ferrarif50
Journeyman
On February 15, 2005, Microsoft chairman Bill Gates publicly revealed during his RSA Conference 2005 keynote address that his company would denounce its previous plans and ship a separate major update to Internet Explorer (IE) before Longhorn. Until that speech, Microsoft representatives were adamant that the security enhancements they had added to the version of IE in Windows XP Service Pack 2 (SP2, see my review) would be it until Longhorn.
Before the Gates speech, there were indications, however, that Microsoft was reevaluating its stance on IE. First, the open source Mozilla Firefox Web browser, released in November 2004, was proving to be enormously popular with tech-savvy Web users, and its garnered over 25 million downloads in 100 days, grabbing about 5 percent of the Web browser market. Second, Microsoft began discussing the possibility that it would at least provide minor updates to IE before Longhorn. In a discussion with Gary Schare, the Director of Windows Product Management at Microsoft at the time, I was told that the company was examining whether it could add features to IE 6 in XP SP2 via its component add-on capabilities. Previously, MSN had used this functionality to good effect with its MSN Toolbar Suite (see my preview).
Then came the Gates keynote. Here's what Gates said about this major IE update, which will be called Internet Explorer 7. "What we've decided to do is a new version of Internet Explorer, this is IE 7, and it adds a new level of security," he said. "We will be able to put this into beta by early in the summer [of 2005]." Gates then noted that IE 7 would only be made available to users of XP SP2, and not to those still using earlier Windows versions like Windows 2000 or 9x. "Of course, as well, we'll include these capabilities in the next release of Windows scheduled for 2006, which is our Longhorn release."
So what's the deal?
As I write this, there are a lot of questions about IE 7, mostly because Gates' comments were so vague, and Microsoft representatives weren't interested in answering any questions after the RSA speech, deferring instead to a future time.
IE 7 facts
From a factual basis, here's what we know about IE 7 right now:
IE 7 was originally scheduled for Longhorn. The new features we're going to see in IE 7 were originally going to be available only as part of Longhorn.
IE 7 will be focused on security. Like the version of IE that Microsoft shipped in XP SP2, IE 7.0 will consist, mostly, of security-oriented features. One of these features will be an anti-phishing technology. As Gates noted, "Some of the advances [in IE 7] include things focused on phishing, where people use URLs that appear to come from another location, things related to malware. So, [that] will be another important advance [in IE 7]." IE 7 will also include an IP traffic encryption capability that will help prevent electronic eavesdroppers from modifying data before it reaches your machine or redirecting you silently to malicious servers. "It makes sure that the traffic is encrypted, so there is no eavesdropping or modification that can take place, but it also makes absolutely sure through the use of certificates that the machine that you're connected to is the machine that you want to be able to connect to," Gates noted. Microsoft is also overhauling the IE security zones in IE
7. NEW! IE 7 will include tabbed browsing. Microsoft will include tabbed browsing, along with other new features, in IE 7.
NEW! IE 7 will not include a new Outlook Express version. A few people have asked me whether IE 7 will include a new Outlook Express (OE) version (e.g. OE 7). No, it will not: The OE team is focusing on Longhorn.
IE 7 will be free. Like previous versions of IE, IE 7 will be free.
IE 7 speculation
In addition to these facts, I'd like to present a few speculative thoughts about IE 7. These are not facts, but are probable based on my prior conversations with folks at Microsoft:
IE 7 will probably ship for XP SP2 customers only. Microsoft is already backing off a bit from its original claim that IE 7 would be marketed as another benefit of using XP SP2. That means that the company could theoretically back-port IE 7 to Windows 2000, too, assuming that enough customers complain. However, it's likely that IE 7 will remain XP SP2-only, if only because a Windows 2000 version of IE 7 would be inherently less secure.
IE 7 will likely ship this calendar year. You can expect IE 7 to enter beta in May or June and ship by the end of 2005. There will be at least two beta releases, according to the IE Team blog.
The version of IE in Longhorn will be quite different from standalone IE. Don't be fooled into believing that XP SP2 users are going to get Longhorn's version of IE this year. The version of IE in Longhorn will include advanced graphical capabilities, unique new features, and will benefit from the underlying search functionality in Longhorn (the omission of WinFS won't change that). Longhorn IE will be much safer than XP SP2 + IE 7 because of low-level changes to the attack surface in that OS.
Conclusions
Obviously, there's not a heck of a lot to say about IE 7 quite yet, but I thought I should provide this summary of the facts and speculation about this suddenly important release as quickly as possible. As time goes by, I expect Microsoft to begin revealing more information about IE 7, and as it does so, I'll upgrade this document or create a second preview, and of course review the product as time goes on.
However, I would like to call out one more item. Microsoft is a big company that has, in my opinion, lost touch in many ways with its customers, and has a hard time presenting a friendly face to the public. By bowing to customer concerns and reversing course to ship a standalone version of IE 7, Microsoft has proven that it can listen to feedback and act accordingly. In other words, Microsoft is doing the right thing here. Sure, one might argue about the XP SP2 requirement, but the reality is that XP SP2 is much more secure than any other desktop Windows version. By demonstrably showing that it is serious about security, Microsoft is sending a message to the Windows community that transcends mere words. I applaud this change.
Will it matter? Electronic attacks will continue to get more sophisticated, matching the defenses Microsoft erects over time. Only with a more secure foundation--which we'll hopefully see in Longhorn--can Microsoft turn the tide of bad publicity over its security issues. But in the meantime, IE 7 will be an important stop-gap measure, as important in its own right as XP SP2. I'm intrigued that they're even making this effort.
Before the Gates speech, there were indications, however, that Microsoft was reevaluating its stance on IE. First, the open source Mozilla Firefox Web browser, released in November 2004, was proving to be enormously popular with tech-savvy Web users, and its garnered over 25 million downloads in 100 days, grabbing about 5 percent of the Web browser market. Second, Microsoft began discussing the possibility that it would at least provide minor updates to IE before Longhorn. In a discussion with Gary Schare, the Director of Windows Product Management at Microsoft at the time, I was told that the company was examining whether it could add features to IE 6 in XP SP2 via its component add-on capabilities. Previously, MSN had used this functionality to good effect with its MSN Toolbar Suite (see my preview).
Then came the Gates keynote. Here's what Gates said about this major IE update, which will be called Internet Explorer 7. "What we've decided to do is a new version of Internet Explorer, this is IE 7, and it adds a new level of security," he said. "We will be able to put this into beta by early in the summer [of 2005]." Gates then noted that IE 7 would only be made available to users of XP SP2, and not to those still using earlier Windows versions like Windows 2000 or 9x. "Of course, as well, we'll include these capabilities in the next release of Windows scheduled for 2006, which is our Longhorn release."
So what's the deal?
As I write this, there are a lot of questions about IE 7, mostly because Gates' comments were so vague, and Microsoft representatives weren't interested in answering any questions after the RSA speech, deferring instead to a future time.
IE 7 facts
From a factual basis, here's what we know about IE 7 right now:
IE 7 was originally scheduled for Longhorn. The new features we're going to see in IE 7 were originally going to be available only as part of Longhorn.
IE 7 will be focused on security. Like the version of IE that Microsoft shipped in XP SP2, IE 7.0 will consist, mostly, of security-oriented features. One of these features will be an anti-phishing technology. As Gates noted, "Some of the advances [in IE 7] include things focused on phishing, where people use URLs that appear to come from another location, things related to malware. So, [that] will be another important advance [in IE 7]." IE 7 will also include an IP traffic encryption capability that will help prevent electronic eavesdroppers from modifying data before it reaches your machine or redirecting you silently to malicious servers. "It makes sure that the traffic is encrypted, so there is no eavesdropping or modification that can take place, but it also makes absolutely sure through the use of certificates that the machine that you're connected to is the machine that you want to be able to connect to," Gates noted. Microsoft is also overhauling the IE security zones in IE
7. NEW! IE 7 will include tabbed browsing. Microsoft will include tabbed browsing, along with other new features, in IE 7.
NEW! IE 7 will not include a new Outlook Express version. A few people have asked me whether IE 7 will include a new Outlook Express (OE) version (e.g. OE 7). No, it will not: The OE team is focusing on Longhorn.
IE 7 will be free. Like previous versions of IE, IE 7 will be free.
IE 7 speculation
In addition to these facts, I'd like to present a few speculative thoughts about IE 7. These are not facts, but are probable based on my prior conversations with folks at Microsoft:
IE 7 will probably ship for XP SP2 customers only. Microsoft is already backing off a bit from its original claim that IE 7 would be marketed as another benefit of using XP SP2. That means that the company could theoretically back-port IE 7 to Windows 2000, too, assuming that enough customers complain. However, it's likely that IE 7 will remain XP SP2-only, if only because a Windows 2000 version of IE 7 would be inherently less secure.
IE 7 will likely ship this calendar year. You can expect IE 7 to enter beta in May or June and ship by the end of 2005. There will be at least two beta releases, according to the IE Team blog.
The version of IE in Longhorn will be quite different from standalone IE. Don't be fooled into believing that XP SP2 users are going to get Longhorn's version of IE this year. The version of IE in Longhorn will include advanced graphical capabilities, unique new features, and will benefit from the underlying search functionality in Longhorn (the omission of WinFS won't change that). Longhorn IE will be much safer than XP SP2 + IE 7 because of low-level changes to the attack surface in that OS.
Conclusions
Obviously, there's not a heck of a lot to say about IE 7 quite yet, but I thought I should provide this summary of the facts and speculation about this suddenly important release as quickly as possible. As time goes by, I expect Microsoft to begin revealing more information about IE 7, and as it does so, I'll upgrade this document or create a second preview, and of course review the product as time goes on.
However, I would like to call out one more item. Microsoft is a big company that has, in my opinion, lost touch in many ways with its customers, and has a hard time presenting a friendly face to the public. By bowing to customer concerns and reversing course to ship a standalone version of IE 7, Microsoft has proven that it can listen to feedback and act accordingly. In other words, Microsoft is doing the right thing here. Sure, one might argue about the XP SP2 requirement, but the reality is that XP SP2 is much more secure than any other desktop Windows version. By demonstrably showing that it is serious about security, Microsoft is sending a message to the Windows community that transcends mere words. I applaud this change.
Will it matter? Electronic attacks will continue to get more sophisticated, matching the defenses Microsoft erects over time. Only with a more secure foundation--which we'll hopefully see in Longhorn--can Microsoft turn the tide of bad publicity over its security issues. But in the meantime, IE 7 will be an important stop-gap measure, as important in its own right as XP SP2. I'm intrigued that they're even making this effort.
