The fourth Platform Preview of Internet Explorer 9, available now, shows the opportunity of fully hardware-accelerated HTML5. You can run new test drive samples that show modern SVG and native JavaScript integration in action. In March, we promised to deliver platform preview releases approximately every eight weeks. With this installment, you will find more performance and more support for same markup.

Getting sites ready for Beta

With the fourth Platform Preview, we strongly recommend developers, designers, and partners to start getting your sites ready for the IE9 Beta.

• Test your site in IE9 Standards Mode.  This mode provides the best performance and interoperability and will offer additional benefits in the IE9 Beta. We suggest using the HTML5 doctype. More details here and here.
• We recommend sending IE9 the same standards-based markup your site sends other browsers. More details here and here. From the feedback so far, and our experience with sites, the best way to get your site working in IE9 Standards Mode is to start from the same markup other browsers receive rather than IE6, IE7, or IE8 markup.
• Use feature detection, not browser detection to handle any cross browser differences in behavior or feature support.  This keeps your site working even as browsers change.
• Please continue to report issues on Connect if your site doesn’t look or work right, and you’re giving it the same code as you’re giving to other modern browsers. With IE9 Platform Preview 4, we’ve fixed over 100 community-reported issues. We will fix even more between now and the IE9 beta and want your feedback.
• Consider the experience for IE9 Beta users if you find that sending the same markup creates more issues than you can resolve in your production site. It is possible that running your site in Compatibility View is better for your users.
• Take advantage of HTML5, CSS3, SVG, DOM, ES5, and more… all described here in the developer guide.  We’re excited to run the amazing experiences you bring to the web using these new capabilities, taking advantage of hardware through IE9.

Source IE Engineering Blog

Turner shared the beta date during his morning keynote at the annual Microsoft Financial Analyst Meeting (FAM) on July 29.

According to several recent leaks, Microsoft had been targeting August as its beta delivery target for IE 9. This beta is expected to be public (as the test previews have been), and to feature more of the user interface elements.

On July 29, Neowin.net reposted some screen shots from what they believe to be a newly leaked test build of IE 9. That build includes a new download manager, but doesn’t yet feature the new user interface.

Source:  All About Microsoft

MS10-018 is a typical cumulative update for Internet Explorer and was originally going to be released during the normal update cycle on the 13^th of April. The Internet Explorer team accelerated testing of this update due to the growing attacks against the publicly disclosed vulnerability (CVE-2010-0806), and the update has reached the appropriate quality bar for distribution to customers. Releasing the update early provides Internet Explorer 6 and 7 customers protection against the active attacks and provides users of all versions of Internet Explorer protection against nine other vulnerabilities.

Internet Explorer 6 and 7 are the only versions affected by the active attacks, why does the Advance Notification page state that Internet Explorer 8 and Windows 7 are affected? To clarify, the Security Advisory was released due to one vulnerability that is under active attack. That vulnerability only affects Internet Explorer 6 and 7. However, the bulletin, MS10-018, that we will release tomorrow, addresses 9 additional vulnerabilities. Some of those also affect Internet Explorer 8. All of the 9 additional vulnerabilities were responsibly disclosed and we are not aware of any active attacks against them.

Source: The Microsoft Security Response Center (MSRC)

“They want to be more than a follower or just on features parity,” said Forrester analyst Sheri McLeish as she talked about what she saw as a recommitment to Internet Explorer (IE). “And they’ve created a whole new team for IE. Microsoft is clearly taking the browser seriously again.”

Among the newer faces on the IE team, said McLeish, is Ted Johnson, the co-founder of Visio Corp. and from January 2000 to March 2003, a corporate vice president at Microsoft. Johnson, who according to his LinkedIn account rejoined Microsoft in August 2008, now carries the title Partner PM Architect on IE, and is the senior architect responsible for the browser’s graphics and rendering.

“Microsoft has lined up some very experienced engineers” for the IE team, McLeish said. “It’s really a crack team.”

The renewed emphasis shows that Microsoft is taking its browser, and the competition in the browser market, seriously. “You want that real estate,” McLeish said, adding that IE is important to Microsoft, something others have questioned.

“It’s important from a pure visibility and branding angle. The browser is the way to promote search, for Microsoft that means Bing, and of course Microsoft has an interest in creating the best experience it can within Windows.”

Microsoft may not believe that only its engineers can create the best Windows browser, but it certainly thinks they’re up to the task. As proof, McLeish noted the hardware acceleration Microsoft’s touting for IE9.

Earlier today, Dean Hachamovich, the general manager for IE development, spelled out IE9′s performance enhancements during a 40-minute presentation at MIX10, the web developer conference Microsoft kicked off this week. Among them: background JavaScript compiling on a separate processor core, graphics processor acceleration of text and graphic rendering, and an upcoming update to the IE9 preview for hardware acceleration of HTML 5 video.

“IE9 is exponentially faster at dynamic rendering than its predecessor,” said McLeish. “It’s very slick, very speedy.”

Full story: TechWorld

According to NSS Labs, which conducted the Microsoft-sponsored study, IE8 blocked 69% of the 492 malware-distributing Web sites that were included in the survey data. Mozilla’s Firefox, meanwhile, blocked only 30% of those same sites.

“I was surprised that IE8 did as well as it did,” Rick Moy, president of NSS Labs, said in an interview Tuesday. “But Microsoft has put a lot of effort into security in IE8.”

NSS tested six Windows-based browsers — IE8 RC1, Firefox 3.0.7, Safari 3, Chrome 1.0.154, Opera 9.64 and IE7 — against so-called socially engineered malware: Sites that dupe visiting users into downloading attack code. Typically, the download is disguised, often as an update to popular software such as Adobe’s Flash Player.

The tests did not include sites that attack browsers without any user interaction, an increasingly common tactic by hackers who often infect legitimate sites with kits that try a number of different exploits in the hope of compromising an unpatched PC.

To defend against the kind of malware sites that NSS tested, browser makers have been adding anti-malware features to their software. Mozilla, for example, added malware site blocking to Firefox 3.0, which shipped last June.

Source: www.computerworld.com

Microsoft Corp. will release Internet Explorer 8 (IE8) at 9 a.m. Pacific time today, beating its biggest rival, Mozilla Corp., in the race toward final code.

The new browser  will be available for manual download from the company’s Web site; the hour selected to coincide with a keynote address at MIX09, the Microsoft-sponsored Web developer conference where IE8 will be introduced, said James Pratt, a senior product manager on the IE development team.

“We’ll be launching IE8 [release to manufacturing] in 25 languages for Windows Vista, XP, Server 2003 and Server 2008,” said Pratt.

Windows 7 users, the vast majority of them running the beta that debuted Jan. 10, will not see the final version of IE8 until Microsoft delivers the next public milestone of the operating system, Pratt said. He declined to promise that the final bits of the browser would make it into the Windows 7 release candidate, which Microsoft has strongly hinted will be offered to the general public. “But that would be ideal,” he said.

Source: ComputerWorld

The final build that was prepared and passed to internal staff and partners is 8.0.6001.18691. Microsoft is reportedly readying this build for distribution via TechNet/MSDN and Connect before a general release to web.

The software giant released a final test build (RC1) last month before readying the RTM last week.

Source: www.neowin.net

Microsoft describes the list — Version 1.0 of which includes 2,400 sites that don’t render properly in IE 8 (in other words, an “incompatibility list”) –  as a tool designed to “make sure IE8 customers have a great experience with highly trafficked sites that have not yet fully accomodated IE8’s better implementation of web standards.” There is a downloadable list for IE testers using Vista and another version of the IE 8 list for XP users.

Microsoft officials said they used tester feedback to select which sites to include on the list. The list will be updated regularly, with the IE team removing sites that have become compatible with IE 8’s standards-mode default and adding new, problematic ones that are mentioned frequently by testers and customers, according to company officials.

Source: All About Microsoft

Dean Hachamovitch, general manger of the company’s Internet Explorer team, on Tuesday called on developers to ensure a good customer experience prior to product’s final release. “In short, developers, start your engines,” Hachamovitch said in a phone interview.

Currently, Beta 2 of IE8 is available to the general public. Hachamovitch said that Microsoft has been listening to user feedback and added improvements to the Release Candidate version. The Release Candidate represents the final test stage preceding general product release.

“We took the feedback from Beta 2 and we acted on it, and people are going to see that in the Release Candidate,” Hachamovitch said. “The feedback from the last build has been pretty positive,” he added.

Despite declining to be pinned down on a precise release date, Hachamovitch previously suggested in an IE blog that it would appear sometime in the first quarter of 2009.

The Release Candidate is the “call to action,” he said, a signal that IE8 effectively is completed as a product. Hachamovitch added that developers should expect the final product to behave like the Release Candidate version.

Microsoft says it took extra care to stay true to standards with IE8. Because of that, Web developers who designed their sites to work with earlier versions of Internet Explorer might have to address some display alignment problems when their site’s markup is parsed in IE8.

Source: www.esj.com

We’ve also added additional workarounds to the advisory and updated our guidance to recommend that you evaluate implementing two of the workarounds together for the most effective protection. Specifically, we’re recommending both setting the Internet zone security setting to High and using ACLs to disable Ole32db.dll. Our research so far has shown that these two steps together provide the most effective protections for this issue.

Our latest information is that there are still limited attacks seeking to load malicious software on vulnerable systems. My colleagues over in the Microsoft Malware Protection Center (MMPC) have posted information about some of the malicious software they’ve detected in these attacks.

We have also seen some trending that may indicate attempts to utilize SQL injection attacks against Websites to load attack code on those websites. If you’re a website operator, you might want to review Microsoft Security Advisory (954462) which provides information on tools you can use to analyze your Website’s code to help protect against SQL Injection attacks.

We are continuing our work on this issue including the development of a security update. We are also continuing our ongoing work with partners in the Microsoft Active Protections Program (MAPP) and Microsoft Security Response Alliance (MSRA) to provide information that they can use to provide additional protections for customers.

Most importantly, we will continue to provide updated information as we have it through our Advisory and the MSRC weblog.

Link: MSRC