Security

Speculation Surrounding IE Updates Continues

Microsoft might be considering some interim updates to its Internet Explorer (IE) browser that would improve the browser’s overall functionality before the advent of Windows successor Longhorn, expected in 2006.

Previously, the software giant had said it would not offer any substantial updates to IE until it launched Longhorn. It has offered numerous patches to the browser, but has not unveiled any software add-ons or plug-ins aimed at enhancing the Web-viewing experience.

Some recent comments from Microsoft executives, however, have led to speculation the company would make some exceptions in order to beef up IE, which is facing not only additional competition from Firefox and other alternative browsers but also a growing number of security threats.

Today, Secunia released information on three new vulnerabilities in IE, two of which it dubbed “moderately critical.” The flaws were present in the latest version of IE and were not solved by applying the Service Pack 2 to Windows XP, Secunia said.

The newest flaws deal with how IE handles tags on Web pages, eliminating a pop-up warning, and how cookies are stored and processed.

Third Party Call

Microsoft has cobbled together dozens of third-party software plug-ins and add-ons that enhance IE and provided links to them from its Windows Marketplace site. In recent news interviews — which some speculate were timed to coincide with the latest release from Firefox — executives have said that Microsoft might start to roll out its own family of add-ons and plug-ins.

Gary Schare, director of Windows Product Management for Microsoft, said Microsoft is “always exploring options for further enhancing Internet Explorer.”

He cited SP2 as the most recent example, calling it “one of the most significant security updates in our history,” one that includes a “major upgrade of IE focused solely on security enhancements.”

At the same time, he added, “an ecosystem involving hundreds of partners and independent software vendors also continues to develop on the IE platform” from complete browsers with tabbed browsing built on the IE platform, to toolbars and other utilities.

However, the security flaws are just the latest hit on IE, which has been losing market share since early this year, according to data collected by Web analytics firm WebSideStory. Last week, security experts warned that attack code for a flaw found just days before had already begun to appear on the Web, marking the shortest time yet between vulnerability discovery and the appearance of an exploit.

Earlier this month, security services firm ScanSafe said IE exploits were the fastest-growing security threat for enterprises in the second quarter.

“One of the things we’ve been surprised at is the growth rate of threats,” ScanSafe director Roy Tuvey said. “The first thing exploited are browser vulnerabilities. Those are the flaws that attack code seems to be most easily developed for.”

Meanwhile, apart from the security issues, the fact that IE slipped from 97 to 93 percent market share in a little over six months, with much of the losses made up by Firefox, might have prompted Microsoft to rethink its strategy of holding off on upgrades.

Fending Off Competition

Enderle Group analyst Rob Enderle said Microsoft has traditionally not liked to let its innovations and advances leak out before it releases software upgrades, especially in the case of a release as major as Longhorn is expected to be.

Improvements to the browser are likely already in development and might even be completed, but because of the integration planned with Longhorn, releasing them ahead of time might not be possible.

Still, if the market share trends continue, Microsoft might have no choice but to offer users incentives, in the form of new features, to stay loyal.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Keith Regan
More in Security

E-Commerce Times Channels