IE6As reported all over the place, Microsoft has reversed its previous plans and will be releasing a new beta of Internet Explorer this summer instead of keeping it locked to the next version of Windows.

About frelling time.

Of course, there’s no word on whether they’ll actually improve page rendering—all the statements so far have focused on security, anti-phishing, and the like—so we web developers will probably have to continue using hacks to work around buggy rendering and missing features that are so much easier to build for Firefox, Opera and Safari. And even if they do fix things in IE7, they’re focusing on Windows XP (we might get it in Windows 2000, if we’re lucky), and there are still people using on Windows 98/Me who will still be stuck with IE6.

Of course, unlike Microsoft, Mozilla hasn’t stopped working on their browsers. By the time IE7 is out, Firefox 1.1 or 1.5 will be available, and they may be well on the road to 2.0.

Congratulations to Mozilla and Firefox for convincing Microsoft to get back to work!

Competition is good.

Firefox – Switch [archive.org] is the first of these sites I noticed. Based on Apple’s “Switch” campaign, it’s aimed at raising awareness of Firefox and convincing people to switch from IE. It has stories of people who have switched, a top 10 list of reasons to switch, and answers to questions about just how you go about this switching thing, anyway.

Stop IE [archive.org] is, as its name implies, a negative campaign. It focuses on the security risks inherent in using Internet Explorer and provides a list of alternatives, though Firefox is the only one it deals with in any depth.

Browse Happy is my favorite of the bunch, because it’s an inclusive campaign. It’s run by the Web Standards Project, so the goal isn’t to promote Firefox or eliminate Internet Explorer, it’s to promote choice and get people away from today’s Internet Explorer. The WaSP’s ultimate goal is to encourage people to build a vendor-neutral web in which you can use whatever browser you want—including IE—and get the same high-quality experience. That’s a goal I can agree with, and that’s why Browse Happy is the one I promote. The meat of the site is stories of people who have switched away from IE, with profiles of four browsers: Firefox, Mozilla, Opera, and Safari.

Firefox. Take Back the Web Stop IE Browse Happy

Update (June 2007): Stop IE is long dead. I’ve updated the links to point to the Internet Archive of the site.

CNET has posted a write-up of AOL’s new Netscape prototype based on Firefox, as well as a screenshot. It seems to be a combination of Firefox + theme + bundled extensions… plus a mode that embeds Internet Explorer for compatibility.

There are some nice ideas: adapting Firefox’s RSS capabilities to create a headline ticker, for instance, and the Firefox team has been talking about bundling extensions since it was called Phoenix. As for the embedded IE mode… on one hand it provides a convenient solution to the biggest criticism laid on all non-IE browsers: they don’t render pages exactly the way IE does. But it comes at the cost of all the security risks inherent in IE itself. It does remind me of the “View with Gecko” option Konqueror used to have (and probably still does on some systems).

But the clutter… The sheer number of buttons, icons, widgets etc. in that screenshot is staggering. Even after installing the web developer extension I don’t think I have that many buttons on Firefox. 3+ buttons on the tab bar, 3 icons on each tab…. I hope that CNET was just enabling every feature they could find to get them all in one screenshot, but if AOL is trying to bill it as “easier” than Firefox (which was created with a simple user interface as a design goal), they’ve got to try another approach.

Update (via WaSP): It seems BetaNews has more information on the dual-engine setup. Apparently they do have security settings to mitigate the IE issues… but then so does IE, and we all know how well that’s worked. Also, another screenshot, which looks even more cluttered than CNET’s. I think this will be a browser that requires you to run it maximized at 2000×1500. (Also of note: Firefox developer Blake Ross’ Open Letter to Netscape and Henrik Gemal’s collection of screenshots.)

Further Update: MozillaZine has posted a more thorough review.

Netcraft reports on a series of malicious banner ads using a vulnerability in Internet Explorer 6 to spread the Bofra virus. Clicking on the banners sends you to a website that uses the recently-discovered IFRAME vulnerability to infect your computer. Of note are the facts that there is no patch for this yet, and XP SP2 is affected (whoops, I misread that part).

The Register found the ads on their own website and identified the source as ad server Falk AG. They have pulled Falk AG’s ads from their rotation and apologized to their readers. Netcraft adds that Falk AG’s clients include high-profile sites such as A&E, NBC, and Sony. The ad company has issued a statement, but the page currently consists of the line “Server Engine: Application error.”

Update 3pm: The statement from Falk [archive.org] is readable now. Apparently someone broke into one of their network load balancers and reconfigured it to redirect ads to the malicious site. Once they discovered it, they shut down the affected system and started checking the rest. The malicious ads ran for a total of about 6 hours on Saturday.

Update Tuesday: the Internet Storm Center has posted a write-up of the attack response.

Of course, there are several ways to protect yourself from this type of attack.

Browse Happy. Online. Worry-free. Switch today.

I had to reboot one of the Windows servers on Thursday, at which point the GDI+ checker installed by Tuesday’s security fix popped up a message explaining that there was still some software with the JPEG vulnerability. OK, fine, I’ll run it again and see what’s missing. So I clicked on, well, OK, and it pulled up Internet Explorer.

More to the point, it pulled up Internet Explorer 2.0.

You see, that machine has some leftover files from a previous OS, and somehow the GDI+ utility picked up on that copy of iexplore.exe. Of course, it could barely handle the vulnerability info page — no ActiveX of course, and it even displayed raw JavaScript code at the top of the page because it wasn’t hidden inside a comment! (Even Lynx can handle that now!)

But once I fired up IE6 to actually run the test, I figured as long as I had the old one running, why not check a few site layouts? Or some browser sniffers, and see what it claimed and what it could handle?

Almost nothing, as it turns out. It couldn’t even find any of the sites I tried. And from the way it couldn’t find them, I realized exactly what was missing: it couldn’t handle virtual hosts. Continue reading