The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 I am Puneet Arora and I’m a Program Manager on the IE team at Microsoft’s India Development Center (IDC). The team started just 6 months ago and has just the right mix of fresh engineering graduates full of zeal, people with prior experience and some old time Microsoft veterans. The focus for the IDC team is making IE great for IT professionals. For IE7 for both...

In the past, we’ve called upon website operators to ensure they are using HTTPS securely . This time, I’d like to tell you about the changes IE7 has made to improve the security and user experience for HTTPS connections. Safer Protocol Defaults HTTPS uses encryption to secure your Internet traffic to protect it from snooping or tampering by others on the network. HTTPS uses either the Secure Sockets Layer (SSL) or the Transport Layer Security (TLS) protocols to protect data. For Internet...

We’re starting to see the first round of sites and pages breaking due to the CSS fixes we have made. We would like to ask your help in cleaning up existing CSS hacks in your pages for IE7. It is has been our policy since IE6 that under quirks doctype we will not make any behavioral changes so that existing pages will continue to render unmodified, but under the strict doctype we want to change behavior to be as compliant as possible with the web standards. For IE7, we introduced new CSS functionality...

The IE October 2005 security updates are now available! This group of security updates is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update . I would encourage you to upgrade to Microsoft Update if you haven’t already. Information about the IE Security update can be found at: MS05-052 – Cumulative Security Update for Internet Explorer (KB# 896688) This security update package contains fixes for the following...

We are currently working on the icon for feeds and have some designs to share. It’s orange. It’s rectangular. Check it out on the RSS blog . - Jane

Tony and Rob have just wrapped up their keynote here in Kuala Lumpur, and I wanted to make sure that the resources they talked about are listed here both for the benefit of the conference attendees who wanted to get to them and to everyone else who couldn’t be here today. The talk spoke to how Microsoft’s Security Development Lifecycle (SDL) has influenced the development of IE 7. Specifically, and quite obviously if you’ve been reading this blog, IE 7 isn’t just about patching problems but about...

The information published in this post is now out-of-date. —IEBlog Editor, 21 August 2012 Tony Chor , Rob Franco , and myself are in Beijing today as we make our way to Kuala Lumpur for the Hack-In-The-Box conference . We have a great team over here in what we call the ATC (Advanced Technology Center). In the past 6 months they’ve gone from just starting to adding serious value to IE 7. The folks over here have already contributed to IE 7 by re-writing the select control which Chris Wilson...

Hello, I’m Marc Silbey, a Program Manager focused on IE security. I’m back from my honeymoon and I want to follow-up to Rob’s last post on IE7 Security by providing you with more detail on Protected Mode’s compatibility features and by telling you about a related workaround to a known issue in the first Community Technology Preview (CTP) build of Windows Vista. As Rob mentioned, Protected Mode helps to eliminate the silent install of malicious code through Windows Vista’s User Account Protection...

While Rob Franco and Chris Wilson were presenting and getting feedback at PDC, I spent most of my time in smaller discussions (for example, with Paul and Joe ) about the security work we’ve done in IE. The discussions reminded me that, before most of the team was working on IE7, before Rob posted about our overall approach to IE7 security, we heard three things about IE and security over and over: "take it out of the operating system (or integrate it less), get rid of ActiveX, and rewrite IE to be...

The developer community has asked for a long time: Where is the free developer toolbar for IE? We recognized the popularity of free IE tools like Fiddler and we listened to your feedback. I am glad to announce the next addition to our developer tool support: The IE dev toolbar. This tool will help developers to explore their HTML documents and understand everything about it. With the IE Dev Toolbar you have several features at your fingertips to go deep into existing pages or pages that you are...

I realized as I read through the comments to my last blog post that I forgot to mention one important item that was in my presentation. We have fixed the DOCTYPE switch so it will skip an XML prolog, so that valid XHTML can be handled in strict compliance mode rather than quirks mode. I’ve also been reading comments for some time in the IEBlog asking for support for the “application/xml+xhtml” MIME type in IE. I should say that IE7 will not add support for this MIME type – we will, of course,...

As Aaron mentioned, the IE team collaborated with A9/Amazon on OpenSearch 1.1. This blog post is a story about how the collaboration took place. IE7 Beta1 shipped with a set of 5 search providers and there wasn’t a way (short of hacking the registry) to add more search providers. When we started looking into how a site should describe itself, our first thought was the ‘src’ format . After all, it was pretty simple and it could describe how to construct the query to get the search result page back...

It’s our goal to make it easy for IE7 users to personalize their list of search providers. The user should be able to target their search directly to site of their choice: MSDN, Intranet portal, Team Sharepoint, PubMed, NYTimes, Costco, USPS, Amazon, WikiPedia, Ebay, Craigslist, etc. My last blog post mentioned we will be adding extensibility for Internet Explorer’s new Search Box in Beta 2. We’re announcing the API at PDC during Chris Wilson’s talk on IE7. Here are the details. The scenario has...

I’m here at the Microsoft Professional Developer Conference 2005 in Los Angeles, and I just finished giving my presentation entitled "What’s New in IE7?" to a pretty full house (for a late afternoon session). I’m still pretty pumped up from my talk, but I wanted to share the features we haven’t previously mentioned (and repeat a few we have) for everyone who didn’t make it to the PDC. Expect to see more detail on these features in the near future here on the IEBlog, and of course these features will...

The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 If you are here at the PDC you probably know that the Keynote presentation went much longer than expected today. Because of that, all of the lunch talks were cancelled, including my talk, “FUNL03 Case Study: building a more secure browser in IE7”. There was already a group of folks waiting in the audience. When the cancellation was announced, I gave folks the option...

Hi, my name is Tariq Sharif and I am a Program Manager on the IE Security team. One of the threats users face on the web is phishing. Today, I want to tell you about the Phishing Filter in IE7, a new security feature designed to dynamically warn users if they visit a phishing site. I’ll cover the filter service communication flow, show you what some of the filter notifications look like, how can you report a phishing site and most importantly I will let you know the process of reporting an...

The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 I’ve been keenly interested in extending Internet Explorer since long before I joined the team last fall. MSDN provides some great documentation on how to extend Internet Explorer, but as a longtime IE enhancer, I’d like to highlight some of my favorite resources. IE provides a number of mechanisms that permit software developers to extend the browser in powerful ways...

We've already started talking about a few of the CSS changes that are going to be available in IE 7 when we release, but there are a few hanging points that we haven't talked about yet or haven't covered completely. There are 3 specific items I'd like to talk about: Using the root node wild card selector for IE only rules (* HTML) [strict mode only fix] Multi-class selectors as defined by CSS 2.1 (.floral.pastel) [strict mode only fix] Pseudo-element parsing sometimes flags rules as invalid...

One of the purposes of releasing the IE7 beta is to collect feedback on compatibility with both websites and extensions and we continue to look at all the reports we receive of sites and applications not working. There are reasons for this such as the base tag change that we blogged about recently and also bugs that we are detecting that you’ll see addressed later in the project cycle. However the most common issue we continue to see for web sites not working are that they are blocking access or...

Based on some discussion in the Microsoft-WaSP task force , I wanted to explain a little more of the internal workings of IE to help web developers with their daily IE work. In this installment, you will find an article up on MSDN (as part of the ongoing “ Exploring Internet Explorer” series) about the implications of an element having a “layout”. There are several bugs in IE that can be worked around by forcing “a layout” (an IE internal data structure) on an element. The most famous workaround...

My last post was intended to introduce our overall security strategy and the specific features in IE7 Beta1 for XP SP2 and Windows Vista. A lot of responses to my post were questions about why and how the Microsoft Phishing Filter in IE7 will check websites. We have also have heard from a number of site owners who want to know how they can correct an evaluation of “suspicious” or “confirmed phishing”. Before we continue posting on the rest of the IE7 security features, I want to let you know that...

For IE 7 we decided to make some changes to the way the <BASE> tag is handled to bring it up to spec and at the same time fix some really odd behavior. In the process we expect some people relying on the previous behavior to have to update their content otherwise they may find their site doesn't work exactly as planned. Most of the old functionality is still there, but there are some key differences. To start, in previous versions of IE, you could place the BASE tag anywhere in the document...

The first Microsoft product I ever shipped, Windows 95, launched 10 years ago today. Around the same time we also launched Internet Explorer 1.0 (though with considerably less fanfare), which quickly gave way to IE 2.0 (which shipped with the Plus! Pack for Windows 95). 6 years later we launched Windows XP, which shipped IE 6.0. That’s more or less 1 new version of IE a year for 6 years. Of course the pace with which we ship versions of IE has dropped off since then with our most notable recent release...

The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 As some of you have noted in the comments, I will be doing a keynote presentation at the Hack in the Box conference in Kuala Lumpur, Malaysia on September 28. The title of my presentation is “Internet Explorer Security Past, Present, and Future”. I’ll be talking about the kinds of threats we’ve seen, how we started to address them in Windows XP SP2, and our plans to go...

The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 Today we launched a new column on MSDN called “ Exploring Internet Explorer ”. Currently there is a single article there from Eric Lawrence on Zones and Proxies where he explores some of the interesting ways that the intranet zone and proxies can interact. We expect to add more articles to this column over the coming weeks. If there is a particular mystery of Internet...