IE8 SmartScreen in action
Last week at PDC, as we were about to start talking to people about IE9, I saw the following notification from my Facebook account:
From: Facebook [mailto:notification+mwm5axbx@facebookmail.com]
Sent: Tuesday, November 17, 2009 10:05 AMDina posted something on your Wall and wrote:
"funny vid of u, you see it? https://www.facebook.com/l/ca339;https://www.N70.InFO/2d"
To see your Wall or to write on Dina's Wall, follow the link below:
<..>
Thanks,
The Facebook Team
The message was from someone I know pretty well, and I believed the message. The address itself (https://www.n70.info/2d) wasn’t that suspicious; there are a lot of URL shortening services, and the .info domain has many legitimate sites on it. So I clicked the it:
and thought – whew.
IE8’s SmartScreen now blocks malware sites over two million times a day. IE8 offers a lot of protection from real-world attacks: phishing protection, a cross-site scripting filter, and Protected Mode (I may run as an administrator, but my browser doesn’t). With attacks on the rise, using (or upgrading to) a browser with this much protection is more important than ever. IE8 also offers great reliability because of process-isolation, and offers users the ability to manage add-ons that affect performance and stability. InPrivate Browsing and InPrivate Filtering are also quite handy.
I wrote back to my friend, and she was surprised. You can read Facebook’s guidance about what to do if this happens to you or a friend.
Dean Hachamovitch
Comments
Anonymous
January 01, 2003
with very of the best wishes....byAnonymous
January 01, 2003
well worth the read.I found it very informative as I have been researching a lot lately on practical matters such as you talk about...Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
I would like very much for new IE is very fast , very good.Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
The comment has been removedAnonymous
November 23, 2009
Dean, You write: "With attacks on the rise, using (or upgrading to) a browser with this much protection is more important than ever." Perhaps, time to recommend to all your customers on IE 6 and IE 7 to upgrade to IE 8, NOW... ? As you say, IE 8 is just so much better! Best Regards.Anonymous
November 23, 2009
@Paul: Indeed, the IE team has recommended that customers upgrade to IE8 since March (as soon as it was released).Anonymous
November 23, 2009
Should there be a JavaScript error on the warning page, as in your screenshot?Anonymous
November 23, 2009
The comment has been removedAnonymous
November 23, 2009
I just tried the address in Firefox 3.5. I also got a warning that it is unsafe. I run it as normal user - not admin. I also have scripting disabled by default (NoScript). I couldn't try it in IE 8, because while tracking down a possible Javascript bug yesterday, I loaded it with several toolbars and extensions. It now crashes once in a while, and is extremely sluggish (not usable as main browser). And I couldn't reproduce the bug. Pooh. Still, you're right: whatever OS or browser you prefer, ensure that you're running the safest version you can.Anonymous
November 23, 2009
I thought we were talking about ie9 now, how about ie9 <insert feature here> in actionAnonymous
November 23, 2009
After upgrading to IE8, new problem came up and that as this: whenever I want to go from first page to open new tab, the screen will go black first for a seconds then it will come back normal again. would U help in solving this problem. RegardsAnonymous
November 23, 2009
We want more (decent) IE9 news. IE8 isn't newsworthy anymore, especially not these kind of personal posts.Anonymous
November 23, 2009
The Smartscreen Filter misses a lot of malicious sites because of a severe defect in the smartscreen reporting mechanism: there is no way to report a website the browser isn't currently on. This defect is being actively used by malicious sites to disguise themselves and thus prevent reporting. They simply redirect for instance to Google if they detect that the request is not via POST from the original phishing email form or not from a referrer they expect. Thus it's impossible for an investigator to report them. This problem is well-known for at least a year. When will the IE team act?Anonymous
November 23, 2009
Google Chome does exactly the same. What an original idea, spend the time redesigning an EXPIRED and OBSOLETE browser.Anonymous
November 23, 2009
Not only Google Chome, Opera also have that feature. And this is not fresh information.Anonymous
November 23, 2009
Chrome OS goes one step further by trying to eliminate malware altogether. This is the 21st century and we still cannot make a web browser that will not break your machine. Am I the only person who is embarrassed by the IT industry when I hear people say 'I clicked on the wrong link and now my machine is broken'? Providing red screens and unintelligible messages to non-technical users does not pass for security.Anonymous
November 23, 2009
Although I agree that IE8 is much safer than previous versions of IE - most avoid it simply because the slowdown in IE from IE6 to IE7, and now from IE7 to IE8 is just unbearable. Opening a new tab (regardless how many extensions you have) should not take more than 150ms. Please stop telling us that the IE team has no issues with this in no-addons mode because none of us will ever run in no-addons mode in real life. My car can get 500mi./gal. when I put it inside a cargo jet plane but that's useless considering I will never drive my car like that. In addition to IE running very slow on the client side (I recently wrote a JS benchmarking test bed that indicates that IE runs all JS slower than any other browser) there are more alarming issues at hand. IE6 used to leak memory like a sieve - in fact there is a tool called sIEve that you can use to see just how much memory IE is leaking but there is a new bug in IE8 that shows that IE8 leaks memory in ways much worse than IE7 or IE6 and there is no workaround, http://com.hemiola.com/?p=5 As noted in the above test case, manipulating the DOM to insert form elements (any kind) or links (hmm, just about everything that you'd ever want to manipulate in the DOM) will leak memory even if you remove all references to the elements. When I run the test IE leaks memory for about 1.5 minutes then IE crashes hard. How about we focus on fixing IE8 and upgrading IE6/IE7 users before we start worrying about IE9 features? That said, when IE9 does come out - I expect that the developer tools will include a "memory" tab, that similar to sIEve will track exactly how much memory IE is using and for what so that developers can at least try and avoid the more severe IE memory leak bugs until IE10 comes along to fix them. thanks JakeAnonymous
November 23, 2009
Errr... Guys, I'm certainly not the last to bash the IE team on IE inadequacies. However, this certainly isn't one. We got IE9 news rather recently. While I would also appreciate some more, this was a blog post displaying how IE can protect you against tricky spoofing attacks. That other browsers can do it too, is cool; it's if IE had failed at protecting against this kind of spoofing while other browsers did succeed, that we could blast the IE team over that. But IE 8 actually worked in that case. No more, no less. Stop the OOT rants, please.Anonymous
November 23, 2009
The IE team do not have to read the comments if they don't want to. We HAVE to make that site run in IE 6,7,8 and soon 9, even if it takes all night.Anonymous
November 23, 2009
The comment has been removedAnonymous
November 24, 2009
@billybob and Jake - if you take the time to properly learn the fundamentals of web programming, and take advantage of libraries, you'll find that making sites work across browsers is not that difficult.Anonymous
November 24, 2009
Will, you are right when it comes to fairly static websites, but anything which could be called a 'Web Application' is a nightmare in IE. There are hundreds of bugs and oddities which we do learn, that is why we are complaining. The other browsers do not have anywhere the number of bugs that IE has and they have good developer tools. How is a talented web developer supposed to make a site work in IE if it leaks memory and then crashes? How do you avoid that particular issue?Anonymous
November 24, 2009
The comment has been removedAnonymous
November 24, 2009
Sorry for the off topic. Any advance in IE9 regarding ACID3, SVG, Canvas, video tag, HTML5 support in general? Thanks ! http://en.wikipedia.org/wiki/Acid3Anonymous
November 24, 2009
The comment has been removedAnonymous
November 24, 2009
Can you please write about when IE 8 will start to support CSS 3 columns? http://www.quirksmode.org/css/multicolumn.htmlAnonymous
November 24, 2009
"most avoid it simply because the slowdown in IE from IE6 to IE7" If I leave "Java(tm) Plug-In 2 SSV Helper" allowed, tab creation on this machine slows to about 1/2 of a second for me. I would like to know what the heck the "Secure Static Version" Helper does and why it's not possible for it to do some of it's work in one or more background worker threads.Anonymous
November 24, 2009
@Will: if you merely use libraries to abstract what browsers you are using, then yes, you can make websites that work without too much of a hassle. As said by Jake: basic websites. But then, if you want to build more advanced websites, or not load a hundred Kb of libraries for a mere few functionalities, then you'll develop your own tools. And this is where IE is (all versions, eventhough IE 8 is much less so) really annoying.Anonymous
November 25, 2009
The comment has been removedAnonymous
November 25, 2009
The comment has been removedAnonymous
November 25, 2009
The comment has been removedAnonymous
November 25, 2009
gimme-- Smartscreen is about blocking social-engineering attacks, not memory safety bugs. But, maybe you should actually read the article? The attack in question doesn't work at all in ie8, and if you turn on DEP in IE7, it won't work there either. http://www.microsoft.com/technet/security/advisory/977981.mspxAnonymous
November 25, 2009
@ieblog "I have no idea why it's slow" You said it yourself... It's Java. :) [/troll]Anonymous
November 25, 2009
Joining the Out Of Topic trend, I'll mention that IE 7 and 8 get extremely slow the more you load toolbars; Live toolbar, Yahoo! toolbar, your AV of choice's toolbar (I tried Norton 2010 and Avira), Alexa toolbar and Google toolbar (latest versions) will create EXTREME slowdown at:
- first page load: from the moment it appears to the moment you can input stuff in the URL bar, there can be as much as 40 seconds delay
- new tab load: same as above
- loading several pages: IE crashes (IE 8 can recover crashed tabs, but recovery will cause another delay)
- as soon as you have three of them loaded, no matter which one. On the other hand, Firefox with equivalent toolbars (+ Adblock and NoScript) doesn't exhibit such delays - eventhough it relies upon "slow" interpreted XUL. How comes? And now, plugging into the subject: will Direct2D help solve that (doubtful)? Or, is there something planned in IE 9 that will help with this?
Anonymous
November 26, 2009
Must have been using Outlook, I dont even see these messages in gmail :`)Anonymous
November 26, 2009
@carlos, do you really want IE9 to support the video tag with WMV codec that much?Anonymous
November 26, 2009
The comment has been removedAnonymous
November 27, 2009
The comment has been removedAnonymous
November 27, 2009
About Firefox and Direct2D, some interesting quotes from a Mozilla guy: Obviously we will aspire to deliver the highest quality and performance rendering on all platforms. There is no Linux alternative to Direct2D though. Partially because building a system like Direct2D is extremely complex, even when using Cairo's tesselation it is still very difficult to correctly use the Shaders for everything, deal with all the edges and provide subpixel text anti-aliasing. The trick here is that any implementation, needs to be -totally- complete, since software fallback is extraordinarily expensive because it requires the GPU and the CPU to synchronize. Causing stalls. We are working on providing hardware acceleration for some operations on other platforms. It is a more difficult struggle though, and it would be foolish for us not to use more advanced systems when those are provided to us by the OS. Note we have always tried to support the best frameworks for all platforms. OpenGL is also poorly and inconsistently supported on Windows & Linux. http://www.basschouten.com/blog1.php/2009/11/22/direct2d-hardware-rendering-a-browser#c60 Well, linux fanboys, what are you saying now? The last thread was full of people who claimed that firefox is already on par with IE9 graphical wise (on Linux thanks to cairo).Anonymous
November 27, 2009
The comment has been removedAnonymous
November 27, 2009
The comment has been removedAnonymous
November 27, 2009
@Mitch 74, "WMV is a container format" WRONG, WMV is a family of Microsoft prorietary video codecs (and WMV9 is standardized to be known as VC-1). The container format is ASF. "VC1? Well, all right, it's under patent." Yeah, and Microsoft is actually one of the patent holders. "Vorbis/Theora ... Microsoft refused to implement it, because the patent-free clause isn't 100% certain" I think you mean Apple and Nokia, they use H.264/MPEG-4 AVC (and x264 is not a codec, it's a H.264 library). Microsoft hasn't implemented the video tag in IE at all, so it's moot and ridiculous to say which video codec it "refused" to implement. "encoded flux depend on the OS's media infrastructure" right and wrong. I think we are talking about native video support, not plugin support that requires third party software, else you could say IE already support video through WMP. "and enjoy these flux the same way Firefox users do." You can already enjoy ogg videos in IE via WMP plugin and the right codecs installed. And Firefox doesn't support DirectShow (the Windows OS's media infrastructure) neither, so it only supports ogg video, not any other video formats that you have installed on your Windows OS. Basically, if you want IE to implement video tag, you'll most likely end up with a video tag that only natively support the WMV family of codecs (maybe VC-1, and previous WMV codecs), which means another codec into the video tag fiasco. It's already bad enough for this Theora vs. H.264 video tag codec war thing, do you think Theora vs. H.264 vs. WMV will make things better? And one of the important points of a standardized HTML5 video tag is a unified experience for the end-user. That's why people are trying to make one video codec the standard for all browsers, instead of relying on third party codecs. It'd be just bad if after all browsers implemented the video tag, when you come to one site, it pops up a notice that says you have to install the H.264 codec first, and another site says you have to install the Theora codec first, and then yet another site says you have to install the WMV/VC-1 codec first, etc. etc. "I'd be delighted if I were to be proven wrong here." I think you should be delighted by now. The important thing for now is not trying to convince Microsoft to implement the video tag, but to convince Apple and Nokia to allow Theora to become the standard video codec for the video tag. Else you are just gonna end up with Gecko supporting Theora, WebKit supporting H.264, and IE supporing WMV, which would make the HTML5 video tag next to useless in the end.Anonymous
November 28, 2009
@Matt are you using windows XP version? Vista version or 7 version might be very fast but my IE is very slow just like my friends and workers. My Firefox is very fast and no problems loading program and new tabs. I would like very much for new IE is very fast and no longer so slow I get angryAnonymous
November 28, 2009
@Iventa, I have XP, Vista and Windows 7 and Internet Explorer is fast across all of them. Disable your slow add-ons, update your AV software, and you will find that IE is as fast as everyone else on real sites.Anonymous
November 29, 2009
@Matt - you can be an MS fanboy all you want however the rest of us have seen that IE has gotten consistently slower in each release since IE6. I don't care what addons you have loaded: IE8 is slow. Slower than Safari, slower than Firefox, slower than Opera, etc. If there was only 1 or 2 people complaining about the speed of IE then you could shrug it off but it isn't. Every corporate user of IE I've talked to (100's) at every company I've been to (dozens) has complained that IE is slower now in IE7 or IE8 than it was in IE6. There is test after test, and result after result that shows IE has become slower at loading with each new release. Just like the other person above stated, don't blame it on addons. My Firefox runs lightning quick with 21 addons installed. Blaming vendors for slow addons is a weak excuse for a slow browser. If it is the addons that really are the culprit for being slow then hurry up and "out" the addons so we know which ones are slow (the timers in the addon dialog are wrong or blank) If it isn't the addons, then quit blaming them and fix IE to load faster.Anonymous
November 29, 2009
The comment has been removedAnonymous
November 29, 2009
ASF is the older name for the container; it actually supported WMV v1, v2 and the beta of v3, which were renamed WMV v7 and v8; v9 was heavily modified over v3 beta, so it's no longer the same. They are, in fact, early versions of Microsoft's MPEG-4 proposal implementations. ASF was initially the container format; it was, however, modified (yes, there WERE revisions) in time to become WMV, but! Talking about WMV format is ambiguous: are we talking about the container, or the codec? Since WMV represents both the 'older' ASF container format and the 'newer' WMV format, AND at least 3 codec revisions, AND that WMV can also contain VC-1 (or MPEG-4), well, personally, and this is where we differ, I consider WMV the container format first. This container format is under several patents, and MS enforces them (see: VirtualDub 1.4 dropping ASF format due to patent warnings). Why are we discussing container formats first? Because IE would at least need to be able to parse them, in order for play, pause and timestamp HTML controls to work (remember that said controls must be provided and styled by the browser; however, they could be mere wrappers around existing WMV controls, but somehow I guess there's going to be an incompatibility here - or at least, security concerns.) That IE would make use of Windows Media Player and DirectX to display video is a given: simple code reuse. Firefox, due to its being platform-agnostic and traditionally using its own subsystems, implemented a complete audio and video playback stack; but, due to its open-source nature, can't implement patented codecs nor parsers. Safari will probably use Quicktime, as for Chrome, it will use whatever's available on the platform it's ported to. Right now, the proposed formats are:
- H.264, which is under license, and thus can't be redistributed freely (note that patent concerns thus lie upon the license owner's shoulders, not the licensee - thus the interest for closed source browsers in this format). Currently used in Safari and Chrome (but not Chromium). Usually coming with AAC sound (patented too).
- Theora, which is not under license, whose patents (coming from On2's original codec) are free for use in Theora, but whose quality still lags behind H.264's (although recent code modifications on the encoder reduced the gap greatly). Usually paired with Vorbis. Now, why are we discussing codecs and not containers? Essentially because a media server can usually repackage an encoded stream on the fly, so it should be no concern. However! Given a choice between WMV and Ogg, you'll use the one supported by the browser. So, some browsers will support WMV/ASF, others will support Ogg. Since both containers can contain the same streams, you merely store those streams in your format of choice, and repackage them on the fly. Oh, shoot, WMV is under patents, and you're not using a Microsoft OS for your media server! Well then, you'll use Ogg. Oh shoot, Windows Media Player doesn't support Ogg, so you'll be forced to provide your clients with an add-on for IE! Clients don't want that. So, you'll buy a license for a Microsoft media server, re-encode all your videos in H.264 - oh, you can't do that, it's not provided with Media Player - scratch that, with VC-1. But VC-1 is supported by no other browser on no other platform. Ah man, now you'll need at least two media servers, and browser sniffing in your pages. Yay.
Anonymous
November 30, 2009
@Matt quoting marketing will get you nowhere. As microsoft likes to point out the entire experience is what makes the speed, and IE is dead last in most regards. Also it can get more pronounced in older systems.Anonymous
November 30, 2009
The comment has been removedAnonymous
November 30, 2009
@Mitch 74 Theora is not even close to performance/size/quality compared to the Blu ray codecs WMV9/VC-1 and AVC/H.264 . I did see some tests which tried to prove such equality for Theora but it was always done with different settings (for instance testing with the theora stream having much less key frames to improve filesize)Anonymous
December 01, 2009
Okay guys, this is old news. Please give us some information on how you are going to compete with Firefox, Opera, Chrome, and Safari. IE could gain some market shares if it was faster, supported web standards (future and present), and had a more streamlined interface. IE will hopefully be the fastest browser some day!Anonymous
December 02, 2009
Finally! a YSlow plugin tool for IE! http://digg.com/d31Bezy Determine exactly where IE is rendering your pages slow!Anonymous
December 02, 2009
Sorry for offtopic, but I have an idea, just don't know where to post it. What if you blend favorites panel with tab panel? So it will work just like "superbar" in Windows 7 - pin favorite sites to fixed places and group tabs with same domain (and view/switch sub-tabs by hovering mouse over tab and using aero peek). This way two problems will be solved - far less clutter when too much tabs opened and more space saved in height.Anonymous
December 02, 2009
Again, Microsoft achieves greatness! I upgraded to IE8 on all my computers the day it came out and I couldn't be happier. I thought the accelerators and web slices were great, but knowing that IE8 tops the malware protection charts makes it that much better.Anonymous
December 02, 2009
Is there any chance that IE9 will fix the major regressions with the address bar to show something useful like say.... a usable dropdown list? In IE8 all decent functionality was lost. I hate to suggest that IE copy other browsers, but check out Firefox's latest location bar - they got it so right it isn't funny. Bring favicons back! (they should NEVER have been removed) Add some color to the urls vs. titles - it is hard to distinguish. Lose the tooltip - its redundant and gets in the way. Highlight with the Windows highlight color on mouseover or keyboard up/down navigation. Get rid of the "favorites" and "history" dividers... user wants to find something - they couldn't care less where it is found. Don't gray out the urls - they are just as important (if not more important) as the title. "This page has not set a title" - is annoying - don't clutter up my UI with stuff that isn't needed. The titles don't always work either.... only on history and favorites. If I go to GMail, then gosh darn it, the next time I go there, I expect to see: Gmail: Email from Google http://www.gmail.com/ Where's the title? Are you telling me I have to add it as a favorite first? Please fix the address bar!Anonymous
December 02, 2009
Who cares about IE8 when you still have people using IE6? Where's the forced, automated update for IE6 and IE7?Anonymous
December 02, 2009
@newupdated: Lots of people care about IE8, which is on pace to become the most popular browser version in the world shortly. As to the idea of forcing customers to install a new version, you should read Dean's post here: http://blogs.msdn.com/ie/archive/2009/08/10/engineering-pov-ie6.aspxAnonymous
December 03, 2009
The comment has been removedAnonymous
December 03, 2009
Greg-- I enjoyed your post... thanks for a great laugh!Anonymous
December 03, 2009
@Dean, @EricLaw: I understand more info on IE9 can be given because something which has been worked on for about a month now, keeping it a secret makes IE9 more interesting when it becomes final. I don't really care when people say that 'IE is still the worst browser'. The fact that at PDC '09 Dean, you said IE9 was a project that was three weeks old and what we saw was amazing, no doubt about it. I watched the IE9 videos on FavBrowser.com and I was genuinely impressed with the progress IE9 made. Acid3: 20/100 in IE8 to 32/100 in IE9 after three weeks? That's seriously good progress.Anonymous
December 03, 2009
feature suggestions for IE 9 Ability for the browser to automatically Group similar Website in favorite so that user no longer have to organize similar website later on. http://www.msn.com/ http://movies.msn.com/ http://www.msnbc.msn.com/ http://cityguides.msn.com/Anonymous
December 03, 2009
The comment has been removedAnonymous
December 03, 2009
Ah, Mitch... you really need to decide what story you're going to make up and then stick to that one. In today's post, you say both that Theora isn't covered by patents, and then you say that it is? Your handwaving around patent law betrays your complete lack of understanding of the topic. I'm particularly amused at your conclusion: "Gee, if there is a patent, then browser makers just have to pay whatever exorbitant settlement the patent owner demands." Avoiding that is the entire point.Anonymous
December 05, 2009
It's better to be safe than to be a victim of these viruses and spywares that websites transfered to your computer. thanks to IE8 for this great shield.Anonymous
December 06, 2009
@Matt - why bother complaining about what Mitch74 wrote when you've already proven yourself as a troll on this blog many times. You are in this special ms fanboy camp that thinks IE is perfect and can not benefit from both criticism and improvement. The rest of us (which also includes 85% of the readers of this blog) are concerned that if the squeaky wheel isn't heard that it won't get fixed. History has taught us that the IE team will ignore fixing issues that do not get continuously raised in this blog. An issue needs to become painful enough that Dean hears about it and can't let it slip the next release due to bad PR. On the roadmap for most important issues to be addressed in IE9 include: 1.) Fixing Tab opening speed - absolutely no more blaming 3rd party vendors. The tab implementation needs to be fixed/re-done and true loading time details addons needs to be disclosed. No other browser has the issues IE has with loading performance. 2.) Native Canvas or SVG support - IE9 will not be taken seriously on the world stage if they don't commit to web standards (beyond massively late CSS3 implementations) 3.) Full W3C event model - no exceptions. 4.) Major bugs fixed. - HTMLElement.innerHTML fixed for all elements, NodeType constants defined, the IE Developer tools need major TLC, and the various settings dialogs across IE are in need of major revision. 5.) RoadmapAnonymous
December 06, 2009
The comment has been removedAnonymous
December 06, 2009
@mass Especially the script/DOM related issues should have priority as they are about current in use standards. Increasing HTML 5 or CSS 3 support should have less priority as they are mostly unsupported new standards that can still change towards the future. SVG is old 2D stuff we did without for ten years and that would really need a 3D successor before IE should bother to implement it unless they have other things finished.Anonymous
December 07, 2009
The comment has been removedAnonymous
December 07, 2009
Hi Microsoft; I've recently encountered new rendering glitches between IE7 vs. IE7 via IE8 compatibility mode in Windows XP. (which I've handled) However since I run XP (and have Virtual PC 2007) I can test against Vista but I don't see any images for Windows 7 on this page: http://www.microsoft.com/downloads/details.aspx?FamilyId=21EABB90-958F-4B64-B5F1-73D0A413C8EF&displaylang=en I am not going to buy a new Windows 7 PC just to test my app in Windows 7 (it should just work) but I would like to run some tests just to verify for my own sanity that it works fine. Pete LePage - will there be Windows 7 images available soon? If not does anyone know if VMWare or VirtualBox has any images available for this? ThanksAnonymous
December 07, 2009
@gwen, we probably won't build Win7 VPCs as you can download a trial version and run with that. As for solutions with the VirtualBox problem, please keep an eye on my blog, once we get it figured out, I'll post there. PEte