News

Internet Explorer 7.0 to Focus on Security

• By Scott Bekker
• 02/16/2005

Microsoft chairman and chief software architect Bill Gates unveiled Microsoft's reversal of policy on Internet Explorer during a keynote Tuesday at the RSA Conference. Up until then, Microsoft had been saying it would release no new version of IE until the Windows "Longhorn" client ships in 2006. Now a beta of IE 7.0 is planned for early summer. The technologies developed in IE 7.0 will be rolled into the Longhorn release, but it wasn't clear from Gates' remarks whether further IE development will occur for Longhorn.

While many users are agitating for new functionality in Internet Explorer, especially the "tabbed browsing" present in the open-source Firefox browser, Microsoft said at the RSA security conference that the biggest emphasis in the new version of Internet Explorer would be on security.

"The primary focus of the announcement today was to let folks know that there would be a beta available this summer, and it would be primarily focused on security," said Amy Roberts, a director in the Security Business & Technology Unit at Microsoft. Roberts said it was too soon to talk about non-security features, although she said a development team is already working on IE 7.0.

Microsoft has come under increasing pressure to improve the security of Internet Explorer beyond the steps taken in SP2, released in August 2004. The improvements to IE in SP2 included zone and domain restriction, anti-spoofing capabilities, suspicious content blocking, memory protection, pop-up blocking and more granular user control.

Complementary to the security pressure, is the competitive pressure from the open-source Foxfire browser, which quickly gained browser market share in the first months of its availability. IE still holds between 80 percent and 90 percent of the market, according to various estimates, and analysts at Gartner argue that the factors fueling the growth of Firefox are burning out.

Microsoft's initial posturing of IE 7.0 as focused on security indicates the company is responding more directly to that threat than to the competitive threat. Gates didn't mention Firefox in his keynote. When asked about the influence of Firefox on the decision, Roberts said only, "Our focus has been on meeting the needs of our customers."

Spyware has emerged as a major threat since Windows XP SP2's development, and IE requires additional protection beyond the Windows AntiSpyware tool, Roberts said in explaining the timing of an interim release of IE 7.0.

"Folks weren't talking about spyware lat year," Roberts said. "It wasn't a major issue on the radar. It's become an increasing threat to customers with an impact on performance, and outright theft has emerged as something that needs, we feel, to be addressed more broadly."

In his speech, Gates also highlighted some other security focus areas for IE 7.0. "Some of the advances include things focused on phishing, where people use URLs that appear to come from another location, things related to malware," he said.

In his portrayal of Microsoft's IE dilemma, Gates described a recurring Microsoft theme: "Browsing definitely is a point of vulnerability. Allowing people to have the richness and the extensibility, and yet be protected, that's a challenge. You don't want to lock things down so you can't ever get to rich Web sites, and yet you still want to make sure this is not the path that security threats are coming in through."