Welcome to MSDN Blogs Sign in | Join | Help

XPSP2 and its slightly updated user agent string

Hi, I’m Christopher Vaughan, and I’m the lead project manager for the Internet Explorer team. I’ve worked on IE on and off since the IE 3.0 days, and have been involved in every major Windows release since Windows 95. I work with Dean, Scott, Tony, Dave, and the others who have or will be posting here to make sure that the IE team is working on the right things and at the right times.

I wanted to drop a quick note to make sure people knew about an update to our user agent string in Windows XP Service Pack 2. We’ve added "SV1" to the UA string so it’ll start looking something like this:

HTTP_USER_AGENT              :Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)

This will let site authors know that they’re being visited by someone who’s running an IE browser on the latest, most secure Microsoft platform. Right now only XPSP2 has this token, but soon you’ll see this token show up on other platforms as we bring our security enhancements to them.

SV1 stands for "Security Version 1" by the way. We’re proud of the security work that we’ve done in XPSP2 and wanted to be sure that site authors had some way to differentiate users running the latest version of IE.

Also, I'd like to remind folks that there's an online chat scheduled with members of the IE team on September 9th. See the chat schedule for details. See you there!

Till next time!
-Christopher
Published Thursday, September 02, 2004 1:45 PM by ieblog

Comments

# SV1?

Thursday, September 02, 2004 2:06 PM by J. King
Forgive me, but isn't it much simpler to just bump up the version number? IE's UA string is too long to begin with and already quite filled with less-than-obvious information.

Why the insistance on staying at version 6.0 when IE has obviously had several major enhancements?

# re: XPSP2 and its slightly updated user agent string

Thursday, September 02, 2004 3:26 PM by Barry Dorrans
There is a downside. Now the spyware manufacturers can customise their installers and you end up with screen shots like the one I blogged about at http://idunno.org/displayBlog.aspx/2004082901

# re: XPSP2 and its slightly updated user agent string

Thursday, September 02, 2004 4:36 PM by Rory Parle
Why does IE claim to be Mozilla? Or even Mozilla compatible? There are several major browsers more like Mozilla than IE is.

# re: XPSP2 and its slightly updated user agent string

Thursday, September 02, 2004 6:55 PM by Sears Young
FYI, when you install SP2 on a Windows XP Tablet PC Edition machine the UA string will be updated to include "Tablet PC 1.7", in addition to "SV1".

# re: XPSP2 and its slightly updated user agent string

Thursday, September 02, 2004 7:03 PM by snowknight
Rory
Its a legacy of the browser wars. When IE still had little market share, it, like many other browsers, started copying Netscape's UA which has always started with "Mozilla". This was to prevent it from being locked out of sites. When IE became a major web browser, other browsers began to mimic it.

# re: XPSP2 and its slightly updated user agent string

Friday, September 03, 2004 1:23 AM by Simon F. P. Murray
Regarding the 'Mozilla' prefix on the string- given that things have now inverted, and we find browsers like Opera putting 'IE' etc. in their default using string... do you suspect 'Mozilla' on IE's user agent string will ever be dropped- perhaps as a sign that IE stands on its own feet now, if nothing else?

# re: XPSP2 and its slightly updated user agent string

Friday, September 03, 2004 7:18 AM by Milan Negovan
The only good reason (that I can think of) to sniff for "SV1" is to accomodate the unwanted status bar in dialog windows. See http://www.aspnetresources.com/blog/sp2_early_tweak.aspx.

# Security Version 1

Friday, September 03, 2004 5:28 PM by ad Weblog
With Windows XP Service Pack 2 the web browser user agent string changes for internet explorer to SV1 aka "Security Version 1". Like that´s logical! Hence, what did we have before SP2 - only security version 0 ? [small rant]

# re: XPSP2 and its slightly updated user agent string

Friday, September 03, 2004 10:23 PM by J. King
I'm not so much worried about the past as much as the future. How does this new identifier age? Under what kind of circumstances will we see SV2? Would a hypothetical MSIE 7.0 still be SV1? Will it not have any SV identifier? Has the SV identifier become the new version number with the "MSIE #.#" substring forever frozen?

Logically, all future versions of IE will have at least the same security measures and likely supperior ones as new vulnerabilities are found and addressed. "SV1" would quickly become meaningless.

# re: XPSP2 and its slightly updated user agent string

Saturday, September 04, 2004 2:53 PM by Adam Hauner
Why is such problem to increase minor version of browser? Everybody in browser business is doing such thing, so Microsoft has to do something different? Will MSIE 7 be in UA string "MSIE 6.0; ... SV1a"?

# re: XPSP2 and its slightly updated user agent string

Sunday, September 05, 2004 8:30 AM by Eric
Security Version 1! Haha! I'm glad after six versions, you've finally decided to add security. :D

# re: XPSP2 and its slightly updated user agent string

Sunday, September 05, 2004 8:31 AM by Greg K Nicholson
What's gonna happen if the Mozilla Foundation start insisting that IE can't claim to be "Mozilla" because it dilutes their brand?

# re: XPSP2 and its slightly updated user agent string

Sunday, September 05, 2004 8:38 AM by mangoduck
I reiterate all above comments. And who's idea was it to add sv1 instead of incrementing the version? I have a nice meringue pie for that gentleman/lady. Just how many separate version numbers do we need?

Where's the bit about "Bacon 2.4.x", eh? It is so useful that I can't live without it!

# re: XPSP2 and its slightly updated user agent string

Sunday, September 05, 2004 11:50 AM by Jonathan
Unfortunately, this also allows web sites that used to use pop-up ads to know that the popups would be blocked, and to serve annoying flash ads instead....

# re: XPSP2 and its slightly updated user agent string

Sunday, September 05, 2004 3:47 PM by bob
IE sux

# re: XPSP2 and its slightly updated user agent string

Sunday, September 05, 2004 4:44 PM by realitybath
thanks! updating firefox user agent switcher ie uas

# re: XPSP2 and its slightly updated user agent string

Sunday, September 05, 2004 5:18 PM by Bruce
Popup blockers are usually detectable because the popup window fails to create. That detection method works cross platform and cross browser, so why bother with user agent string stuff?

# re: XPSP2 and its slightly updated user agent string

Monday, September 06, 2004 12:04 AM by a fish
IE is only Mozilla *4.0* compatible. *snicker* Anyway, if the Mozilla people were gonna whine about Microsoft using its name in their user agent string, that would've (and maybe did?) come up during Netscape/AOL's court case against them, if not earlier.

"soon you’ll see this token show up on other platforms as we bring our security enhancements to them."

aha! So there *will* be updates to IE for other platforms! Good to know.

# re: XPSP2 and its slightly updated user agent string

Monday, September 06, 2004 7:39 AM by Soren Werk
We need to sniff for SV1 for the following workaround:

Problem:
When a PDF document *residing in a frame* in IE60 under XPSP2 calls an ASP file with [PDF function] submitForm() nothing displays in the browser window. This seems to be a new bug introduced in XPSP2. Anyone have an explanation?

Workaround:
We normally want the PDF document in the frame but are willing to (have to!) place it outside all frames when we detect XPSP2 - by sniffing SV1.

# re: XPSP2 and its slightly updated user agent string

Monday, September 06, 2004 12:00 PM by Turnip
http://ars.userfriendly.org/cartoons/?id=20040811 - lol

# re: XPSP2 and its slightly updated user agent string

Monday, September 06, 2004 7:38 PM by J. King
Soren Werk:
And what happens when IE is updated to SV2? It would have to a regular expression to be reliable---which would make the whole "SV1" thing moot as the version number could simply be incremented. I -really- don't see the advantage. Indeed, I see only disadvantages in the long run.

# IE in Windows Server 2003 SP1 and Windows XP 64-bit edition v2003

Tuesday, September 07, 2004 4:08 PM by IEBlog

# re: XPSP2 and its slightly updated user agent string

Wednesday, September 08, 2004 5:56 AM by Soren Werk
I agree - "SV1" is a hackish word.

But has anyone else observed the problem we have? (described above)

# re: XPSP2 and its slightly updated user agent string

Wednesday, September 08, 2004 12:26 PM by Iftikhar Ahmed
********************* Soren Werk wrote ***************

We need to sniff for SV1 for the following workaround:

Problem:
When a PDF document *residing in a frame* in IE60 under XPSP2 calls an ASP file with [PDF function] submitForm() nothing displays in the browser window. This seems to be a new bug introduced in XPSP2. Anyone have an explanation?

Workaround:
We normally want the PDF document in the frame but are willing to (have to!) place it outside all frames when we detect XPSP2 - by sniffing SV1.

*****************************


Thanks to Soren Werk on clue to Adobe PDF form submit problem with XP SP2 internet explorer. Although the workaround is really a problem for us as it confuses users when Adobe Form is launched on a separate window.

We will ask Adobe developer support for a solution, we will appreciate if someone can shared with us for any solution to executing PDF forms within Frame/Frameset under XP SP2.

# re: XPSP2 and its slightly updated user agent string

Thursday, September 09, 2004 3:58 PM by Web Designer
The "information bar" is a complete nightmare and disaster for anyone who uses css, layers, gallery type functions, etc. in their designs. Will IE be offering any tools to designers so that every site they've designed this way isn't completely worthless??? Seriously, this is completely unacceptable!

# re: How to detect what .NET Framework 1.1 service pack is installed

Wednesday, September 15, 2004 3:20 AM by Aaron Stebner's WebLog

# re: XPSP2 and its slightly updated user agent string

Thursday, September 23, 2004 12:43 PM by b0
Well this is really wonderful. Now a site that wants to run an exploit against a user will know what patches are on the machine so it will know exactly what exploit to run against the client computer. The site running the exploits will not have to guess. Maybe this is an improvement for the crackers. Is this called "BETTER" security????

# re: XPSP2 and its slightly updated user agent string

Friday, September 24, 2004 4:32 AM by porneL
> Will IE be offering any tools to designers so that every site they've designed this way isn't completely worthless?

IE never did ;)

Maybe instead of doing workarounds add message: "This site looks better in better browser. See Browsehappy.com"

# http://sylvana.net/test/AP4.jpg

Wednesday, September 29, 2004 8:52 AM by Fritz
I just heard you will fix IE crashing on this pic
http://sylvana.net/test/AP4.jpg
just with XP SP3.

Is it true?
How should webmasters or guestbook owners react to this? Disabling links and image posting in blogs, guestbooks and so on?

# Internet Explorer 7 User Agent String

Wednesday, April 27, 2005 10:19 PM by IEBlog
Internet Explorer 7 Beta 1 is fast approaching.  A tiny but significant code change was checked...

# All Notes Technical » Using User Agent statistics to detect website conversion problems

Tuesday, November 13, 2007 1:49 AM by All Notes Technical » Using User Agent statistics to detect website conversion problems

PingBack from http://notes.jschutz.net/7/website-optimisation/using-user-agent-statistics-to-detect-website-conversion-problems

New Comments to this post are disabled
 
Page view tracker