IEBlog

Hi,

Why the option: Tools > Internet Options > Advanced > “Enable memory protection to help mitigate online attacks” isn't available in 64-bit edition of Internet Explorer 8 beta 1 (obviously in Vista x64)?

Although, I can check this option in 32-bit edition of IE8... Does it mean Internet Explorer 64-bit use DEP by default (well, iexplore.exe is "protected" on Task Manager's Process tab)?

Regards,

MusK

@MusK: Great question!  In Windows, all 64-bit processes have DEP enabled automatically.  There is no mechanism to disable DEP for a 64-bit process.

eric: Great post Eric, no beefs at all.

IE Team: What is the strategy for opacity support in IE8?

At the moment, it looks like CSS3 opacity:

 opacity: 0.5;

is off the table (ok, fine), but there is no

-msie-opacity support either (e.g. before the spec is final)

 -mise-opacity: 0.5;

and worse yet, it appears to me (from my testing), that the IE proprietary filter based opacity doesn't work either.

 filter: alpha(opacity=50);

Which in itself sucks, but worse yet, it applies an opacity=0%!!!!!! if you try to set it (e.g. 100% transparent!)

I certainly hope this is fixed in IE8 soon, but if it won't support the legacy stuff, can we please have the filter:alpha fallback to 100% opacity, so that our interfaces at least appear on screen.

By the way, I don't see much ranting about this on the blog?  Am I truly the only one to have seen this? or was this found very early on?

Eric Lawrence just posted some commentary about IE8 and DEP/NX. As you may know, IE7 supports DEP/NX,

Markus: That was discovered quite some time ago :)

https://connect.microsoft.com/IE/feedback/ViewFeedback.aspx?FeedbackID=331735

Does JRE now work with DEX/NX enabled? That was the primary plug-in that crashed for me so I left DEP off in IE7 on Vista.

@Derek: Yes, in our tests, current versions of the JRE run correctly with DEP enabled when running on IE8 on Vista SP1.  

The DEP option is grayed out for me.  I'm running Vista SP1 x86.

@chrisbro

to enable DEP in IE7 you have to run IE7 "as administrator" once (right click on IE7 -> run as administrato, enable memory protection, close IE7)

@chrisbro

to enable DEP in IE7 you have to run IE7 "as administrator" once (right click on IE7 -> run as administrator, enable memory protection, close IE7)

what if the computer don't have a processor with DEP? mine doesn't have one. is DEP/NX Memory Protection in Internet Explorer 8 still useful for people who do not have processor with DEP

I find it safer if you provide the users the ability to access to Add-ons and delete that add-ons, which it provide very useful for anti-malware staffs.

Also it is a recommended because sometime, the file are unable to delete, and is still in use with IE, user should be able to delete it, and restart the IE to stop the malware from multiplying.

So, of the major addons, Google, Yahoo! and Windows Live Toolbars, Silverlight, Flash and Java have to be DEP-compatible. Which ones already are?

@Anonymous: We haven't encountered DEP-compatibility problems with the current versions of any of the plugins that you've mentioned.

@KW: Virtually all processors for sale in the past few years support DEP, but you're correct to note that older processors may not.  Without processor support, the DEP option will provide comparatively little protection.

Note: In prior years, some major OEMs shipped computers with DEP-capable processors, but (for reasons I don't understand) disabled the DEP feature in the system BIOS.  In such cases, users typically can re-enable hardware support for DEP by using the BIOS setup screen.

In Vista, ALT+Enter in search box doesn't open up in a new tab, is it security related?

In XP it works fine.

@mocax = Since IE7 was released, CTRL + T will get you new tab, similar to Mozilla Firefox.

ALT+Enter in the search box is opening a new tab for me on Vista.

IE Team at Microsoft blog about the security improvements on IE8 which is currently in its beta stage

A bit OT but is the Temporary Internet Files cache overflow problem fixed in IE8?

Its the problem where the TIF becomes bigger then its specified size. It still happens to me on IE7.

Lucan, Anonymous: in Vista, IE8, Alt+Enter no longer creates a new tab for me, either.  XP is fine, though.  Will debug if nobody else gets it...

I'm intrigued by this indirectly, being a Windows developer developing in ATL, MFC and COM

How do I get hold of atl 7.1 SP1?

Am I already running it, given that I'm running VS 2003 (with SP1 applied), or is atl 7.1 sp1 a separate download?

If so, which version number should I be looking for?

C:\WINDOWS\system32\atl71.dll

is versioned as:

7.10.6030.0

Can anyone help?

Mike

@Mark: ALT+Enter being broken only on Vista is a known issue in Beta-1, thanks.

@Mike: You'll get the latest version of ATL when you install the VS service pack.  7.10.6030.0 is the latest version.

@iron2000: The TIF settings are not a strict maximum.  Instead, they determine the threshold that kicks off the cache scavenger, used to remove older / less important cache entries.  

So, while browsing, IE may temporarily exceed the set value (e.g. while downloading a large file) but eventually the cache scavenger will run and clean files to get the cache down under the size quota.

Sul Blog del gruppo di Internet Explorer parte una mini serie di Eric Lawrence dell' Internet Explorer

Hi, I’m Matt Crowley, Program Manager for Extensibility with Internet Explorer. The team was very excited

We wtorek swoją premierę miał Firefox 3. W jednej wypowiedzi Window Snyder powiedziała: In setting out to elevate Firefox's basic security, Snyder is also compelling Microsoft and Apple, maker of the Safari browser, to follow her lead — or get ou

As someone whose email address is posted in thousands of forum posts, newsgroup discussions, and blogs,

Internet Explorer 8 - Security

Si sta avvicinando a grandi passi il rilascio della Beta 2 della versione 8 di Internet Explorer . Come

The next beta for Internet Explorer has been released for broad distribution to the public, according

Back in June, Dean Hachamovitch kicked off a series of blog posts explaining how the IE team approached