent of Explorer 7 on Vista. These are set by the OS for IE according to six Mandatory Integrity Control (MIC) levels, the lowest of which is applied to all apps running from untrusted zones such as the internet.
In a new paper, however, Verizon Business researchers document ways that an attacker could elevate the privileges of a process to zones where Protected Mode would not apply, such as the local intranet network (which uses UNC paths) or by spoofing the trusted sites list.

This leads to the possibility of a relatively simple attack in which malware executes as a low priority process which creates a virtual web server tied to a local software ‘loopback’ port. Although this process will also be shut out by protected mode, it would be able to point IE to a web address which appears to be in the Local Internet Zone.

By this point, the web page will be able to render at medium integrity, a potentially dangerous privilege escalation.

“By exploiting the same vulnerability a second time, arbitrary code execution can now be achieved as the same user at medium integrity. This provides full access to the user’s account and allows malware to be persisted on the client, something which was not possible from low integrity whilst in Protected Mode,” the authors note.

As the authors admit, the degree of protection offered by IE protected mode has always been ambiguous. Microsoft has made few direct claims for it, but has not downplayed its abilities either.

The weakness found by Verizon doesn’t directly affect other applications that use protected mode security, such as Adobe Reader X or Google Chrome, but it does show how such protection mechanisms will remain open to attack based on the fact that some elements of a system have to be trusted.

Adobe’s Reader X ’sandbox’ was launched recently to overcome persistent and successful attacks using crafted PDF files opened with prior versions.

In reality, the need to attack IE and Reader X using clever and stealthy attacks is low given that so many users persist in using older and even more vulnerable versions of the software.

The world’s biggest software company today issued a security advisory and warned of a loophole that was used by Chinese hackers to attack dozens of US companies – the same attack that [...]]]>

Microsoft has admitted that its Internet Explorer browser was the weak link used by hackers to attack Google’s systems in China.

The world’s biggest software company today issued a security advisory and warned of a loophole that was used by Chinese hackers to attack dozens of US companies – the same attack that led Google on Tuesday to announce its plan to drop the censorship of its search engine in China.

“In a specially-crafted attack… Internet Explorer can be caused to allow remote code execution,” said Microsoft in its security alert.

The company added that it had not yet fixed the vulnerability in the world’s most popular web browser, which is used by around two thirds of internet users.

The attacks, which apparently attempted to steal personal information on Chinese dissidents and the code that runs some of Google’s critical services, also hit a number of other companies, said to include Yahoo and US defence contractor Northrop Grumman.

Microsoft confirmed the existence of the loophole after an investigation by internet security firm McAfee and information from Google and Adobe.

“As with most targeted attacks, the intruders gained access to an organisation by sending a tailored attack to one or a few targeted individuals,” said George Kurtz, McAfee’s chief technology officer, adding that the hackers would then use the Internet Explorer bug to infect the victim’s computer.

“Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.”

The company’s admission is at odds with earlier consensus – largely based on a report from security firm iDefense – that it was Adobe’s own software that had been used for the attacks.

Earlier this week experts had suggested that a “zero-day vulnerability” – jargon for a previously unknown software loophole – had been used to exploit a “major document type”, thought to be Adobe’s PDF format. By sending an infected document to target users, iDefense suggested, the hackers had been able to compromise victim’s computers and launch further attacks.

Now, however, it appears that the strike – which analysts are now calling “Operation Aurora” – was carefully orchestrated using the hidden bug in Microsoft’s systems.

The Chinese government yesterday issued its first response to the claims by Google, saying that it was opposed to computer crime and had been the victim of cyberattacks itself in the past. However, the statement, issued by the country’s foreign ministry, also contained a veiled threat to other companies who may be considering following Google’s stand.

“China has tried creating a favorable environment for internet,” said a spokeswoman. “China welcomes international internet companies to conduct business within the country according to law. China’s law prohibits cyber crimes, including hacker attacks.”

Last week, Google announced that its applications such as Google Docs would [...]]]> If you are one of the estimated 45 million Americans still using version 6 of Microsoft’s Internet Explorer Web browser, it may finally be time to update to Internet Explorer 8, thanks to a shove from Google.

Last week, Google announced that its applications such as Google Docs would no longer support IE6 beginning March 1. Google’s move may have been prompted by the recent news that a vulnerability in IE6 was exploited by Chinese cyber-terrorists to attack U.S. companies, including Google, late last year.

Google’s announcement came just one week after Germany, Australia and France issued warnings to the public against using IE6.

Stopping just short of a similar warning, the United States Computer Emergency Readiness Team (US-CERT), a part of the U.S. Department of Homeland Security, recently encouraged PC users to review Microsoft’s Security Bulletin for Internet Explorer and make any necessary updates to mitigate risk.

In a statement to TechNewsDaily, the Department of Homeland Security said: “As US-CERT becomes aware of attempts to compromise government and private sector systems, we disclose this information to federal and industry partners and the general public in order to prevent or minimize disruptions to critical information infrastructure and protect the economy, government services, and the national security of the United States.

Microsoft Security Bulletin MS10-002 was made available to all Windows users through the Windows Update feature.

But patching the 8 1/2 year old program will not solve all user problems because many Web sites have phased out support for IE6. Facebook and YouTube phased out support prior to Google’s announcement, and Microsoft itself will drop its support by 2014. Rather than waiting for a prompt to upgrade, computer users can easily do it before they run into delays.

An easy upgrade
The first step is to determine the browser and its version running on your computer. An easy way is to open your browser and type in http://www.WhatBrowser.org, a site created by Google for just this purpose. The Web site will display the name of your browser and its current version number.

If it’s Internet Explorer 6, it’s time to update.

Microsoft has made it easy for PC users to keep their systems up to date. By enabling Microsoft’s Auto Update feature available in XP, Vista and Windows 7, users will never miss an important update. Here’s how to update to IE8 and set your computer for automatic updates in the future:

Click on the Windows start button in the lower left hand corner of the computer screen and then click on the Control Panel to open that window.Look for Windows Update and double click to open it.

Before proceeding with any updates, select ‘change settings’ from the menu to the left of the box showing updates. Be sure ‘Install updates automatically’ is selected. You may set the frequency of installation to every day (recommended) or a specific day of the week and you may select a specific time of day.

This feature allows installations to be made when they are less likely to interrupt your workflow.Click okay and return to the Windows Update information box. Click on ‘Install Updates.’

If you were not previously using this automated feature, it is likely Microsoft Windows has a backlog of updates before it can proceed with the IE8 update.

That’s okay: Authorize the updates and keep an eye on the screen for additional permissions needed. Vista users will need to authorize each installation, while others may proceed without any intervention.

At the end of the process, you will be asked to restart the computer. From that point on, updates should be automatic.

No matter what browser is running on your machine, it is important to keep it up to date. The good news is that updating any browser is a simple process that only requires a few minutes.

Keeping your browser up to date means having the latest in browser improvements including reliability, speed and most important, security.

Internet Explorer lags well behind its rivals when it comes to supporting the latest emerging web standards.

Not only is that bad for IE’s users, but Microsoft, once an innovator (one of the single most useful standards for today’s web, XMLHttpRequest, began life at Microsoft), isn’t even [...]]]>

Internet Explorer lags well behind its rivals when it comes to supporting the latest emerging web standards.

Not only is that bad for IE’s users, but Microsoft, once an innovator (one of the single most useful standards for today’s web, XMLHttpRequest, began life at Microsoft), isn’t even part of the discussion any more.

We’re hoping to see Microsoft become relevant again when details about IE 9

arrive later this year, but in the mean time it seems the web is doing its best to pick up Microsoft’s slack.

Take, for example, HTML5 video, which has been making waves lately with YouTube, Vimeo and other jumping on the native video bandwagon (although neither site supports open video codecs). Unfortunately, Internet Explorer users can’t enjoy native video since even the latest version of IE doesn’t know what to do with the HTML5 <video> tag.

Luckily for those that would like to stick with IE and enjoy native web video, Cristian Adam is working on a plugin for Internet Explorer that implements the HTML 5 video element. Adam’s work draws on Vladimir Vukicevic’s attempt to support the HTML5 canvas tag in IE8. Taken together, IE8 users can get at least some benefits of HTML5.

Adam’s HTML5 video support works with the free, open Ogg Theora video codec and the latest version features better Windows 7 support. Don’t hold your breath for an H.264 version of the add-on, since that would require Adams to pay licensing fees (one of the many, many reasons H.264 is bad for the web).

So far, Adam calls HTML5 video in IE a “Technical Preview,” and things are indeed very basic — there’s no seeking, no video controls and no HTML5 interface. If web-based HTML5 video controls like SublimeVideo catch on then lack of embedded UI controls won’t matter since site developers can easily add their own.

Web developers who would like to support Adam’s hack will need to add the xmlns="http://www.w3.org/1999/xhtml/video" attribute to turn on the <video> tag for Internet Explorer.

The great promise of HTML5 is that it will turn the web into a full-fledged computing platform awash with video, animation and real-time interactions, yet free of the hacks and plug-ins common today.

While the language itself is almost fully baked, HTML5 won’t fully arrive for at [...]]]>

The great promise of HTML5 is that it will turn the web into a full-fledged computing platform awash with video, animation and real-time interactions, yet free of the hacks and plug-ins common today.

While the language itself is almost fully baked, HTML5 won’t fully arrive for at least another two years, according to one of the men charged with its design.

“I don’t expect to see full implementation of HTML5 across all the major browsers until the end of 2011 at least,” says Philippe Le Hegaret, interaction domain leader for the Worldwide Web Consortium (W3C), who oversees the development of HTML5.

He tells Webmonkey the specification outlining the long-promised rewrite of the web’s underlying language will be ready towards the end of 2010, but because of varying levels of support across different browsers, especially in the areas of video and animation, we’re in for a longer wait.

Most web pages are currently written in HTML version HTML 4.01, which has been around since the late 1990s. The web was mostly made up of static pages when HTML was born, and it has grown by leaps and bounds since then. Now, we favor complex web applications written in JavaScript like Gmail and Facebook, we stream videos in high-definition, we consume news in real-time feeds and generally push our browsers as far as they’ll go. These developments have left HTML drastically outdated, and web authors have resorted to using a variety of hacks and plug-ins to make everything work properly.

HTML5 — which is actually a combination of languages, APIs and other technologies to make scripted applications more powerful — promises to solve many of the problems of its predecessor, and do so without the hacks and plug-ins.

We’re already close. All the major browsers are providing some level of support for HTML5.

“There’s strong support already in Firefox and Safari. Even Microsoft IE8 has some partial support,” says Le Hegaret, referring to some code within HTML5 that enables the browser to pass information between pages.

Browser makers are approaching support incrementally, adding features little by little with every subsequent release. Some, like Mozilla, can build new features into the next release in a matter of months. For others, like Microsoft, it takes much longer.

Google Chrome is maturing extremely quickly and already supports most of HTML5. This is mostly because Google didn’t start from scratch — the company chose to use the open source Webkit rendering engine, the same one used by Safari. Still, this doesn’t mean both browsers support HTML5 equally.

“Video support between Safari and Chrome, despite the fact that they are both using the same underlying engine, is totally different because video support is not part of the Webkit project at the moment,” says Le Hegaret.

It’s actually this very issue — support for playing videos inside the browser — that continues to be one of main factors blocking the broad adoption of HTML5.

The way the specification is written now, website authors will have the ability to link to a video file as simply as an image file. The video plays in the browser without using a plug-in, and the author can create a player wrapper with controls.

But browser vendors are stuck arguing over which video format to support. Mozilla, Google and Opera are interested in the open source Ogg Theora video format. Apple has substantial investments in its Quicktime technology, so it’s pushing for the Quicktime-backed H.264 format. Microsoft wants people to use its Silverlight plug-in, so Internet Explorer isn’t supporting native video playback in the browser at all.

Google has voiced support for Ogg, but it has also recently made a bid to purchase On2, a company that makes a competing video technology. Rumor has it Google might release On2’s video technology under an open source license once the sale is complete.

Until these issues are sorted out, consumers and content providers alike are forced to rely on plug-ins. Le Hegaret says that while these plug-ins have certainly helped the web arrive where it is today, they continue to be a burden on the user.

Setting up any browser to support both H.264 and Ogg Theora requires at least one plug in, which harms the user experience.

“It’s hard today to ask people to install a plug-in unless the payoff is huge,” he says. “What’s driving the most successful plug-in, which is Flash, is video support. If you can’t see YouTube, your life on the web is pretty miserable. You’re missing a lot.”

Plug-ins aren’t just harder on web users, but they’re hard on web developers, too.

“Building with Flash or Silverlight in a way that lets you share information between the content appearing inside the plug-in and the rest of the page presents some challenges,” says Le Hegaret.

Unlike its predecessor, HTML5 has been designed with web applications in mind. The current HTML5 specification includes a media API that makes it easier to connect animations or video and audio elements — things traditionally presented within a Flash player — with the rest of the content on the page.

“You get a smoother application if you use HTML5. You’re not crossing a software layer. It’s all part of the same application.”

Unfortunately, the YouTubes of the world aren’t going to make a baseline switch from Flash to HTML5 unless they know there’s strong support for it in the browsers.

But they are testing the waters: Wikipedia is experimenting with HTML5 video support by serving Ogg Theora video to browsers that can handle it, and Flash to everyone else. YouTube and the video site Dailymotion have also set up special demo pages using this technique.

Le Hegaret says we’ll be in this period of transition — a dual-experience web where content sites serve HTML5 video along with a Flash fall-back — for a while.”

Web developers will continue to have to understand that not everyone is using the latest generation web browser, and that’s OK in the short term.”As far as being able to make the switch to a pure HTML5 web altogether, Le Hegaret says that’s only possible once browser vendors sort out their differences.

Once that day arrives, the final switch to HTML5 will be in the hands of the content providers. It’s up to them to begin coding for HTML5 standards and ditching support for old browsers.”

There are still a significant amount of people out there using IE6,” says Le Hegaret. “As a developer right now, you can’t really ignore it. Hopefully, in two or three years, you will be able to start ignoring IE6.”

With the latest releases of Opera, Google Chrome and Firefox continuing to push the boundaries of the web, the once-dominant Internet Explorer is looking less and less relevant every day.

But we should expect Microsoft to go on the offensive at its upcoming MIX 2010 developer conference [...]]]>

With the latest releases of Opera, Google Chrome and Firefox continuing to push the boundaries of the web, the once-dominant Internet Explorer is looking less and less relevant every day.

But we should expect Microsoft to go on the offensive at its upcoming MIX 2010 developer conference in Las Vegas, where, it has been speculated, the company will demonstrate the first beta builds of Internet Explorer 9 and possibly offer a preview release of the browser to developers. Several clues point to the possibility that the next version of IE will include broad support for HTML5 elements, vector graphics and emerging CSS standards. If Microsoft plays its cards right in Vegas, IE 9 could be the release that helps IE get its groove back in the web browser game.

The biggest clue comes from the scheduled sessions for MIX, which takes place mid-March. There’s a two-part talk scheduled on HTML5, entitled HTML5 Now: The Future of Web Markup Today, by Opera Software’s Molly Holzschlag.

Indeed, Holzschlag tells Webmonkey she expects Microsoft to step up HTML5 support in IE9. “Look especially for Microsoft to be working on browser storage and other HTML5 features,” she said in an e-mail.

There’s also a session on IE and SVG, the vector graphics tools supported by pretty much every other browser. IE Senior Program Manager Patrick Dengler is scheduled to present on the Future of Vector Graphics for the Web.

Couple these clues with a post from the IE team on its official blog late last year about increased JavaScript rendering speeds and CSS support, and the team’s recent push to provide better support for SVG graphics and animations, it looks like IE 9 will present a huge step forward for Microsoft into the realm of HTML5, CSS 3 and other modern technologies that drive the most forward-thinking web apps.

Such a shift in thinking would be welcome. Picking on Internet Explorer Explorer is like fishing with dynamite — it’s just too easy to be fun anymore. In fact, many prominent forces on the web have stopped arguing against IE and simply started waving their hands in dismissal. It started with a few developers, but recently even Google has turned up its nose at IE, referring to it as a “non-modern” browser when talking about web standards and releasing its Chrome Frame plug-in to enable IE7 and IE8 users to run more advanced web apps. Worse, third-party developers have started to one-up Microsoft by hacking features into IE, like giving it the ability to display HTML5 video playback when none existed.

The current release, IE8, which shipped on every Windows 7 desktop in 2009, caught Microsoft up to where other browsers were in 2007 with support for CSS 2.1 and a couple of token HTML5 tools — most notably the offline storage elements. But that’s where its support for emerging standards ends.

At PDC09, Microsoft’s last big developer event, president of the Windows division Steven Sinofsky promised that Internet Explorer 9 was going to offer a “more modern” (there’s that word again) browsing experience and emphasized coming improvements in performance, JavaScript rendering, support for existing web standards and support for HTML5 and CSS 3.

But Sinofsky tempered his statements by saying Microsoft will continue to be “responsible” about how much it supports HTML5, so that “we don’t generate a hype cycle for things that aren’t there yet across the board for developers to take advantage of.”

While Microsoft is technically correct when it keeps saying that HTML5 isn’t finished, its failure to offer broad support for the new markup language has held IE back from the web’s cutting edge. The company has traditionally been reticent to support emerging standards, viewing them as a moving target and choosing only to concentrate on standards that have been ratified by the W3C, the web’s governing body. But delays at the W3C haven’t stopped the competition from forging ahead with HTML5, and if IE doesn’t start embracing the new laws of the land now, the browser’s dominance on the web is going to continue to crumble.

We contacted a Microsoft rep for this story, but they chose to save any further talk of IE9 until MIX

Printing webpages can be irritating, specially when they are full of advertisements and other clutter.

Your printouts are never focused on the actual content and you find all sorts of headers, menu items, advertisements and [...]]]>

Printing webpages can be irritating, specially when they are full of advertisements and other clutter.

Your printouts are never focused on the actual content and you find all sorts of headers, menu items, advertisements and other clutter congesting your prints. The actual content gets pushed to several pages.

Not only it costs you more in terms of more wasted inks and papers, it is also very irritating because a simple one page content might get divided into multiple pages.

Printee – Internet Explorer (IE) addon to Avoid Ads, Clutter when Printing Webpages

Printee is a simple addon for Internet Explorer, which can avoid all sorts of clutter and let you focus on the actual content. It allows you to pick and choose what you want to print and avoid other elements on the webpage.

Features of Printee

1. Condense any web page down to just the content you want, no anything useless
2. Reducing your paper and ink usage
3. What You See Is What You Get
4. Support Ecofont, Save 20% Ink
5. Send by Mail, Share with friends
6. Improve Readability of the Web Page only one key (Ctrl-G)

Download here http://www.irido.com/index.html

The plug-in allows suitably coded web pages to be displayed in Internet Explorer using the Google Chrome rendering engine. Redmond warned that the plug-in made IE less secure as soon as it became available back in [...]]]> Microsoft has helped discover a flaw in the Google Chome Frame plug-in for Internet Explorer users.

The plug-in allows suitably coded web pages to be displayed in Internet Explorer using the Google Chrome rendering engine. Redmond warned that the plug-in made IE less secure as soon as it became available back in September, an argument bolstered by the discovery of a cross-origin bypass flaw in the add-in security controls though not to go all the way and drop malware onto vulnerable systems.

Microsoft and security researcher Lostmon are jointly credited with discovering the vulnerability in Google’s browser add-on.

Google acknowledged the flaw and urged users to update to version 4.0.245.1 of Google Chrome Frame. All users should be updated automatically to the latest version of the software, which also tackles a number of performance and stability glitches. Chief among these are problems handling iFrames, as explained in Google’s security advisory