Microsoft gets hacker feedback on IE Version 7 Beta 2
It sought advice at the Hack in the Box Security Conference
IDG News Service - Microsoft Corp. showed off the preliminary work it has done on the second beta version of its popular Internet Explorer Version 7 at the Hack in the Box Security Conference in Kuala Lumpur, Malaysia, and came away with good feedback, company officials said today.
"It's the first time we've ever come out ahead of a product release to present and get feedback," said Tony Chor, group program manager for Microsoft's Internet Explorer team, referring to the company's presentation to a hacker-specific group.
Chor and colleague Andrew Cushman, director of Microsoft's security engineering and communications group, spoke highly of the feedback they heard at the presentation and preferred to use the term security research community instead of hackers when referring to attendees.
"Hacker has a negative connotation, like a criminal," said Cushman. People such as attendees of the Hack in the Box conference approach security from a very different, very valuable perspective, he said. "This community is a good source of information, and we haven't availed ourselves of that source," Cushman added.
Chor went a step further, saying Microsoft has maintained an "adversarial" relationship with the hacking community in the past, but "that wasn't working. It just made them mad, and we didn't benefit from their passion and expertise."
The company is working to engage the "security research community" in the future by making presentations at more hacker conventions and giving attendees a chance to critique some of Microsoft's work ahead of releases.
Chor and Cushman handed out business cards liberally, and they said they hope to get more e-mail responses from people as well as notes on their blog. "People had a lot of good suggestions and asked a lot of good questions," said Chor.
Some hackers at the show gave Microsoft high marks for showing off some new security features on the Web browser and seeking their views. They added that they would have liked to hear more technical details on new features in the browser. But their impression was that the presenters appeared almost apologetic, and they said that they don't plan to switch to any Microsoft products in the near term at the expense of, say, Mozilla Corp.'s Firefox browser.
Chor said he plans to increase the amount of technical details in future presentations.
The Beta 2 version of Internet Explorer Version 7, currently under construction at Microsoft, will likely be ready by the end of the year, said Chor.
One new feature in the Web browser is that it runs in higher security "protected mode" by default, set at a lower user privilege. In protected mode,all downloads and other packages are automatically dropped in the "temporary Internet files" folder, so malware can't be deposited on the hard disk. In the temporary folder, IE and Windows treat the files as dangerous, and they're given no privileges to move about.
With add-ons like a Google Inc. toolbar or ActiveX, Internet Explorer Version 7 Beta 2 will offer more permission prompts, since downloads such as ActiveX opt-ins can be an avenue for attack, Chor said. Microsoft also plans to license its "protected mode" innovation to other developers for free to help spread its use, said Chor.
For businesses, Microsoft added a "compatibility mode" that works when a person is using a company's intranet. It allows them to drop files wherever they want to on their PCs.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts