First look - Internet Explorer 8 RC1

On 26th January Microsoft made available Internet Explorer 8 RC1 (release candidate 1), which means that as far as Microsoft is concerned, IE8 is cooked and that barring anything major, this will become the final release. So, what’s the new browser like?

A new release of IE is always important because this is the browser that many millions of Windows users will be surfing the web with daily. Like it or not, by the very fact that IE is knitted into every Windows installation makes this an important event.
After what seemed like years of stagnation, Microsoft is continuing the tradition of kitting out IE8 with features that users of other browsers take for granted. That said, there are very nice features built into IE8, which include:
Smart Address BarThe address bar isn’t now just a place to type URLs into. The Smart Address bar in IE8 tries to make sense of what the user is looking for by retrieving sites visited from the history and bookmarks. This is handy for those times when you want to find something but can’t remember where you saw it.
Enhanced findSometimes it’s not finding the site that’s difficult, but finding where on the page you need to look for the information that you are after. IE8 offers a broad range of enhanced and improved tools to help you spot the information you are after. One such example if this is result highlighting.
Tab groupsWhen one tab is opened from another one, the new tab is placed next to the one from which it was opened, and both are marked with a colored tab. This is a good way to keep track of your open tabs.
InPrivateAlong with keeping track of stuff that you might later want to refer back to, IE8 also gives you powerful tools that allow the browser to have temporary amnesia in relation to the sites you’ve visited by temporarily halting the writing of information to the cache and history.
Crash recoveryIf your IE locks up of crashes while you’ve a shed-load of tabs open, with IE8 there’s a good chance that when you fire up the browser again that it will remember what what sites you had open and fire them up again. It can also reload information that you had typed into forms.
Your current favorite browser ... (Public view)
Firefox (52%)
Internet Explorer (32%)
Chrome (8%)
Opera (4%)
Safari (2%)
Other (2%)

Near-final IE 8 test build ready for download

On January 26, Microsoft made available to the public for download a near-final test build of its Internet Explorer (IE) 8 browser.
The IE 8 Release Candidate (RC) 1 is the last public build Microsoft expects to deliver before releasing the final version of the product, which will be available as a standalone download and part of Windows 7. (Microsoft will continue to make smaller private builds of the browser available to select testers in the coming weeks/months.)
Microsoft has made the IE 8 RC1 bits for 32-bit Vista, 64-bit Vista and Windows XP available on its Download Center for anyone interested in trying out the newest browser build.
The RC 1 build includes performance tweaks, compatibility enhancers and a few other fairly minor changes to the Beta 2 version of the product Microsoft made available to testers last summer. Microsoft officials are calling the IE 8 RC 1 build “platform-complete,” meaning that developers and users should expect no more programming- or user-interface changes in the product from here on out.
What’s changed since Beta 2?
The compatibility list enhancements: Microsoft is going to provide users who want it with a list of 2,000 sites that will automatically be viewed by default in compatibility view without users having to press the compatibility view button. (Microsoft will update this list every two months to reflect sites that are updated to be compatible with IE 8, officials said).
A new ClickJacking prevention option: Developers will be able to add a tage in a page header that will help detect and prevent click-jacking. According to Microsoft, IE 8 “will detect sites that insert the tag and give users a new error screen indicating that the content host has chosen not to allow their content to be framed, while giving users the option to open the content in a new window.”
Changes to the Smart Address bar: Besides matching URLs in a user’s site history the bar now also better matches titles in their history and favorites.
Other changes include performance tweaks that will speed up page loading; changes to the Instant Search Box (to include a “quick pick menu” at the bottom, so users can toggle between their favorite search suggestions from different search providers); full support for CSS 2.1; and a renaming of InPrivate Blocking (part of “porn mode”) to InPrivate Filtering. With IE 8 RC1, users can manually adjust the threshold between 3 and 30 in InPrivate Filtering settings. A full list of what’s changed in IE 8 since the beta is here.
As Microsoft acknowledged recently, IE 8 RC1 won’t work on the Windows 7 Beta; Windows 7 testers who want to try the RC need to run it in a virtual machine.

Is Chrome a security risk?

My lovely bride of 30 years worked from home yesterday, hoping to save our city some gas.
An e-mail came in from her administrator around mid-day which she decided to share with me.
It told all users to shut down Chrome.
The e-mail called Chrome a security risk. It told all users within the company to use Firefox or Internet Explorer, to shut Chrome down.
I don’t know how serious those concerns are. Without identifying my wife’s employer I will say it’s a conservative company, very security conscious, and often proactive.
But this is a good time to ask how well Chrome is doing. Google Analytics says 1 in 40 visits to ZDNet Open Source are now done with Chrome. It’s currently on build 2200, Version 0.2.149.30. (Click the wrench, then the About tab.)
Personally I have noticed that Chrome often crashes Shockwave and Flash pages. Thanks to its redundant tab-based design, whole browser sessions don’t die, but these plug-in crashes are more common than with Firefox.
I have also found that, despite its promise, it pays to shut Chrome down every once in a while and re-start it. The lack of add-ons can be annoying, as when I’m asked for personal information or want to search a page for a word or phrase.
Other reviewers have not been so kind. Some bloggers are already calling it a failure, and the criticism is global in scope.
On the other hand, this open source browser is already being forked, as with a German version dubbed Iron.
This, to me, is good news. It may be the most important news.
It is wrong to evaluate Chrome as you would a new TV show. It is wrong to consider it solely in terms of Google because, like Firefox, this is an open source product subject to the open source process.
But what I think or what any other reporter thinks really does not matter. What do you think? Are you using Google Chrome now? Do you plan to? When? And if not, why not?

(I refers to Dana Blankenhorn)

Code execution vulnerability found in Firefox 3.0

It’s not all about world records for Firefox 3.0.

Just hours after the official release of the latest refresh of Mozilla’s flagship browser, an unnamed researcher has sold a critical code execution vulnerability that puts millions of Firefox3.0 users at risk of PC takeover attacks.

According to a note from TippingPoint’s Zero Day Initiative (ZDI) , a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x.

Technical details are being kept under wraps until Mozilla’s security team ships a patch.

According to ZDI’s alert, it should be considered a high-severity risk:

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker. TippingPoint researchers continue to see these types of “user-interaction required ” browser-based vulnerabilities - such as clicking on a link in email or inadvertently visiting a malicious web page.

It looks very much like the vulnerability researcher was hoarding this vulnerability and saving it for Firefox 3.0 final release to make the sale.

In the absence of a fix, Firefox users should practice safe browsing habits and avoid clicking on strange links that arrive via e-mail or IM messages.

There are no reports of this issue being exploited but, if you are worried about being at risk of drive-by attacks, consider using a different browser.