IE7 to be Pushed to Users Via Windows Update

dfrick writes "CNET is reporting that IE7 will be pushed to users via Windows Update. This has serious implications for e-commerce websites whose functionality might be affected by any bugs in the software. Also to have end users suddenly using a new browser right before the holiday shopping season could magnify the cost any bugs that might create a bad user experience on sites."

Another Get Firefox day coming soon...

Well we just celebrated the Get Firefox day. Perhaps the day IE7 gets pushed via Windows update would be yet another Get Firefox day.

Re:Another Get Firefox day coming soon...

Whoa, let's not get crazy here. Now, I like firefox as much as the next reasonably intelligent computer user. But it's got a memory footprint like the goddamned Galactus. It is literally the beast that cannot be fed. Firefox operates like a beowulf cluster dividing by zero simultaneously.

//has seen it easily use u[ 1.5gb+ of ram before.

Re:Another Get Firefox day coming soon...

ActiveX controls. Some people might, you know, want to use them.

Re:Another Get Firefox day coming soon...

Frankly, I've never understood the demonizing of ActiveX technology. Actually, I've never even understood why people seem to concentrate only on the embedded controls in MSIE when ActiveX is about COM integration on the whole Win32 platform... Anyway, assuming we only care about browsers: the reason why you might want ActiveX is the same why you might want plugins or extension: to make the browser do something MORE than render (D)HTML. Unless you also hate Java applets, plugins, FF extensions and Opera widgets, how can you hate ActiveX? Its only problem is that people blindly click on "Yes please install this dialer". How is that a tech problem? I call PEBKAC! Besides, when a java applet pops up and asks for permission to elevate its privileges, how come that's good and holy, yet when an ActiveX control does the same that's so disgusting?
All this coming from someone who DOES dislike the my-broswer-makes-coffee-too mentality so common today. But really, why do you single ActiveX out?

Re:Another Get Firefox day coming soon...

Simply because it's permanently browser dependent and proprietary, and thus has no place on any website whose purpose isn't related to pushing updates into windows installations.

Why single out ActiveX?

But really, why do you single ActiveX out?

You must be new here. Here are a few reasons, some of them obvious:

1. A lot of people dislike it simply because it is made by Microsoft. Not very rational but a fact none the less.
2. I haven't kept up to date on MSIE security issues but ActiveX used to be a source of security risks. That may have been fixed but even if it has, the stigma has stuck.
3. ActiveX is only available with MSIE which only runs on Windows so it is widely seen as an attempt to achieve vendor lock. MSIE can be made to run on Linux and soon on OS.X via WINE but that happens without Microsofts blessing and I am not at all sure how well ActiveX works with a WINE'd MSIE install on Linux.
4. Because of the Windows only nature of ActiveX any website that is based on it but offers content that has appeal to more people than just Windows users ActiveX kind of sucks since they can't use those websites. Where I used to work half the development department used Linux laptops for work related resons and they had to jump through flaming hoops to access the corporate web app used to track trouble reports etc. which was based on ActiveX and certified for MSIE only. Many companies tend to prefer Java based webapps or Microsoft solutions to keep their options open on switching to browsers other than MSIE or even OS'es other than Windows.

Re:Another Get Firefox day coming soon...

ActiveX is the bug which Microsoft hasnt fixed since IE 3.
I believe they are calling it a 'feature'. ;)

Demonizing ActiveX...

Frankly, I've never understood the demonizing of ActiveX technology...

a) It's a security risk waiting to happen - ActiveX controls have no limits placed on what they can do to your machine. Even Internet Explorer has finally heaved a sigh and is now blocking them by default.
b) It's more Microsoft lock-in. An ActiveX site is a Windows(tm)-only site.

Re:Another Get Firefox day coming soon...

The difference between ActiveX and Java is that ActiveX has an all-or-nothing security model. If a Java applet pops up a thing saying 'please give me these extra privileges' then (unless you have been conditioned to click yes to everything by ActiveX) you will either read exactly what extra permissions it is asking for, or click no. If you click 'no' and it stops working (and it's important) then you will reload and try yes. With ActiveX, it needs you to click 'yes' just to run it, while a Java applet can do anything 'reasonable' without user interaction (and an advanced user can redefine 'reasonable'). Once an ActiveX control has started, it has full access to the Win32 API.

The difference with FireFox extensions is that they can't be embedded in a web page; you need to download them and install them manually. You will never visit a site which requires a particular FireFox extension (running with the same privileges as the rest of your applications) in order to navigate.

Now COM is an idea I like. It's a logical extension of the VMS Common Language Environment from procedural to pseudo-OO languages. The problem is not the underlying technology, it is the deployment. If ActiveX controls were run through something like systrace, which would validate arguments to system calls and block any that didn't match a fairly restrictive security model, then it would be fine.

Re:Another Get Firefox day coming soon...

The reason is simply that AX is the only technology where a webpage can directly affect your system. Yes, that is convenient and the opportunities are incredible. But so is the danger.

The internet is, by its very nature, to be considered an insecure and hostile network. Pages you surf to are by definition to be seen as hostile until proven benign. And even then, it's happened more than once that a page considered safe was hacked and turned into a malicious site.

AX is a "direct link" between net applications and your system. Which is incredibly convenient, but also incredibly dangerous considering the described problems with the internet. If the internet was a trusted medium, this would be THE technology. Since it is not, it is THE threat.

Yes, PEBKAC is part of this danger. But then, think again how many of the "killer viruses" that spread within the last few years relied ONLY on the stupidity of people and how successful they were. ILoveYou, Kournicova (or however she's spelled) and their variants required user interaction to become active. Without a stupid user, these programs would have had zero chance of spreading.

A web application or technology has no business with my machine's system. It may run in a sandbox, which is great, it may read/write in certain, predetermined places (which are secured against the rest of the system), that's it. Giving an application from an insecure, potentially malicious, source the ability to run at system level is simply and plainly stupid. It's like playing russian roulette with 5 chambers loaded and, after hearing the 'click' once, thinking that nothing can happen and it's safe.

Re:Another Get Firefox day coming soon...

1. I dont let java code escalate its privileges. Its got a sandbox, stay in it. Actually, I dont even enable java in the browser.

2. I actually discovered one of the first activeX security holes, way back in 1999.

The problem with AX is that it is really Ole Controls, OCX, upgraded for the internet era. OCX was nice, a version of Visual Basic (VBX) controls that was language neutral. Their goal was to make it easy for anyone to embed their controls inside their apps, and so have fancy apps with less coding. Classic Java Beans were sun's ill-fated attempt to copy this. VBX and OCX were probably the enablers of the best market in re-usable client-side components. Want fancy reports in your app? Crystal Reports OCX. Want good database access? Use the db access controls that ship from MS. OCX was a really nice design.

The trouble with ActiveX was that they turned the web browser into a container, with the ability to download and run any activeX control. By default, all OCXs that are installed on a PC are enabled for use in IE, even though they were never written for the assumption that their caller was trusted. There's nothing wrong with an OCX to be embedded inside a C++ app letting you open files in the local filesystem. delete files there, overwrite things. But have some random javascript do that and your box is owned. Most emergency patches by MS and PC manufacturers is for built in controls. to mark them as unsafe for scripting, or to mark them as revoked.

Failing one: ActiveX is only secure if the controls are designed to be called by untrusted people. Even if the controls arent scripted, they can still take params which can be malicious and read/write illegitimate files. Example: windows media control lets you pass in a path in the local filesystem. Script doesnt have access to the contents, but you can work out if the file is present or not. It is leaking information.

Auto control download is the other problem. AX controls are pulled down, their signature verified. There is no sandbox, so the system is built entirely on the model that the people who write the controls are well meaning. The spyware industry showed the lie for that.

Failing two: there is no sandbox for control.

Now, for a few hundred dollars verisign will sell a cerificate in the name "Microsoft requires you to install this component.ltd" and that is what appears on the click-here-to-be-0wned dialog.

Failing three: the vendors of certificates are more interested in certificate sales fees than the safety of the box. If verisign took some financial hit for every bit of spyware they signed off, things would be different.

AX controls are usually written in C++, which is one of the C/C++ family of 'buffer overflow enabled' languages. I know I always get marked down for flame baiting when I say that, but the truth is while compentent people can write really secure code in C/C++ (eg. Apache HTTPD, openSSH), too many developers are in a hurry that ship something that just about works on the deadline required. Because AX controls are not in a sandbox, every single attribute and method has to be treated as something that a malicious piece of javascript can call.

Failing four: the lack of a sandbox forces AX developers to write secure code, and they don't appear up to the job.

If you find a security hole in an active x control, it can be rereleased, a new .cab file produced and the web pages marked so that IE will update to a later version. Sound good? No. You can push out any old version of an activeX control up by serving it out and using a version marker of -1,-1,-1,-1, meaning "always update". This makes it impossible for anyone to ever reliably stop an insecure AX control from being served up. The only way to do this is by adding the control to the "do not run" list in the registry, a registry that is fault of myself and richard smith.

failing 5: its nearly impossible to stop malicious sites pushing out buggy versions of other people's AX controls.

Re:Another Get Firefox day coming soon...

Frankly, I've never understood the demonizing of ActiveX technology.

ActiveX allows arbitrary code from an arbitrary web page to run on your machine with full administrative priviliges, and the only defence against it is the computer-savviness of the user.

Uh-oh.

Now, you can argue that technology shouldn't be castigated because of user-error, but that's like saying there's nothing wrong with a .305 Magnum that automatically points at your foot, or a cruise missile that automatically targets friendly units. Sure, it requires user-intervention to cause a disaster, and if something happens it's technically the user's fault, but it's clearly also the bloody stupid design of the system that contributed to the disaster.

And in case you've missed it, it's no longer considered professional as any kind of IT engineer to go "Oh, ID10T error" and wash your hands of the problem. Users will ever be clueless, but well-designed technology has a learning curve that allows for this.

ActiveX offers a simple Yes/No dialogue choice, and to fully comprehend the implications of each that answer could take the average user weeks of study.

Microsoft (as ever) badly dropped the ball on security, and rather than fix the problem they just slapped a dialog box in front of it and claimed any disasters caused were now officially the fault of the user.

Actually, I've never even understood why people seem to concentrate only on the embedded controls in MSIE when ActiveX is about COM integration on the whole Win32 platform...

Indeed. However, when you've got an interesting idea with some nice applications than also just happens to cause the apocalypse, don't be surprised if the people huddling in craters across the broken, sulphur-spewing landscape happen to, y'know, not fixate on the few things it did pretty well.

Anyway, assuming we only care about browsers: the reason why you might want ActiveX is the same why you might want plugins or extension: to make the browser do something MORE than render (D)HTML.

Erm, not really. The first thing any sensible user wants any technology like that to do is to not open his machine to infection from every scumbag on the net... and make the browser do something more than render (D)HTML. See, the thing is, that first part is so freaking obvious that most people forget it's even a consideration.

An analogy:

People want tasty cakes, but they also don't want to be poisoned.

Microsoft produces a range of tasty cakes, some of which (at random) are chock-full of arsenic.

When people complain, they "solve" the problem by printing in big letters on the front: "WARNING: cake may conceivably not be perfectly free of element number 33".

Sensible people who can afford to thus avoid the cakes altogether, but people who can't read and people who don't know element number 33 is arsenic all risk ending up dead with every bite. As do people who work in Microsoft-only offices, who save with Microsoft-cake-mandating banks and a whole range of other people.

So whenever bakers gather to talk about Microsoft Cakes, unaccountably they ignore its fluffy texture and pleasing aroma, and bizarrely fixate on the fact that it regularly kills anyone uneducated enough to ingest it.

See the point now?

Unless you also hate Java applets, plugins, FF extensions and Opera widgets, how can you hate ActiveX?

Because Java applets run in a sandbox, plugins weren't generally produced by anyone but large, trustworthy companies, and have massively dropped out of favour (because of lack of security) even so, and FF extensions and Opera widgets are both (i) somewhat insulated from the operating system, and (ii) selected, once, by the user due to their utility, and not pushed at the user by any weirdo third-party

Re:Demonizing ActiveX...

a) It's a security risk waiting to happen - ActiveX controls have no limits placed on what they can do to your machine

Here are the minutes from the meeting where this was decided:
Some Dev: Let's use DURRRRRRRR our OS-level component model for DURRRRRRRRRRR web plugins *grand mal seizure*
Billy G: That will help fucking kill Netscape
Ballmer: *throws chair in a way indicating approval*

Re:Another Get Firefox day coming soon...

INTERESTING not FUNNY.

Pity that on a spare 400mhz ubuntu machine i got at work, firefox runs, in latest version, with 128 mb under gnome (and of course lighter stuff like xfce4) and doesn't even swap. So if it's not funny it's wrong.

Re:Another Get Firefox day coming soon...

No, he's right. KHTML runs just fine on the Nintendo DS, on a 70 mHz ARM in 4 meg of ram. That you need a 400mHz box w/ 128m RAM is just absurd.

Re:Another Get Firefox day coming soon...

I love anecdotal evidence.

Here at home, FF has been running about 10 minutes, currently has 6 tabs open, and is using 56meg of RAM.

At work, it's been running for a couple of days, and is using 161meg.

I generally have to kill FF every few days due to the amount of RAM it uses. Now, I tend to go through tabs like nobody's business and have a couple of extensions installed (although not *that* many), so perhaps I'm not the typical user. However, just because *you* get it to run in next to no RAM on a POS machine doesn't mean the rest of us can.

Re:Another Get Firefox day coming soon...

Is that the total mapped, or the resident set size? How much of that figure is 'private dirty'? Or are you using the Windows task manager which AFAIK is pretty useless for determining memory usage?

Re:Another Get Firefox day coming soon...

I love anecdotal evidence

Right...I'm sitting here at my ofice gig running Firefox with 473,298 open tabs, it has consumed not only all the available memory in the company, but also approximately 17TB of swap space on our servers' RAID storage array. So far, it's coping, but tab 421,823 (a CCTV feed from the, ahem, bathrooms) is a bit jumpy at present, and the IT guys are trying to bash my office door in wih a fire extinguisher.

Re:Another Get Firefox day coming soon...

So? I could quite happily surf the web in 1996 with 40 megs of RAM and a 100 MHz pentium. And believe it or not, the web hasn't changed too much since then.

Really, because pages like this one [archive.org], this one [archive.org], and this one [archive.org] seem to have relatively few images compared to their modern-day equivalents and the rest of web these days, and the ones they have seem to be much lower res. (note: I'm not claiming this is a representative sample, those are simply the first 3 companies I could think of that would have had websites in 1996.) Google's [archive.org] about the only major site I know of that still looks as simple as it used to. Not sure how big an impact on memory usage all those images should be, but I'd bet it's not insignificant.

Re:Another Get Firefox day coming soon...

about:config
browser.sessionhistory.max_total_viewers set to 0

Problem solved.

Re:Another Get Firefox day coming soon...

Doesn't work for me.

This, however, does: config.trim_on_minimize = true.

Re:Another Get Firefox day coming soon...

Just add it as a new config parameter if it doesn't exist. There's several that don't exist by default but will be read if you create them.

You're wrong. Stop spreading bad advice!

Firefox uses the same amount of memory whether trim_on_minimize is true or not. However, if you set that to true you will dramatically increase the number page ins/outs to disk and severely reduce system performance. That's why it's disabled by default. If you're low on memory you're much better off if you restart Firefox regularly. trim_on_minimize simply makes a bad situation much worse, especially when you're low on RAM.

You don't understand the memory statistic (Working Set) [wikipedia.org] that Windows Task Manager is showing you. It doesn't mean what you think it does, but you can blame Microsoft for defaulting to misleading memory statistic (and mislabeling it as 'Memory Usage')

Use Process Explorer [sysinternals.com] to get an accurate representation of the memory usage on your computer.

Re:Another Get Firefox day coming soon...

"Problem solved."

The problem will be solved when either it's by default or they provide a clickie in the preferences panel to change it. In the mean time, it's simply a fix for those who know it's a configuration issue instead of a run-of-the-mill memory leak.

Re:Another Get Firefox day coming soon...

Why on earth should they switch it off as a default? The ability to go back and forth in your history without rerendering the entire page again is a great feature.

I've never understood why people with 1-2GB of RAM freak out when applications actually use some of that available memory. What good is a ton of memory if it's not being used? Firefox is a memory pig, yes, but it's giving it back to Windows should other programs actually need it.

The same can be said about the aggresive memory trimming. Why are people willing to put up with a frozen UI whenever Firefox trims its memory is beyond me.

I have plenty of free memory and don't really care either way, so I value usability higher than low memory use. People should probably get their learn on about Windows memory usage [shsc.info] before posting any more wrong statements about Firefox.

That's not to say that Firefox (and some of the more well-known) extensions don't leak memory like a proverbial sieve. I'm just saying that the above instances aren't memory leaks and anyone claiming that they are should be modded down.

Re:Another Get Firefox day coming soon...

Why do you need to have that much available memory? If no other program needs it, why can't Firefox go to town while providing you with nice features like instant page rendering?

Read the explanation I linked to on Windows memory usage. If the only leak symptom you're seeing on your machine is a scary number in the Task Manager, things probably aren't as bad as you think.

Re:Windows...still... booting...

"Hate to tell you this but you know that tiny little operating system called Windows that takes up a GIG? Guess what preloads, is built in and cannot be separated from it? If you guessed IE then you win a footprint the size of New Hampshire."

Interesting. My computer has 4 gigs of RAM and uses only 200 megs or so at boot. Never had it use a gig, or close to it, even when IE was my primary browser. The pre-loaded DLLs don't store IE's cache.

I'm confused?

Wait, so is New Hampshire bigger than Galactus?

wtf?

Windows could have 'another' application that could call the IE DLLs, sure, but they are NO MORE PRELOADED than FIREFOX. As they would BE IN A DIFFERENT process that IE DOES NOT HAVE ACCESS TO.

IE has to re-load all of its DLL even if another application has already loaded the Windows HTML rendering engine. So the memory reported in TaskMgr for IE is WHAT IE IS USING. Get it?

Um... what did the above just mean? If I remember my CS courses correctly, the reason DLL's exist is to REUSE the CODE by putting it ONCE in MEMORY and then allowing ACCESS from (gasp) DIFFERENT applications. Perhaps you are talking about DATA. There, you will have separate pages copied. That does no mean that CODE does not take space. If I am correct in assuming the HTML rendering engine code IS provided as a DLL, and the IE is just a wrapper around it, the rendering CODE could easily take 5-10MB of RAM, because rendering engines ARE COMPLEX.

Moreover, in Windows, fonts are bundled into the DLLs, making them shared as well. This means that IE can re-use fonts loaded into the HTML rendering engine, while Firefox probably cannot (It would make no point to write a browser that depends on another rendering engine, IMHO).

That's what I think the parent meant.

If you need substantiation for these claims, here you go (wikipedia):


The shared library term is slightly ambiguous, because it covers at least two different concepts. First, it is the sharing of code located on disk by unrelated programs. The second concept is the sharing of code in memory, when programs execute the same physical page of RAM, mapped into different address spaces. It would seem that the latter would be preferable, and indeed it has a number of advantages. For instance on the OpenStep system, applications were often only a few hundred kilobytes in size and loaded almost instantly; the vast majority of their code was located in libraries that had already been loaded for other purposes by the operating system.

In Windows, the concept was taken one step further, with even system resources such as fonts being bundled in the DLL file format. The same is true under OpenStep, where the universal "bundle" format is used for almost all system resources.

And, BTW, you're wrong about denied access. There is a function in the Windows API that allows any process run a thread in another process. Yep, any app can do that. From the Phrack magazine, issue 62:


    The CreateRemoteThread function creates a thread that
    runs in the address space of another process.

    HANDLE CreateRemoteThread(
        HANDLE hProcess,
        LPSECURITY_ATTRIBUTES lpThreadAttributes,
        DWORD dwStackSize,
        LPTHREAD_START_ROUTINE lpStartAddress,
        LPVOID lpParameter,
        DWORD dwCreationFlags,
        LPDWORD lpThreadId
    );

Two more functions:

    VirtualAllocEx()
    WriteProcessMemory()

  give us the power to inject our own arbitrary code to the
  address space of another process - and once it is there, we can
  create a thread remotely to execute it.
.. but that's a whole different can of worms.

Re:wtf?

Ok, you are off in left field here.

#1) DLLs can be shared, but the IE HTML COM objects are NOT shared, IE launches them in its own process. This shift was a security change in WinME and Win2k, that was even further extended in WinXP. IE 'could' in theory piggy back some of the HTML DLLs if another application like the shell had them loaded, but it 'specifically' DOES NOT for security reasons. (Go look this up, please. Do a google or a search on microsoft.com about COM isolation, also do a search on DLL isloation, and do a search on IE's Engine isloation from the OS.)

#2) Your assertions about DLL sharing and submitting that FireFox cannot use the Font sharing abilities of Windows are crazy. If ANY application is running under Windows and is writing to the screen in some matter, they are 'inherently' using the Win32 GDI+ API and 'shared' DLLs that all applications have access to, although there is distinction between shared core libraries and ones that are not.

#3) Your example of pushing code into another process is not needed, this is something that is well known by most people, and is not isolated to just Windows. It is something that Vista deals with in a way that shattering cannot allow process elevation. (Go look this stuff up.) Also this has NOTHING to do with whether Firefox or IE have a smaller memory footprint.

FireFox 'being a Win32' Application has JUST as much advantage to using the shared core OS DLLS as any windows application from Notepad to iTunes to Photoshop. I realize that some of the UI elements and programming in FireFox forgoes using some of the Windows APIs, but that is the FireFox teams decision and why cross platform applications often end up appearing slow and bloated and often uncompatibile with new OS releases because they do not adhere to the common UI structures or APIs provided.

This is true of FireFox running on KDE, OSX, or Win32. FireFox does employ 'some' optimizations on 'each' platform using the core OS, so FireFox is not Win32 free in any respect. For example it draws to the display context, it is using the standard Windows GDI APIs and DLLs as well.

The silliness in the responses I have seen are people are trying to define Firefox as sometihng it is and something it isn't, just as they are IE. Applications that run on ANY OS take advantage of the 'platform' available to it, the core or underlying APIs or Libraries that makeup the UI portion of the OS. (Yes we are sticking with GUI concepts here)

So Firefox can use any Windows TrueType Font, because it uses the WIndows Font API and therefore the Windows Font Rendering technologies. That is why you get cleartype in Firefox when running it on Windows, because it is LETTING Windows draw the fonts to its display bitmap, which is also something it is using Windows to maintain.

See, this is why I find your comment on the 'Fonts' as an example of something Firefox 'might not' have access to to be insane. Prove yourself wrong, next time you are at a Windows Machine, option the Option and change the Default rendering Font in FireFox to ANY Windows supported Font, and bingo, it will use that font, because it is LETTING Windows do the Font Rendering. Also notice that if cleartype is enabled, it is used and the Windows Font Hinting technology is also used.

FireFox is NOT at a loss of advantages when it comes to comparing itself to IE. If FireFox does eat more Memory (and sometimes it truly doesn't) then this is a problem with FireFox, not BECAUSE IE gets ANY special treatment in Windows.

Ok?

Re:wtf?

any app? Not really - only apps that have "The handle must have the PROCESS_CREATE_THREAD, PROCESS_QUERY_INFORMATION, PROCESS_VM_OPERATION, PROCESS_VM_WRITE, and PROCESS_VM_READ access rights"

So you have to let it have that access. I don't think these flags are set by default, so you have to explicitly ask for them, and to change the ccess flags for the creating app, the user you run as needs to have the SeDebugPriviliege privilege. (ie admin)

As for dlls being loaded, it depends what he meant - all apps will share the memory that is used by a dll as they only map it into their address space on load (unless you have delay-loading speciifed when you built the app, whereupon it gets mapped in when it is first used). So generally for all apps, all dlls are loaded on startup. If the dll is already used by another app, then you'll get that one instead of the one on disk. Its not that much of a speed boost however, and I find that all apps that 'preload' are run so they can perform some work (eg lengthy initialisation) instead of simply loading dlls into their address space.

For memory use, there is a difference between what task manager shows you (the apps memory usage) against the memory used solely by an app for that app (Private Bytes).

Re:Windows...still... booting...

You know, this is the best troll I've heard in a while. And it's scored "+5 informative". Wow.

1) DLLs are shared across processes. If one process loads a DLL, it resides in physical memory, at a specific virtual address. If another process loads the same DLL, it reuses the same copy in physical memory, but in a different virtual address space. It may even be loaded at a different virtual address in the second process. The pages are read-only so any attempt by either process to modify them will result in an access violation.

2) Windows explorer is a process which exists as an application called explorer.exe. It is started when you log on to Windows, and explorer.exe links to mshtml.dll and shdocvw.dll. These are the IE core DLLs (the Microsoft HTML parser and the Shell Document View, respectively). It also happens to link to gdiplus.dll, gdi.dll, user.exe, ntdll.dll and a bunch of others.

3) Internet explorer is a very small application (a few hundred KB compiled) which links into shdocvw.dll and mshtml.dll. It also happens to link to a bunch of other DLLs like ntdll.dll.

4) Firefox is another application. It links to such Windows DLLs as ntdll.dll and user.exe. It also happens to link to gecko.dll, which no other Windows application will load. Therefore when Firefox starts up, it is going to be the first to load gecko.dll.

5) Going back to point 1; every time any application loads a specific DLL, the loader will check to see if it is already present in physical memory, and will create a new virtual mapping for it. The physical memory used is shared across each process. When Windows starts, it loads the IE core DLLs. Most of IE is in memory by the time you can view the desktop. Firefox however, has a much smaller percentage of the application in memory before you click on it.

Hence: Most of IE is loaded before you click on the IE icon. Most of Firefox is not loaded until you click on the IE icon.

Force-Feeding

From TFA:

Automatic Updates will first notify people when IE 7 is ready to install and then show a welcome screen that presents key features and the choices to install, not install or postpone installation.

It appears, therefore, that they haven't yet resorted to force-feeding; and until security chief Stephen Toulouse eats his dogfood [theinquirer.net], moreover, force-feeding would be unconscionable.

My favourite quote:

My favorite quote FTA: "It will be available from Microsoft's Download Center Web site, Schare said. "We're really trying to get the world ready for a major new browser release."

Sorry, I already got my "major new browser release" about the time Microsoft were claiming "nobody needs tabbed browsing." IE7 is too little, too late, even for the poor unfortunates I know who are still stuck running Windows.

Re:My favourite quote:

I seriously doubt it will end up on 90% of the worlds' computers.

First off, Microsoft is releasing a tool that will allow businesses to block the upgrade, and you can be sure that after the problems with other forced rollouts, business is taking a wait-and-see approach.

Second, its to little, too late. Firefox already has more than 10% market share, and as people continue to use it, they get used to not using IE. Case in point - I asked a friend of mine to check out one of my sites using IE. After talking with him on the phone, and checking 3 or 4 times "You're sure you're using Internet Explorer, right?" - it turned out that he was so used to using Firefox that it had completely replaced IE in his mind for "connecting to the internet"

Third, WGA is going to be mandatory for downloading the final version of IE7. What's the piracy rate for Windows XP again?

I like your favourite quote and I hope M$ dies...

Excuse my French but I hope Microsoft fucking die for this one... This is just fucks up my xmas holidays completely.

I manage around twenty websites for businesses around my state for some spare pocket money each month and all of them are xhtml1.1/css2 compliant (w3c) with a large hacks section for each to get them to work in ie6 (and in the case of one ie5 through 6) and instead of a nice easy integration with Vista coming with ie7 out of the box and a steady stream to xp users I'm being told it will all come in one hit in less than six months? Fuck that. Maybe M$ (and the general web community) has forgotten why we, the web developers, pushed so hard for Firefox in the first place - it wasn't fancy tabs, it wasn't speed, it wasn't popup block...it was the fact that they gave a damn about web standards - and they expect us to learn all of the quirks for ie7 and hack up our sites for them while it's still in beta but that's just not going to happen for many of us.

Though that isn't what really scares me, what scares me is none of the company's I have done websites for and also maintain for will understand the implication of the sites needing recoded until customers start complaining. I can put that number, personally, to about thirty five businesses phoning up and complaining that their sites don't work which will a) not be their fault and b) be my fault for selling them a broken site which leads to two problems 1) they wont want to pay for the update and 2) I lose my god damn holiday or I lose my reputation if I tell them to stuff off. Worse still is that many of these are reasonably large sites so fixing and testing them all in that time frame is just going to hurt.

So I'm pissed. Vista, DRM, selling out free speech in china, what ever ... Enforcing IE7 on the whole Windows population at once - outright mean. Die Microsoft Deployment and Marketing division, die like my karma is about too.

Most CSS bugs are fixed in IE7

Well the good news is, they fixed most CSS2.1 bugs in IE7. They killed almost every bug mentioned at positioniseverything.net [positioniseverything.net]. They also added support for CSS2 selectors.

The bad news is they didn't add ":after" support..
If you used this to clear floats without structural markup [positioniseverything.net], you need to find another way.

And worth mentioning:

• the new bugfixes are not applied in quirks-mode. Shouldn't be a problem, quirks mode is ment for backwards compatibility anyways.
• most of my pages rendered exactly like Firefox and Safari already did. In fact, if I left a "bug" there because it was only visible in Safari, it will likely be visible in IE7 too due their better support for standards.
• If you coded your pages for standards, and only used "* html" for IE5/6, most pages still look fine in IE7
• they removed the "* html" bug because it broke web sites since they also support of the child-selector (html>body) in IE7.
  Note that pages render fine now without this hack!
• they appear to have left a new hack, *>html, but they recommend conditional-comments [microsoft.com] instead

Re:I like your favourite quote and I hope M$ dies.

Again we see a kid working for spare cash, and businesses relying on him for their (no doubt) 'mission critical' web infrastructure instead of going to a proper business that supports the work they do. Such a business would cost more, but now is the time that you find out why that is.

If it takes 60 hours, then it takes 60 hours. This is what happens when you take on responsibility for something. If you agree to do it and got paid to do it, then you can't complain. Nobody forced you after all. Your inexperience with business shows that you didn't require them to pay for 'support' either on an as-needed basis, or with a regular payment to.

You get what you pay for. If the poster doesn't know how to manage his clients expectations properly, then he deserves to find out the hard way that working for someone requires more effort than just knocking up some website practically for fun.

Suggestion: contact clients, tell them IE7 is coming out and will be automatically updated. Suggest that some changes will be required to their websites to support the new browser and that these changes will be charged at £xx a hour, with estimated times for the sites. All the clients will be thankful you informed them before the changes occurred, all will pay for the changes. All will assume that upgrades are necessary because that's the way of the computer industry - we all upgrade to the latest version all the time, its ingrained as normal.

You then start work on upgrading the sites to support IE7 today, keep the changes stored away so that, in a few months time when the browser does come out, upgrading your client's sites is a simple matter of uploading the changes the day before. No stress, no weeny complaints about how 'fucking microsoft' ruined your life, no problems. This is how professionals do it. Learn.

Developers

Maybe it is possible that developers could start developing now for IE7 using the beta's so that when it does get pushed out to everyone there is a minimal amount of bugs in the programming on websites. Just some food for thought.

-Ed

Re:Developers

That, or just stick some javascript in there telling IE7 users that they aren't using a supported browser :)

Re:Developers

Oh dear, somebody who doesn't understand how the internets work. Here, this is a good start. http://www.w3.org/ [w3.org]

Re:Developers

More like someone who is realistic and knows that all browsers have their quirks I would say personally.

Re:Developers

More like someone who is realistic and knows that all browsers have their quirks I would say personally.

Not all quirks are created equal. IE is so far behind the modern browsers in implementing standards like CSS that they're no longer even in the ballpark. With the newer browsers rev'ing so much faster than IE, I don't think they'll even be in the same league for long.

The argument here isn't idealistic or puritanical or religious - it's practical. CSS allows web developers to effectively separate content and presentation, which in turn allows for more efficient development. It's not about laziness either. We web developers have finite time. We either spend that time working on new features/content/layouts/whatever, or chasing down 4 year old bugs in IE.

Take as an example a group of mechanical engineers plotting designs for a car. Group A favors one brand of mechanical pencils. Group B favors another. An astute engineer might attempt to settle the matter as you do: "all mechanical pencils have their quirks." Unfortunately, group C is using crayons that are worn nearly to the nub. IE is a crayon that is worn quite to the nub.

To write off the pitiful state of IE's HTML, CSS and javascript support as "quirks" is to let MS off the hook. They leveraged their monopoly and "won" the browser wars. Having done so, it appears that they intend to use their dominant browser in order to defend their Big Two products by retarding the progress of web technologies indefinitely.

As a side note, why does "realist" now refer to people who give up on ethics (and other such long term concerns) for short-run gains?

Halo 2

Could they push a copy of Halo 2 and Crimson skies via Windows Update while they're at it?

Re:Nine Inch Nails?

Pfff, Halo 8 is far better.

http://en.wikipedia.org/wiki/The_Downward_Spiral [wikipedia.org]

(long time NIN fan)

Bugs?

I've fiddled around with beta 3 for a bit, it's just as stable as IE6 is (even moreso, if you can believe that). I think this summary was written by someone scared of "beta" software.

As for breaking webpages, big deal. IE6 has been breaking webpages for years. Now at least the web designers who built pages for the IE6 "standard" instead of the STANDARD standards will taste a bit of our pain.

Only IE7 bug I noticed is that IE7 REFUSES to remove borders on iframes (or maybe it's the body tag inside the iframe). Using CSS or deprecated HTML attributes have no effect. IE6 does not have this problem.

Really a problem?

This would be a problem if users could not select which updates to install and which to ignore. DuranDuran, for instance, has been without the Microsoft Malicious Software tool since it was first released.

He has also been referring to himself in the third person since earlier this morning.

Re:Really a problem?

IE 7 prompts the user and asks whether they want to install, whenever a new update is available. In other words, it's exactly like Firefox. With as many new browser exploits that are revealed constantly, frankly, this is a good thing.

Re:Really a problem?

Just so you know, the Malicious Software Removal Tool doesn't actually install anything on your machine. All it does is look around for some common types of malware, remove them if they're present, and then exit and leave no trace of itself.

More information here:

http://support.microsoft.com/?kbid=890830 [microsoft.com]

Sorry "Tears for Fear"...

Push,
Push,
Push it all out...
These are things that they've been waiting for
Come on ...
It's updating your PCs
Come on ...

[choirs]

In monopolistic times
You shouldn't have to ruin your PC
In blue and white
They really really ought to know
Those one track minds
That took you for a working end-user
Kiss them goodbye
You shouldn't have to jump for joy
You shouldn't have to

[choirs 2X]

They gave you Windows
And in return
you gave them them hell
As cold as ice
I hope we live to
tell the tale
I hope we live to

[choirs 2X]
[rift]
[choirs 2X]

And when you've taken down your guard
If they could change your mind
Hackers really love to BSOD your PC
Hackers really love to

[choirs 2X]

[rift]

[choirs 2X]

They will push it.

Yeah... I actually thought they might do something like this... and in true M$ style they will mark it as a "critical update" because of all of the flaws in IE.

Okay... on a more serious note, I actually (don't flame me) like Windows XP. It is incredibly stable on my PC. But it is Microsoft style to push their products onto users my force. So my bets are on MS putting this out as a critical security updates.

I'll give 2 to 1 odds. Who's placing a bet??

Good...

"Also to have end users suddenly using a new browser right before the holiday shopping season could magnify the cost any bugs that might create a bad user experience on sites"

I for one welcome this. IE6 sucks. Badly.

IE7 has a few problems, but the faster IE6 dies, the better.

This and as a web developer, I hope the bugs associated with pushing this app out will create a bad user experience and force developers that rely on hacks and nonstandard practices to get screwed over. I've had several sites I use not work with IE7 and the simplest has been because their simple javascript that detects IE versions tells me I need to use IE5.5 or greater. I've had others not work with the activeX controls because of new security models (or so I imagine).

The sooner developers move towards standards the better. IE7 is a good push towards this goal, and having it pushed out buggy and forcing developers to address the idiotic IE Only Features is just another milestone on this route.

Re:Good...

I've had several sites I use not work with IE7 and the simplest has been because their simple javascript that detects IE versions tells me I need to use IE5.5 or greater.

Or a similar story - the "Online Business Center" portion of the Canada Post web site won't let me into the online store area for ordering supplies because I need Internet Explorer, or Netscape >6.0. I'm using Firefox 1.5.x. Obviously they're just checking for specific browsers, and not seeing if you have the features they need (128-bit encryption, cookies and Javascript enabled).

Re:Backfire

That's not something that "major website admins" do. That's something that 12 year olds, and crazy W3C/OSS zealots do.

Oh, it's the "major website admins" who block non-IE browsers, then? I could have sworn that was opnly something 12-year-olds, and deluded MS fanbois do.

Obligatory....

This has serious implications for e-commerce websites whose functionality might be affected by any bugs in the software.

<SARCASM>
Seriously? Microsoft software can be buggy?
</SARCASM>

How wonderful for the dialup users

Who will download a browser in the background that is larger than sp2 for xp.
(no, it probably won't be _that _ big)
(ie 6 _was_ 75 or so.. yay for bloat)

Do it the simple way

Get your quick 'n easy version of IE7 straight from the main website: www.ie7.com [ie7.com]

What's the problem?

Maybe I'm missing something, but I'm not sure I understand the doom and gloom of the post? It is an update afterall. And a lot of what I've read online has been positive towards 7 over 6. On top of that, the article pushes that you don't have to install it if you don't want to.

As for the ecommerce sites being broken, it's not like they haven't had time to check to make sure their sites work in the new version. When the first beta came out, even I checked to see if there were any problems with my sites. I didn't fix them straight away, but I made sure to note down where the issues were for later repair.

How Ironic

Firefox has just completed downloading an important update and must be restarted so that the update can be installed. Update: Firefox 1.5.0.5

Ironic that I received that message as I was reading this story, and about to post that automatic update will only download IE7, but will give the users a choice of whether or not to install it. Kind of like the message I just received for Firefox.

Bandwidth is really the only issue with this release method, but not so much for a single user. Businesses who would be affected by the download can install the IE7 Update Blocker Toolkit to prevent even the download.

This really isn't that big of a deal.

Makes sense

It makes sense. IE6 is obviously a critical security vulnerability, and apparently it can't be fixed without IE7 (I doubt IE7 will actually "fix" the problem, but it'd be pretty hard to make the situation any worse at this point).

The sooner *any* versions of MSIE go away (even if they're only replaced with new versions), the better, IMHO.

The choice of default browser is unaffected

First of all, since you admin a site of 100 seats, you can install the IE7 blocker to block Windows Update from downloading IE7.

Secondly, even if you don't install the blocker, and the user does elect to install IE7 (after downloading IE7, Windows Update presents the options "Install", "Don't Install", "Ask me later" (if you select "Don't Install", you're never asked again, even for future security updates)), IE7 will not be installed as the default browser, unless an older IE was already the default browser.

From the IE blog [msdn.com]: "If you decide to install IE7, it will preserve your current toolbars, home page, search settings, and favorites and installing will not change your choice of default browser. You will also be able to roll back to IE6 at any point by using Add/Remove Programs in the Control Panel."

What is the issue?

What is the issue?
If sites are not using W3C standards for development then they should know that they can't expect compatibility with browser updates.
Blame the web developers.
An update to Internet Explorer is critical for security reasons and shouldn't be delayed because some developers are idiots.
The same issue occured with XP SP2. Idiot developers using non-standard APIs had issues in their software.

instructions

to get the new update, simply remove this:
msi http://microsoft.com/xp [microsoft.com] ie6 main

and replace it with this:
msi http://microsoft.com/xp [microsoft.com] ie7 main

in your c:/etc/apt/sources.list file. then do:
apt-get update
apt-get upgrade

No Worries

I finally found out something I like about WGA! It'll protect everyone with pirated Windows from getting IE7 shoved down their throat!!

I see this as a good thing, honestly.

I really don't see the problem in this. IE7 is better than IE6 in many ways, including security and features. You'd think people would want IE6 to just dissapear.

I suppose it's that bias against Microsoft in general that makes this a bad thing.

Calm down - Blocking and uninstall possible

Hello All,

    Calm down. It is easy to succumb to media hype and not look deeper. But if you do, you'll find that administrators have options available to them and so do users.

1) IE7 Blocker Toolkit - non-expiring toolkit will assist admistrators through Group Policy or script to set registry to prevent automatic update to IE7:
http://www.microsoft.com/downloads/details.aspx?Fa milyId=4516A6F7-5D44-482B-9DBD-869B4A90159C&displa ylang=en [microsoft.com]

2) Admins who have Windows Server Update Services (WSUS) deployed already has control over what is pushed to the corporate desktop

3) Users individually have the ability to decline the install

I have also heard that users can uninstall IE7 from add/remove programs, this will revert the user back to IE6.

Thank you

First, I'd like to thank Microsoft for forcing this update. I'm not being sarcastic in the least. They acknowledge that IE6 is full of security holes and the best thing for the end-user is IE7. IE7 beta runs better than IE6 (at least for me).

The three biggest generalized statements I've read so far involve functionality, it's an abuse of a monopoly, and get firefox.

[Functionality]
IE7 runs better than IE6. The only sites that would be affected would be those sites that resort to explicitly stating that they only run in IE6 and those sites can fix that problem very, very easily. This leads directly into firefox.

["Get Firefox"]
How many sites have you used that don't work in firefox? Let's call those number of sites, X. It's a pretty logical assumption that internet explorer's replacement would have a higher probability of working with IE6 sites than firefox. It would be logical to say that ie's X value is less than firefox's X.

[Abuse of a monopoly]
Come on! Why is it that when Microsoft tries to fix a problem with an upgrade that they the monopoly arguement comes along? Someone else brought up the example of how tightly integrated Safari is in OSX. But if Microsoft wants to reduce the number of unsecured machines; it's a monopolistic move. Sometimes it seems that if MS ever released a free "Office lite" to compete with a product like iLife that we would have people screaming bloody murder. Wordpad is not acceptable. And for those saying that they went through a lot of trouble of uninstalling IE6 and being forced to upgrade to IE7. IE6 was uninstalled, how would it upgrade an uninstalled component? And then install itself, activate itself, and make it the default? All without any input.

The only thing I see wrong with this is the burden it would put on dial-up users. But this is microsoft so I would expect them to at least offer to purchase a cd containing the update. Or having the CD option with SP3 and making it mandatory then.

Genuine Advantage Rears It's Head Again

If you go through that article, you'll see that Microsoft is already putting out a tool to prevent the automatic update to IE7. I thought it would be a good idea to install this seeing as I have no desire to have Microsoft pump IE7 onto my computer when it is for the most part untested and most likely full of security holes that have yet to be found. So I was thinking Microsoft was actually being very nice to consumers to let us have the option of turning the download off ahead of time. Buuuuuuuuuuut.....

As it turns out Microsoft isn't that benevolent. You run smack dab into a check to see whether or not you've installed Windows Genuine Advantage. I haven't. My copy of XP is perfectly legal and has never touched another computer. But I still am not comfortable with my computer calling Microsoft every day telling them what a happy customer I am, so I have no intention on installing it in the near future. Call me paranoid, but any software from Microsoft that will be doing any sort of hidden connection and any sort of transmission of data that I'm not allowed to monitor or check on crosses a boundary for me. Today it's that my copy of Windows is legal. Tomorrow it's what my favorite websites are. The day after that it's what DVDs I stick in my hard drive. But we've all heard this rant, so I'll just move on.

I hope somebody brings this up within the tech community or in the blogosphere. It doesn't seem kosher to have to install spyware in order to get my legal copy of Windows to behave like I'd like it to. Oh well, time to go buy a MacBook Pro.

Link:http://www.microsoft.com/downloads/details.as px?FamilyId=4516A6F7-5D44-482B-9DBD-869B4A90159C&d isplaylang=en

We can call it good and we can call it bad...

IE 7 could be called both good and bad to be a 'required' update.

Good
    Security is much higher than IE6

    IE7 supports CSS and XHTML 100 times better than IE6 so sites can start using them

    Too many people still use IE6, and IE7 is better than sticking with IE6

Bad
    Sites that use some of the 'old' IE6 hacks to make stuff work, will break
    --- Actually, that might be a good thing

    Companies that have used 'old' IE standards instead of moving forward with
    compliance like XHTMl and CSS will face problems if their work arounds
    Assume that IE7 is just like IE6. So some web sites need to be testing for
    IE7 Now.

I think the good does out weigh the bad, as it will push users that are still using IE6 to get a more standards compliant browser. And it might even educate some of them, so they understand their browser has changed and explore other browsers as well. It will probably help Firefox downloads even.

The other thing this article seems to miss is that IE7 'will be forced' on users in Vista as well, so this will be good for Web Sites to get ready for the Vista Launch, because Vista simply does not do IE6. (And IE7 in Vista is like the stupid cousin, as it runs in protected mode on Vista, several levels below the user's own security even.)

MS has made a lot of big press about IE7, has supplied what it does and doesn't do to developers and beta testers for a long time now, and any reasonable web site administrator or developer should already be ensuring that their sites doesn't assume IE7 is as stupida s IE6 and make things fail.

It would be different if the IE7 list of supported standards, and testing of the Browser itself was not widescale. It has been available almost a full year before its release date, and if that is not enough time for web sites to rip out the crap IE6 kludge code, then maybe this will be a wake up call for them to do so.

MS fek'd up bad with IE6 and I still don't like that IE7 still maintains some backward compatibility for the IE tags, (hence why it won't pass the ACID2 test), but IE7 is the first push from Microsoft to support standards that are not only MS standards, and if anything we should welcome Microsoft and keep encouraging to do the right thing. (It might actually work.)

So in the end, we can start using more advanced CSS and XHTML concepts in the next year without having separate coding to make it display properly in IE6. We can also just send the users to Firefox or the IE7 download site and finally write sites like we should have been doing for a while now but couldn't because of the widespread use of IE6.

Re:We can call it good and we can call it bad...

You are very misinformed.

'Pretend XHTML'? You are kidding right? MS is one of the companies that wrote XHTML and sure IE6 support sucked, but IE7? Um.... I don't think so.

I quote from the Internet Explorer developers' weblog [msdn.com]:

if we tried to support real XHTML in IE 7 we would have ended up using our existing HTML parser (which is focused on compatibility) and hacking in XML constructs. It is highly unlikely we could support XHTML well in this way; in particular, we would certainly not detect a few error cases here or there, and we would silently support invalid cases.

I would much rather take the time to implement XHTML properly after IE 7, and have it be truly interoperable - but I did want to unblock deployment of XHTML as best we could, which is why we made sure to address the XML prolog/DOCTYPE issue.

No version of Internet Explorer supports XHTML. If you label XHTML as text/html, Internet Explorer will render it because it thinks it's HTML. There's a problem that XML prologs cause because of this, so they implemented a special-case workaround.

All of this is very well known to web developers, I suggest you actually ask your developers about this if you don't believe me.

Watch the Video on Expression Web Designer. It is the new FrontPage so to speak, and is designed to work with IE7 in the long run, and it pushes VERY HARD - XHTML and CSS standards, to the point it will break IE6 if you tell it to comply 100% with standards. They also wouldn't be making such a 'standards' based site development tool if it was going to break IE7.

XHTML is being treated as a buzzword these days. The document included in that video included a <meta> element that claimed the media type was text/html. This is not XHTML being parsed as XHTML. It's XHTML pretending to be HTML and being parsed as HTML - which is the only way in which any version of Internet Explorer can understand XHTML as it doesn't support XHTML.

In every way in which XHTML differs from HTML, Internet Explorer follows the HTML rules. If you disagree, please give examples. If you don't disagree, please explain how that means that Internet Explorer supports XHTML rather than "pretend XHTML".

Are you seriously making assumptions about what Internet Explorer supports by trying to spot implications from marketing material for a tangentially related product by the same company?

That isn't why it won't pass the Acid2 test. It won't pass the Acid2 test because that is far too much work for a single major revision. It would require implementing a lot of the CSS that is currently unsupported

This has 'little' to do with WHAT CSS is implemented, but more over what 'foreign and non-standard' CSS and IE specific goofs are allowed. IE7 does a good job of support CSS features, the DRAWBACK is that is STILL supports NON-STANDARD CSS and MS IE standards that when put to the ACID2 test fail.

I'm sorry, but this simply isn't the case. Have you looked at the Acid2 test at all? The problems Internet Explorer has with it are either parsing problems or outright lack of support for various features of CSS and HTML. Internet Explorer's support for non-standard CSS extensions are not a factor.

WindowsXP is 5 years old, it is about time people moved to it.

You can argue that people should upgrade all you like, it makes no difference as to whether they actually do it or not. I'm saying that lots of people don't upgrade for years. Telling me that they should is completely irrelevant. It's not up to me whether they upgrade.

So YES we can start moving to real XHTML and CSS based sit

suprised

I'm quite suprised by IE 7, i tried one of the sites i maintain in it, it looked bloody awful, so i changed the conditional comments to LTE IE 6.5 rather than 7.5, and it looked quite close to how it should have.

thing is, soon i'm going to have to start maintaining 2 extra stylesheets included by conditional comments for every website

TFA Makes No Menton of Breaking Commerce

TFA makes no menton of breaking commerce sites, and fails to mention that this "pushed" update prompts the user if they want to upgrade first -- much like Service Pack 2 did.

The implication from the summary is that IE7 breaks online shopping, but gives absolutely NO evidence towards this.

And even if there were an issue with certain sites, they've got MONTHS to fix it before the big shopping season. Is that not enough notice? Maybe Microsoft should just hold the update until January, or would that affect Valentine's Day websites? They could it 'till March but what about all the April Fool's websites that might break?

This is a great example of the OSS world using FUD to slam Microsoft, while they complain about the FUD that Microsoft spreads.

If its serious they should take it seriously

"has serious implications for e-commerce websites whose functionality might be affected by any bugs in the software"

Beta versions have been out for a while now.  Even IF the application worked so differently then previous versions that it would affect your site your:

a) Making a website that hardly works on any browser (including old versions of IE)
b) Not taking your job seriously.  If your job is to manage this sites that will be affected by a new browser version you should have all ready started your testing  a year ago.
c) If you are not capable of a and b then I'm willing to bet your site has more serious problems to worry about then the 5 people a week that go to your site to begin with.

Please lower the anti Microsoft tone

Also to have end users suddenly using a new browser right before the holiday shopping season could magnify the cost any bugs that might create a bad user experience on sites

Can we tone the advocacy down a little?

This somehow suggests that this is a bad idea and that it is different from what Microsoft has done in the past. Well IE 5.5, IE 6, IE 6SP1 were all critical updates.

What is more, this is straight editorialising on the part of the submitter or the editor. This isn't a case of a sensationalised article that is being posted on slashdot, the sensationalisation is supplied by the submitter or the editor.

I'm hardly a Microsoft fanboy but this is ridiculous.

That's some really nice FUD you have there...

First of all, the update is OPTIONAL [msdn.com]. The only thing that is "pushed" to the client via Windows Update is an installer shim. When it runs it prompts the user and asks them if they would like to install an update for IE. They can say Yes, No, or Ask Me Later.

Second, guess what I was greeted with this morning when I came in to work? It was a Firefox dialog saying that I was already updated to the new version and would I like to restart firefox so the changes could take effect. How is this really any different? Does anybody have knowledge that version 2.0 of Firefox won't be pushed this way, just like version 1.5.0.5 was today?

Could IE7 have bugs? It almost certainly does... but the fact of the matter is that it has some very important security related design changes and fixes that will make Windows users safer. If large e-commerce sites are worried about how their pages will display in IE7, why don't they download a copy of the freely available beta and test it [msdn.com]?

Microsoft's decision to push IE7 out via Windows Update is a good one not just because of the security reasons, but because it will move a huge percentage of the people on the web to a browser with far better standards support [msdn.com]. The lag time between standards adoption will be dramatically reduced. Let's face it, a big reason that many sites aren't standards compliant today is because of IE. If Microsoft simply offered it as a download on their web site it would take years for adoption to reach high enough levels to stop coding for IE6.

The W3Schools suggest otherwise

Ok.. so Miscrosoft is forcing IE 7 on us.
Obviously they fear that people wouldn't want to download it themselves.

The W3Schools stats suggest otherwise:

July IE 7 1.9% Opera 1.4% Browser Statistics [w3schools.com]

The only movement I see is from IE6 to IE7. The "alternative" browsers stand pretty much where they did last November.