http://www.eweek.com/article2/0,1759,1765331,00.asp By Ryan Naraine February 15, 2005 SAN FRANCISCO - After months of hemming and hawing on plans for a standalone Internet Explorer upgrade before Longhorn, Microsoft Corp. now plans to push out a browser refresh by July or August this year. But the news that IE 7.0 will be available only to Windows XP SP2 (Service Pack 2) customers isn't likely to sit well with security experts who argue that the threat from the Firefox browser is at the center of Microsoft's aggressive anti-spyware and anti-virus plans. The percentage of Web surfers using Firefox has risen steadily since June, but Microsoft officials are sidestepping the issue altogether. "When you run a business and you worry only about what your competitors are doing, that's not a long-term business proposition. You really need to be listening to your customers and that's what we're doing," said Gytis Barzdukas, director of product management in Microsoft's security business technology unit. "Yes, Firefox has come out with technologies that customers are evaluating. But, at our end, we can't worry too much about that. Customers have told us they want us to take a leadership position in security and they want us to make sure we secure the browsing experience," Barzdukas said in an interview with eWEEK.com. Like Microsoft Chairman Bill Gates, who announced the new version of IE at the RSA Conference here, Barzdukas stressed that IE 7.0 will build on and expand the progress made with SP2 and put in place defenses against malware, spyware and phishing attacks. Asked to explain the rationale for limiting IE 7.0 to XP SP2 users when the majority of businesses are still running Windows 2000, Barzdukas left the door open slightly. "Windows XP SP2 is the scope of the project at the moment. That's what we feel comfortable committing to. We haven't closed the door on potentially providing it to other platforms," he said. However, Barzdukas argued that it was much easier for a company to consider migration to a new operating system than testing and deploying significant product upgrades. "When you do a certain amount of engineering, it gets to a tipping point. Customers have to decide whether to spend a lot of resources making sure their existing applications work properly. Or, they can decide that it's much more feasible to move to a new operating system," he said. "When we do all this engineering work, the architecture is changed significantly. In some cases, it's more expedient for customers to just move to a new operating system where the enhancements are easier to deploy," Barzdukas said. Last year, when Microsoft rolled out XP SP2 and declined to offer the security enhancements to Windows 2000 users, analysts grumbled that the Redmond, Wash.-based software giant was using security as a carrot to get businesses to upgrade. "Will customers be migrating [to XP] because they're trying to get the security benefits? Or are they spending money because Microsoft isn't shoring up Windows 2000 adequately? That's a legitimate question to ask," security analyst Michael Silver said at the time. Those criticisms are bound to resurface this time around as details of the security goodies in IE 7.0 start to dribble out. On the Internet Explorer blog, Dean Hachamovitch, head of the IE team, said the company would compare Windows 2000 customers' needs with the "engineering and logistical complexity" of back-porting the enhancements. "That's all I can say on that topic," he said. It's not yet clear if IE 7.0 will include nonsecurity enhancements that Web developers have been demanding. Those include fixed positioning in CSS (Cascading Style Sheets) and improved support for PNG (Portable Network Graphic). "We're not yet prepared to go into details about what will or won't be included in IE 7.0," Barzdukas said. The company has been using its Channel 9 Wiki to solicit feature ideas and feedback from IE users. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Feb 16 2005 - 10:00:53 PST