What’s New In

Internet Explorer 7?

Chris Wilson
PRS203
Group Program Manager, IE Platform &
Security
Microsoft Corporation
1
Internet Explorer
Many different things to many different
people
End users U

Web designers D

Web application developers A

Commercial developers of IE add-ons C

Infrastructure: network admins, CAs, I

etc.
2
Pillars of Internet Explorer 7

Amazing User Experience

Secure and Trustworthy
Browsing
Powerful Web Developer
Platform
3
Amazing User Experience
Browse…Search…Subscribe
U
Tabbed Browsing
High-quality page zoom
Great new print experience
Integrated subscription
platform

4
Demo

IE7 User Experience

5
Amazing User Experience
Flexible Subscription platform

We provide… U

Feed Discovery (in IE) D

Common Platform A

Feedlist, storage, parser, sync

engine
List extensions to RSS
6
Amazing User Experience
OpenSearch 1.1 and extending
search
U
An open way to describe search
providers
D
Developed in cooperation with A9.com
Provided under Creative Commons
license
OpenSearch 1.1 Description
Document
Allows search output in HTML as well as I
RSS
Script API prompts user to add 7
Secure and Trustworthy
Browsing
Security is job #1
U

Dynamic protection against web D

fraud
A
Full user control over add-ons
C
Advanced malware protection
I

8
Secure and Trustworthy
Browsing
Dynamic protection against web
Anti-phishing
fraud service integrated U
into IE
D
User experience highlights
security A
Clear secure connection user
experience
Pop up windows identified with their I
URL
“One Click Cleanup” feature to wipe 9
Demo

IE7 Trustworthy Browsing – Web fraud

protection

10
Secure and Trustworthy
Browsing
Full control over add-ons
Explicit user consent is U
required on first run of
D
installed ActiveX controls
Users can easily enable pre- A
installed controls through the
C
same Info Bar as new controls
Add-ons Disabled Mode for I

recovery
11
Secure and Trustworthy
Browsing
Impeding critical exploits – URL
Special characters complicate URL U
handling
parsing, e.g.
http://www.good.com@bad.com
URLs are often passed as strings, and
some components parse inconsistently
In IE7, we have a single URL parsing C
object
This API (IURI) is exposed for other apps I
to use
Also adds International Domain Name 12
Secure and Trustworthy
Browsing
Impeding critical exploits – cross-
javascript: protocol now runs in-page
domain
Now, <img src=“javascript:foo()”>
doesn’t navigate – we strip “javascript:”
off and run as script inside the page
context

Objects handling data by reference

must understand HTTP redirects
We’ve always had redirect notifications
– but now we lock the data if the object I
doesn’t understands redirects. Objects
that aren’t redirect-aware can’t get
access to the data. 13
Secure and Trustworthy
Browsing
Advanced malware protection
Malicious web pages often install U
malware or modify files by exploiting
buffer overruns or other critical
security exploits in IE or add-ons

Solution: Protected Mode

Reduces the severity of threats to IE and C
add-ons running in IE by eliminating the
silent install of malicious code on the user’s I
system
Protects registry, file system from silent
malware installs
14
Secure and Trustworthy
Browsing
Protected Mode
Protected Mode summary
restricts IE from writing
U
files outside of the Temporary Internet Files
folder
IE’s process has fewer write privileges than
normal User
Protected Mode builds on the Windows Vista
Mandatory Integrity Control (MIC), which
restricts writes C
This means Protected Mode is Windows Vista
only!
I
When IE needs to write outside of the TIF
folder (e.g. File…Save As), we have a
broker process with appropriate privileges 15
Secure and Trustworthy
Browsing
Protected Mode
Same as XPSP2 withchanges ActiveX
a new UAP credential
prompt U
install

16
Secure and Trustworthy
Browsing
Protected Mode
Same as XPSP2 withchanges toolbar
a new UAP credential
U
install
prompt

17
Architectural Overview
Internet Explorer 6 running
Protected ModeQuicktime
I nternetActiveX
Explorer Admin
Admin rights
rights (Highrequired
IL) required

Admin Broker (High IL)

running the Ebay Toolbar and Quicktime ActiveX
At a Low Integrity Level (Low I L)

Install ActiveX
Install ActiveX

Mandatory I ntegrity Control

And Toolbars

User rights
User rights required
(Medium IL) required

User Broker (Medium I L)

Install Toolbars
DownloadDownload
Docs Docs
Save/Change Settings
Save/Change Settings
Allow Add-ons to Elevate

Low rights (Low IL) required

C
Cache Web Content

Compat Layer
Save/Change
Add-on Settings
I

18
Secure and Trustworthy
Browsing
Protected Mode –Sites/LM
Intranet/Trusted compatibility
don’t run in
U
features
PM

Add-ons can restore impacted

functionality
In-proc add-ons (ActiveX controls,
toolbars)
C
File writes get re-routed to the TIF via
compat layer
Registry writes get re-routed to a virtual I
registry
Can call “Save As” API to save files outside of
the TIF 19
Secure and Trustworthy
Browsing
IE Compatibility Evaluator in XPSP2
Identifies features blocking app
functionality
D
In the Windows App Compatibility Toolkit
4.0 A

Blogged on IEBlog in March:

http://blogs.msdn.com/ie/archive/2005/03/17/398435
.aspx I

20
Powerful Web Dev
Platform
“Don’t break the Internet”
“Quirks mode” stays the same - many
platform changes are only in “strict D
mode”
A
We do change behavior under strict
mode
<?xml> prolog doesn’t prevent strict I
mode
21
Powerful Web Dev
Platform
Fixing the top problems
Fixed some serious issues in IE 6
layout D
Incompatibilities with the latest CSS
standard, as well as some nasty bugs in A
the engine
We’ve knocked out the top bugs on
quirksmode.org and
positioniseverything.net, as well as other I
problems
22
Powerful Web Dev
Platform
positioniseverythin Partial bug list
Layout issues in short…
g.net Peekaboo Bug
Quirky Percentages In IE6's
Formatting Model
IE/Win Line-height Bug D
IE6 Border Chaos
Disappearing List-Background Bug
Guillotine Bug A
Unscrollable Content Bug
IE 6 Duplicate Characters Bug
Doubled Float-Margin Bug
Duplicate Indent Bug
Three Pixel Text Jog
I
Creeping Text Bug
Missing First Letter Bug
…and many more issues.
23
Powerful Web Dev
Platform
Adding the most requested
Added top requested standards
features
features
D
PNG alpha channel support
All CSS 2 Selectors A
First-child, adjacent, attribute, child etc.
CSS 2 fixed positioning
CSS 2 :hover pseudo-class works on all
elements I

Polished HTML 4.01 support

<abbr> element, <object> fallback 24
Powerful Web Dev
Platform
Adding the most requested
Native
features XMLHTTPRequest
Better enables DHTML/Atlas applications
D
No longer subject to ActiveX being
enabled A
<select> element now
windowless
Can be visually layered w/ other I
elements
Even more complete 25
Demo

IE7 Web Platform Advancements

26
Powerful Web Dev
Platform
Web developer toolbar
IE toolbar providing a rich tool set
for exploring DHTML and CSS D
with object model and visual
tools A

Downloadable Beta available

shortly
Runs on IE6+
27
Demo

IE Web Developer Toolbar

28
Key Takeaways
We thought this Internet thing would be big one
day…
We’re providing more containment as well
as better arming users to make informed
decisions about their system security
We’re working hard to improve our web
platform
We want your continued feedback to put
out better and better versions of the
platform for you
My email address is cwilso@microsoft.com
(Please put “IE feedback” in the title, and please
DON’T email cwilson@microsoft.com – he’s not the
same guy) 29
Call To Action
What should you do?

Make sure your IE components

(ActiveX, BHOs, toolbars) are
prepared for changes
Give us feedback -
ietell@microsoft.com
Build web applications!
Use the rich platform of IE, DHTML, Atlas
and WPF
30
Community Resources
At PDC
For more information on RSS, go see
DAT320: Windows Vista: Building RSS Enabled Applications
(Thursday @ 14:15)
Hands-on Lab: DATHOL08: RSS in Longhorn
For more on IE in general, or other specific issues:
PNL06: What’s Next for Microsoft’s Web Platform? (Friday @
8:30)
Presentation Track Lounge: IE team members are hanging
out there
Ask The Experts event: stop by the IE table
After PDC
IE Dev Center on MSDN: http://msdn.microsoft.com/ie/
IE Team Blog: http://blogs.msdn.com/IE/ - #1 on MSDN!
IE feedback alias: ietell@microsoft.com
If you missed these related PDC sessions, watch them on
the DVD
PRS200: Choosing the Right Presentation Technology
31
FUNL03: Case Study: Building a More Secure Browser in IE7
 © 2005 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
32
Appendix

33
IE7 Vista vs. IE7 XPSP2
IE7 will be available on
Windows Vista (with some additional
features such as Protected Mode)
Windows XP SP2
Windows Server 2003 SP1
…including 64-bit

34
Servicing Internet Explorer
Users
Servicing the software users use the
most is a huge commitment
Huge increase in quality and
responsiveness of IE Servicing
40% hotfix regression reduced to ~0%
Zero recall class GDRs since February 2004
Hit our days-to-solution targets for hotfixes
ZBB’d Critical vulns, down to last Importants
Major strides in security
IE 6 in XP SP2 reduced exploits by 40%+

“SP2 is tough as nails...” – Greyhats

Security Group 35