IE7 Bug Reports Flooding In 259
the JoshMeister writes "According to ZDNet, bug reports are already flooding in for Microsoft's new Internet Explorer 7 Beta 2 Preview. Specific issues include the possibility of arbitrary code execution as well as incompatibilities with McAfee Security Center, anti-spyware programs, and online banking sites." From the article: "... browser testers may already be at risk, according to security researcher Tom Ferris. Late Tuesday, Ferris released details of a potential security flaw in IE 7. An attacker could exploit the flaw by crafting a special Web page that could be used to crash the browser or gain complete control of a vulnerable system, Ferris said in an advisory on his Web site. Microsoft had no immediate comment on Ferris' alert."
Duh! (Score:5, Insightful)
Re:Duh! (Score:4, Insightful)
Re:Duh! (Score:2, Insightful)
Re:Duh! (Score:2, Insightful)
Re:Duh! (Score:2, Funny)
Re:Duh! (Score:2)
Google has the benefit of most of the code running on their own hardware. A better example would have been the FireFox team, but even then it would have to be admitted that writing a good browser is pretty fucking hard.
Re:Duh! (Score:3, Interesting)
I think the notable part is its the same bugs as IE 4 had.. and IE 5... and IE 6...
Re:Duh! (Score:3, Informative)
Re:Duh! (Score:2, Insightful)
What would be news-worthy is if Microsoft completely ignored all of the bug reports and went Golden Master tomorrow...
Re:Duh! (Score:5, Insightful)
Re:Duh! (Score:3, Insightful)
Re:Gotta love those MS-apologizers (Score:2)
Wow (Score:4, Funny)
Re:Wow (Score:4, Insightful)
I don't even see how this is a news-worthy... it's a beta!
Bug reports already? (Score:3, Insightful)
Taken with grain of salt... it's still beta.
yeah, but those aren't all bugs in IE (Score:2)
good! (Score:5, Insightful)
(anyone who would use it - or anything else beta - in a production environment is insane)
Re:good! (Score:2)
OMG.... (Score:2, Insightful)
Of course it has bugs. Grow up already.
Security is Job 1? (Score:3, Funny)
Re:Security is Job 1? (Score:2, Insightful)
Re:Security is Job 1? (Score:3, Interesting)
What surprised me about beta 1 was that they hadn't even finished implementing features that were already on the final product's feature list. Actually, it seemed that they hadn't actually finished deciding what was going on the feature list.
Most people would consider that development stage to be alpha - beta is where you have finished implementing the feature list and you are now after feedback from the cus
Re:Security is Job 1? (Score:2, Insightful)
Re:Security is Job 1? (Score:2)
This a good thing (Score:5, Insightful)
Why is this front page, unless it's just the usual knee-jerk, let's-find-something-bad-to-say-about-Microsoft thing that makes Slashdot less than useful for info about anything about Microsoft.
Yeesh.
Re:This a good thing (Score:5, Insightful)
Why is this front page
This is on the front page for a number of reasons. First, it is somewhat indicative of the quality of the new software MS is planning to release. Yes, betas will have bugs, but no comment has been made about the remote exploit from MS, nor about the myriad failures to implement CSS properly. The number of bugs found in such a small time, is a meaningful metric and of interest to people here. It indicates to many of us, that the final version is still unlikely to properly implement the spec and that whatever new security practices MS is employing are probably not working to stop vulnerabilities. (Gee, big surprise.) The number of incompatibilities with current banking and other Websites is a useful indication to how much work the Web designers among us are likely to have ahead of us.
Second, because of the design of Windows and IE you can either install this beta for testing, or you can install the current IE, but not both. This means a number of people will install the beta, but end up also using it as an everyday browser, since they don't want to be constantly installing and uninstalling it for testing. Thus, security concerns with this beta may actually be a real concern. Those among us working to secure networks may want to account for this by restricting use of this browser for the time being.
Finally, the number of bug reports is a useful metric for gauging interest in the product, which is also of concern to people here.
mod abuse (Score:2)
Story is inaccurate... (Score:5, Interesting)
The guy is not a professional anything, I mean he lists workarounds as 'Firefox'; which just shows how little he understands the security field which he claims to work in (A workaround should be a way to fix or bypass the bug, not a blind pointer at some random other product, even the Linux Security guys know that).
Re:Story is inaccurate... (Score:2)
In most cases, yes - a workaround should allow you to continue using your current product. However, in some cases the affected product is considered so fundamentally flawed that alternative products must be considered. Even CERT has
Re:Story is inaccurate... (Score:2)
Re:Story is inaccurate... (Score:2)
Re:Story is inaccurate... (Score:2)
Bill not a programmer? (Score:3, Insightful)
blakespot
Re:Story is inaccurate... (Score:2)
Bug identification & research for a beta relea (Score:5, Funny)
Not surprised by the bugs... (Score:3, Informative)
It's.. Beta? (Score:5, Insightful)
The past builds were also riddled with bugs, and the IE developers are very involved with testers to fix them. It's not like they're just sitting with their hands over their ears yelling "LA LA LA LA I can't hear you!"
Re:It's.. Beta? (Score:2, Insightful)
Of course, in reality, I use Firefox for everything, so it's a moot point for me, but nevertheless it doesn't make sense to me that someone would release a beta product and have it install over top of a production product.
Re:It's.. Beta? (Score:2, Informative)
More annoying than the bugs.. (Score:5, Interesting)
I'm not asking them to spend money advertising the fact that they're way behind the curve on browsers, just to stop lying to me.
Re:More annoying than the bugs.. (Score:2, Insightful)
I personally don't see why this is a problem, but then I'm one of those strange people that happens to agree with the notion of paying for commercial software.
b) Requires a reboot,
Well, it's the usual tight integration with Windows, so I expected as much. Yeah, it's a bit of a pain, but if you're prepared to install a piece of beta software on your machine, rebooting it is hardly an issue, is it?
c) Actually attempts to pass off things like tabbed browsing and a
Re:More annoying than the bugs.. (Score:2)
It's free!!! What other piece of software, that is not Microsoft's, makes you verify the OS on which you are running it? It's crazy that this is required! How can it be a positive!?!?
Re:More annoying than the bugs.. (Score:2)
Yes, but Windows isn't, and Microsoft are taking the opportunity to check that your version of Windows isn't ripped off. The reason that I have no issue with it is that I'm happy to accept the terms and conditions under which I can run my copy of Windows, which doesn't include not paying for it.
In much the same vein, I would expect people using the free software I create to comply with the
Re:More annoying than the bugs.. (Score:2)
Or... much more likely, since I've already bought Windows, entered a serial number, and, in some cases, activated the copy, I'll just use one of the
Re:More annoying than the bugs.. (Score:4, Insightful)
Ok, this doesn't buy the customer much, but is it really all that big of a pain? Do you just conceptually object to Microsoft asking "is that a valid Windows you're using?"
Requires a reboot
I am not thrilled about this but given the wedding of the browser rendering component and the rest of the user experience ("OS"), i can't say i am surprised. You have to reboot after uninstalling it also, by the way
Actually attempts to pass off things like tabbed browsing and a search bar as innovative (really, take a look at the "demo" they bring you to when you first install it).
Consider part of the target market for IE7: People that are happy enough with the features of IE6 that they haven't bothered looking at Firefox yet. For them, tabbed browsing and a search bar are new and innovative. These are things that everyone will potentially benefit from but not all people will seek out and discover by themselves.
Part of the reason my grandfather uses a computer at a public library to do web surfing and write email is because Microsoft brings "cool stuff" away from the realm of the early adopter and puts it in the hands of everyone.
Re:More annoying than the bugs.. (Score:3, Interesting)
While not surprising, it's still crap.
The core flaw is that under Windows you can't delete a file that is in use. The accepted solution is to set up a little script to run on reboot that deletes the file and replaces it with the new version. That's sad and stupid.
The Unix solution allowing you to delete an in use file solves the problem. It has
Re:More annoying than the bugs.. (Score:3, Insightful)
where can I download the OpenBSD version ?
Re:More annoying than the bugs.. (Score:2)
d) Changes file associates such as .jpg back from (your favourite jpg viewer) to Microsoft apps.
So let me get this straight .... (Score:4, Informative)
Treat IE 7 as IE 6? (Score:5, Interesting)
if (browser is Internet Explorer) then
emit HTML code that works around the numerous rendering bugs of IE
else (Mozilla, Netscape, Opera)
emit standards-compliant HTML code
With this kind of (flawed) logic, IE 7 will often be identified as IE, and hence be provided with IE 6-specific HTML code, whereas it should have been sent "correct" HTML code. The result may be, well, interesting
I really don't see what Microsoft can do against this. They can't expect millions of web sites to be updated overnight just to support IE 7.
Re:Treat IE 7 as IE 6? (Score:2)
Perhaps, for compatibility, they could make the UserAgent string pretend to be Mozilla? Put the real identifier in brackets where the obsolete website scripts don't expect it.
Obviously there's no precedent for this kind of shenanigans at all, but it might be worth a try :)
Re:Treat IE 7 as IE 6? (Score:2)
Re:Treat IE 7 as IE 6? (Score:5, Insightful)
Microsoft has eliminated several bugs that made it easy to identify IE6 and apply hacks to the CSS. For example, the "* html" selector let you apply CSS rules just for IE because it's ignored by standards-compliant browsers. Now IE7 ignores that too. However, the need for hacks is still there. IE7 still does not implement several important CSS features that necessitated the hacks in the first place, such as min-height.
If Microsoft were to decide that this beta was "close enough" or even if it fixes just the minimum number of things to keep major sites from breaking, that's not going to help. Designers will end up needing an entirely different set of hacks to make up for the fact that IE7 is *still* not a complete CSS2 implementation.
Report Non-Compliance As A Bug (Score:3, Insightful)
The web community should start flooding the bug reporting for the IE beta with reports about CSS and XHTML/HTML standards non-compliance. Anything IE 7 does that isn't in line with web standards should be reported as a bug, by as many people as possible. And we should keep reporting these, daily, until the IE team wakes up to web standards and decides to support them.
Then, webmasters can make one version of the website that works in all modern browsers.
Re:Treat IE 7 as IE 6? (Score:2)
Re:Treat IE 7 as IE 6? (Score:2)
- which pieces of w3c standard? Specific functions/entries/styles/elements.
- a code written to the standard may crash the system as well. The following wabbit:
#!/bin/bash
$0 &
$0 &
will bring most Linux/UNIX systems down to their knees, despite being a perfectly correct shell script. It's a design caveat, not a language specs error.
Just fix design bugs in your JS program instead of complaining the code is standard-compilant but crashes.
Re:Treat IE 7 as IE 6? (Score:2)
so now you will have to test against 4, 5, 6 AND 7
Re:Treat IE 7 as IE 6? (Score:2)
So what if it's a beta? (Score:2, Informative)
Nasty security flaw that Microsoft missed (Score:4, Insightful)
An attacker could exploit the flaw by crafting a special Web page that could be used to crash the browser or gain complete control of a vulnerable system
So, this is actually a relevant article, despite its initial appearance.
We've got some new additions and enhancements to IE, and here we have a flaw that can give an attacker complete control over the user's computer!
I guess this is a taste of things to come in Vista? Evidence that Microsoft's secure code development practices are mostly just verbal pacification?
Re:Nasty security flaw that Microsoft missed (Score:2, Insightful)
Actually you don't. There's a flaw that can crash the browser, but the reporter of this offers no proof that it will result in code execution or the ability to take over a user's computer. Very few buffer overruns result in code execution, and without proof, it's just another crash.
Looking at how the reported went public before the vendor has a chance to respon
Re:Nasty security flaw that Microsoft missed (Score:4, Interesting)
Fairly official response [msdn.com] (taken from another comment).
So it appears that Microsoft's new development practices caught this bug internally before it was caught in the public beta, to find bugs like this. It also seems that the overrun is caught and dealt with (causing a crash as overruns should, but not allowing any degree of "control") by the system they are using for development anyway. Apparently the original article has not proven that the bug could be exploited at all yet anyway, so a response from his end will be required before this can really be seen as anything other than the sort of thing that's to be expected from a beta release.
Re:Nasty security flaw that Microsoft missed (Score:2)
Because...
you think it means that IE7 is this woeful security flaw.
Your comprehension of my post seems to be at fault, as I have made no such claim or representation.
The issue I am bringing up is that Microsoft is supposed to have spent millions on securing its development process. If this is the case, Microsoft now seems to have provided evidence that its supposedly secure development process isn't as fantastically secure as claimed.
Error in article... (Score:3, Funny)
Not so - they tried to post a reply on his site but their browser kept crashing.
Using beta for banking (Score:3, Informative)
I don't just mean IE either. Firefox in it's pre 1.0 days had a bug where tabs could read form data from other tabs. Like credit card numbers. All the way up to 1.0.
Why aren't beta's being released with some sort of self-setting desktop wallpaper that says "Look dipshit this is a beta product, and not like Google Beta TM, like buggy beta, so spare a seconds thought before you go doing your finances".
In next weeks news: some stupid fuck loses his identity and $20000 minutes after using IE7 Beta to pay his bills, therefore IE7 is bad.
Re:Using beta for banking (Score:2)
So, if you are one of those Microsofties that refused to use alternative browsers, you could easily get stuck using IE7 for your banking.
Re:Using beta for banking (Score:2)
Re:Using beta for banking (Score:2)
Re:Using beta for banking (Score:2)
Re:Using beta for banking (Score:2)
Oh, heck, you don't even need to google it yourself. Here's one way [asp.net] of doing it without changing your standard renderer. You can use a similar technique to get a standalone
Re:Using beta for banking (Score:2)
What kind of dumb-ass uses a beta browser for their banking anyway?
The same kind of dumb-ass that runs an OS that won't let you install multiple versions of the same browser simultaneously; the same kind of idiots that use any version of IE for banking; and the same kind of morons that use a banking site that requires IE. Basically, I'd say that includes about 50% of the people who installed the beta.
MSIE 7 in the wild (Score:4, Interesting)
The UI is ugly (Score:2)
The Acid 2 CSS Test (Score:3, Insightful)
Safest Browser ever (Score:2, Funny)
MS Mantra: "Make the customer pay." (Repeat.) (Score:2, Insightful)
This release qualifies as no more than an alpha. Anyone who feels otherwise has either done little beta testing, or refuses to open their eyes. (And no, I am not a MS basher. In fact, I still use IE6.) Think about it. It's been over a year since Firefox began stealing
From the IE Team Blog (Score:4, Insightful)
I'm sorry, but I take issue with this, particularly with a product being beta-tested, but really, with any product. Users need to know what exploits are known. If there are serious, known, security flaws in IE, that may very well affect my decision of whether or not I want to install it on my system. THe idea of keeping it hush-hush doesn't really help anyone.
Gee, its BETA SOFTWARE! (Score:3, Insightful)
1) NOBODY is forcing you to install a beta product. If you are curious or impulsive, and feel compelled to install beta software, your doing so at great risk to your security and data. Whether it's Microsoft beta's, Google beta's, or Linux Beta's, you are accepting that risk by the nature of installing beta software (its in the disclaimer)
2) THE REASON for beta software is to open it up to wider testing to CATCH AND FIX Bugs. This is a good thing, that bugs are flowing back to Microsoft. It will force them to fix the bugs and strengthen the product.
3) No, you CAN'T Sue, see 1)
4) Get a life. I mean, if IE 7 was in full release and these bugs were being reported, I would jump on the bandwagon myself and fire a few shots at MS, but this is still beta software, it isn't even a release candidate yet. Its intended for people with a brain to install it at their own risk and test the product, to REPORT bugs is the definition of what Beta software is. Obviously lots of stupid people are installing IE 7!
This is NOT NEWS, this is sad. To report and complain that Microsoft's beta software is full of bugs suggest a complete bias, prejudice, and ignorance towards them without merit or provocation. This is not microsoft screwing up, this is microsoft doing what countless other software companies do, release a beta in order to get feedback and bug reporting in order to fix and strengthen the product.
When FireFox 1.5 beta was released, it was full of bugs, but people praised Mozilla for their innovation and success. I can't stand double standards.
XHTML support (Score:4, Informative)
Let's explain something. (Score:2)
Tons of bugs found in Beta 2: Important news. MS QA screwed up by allowing it to leave alpha stage. Programmers did the usual thing, wrote the program, but the QA screwed up a big time by passing it as beta. It's not beta, it's alpha, released prematurely.
Complaining that bugs were reported in IE7 Beta is silly. Bashing the fact that a FLOOD of bugreports appeared is good slashdot frontpage news, meani
Excellent! (Score:2)
Not satisfied with the non-security of IE6? Download IE7 for free!
There was an immediate comment (Score:2)
Wait until it's released! (Score:2)
Not so fast.... (Score:2, Informative)
Re:Microsoft Beta Crap (Score:2)
My my my, how's that possible, that the preview release of a beta version could be less stable as a software released 5 years ago is unheard of, i'd suggest you to sue Microsoft.
Re:Microsoft Beta Crap (Score:2)
Ideally, they should be showing off how great their new version is. Not showing off how many bugs it still has.
Re:Microsoft Beta Crap (Score:2)
Re:Microsoft Beta Crap (Score:2)
What is the point of this post?
Well maybe it's so that those of us who don't regularly try out "bleeding-edge" products can learn what is good and what is bad.
While I take eveything I read on /. with a pinch of salt, I would expect the posters to be among the more technically literate. So a post like this is a great heads up to me as a Web Developer who also has input into supported platforms that neither Vista or IE7 are ready for consideration let alone usage.
And as for the various people saying tha
Re:Note: Its BETA (Score:2, Insightful)
There you go, I corrected it for you. (no karma bonus checked for all those Gzealots)
Re:It's actually quite good.... (Score:2)
Re:It's actually quite good.... (Score:2)
Re:Mozilla developer considered "suspicious" (Score:2)
In Soviet Russia, joke puts finger on YOU!
Carry on.
Virg
Re:More Vulnerabilities == More Fun (Score:2)
I would love to be a blackhat, but I just can't stand running Windows. I'm quite torn: I want to do my part to cause Billy some pain for what he's done to me and others, yet I just can't bring myself to run his software in order to make that happen.
Re:More Vulnerabilities == More Fun (Score:2)
Re:Fried System (Score:2)
I'm just impressed that installing a user-level application (a web browser) is able to interfere with Wireless drivers in anyway what so ever.
Maybe I'm a dinosaur not seeing the benefits of integrating webbrowsers into wireless-drivers, but can someone please tell me how any sane architecture could allow this? Thanks. That's all.
Re:Can we sue? (Score:2)
If Apple slapped a big "BETA" sticker on the iPods, nobody could do a shit about any faults in them.
Re:Ahh... what a relief... (Score:4, Funny)
Right?
Re:Does the number of bugs really matter in Beta? (Score:2)
The real question is if they will fix all the problems that people find before sending IE7 to retail.
You consider that a question? Well, here's the answer. No. Implementing a broken version of the standard benefits them so they will make sure there are plenty of bugs left in the way they implement HTML, CSS, etc.
Re:Does the number of bugs really matter in Beta? (Score:2)
Pardon my ignorance, but will you elaborate on this some more?
Sure, this is MS's embrace, extend, extinguish strategy. Open standards promote interoperability and competition, both of which are detrimental to MS's business. As a monopoly, anything that makes it harder for someone to move to an alternative product benefits them. They can assume most people are using their monopoly products, so they don't need to worry too much about interoperability for people switching to their monopolized products.
In t
Re:If this were Google.... (Score:2)
You mean the oath of Hipocrates, to save lives no matter what and to follow the code of conduct in the job of physician? In this (IT) context that would mean that some posters fight for the good of software, for security and stability against all the odds, against corporate, governmental and law pressure, to make code better. Yes, amazing phenomenon, beyond rational response.