Establishing Digital Trust: Don't Sacrifice Security for Convenience
More than any topic, security reigned as the most pervasive theme during the online discussion, including when end users could see the next patch for vulnerabilities in IE.
IE staffers said the XP SP2 service pack is currently available for download as release candidate 2. That means it's not completed, final or stable yet, and that the final stable SP2 is coming soon.
The chat came in the wake of recent security concerns with the browser, and expectations for fixes in the next version of IE. The browser's ActiveX scripting vulnerabilities have been faulted in several recent high-profile attacks that hit Web sites running Microsoft IIS 5.0 servers.Within hours of Microsoft releasing its patch last week to plug a hole in its IE browser, a Dutch security expert posted code on his site that revealed the patch still leaks.
''ActiveX often receives much criticism but I do not believe it is true that it is the source of bugs,'' wrote Dave Massy, an IE Program Manager. ''In Windows XP SP2 we have done much to reduce the opportunity for inadvertently installing software. It is true that a great many crash reports coming in to Microsoft are from 3rd party extensions to Internet Explorer and in SP2 we have improved the mechanism to identify the culprits and inform them so they can improve their software.''
Although Microsoft staffers picked the questions they wanted to answer, they did not shy away from the tough ones.
Asked by one questioner why he should waste his time supporting IE when other browsers don't require as much ''upkeep'', IE Product Unit Manager Dean Hachamovitch says IE remains a target.
''IE is a super powerful Web browser that hundreds of millions of people choose to use,'' Hachamovitch replied. ''As long as they're using it, MS is going to keep making it better. As long as that many people use it, there will be bad people who try to take it down.''
Others asked about features they would like to see in future versions of IE, such as the tabbed browsing feature now common in most alternative Web browsers (including Mozilla, Opera, Konquerer, Safari), and including RSS.
The Microsoft engineers avoided tipping the company's hand on whether those features were in the works, but did note the interest of users calling for them.
Users peppered the forum with questions about how IE handles and implements Web Standards, in particular IE's support for the various Cascading Style Sheet specifications including the CSS3 specification.
''CSS3 has actually been in progress for a number of years and you'll find that IE6 already supports some parts of CSS3 such as vertical text layout,'' wrote Massy. ''This is particularly useful for Far Eastern languages. We can't at this time commit to implementing every part of some of these recommendations but we look at these carefully.''
Hachamovitch said he hopes all of the IE developers have non-IE browsers installed. ''I have a few others installed on my machines because I want to see what other people are using, what they like, and how it works,'' he explained.
Another online participant asked if hundreds of millions of people choose to use IE or if it is forced upon them, in a reference to the browser wars on the desktop between Microsoft's IE and Netscape.
''People choose,'' replied Hachamovitch. ''Hundreds of millions of people actively use Windows and they get to choose. Nothing in Windows as it ships keeps them from downloading other software that extends their browsing experience (e.g. the Google or Ebay toolbars) or changes it (e.g. an alternative browser).''
Throughout the session, which involved more than 100 participants, members of the IE team appeared at home on the hot seat. ''I've worked at Microsoft for 14 years and I have always felt like the underdog,'' said Hachamovitch. ''Maybe the road behind us looks easy, but at the time going it wasn't. I welcome the feedback today. Getting informed is the only way I know to get better. The day we don't get heated feedback I'll be concerned.''
This article was first published on internetnews.com.