Internet Explorer Gets First Look-and-Feel Overhaul in Years

Internet Explorer 7 got its first facelift in years when Microsoft delivered twin betas of the Web browser this summer -- one in the Windows Vista beta and a technical beta for Windows XP Service Pack 2.

The IE7 code went to testers in late July at the same time as the Windows Vista client operating system and the private beta of the Windows Longhorn Server operating system.

While Internet Explorer 6 got a major back-end overhaul with the security improvements in Windows XP Service Pack 2, the look and feel of the browser has not changed much for years.

What End Users See

The technical beta of IE7 brings dozens of major changes to the interface that are readily apparent to end users even before the public beta 2, in which Microsoft says the real focus on end-user look and feel will become apparent. Microsoft says the major focus of IE7 is to give developers a chance to test the back-end changed to the browser against their applications and Web sites.

The visual changes already apparent in the technical beta come to a browser that until not long ago was not expected to be updated outside of the next release of the operating system and bring IE toward basic feature parity with competitive offerings, especially the surging Firefox browser.

Already evident is a sleeker interface, which Microsoft's IE team says is in its early stages of evolution. The new browser interface puts the Back and Forward arrows near the top of the window, with the Address Bar right next to them. Even menu titles, such as File/Edit/View/Favorites are bumped down below these crucial browsing elements, marking a major departure from Microsoft Windows interface orthodoxy.

Also in line with the Address Bar is a new Search box, with which Microsoft pulls into the browser the functionality that Google, MSN and Yahoo! have been providing with add-on toolbars. Expansively, the early version of the IE search bar provides the user the option of any of several search engines as a default and they're listed alphabetically as opposed to putting MSN in first.

SPONSOR: FREE 86-page Server Spec Book - Dell, HP/Compaq, IBM
This new 86-page guide from World Data Products is the definitive resource on processor, memory and storage specifications for Dell PowerEdge, HP/Compaq ProLiant, and IBM xSeries servers. A must for everyone involved in the design, installation and maintenance of servers. From World Data Products, the world-class provider of server, storage and networking solutions.
Click here for more information.

Between the Address and Search bars on the top line is a new Security Status Bar, which is little more than the padlock icon Microsoft has used in the past to indicate secure transactions. By moving the icon up from its current position in the lower right-hand of the screen to the new position more in the users' line of sight, Microsoft hopes to call more attention to the feature. The Security Status Bar also features new colored backgrounds for the padlock indicating various danger levels at a site and clicking on the padlock brings up a site's security certificate.

One other surprising top-line change -- the Windows flag is gone from the upper right to clear more space for actual browsing features.

The next line on the browser includes tabs, the feature that Microsoft acknowledges in its technical overview document is the "most requested" feature of Internet Explorer. Tabs have been a differentiating feature for competitive browsers from the Mozilla Foundation and other browsing competitors for several years now. The feature allows a user to have several pages open within one browser window, rather than toggling between multiple browser windows, which is Internet Explorer's current paradigm.

A third line in the default browser interface includes the menu items and a collection of the basic browsing icons, such as home, history and print. There's more for end users when it comes to printing than new placement of the icon. A welcome new shrink-to-fit printing option will allow IE7 users to stop worrying about whether the words on the right side of the page will actually show up when they print out pages.

Microsoft says the new browser also provides an option for deleting browsing history with a single click -- a boon for those using IE on public computers.

Down among the third-tier icons is a new one for Really Simple Syndication (RSS), a technology Microsoft very publicly committed itself too in IE and Vista a few months ago. In typical Microsoft fashion, instead of using the near-universal orange symbol with the white letters "RSS" inside, the company went and invented its own name for IE7. Microsoft calls the feature Web Feeds and uses a little broadcast symbol.

The functionality is pure RSS and largely fits with what Microsoft promised a few months ago. The icon changes to notify the user if a page has an RSS feed available and offers single click access to the feed. The browser has been optimized to convert the current jumble of XML code on an RSS feed page into a more easily readable page. A single click also allows subscription to the site. The technical beta doesn't provide a way for IE7 to automatically notify a user when an update has been added to a feed, but the final version is supposed to.

The standalone version of IE7 will support a common feed list so all applications can share the same set of RSS subscriptions. Windows Vista will include architectural changes to the operating system to store and synchronize RSS subscription content across all applications.

SPONSOR: GoodLink 4.5: Added Security. More Handhelds.
Instinctively Easy. Amazingly Functional. As the leading wireless messaging solution for enterprises, GoodLink 4.5, by Good Technology Inc., has the look and feel of Microsoft(tm) Outlook(tm) optimized for mobile handhelds. Plus, it provides real-time wireless push synchronization of e-mail, rich attachments, and PIM data.
Click here for more information.

Plumbing Changes

The eye candy in IE7 is just a baseline for further improvements to come in Beta 2, Microsoft says. Other significant changes also occurred at what Microsoft describes as the "plumbing level," and a big part of the technical beta is to give developers extra time to test the new browser for compatibility with their applications and Web sites.

When Microsoft chairman and chief software architect Bill Gates first announced that there would be a stand-alone IE7, he portrayed it as a necessary response to the fast-changing security landscape even though the move was widely interpreted as a competitive response to Firefox.

Microsoft continues to emphasize security for IE7. "The proliferation of malware and its impact on security is a driving force behind the design of Internet Explorer 7," the company said in its technical description of IE7.

There has been a code rewrite to provide URL handling protections. "Rewriting certain sections of the code has drastically reduced the internal attack surface of Internet Explorer 7 by defining a single function to process URL data," Microsoft's documentation states. Further code changes are intended to head off the class of attacks based on cross-site scripting vulnerabilities.

In another major security change, Microsoft is eliminating the feature that allows developers to create IE windows that don't display any URL bar. The company recently acknowledged the problem as a class of phishing attacks appeared that spoofed Web sites by opening two windows simultaneously -- a legitimate site showing its legitimate URL while another windows opened partially over the legitimate site without an Address Bar. It was in that second window that the phishing attackers placed requests for information.

In a controversial move, Microsoft added what it calls the Microsoft Phishing Filter, which will compare addresses of Web sites a user tries to visit with a database maintained and updated hourly by Microsoft. The "phone home" aspect of the filter already has some users alarmed. Given that Microsoft has abandoned several previous initiatives that involved sending information to Redmond over privacy concerns, the phone home aspect of the filter is tenuous even for an early beta feature. Another aspect of the Phishing Filter involves a local cache of sites safe from phishing -- a regular scheme of downloading such sites, similar to anti-virus updates and anti-spyware updates, seems much more assured of surviving to the final version of IE7.

Many of Internet Explorer's most serious vulnerabilities come from add-ons and Microsoft is spending a lot of development effort in IE7 on sealing off the problems. "ActiveX Controls allow virtually unlimited potential and capabilities," Microsoft notes. "The issue arises that security often suffers in systems that provide greater flexibility and added extensibility."

In Beta 1, Microsoft introduced Internet Explorer No Add-ons Mode, which gives users a quick way to disable all add-ons when they're having system security or performance problems or while conducting sensitive tasks. For the Beta 2 release, Microsoft plans enhanced controls for add-on installation and management of all add-ons from a single interface.

To give administrators more centralized control over Internet Explorer on users' desktops, all current and future IE settings will be configurable via Group Policy. The Group Policy control will extend to all browser add-ons, Microsoft says, "ensuring that administrators will be able to enforce compliance with company standards among browser users."

In the Vista Beta 2 version, Microsoft intends to add an Internet Explorer Protected Mode to defend against elevation of privilege attacks. In that mode, IE does not have permission to modify user files, system files or settings. All communications occur via a "broker process" that mediates between IE and the operating system. To prevent scripted attacks, the broker process can only be started when the user clicks on IE menus and screens.

At a technical level, Microsoft will also add support for Cascading Style Sheets (CSS) in stages and will support alpha channel transparent PNG support.

With the beta release, Microsoft clarified that the standalone version of IE7 will run on more than just Windows XP SP2 -- it will run on other operating systems that share most of the Windows XP SP2 security improvements. They include Windows XP Professional x64 Edition and Windows Server 2003 Service Pack 1.

Microsoft's timetable for Beta 2 of the standalone version of IE7 is later this year. "The final version [will ship] once Internet Explorer 7 meets the quality standards Microsoft customers demand and expect." The Vista version will track with the beta schedule of the Vista operating system.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


comments powered by Disqus

Subscribe on YouTube