João Saramago

A Microsoft-funded report found that IE 8 outperformed four other browsers in protecting against socially engineered malware.

Link to the original site

Barence writes “Microsoft has issued a statement urging people to upgrade their browser to IE8, after the zero-day exploit that was used to attack companies such as Google went public. According to Microsoft’s security advisory: ‘the vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.’ But, although IE6 has been the source of the attacks until now, Microsoft’s advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.”

Read more of this story at Slashdot.

Link to the original site

Grotendo writes “Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a ‘browse and you’re owned’ vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend.” Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of “groups that can be referred to as the Advanced Persistent Threat.”

Link to the original site

alphadogg writes “Attack code has been identified that could be used to break into a PC running older versions of Microsoft’s Internet Explorer browser. The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim’s computer.”

Read more of this story at Slashdot.

Link to the original site

By Scott M. Fulton, III, Betanews

The final test editions of Microsoft’s Internet Explorer 8, released while Windows 7 was still in the technical preview phase, suggested that its performance could very well triple that of its predecessor, the venerable IE7. When the RTM edition first became available, its performance was pared down a bit, but still better than double that of IE7, based on Betanews’ assessments at the time.

But we’ve noticed a trend of IE8 performance dragging down over time, while every other major Windows browser in the field was headed the other direction — and fast. Early this month, when Firefox 3.6 Beta 1 appeared imminent (and still is at this moment), we calculated the performance difference between IE8 and IE7 at about 75%.

After the last round of security fixes two weeks ago, plus an out-of-cycle update to Microsoft’s JavaScript (JScript) engine this week, the performance gap across Windows platforms has averaged down even more, to an all-time low of 54%. This even though Betanews tweaked its testing suite even more in the last few weeks, in response to changing circumstances with one of our benchmark providers — our CRPI suite now includes a few test batteries that should have cut IE8 some slack.

In our latest round of tests, IE8 scored a CRPI of 1.54, which means on average, users can expect 54 better overall performance from IE8 than they would have seen from IE7 running on Windows Vista SP2.

We also could not help but notice that the latest JScript update was applied to Windows XP and Vista platforms only — at least in the Automatic Updates distributions that we received. After those updates were applied, IE8 performance in Vista and XP were dragged down so heavily that IE8 on Windows 7 is now the fastest of the three platforms: 1.63 for Win7 versus 1.59 for XP and 1.41 for Vista. Since we’ve been testing on the Windows 7 RTM platform, browsers have typically been 10 to 15% faster on XP SP3 than on Win7.

What happened? First of all, we’ve noticed that since Patch Tuesday, IE8 has completely failed the portion of the advanced SlickSpeed selectors test that focuses on the browser’s native JavaScript library, on all three platforms (“failed” meaning, it couldn’t perform the programmed job on all 56 heats). This is the one portion of the SlickSpeed test that IE8 used to perform quite well on. On XP over the past few weeks, IE8′s score on SlickSpeed slipped from 2.45 on October 13, to 1.67 yesterday.

Meanwhile, the SunSpider test suite written by the WebKit team shows a noticeable slowdown in the calculation department in all categories, but again, on XP and Vista and not Windows 7. On XP, IE8′s SunSpider score slipped from a 6.02 to a 5.79. On Windows 7, meanwhile, the SunSpider score improved from a 5.66 to a 5.93. (These scores are relative; a 6.00 would mean “six times faster than IE7 on Vista SP2.” We post relative scores on tests using identical hardware in order that the hardware can be factored out of the equation; in other words, we believe IE8 is only 54% faster than IE7 on any machine you choose.)

It’s computational test scores where IE8 is flagging; by comparison, rendering scores are flat to slightly higher across the board. We’re still in the midst of tallying scores for other browsers, and plan to post those results along with test scores for the first public Mozilla Firefox 3.6 Beta 1 once that browser (finally) becomes available.

Some Betanews readers have asked us why we use IE7 on Vista as our performance index rather than IE8, and up to now, our answer has been because it’s the slowest browser we test, and thus gives us a more granular sense of performance improvements for all the more modern browsers in current use. If this trend keeps up, though, we may just change our minds.

Copyright Betanews, Inc. 2009

Link to the original site

In this video, Matt Hester describes the main topics covered in the video series, including CSS 2.1 and 3.0 features, HTML 5, native JSON, selectors, AJAX navigation and developer tools.

Link to the original site

CWmike writes “Google hit back at Microsoft on Friday, defending the security of its new Chrome Frame plug-in and claiming that the software actually makes Internet Explorer safer and more secure. ‘Accessing sites using Google Chrome Frame brings Google Chrome’s security features to Internet Explorer users,’ said a Google spokesman today. ‘It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months.’ On Thursday, Microsoft warned users that they would double their security problems by using Chrome Frame, the plug-in that provides better JavaScript performance and adds support for HTML 5 to Microsoft’s browser.”

Read more of this story at Slashdot.

Link to the original site

Mark writes “The release of Google Chrome Frame, a new open source plugin that injects Chrome’s renderer and JavaScript engine into Microsoft’s browser, earlier this week had many web developers happily dancing long through the night. Finally, someone had found a way to get Internet Explorer users up to speed on the Web. Microsoft, on the other hand, is warning IE users that it does not recommend installing the plugin. What does the company have against the plugin? It makes Internet Explorer less secure. ‘With Internet Explorer 8, we made significant advancements and updates to make the browser safer for our customers,’ a Microsoft spokesperson told Ars. ‘Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attack area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.’”

Read more of this story at Slashdot.

Link to the original site

ChiefMonkeyGrinder writes “Early tests with Google’s Chrome Frame found IE8 runs 9.6 times faster than usual. The testers ran the SunSpider JavaScript benchmark suite.” The other question is what is the performance hit of using the frame plug-in instead of running the browser natively.

Read more of this story at Slashdot.

Link to the original site