cormac keogh microsoft ireland vikas sahni softedge systems an overview of ie8

Cormac KeoghMicrosoft Ireland

Vikas SahniSoftedge Systems

An Overview of IE8

2

AgendaIE8 for Consumers

Security and PrivacyZoom enhancementsPerformanceSearch suggestions

IE8 for DevelopersStandards ComplianceCompatibility modesDeveloper Tools

Expression Web SuperPreview

IE8 for BusinessStaying in touch with consumers – Web SlicesAcceleratorsBe a search provider - expose your contentBuild your own IE8 with the IEAKHow to use build Web Slices

technologies helps to put the user in control over their personal information & privacy.IE 8 allows users to have notice and choice over information that is shared with third-party sites.IE 8 helps to preserve online trust & peace of mind.Feedback, best practices & advice.

2

Internet Explorer 8 SecuritySecurity Overview

Domain HighlightingSmartScreen™ FilterData Execution Prevention (DEP)ActiveX Controls LockdownCross Site Scripting (XSS) filtersXDomainRequest / XDM

Privacy & User Control

4

Domain HighlightingHelps to more accurately ascertain the domain of the site they are visiting. The domain is black, vs. other characters which are gray.

5

SmartScreen® FilterDynamic Anti-Phishing

Integration

9

Data Execution ProtectionMitigates many memory-related vulnerabilities by blocking code execution from protected memory.

10

Can it be used?Opt –in

Before it canbe used

(IE7 XP, SP2)

Where?

Per site

Users can restrict where controls run

Who?

Per UserInstalls to

user account

Exploit Controls

ActiveX Killbits

Pre IE 8Can be requested

by site owner

ActiveX EnhancementsSecurity, compatibility & functionality

11

XSS FilterXSS the new buffer overflowDetects Type-1 (reflection) attacks

Steal cookies & historyLog keystrokesDeface sitesSteal credentials (of a sort)Port-scan the IntranetAbuse browser/AX vulnerabilitiesEvade phishing filtersCircumvent HTTPS

16

More Secure MashupsXDomainRequest

Enables web developers to more securely communicate between domainsProvides a mechanism to establish trust between domains through an explicit acknowledgement of sharing cross domain, and both parties know which sites are sharing information

Cross Document Messaging (XDM)

Enables two domains to establish a trust relationship to exchange object messagesProvides a web developer a more secure mechanism to build cross domain communication applications

17

InPrivate

InPrivate Browsing Enables “leave no tracks” locally (cookies, cache & history)Value when using public PCs & shopping for gifts on a shared PC.

17

18

Third Party Content ServingOver time, users’ history and profiles can unknowingly be aggregated

Long-standing confusion about “calls” vs. “tracking cookies”http://allthingsd.com/trackingcookies/

Any third-party content can be used like a tracking cookieThere is little end-user notification or control todaySyndicated photos, weather, stocks, news articles; local analytics, etc….

Unclear accountability with third party security & privacy policies

User Visits Unique Sites

3 41

2 5

1

6 7 81

Contosa.com Tailspin.comWoodgrovebank.comExample.com Farbrican.comSouthridge1-1.com Farbrican.comadventureworks.com

Prosware-sol.com3rd party Syndicator

Web server

http://allthingsd.com/trackingcookies/

19

InPrivate

InPrivate Browsing Enables “leave no tracks” locally (cookies, cache & history)Value when using public PCs & shopping for gifts on a shared PC.

InPrivate BlockingHelps to put users in control of their info to third-party sites. Assess, on an ongoing basis, user exposure to third-party content.Helps to prevent information disclosure by automatically blocking high-frequency third-party content from sites users visit.

19

InPrivate is OnInPrivate Browsing prevents Internet Explorer from storing data about your browsing session. This includes cookies, temporary Internet files, history, and other data.Learn more about InPrivate

28

InPrivateTM BlockingAnalyzes third parties content providers who are in a position to aggregate user profilesEnhances choice and control on the sharing of data with third parties

29

InPrivateTM Manual Block

Users can exercise choice

Allow content being served and possible info disclosureBlock content and help prevent info disclosure

30







30

Standards Compliance

HTML

ACID 2

CSS 2.1

CSS 2.1 complianceDOM ImprovementsHTML ImprovementsAcid2 Test compliance

This meansData URI SupportImproved Namespace SupportAnd more

32

CSS 2.1 Compliance

Driving Principle is InteroperabilityFollow the spec to the letterFor areas of ambiguity, seek clarificationPropose a solution that is in line with the spec

Path to CSS 2.1 compliance is not crystal clearActively contributing our tests – over 3700 so far!

33

A New Layout EngineUsers expect their sites to “just work”What do developers want?

IE6 RenderingIE7 RenderingIE8 Rendering

IE7 and IE8 rendering engine built inHow do we give developers what they want?Compatibility Meta Tag or HTTP Header

<meta http-equiv=“X-UA-Compatible” content=“IE=Emulate7” />

34

Performance and MemoryConnection Limits Increased

Broadband: 6Modem: 2Configurable via API’s

Pre-Parser doesn’t block at script tagsJScript Improvements

DOM object look ups are much fasterCircular referenced objects are garbage collectedFaster native Jscript operations

Function call performanceString methodsArray methodsRead, write, and deleted Object methodsGarbage collection algorithmCommunication layer between DOM and JSript

38

AJAX NavigationFeature of HTML 5AJAX Applications provide “challenges” when users click the back and forward buttonsAJAX Navigation allows developers to support back/forward navigationAllows copying & pasting of AJAX URLs!window.location.hash

IE fires a window.onhashchanged eventIE updates the address back, and back button

41

Developer Tools

Tools ship in the boxDebugging HTML & CSS

View effective styles, Trace styles, View applied rules, View layout, Edit HTML and CSS

Debugging JavaScriptExecution control, Variable Inspection, Immediate Window

Easy rendering engine changingSwitch between layout modes without changing the page source

42

Developer Tools

JavaScript ProfilerOne click start/stop of profilerQuickly see where application is spending timeFunction or Call Tree View

Save EditsNotepad like editing & inline editingAdd/Change attributes, classes & propertiesMake changes to HTML, CSS, and save to disk

43







43

44

Web Slices

Users monitor lots of content on the webAuctions, Weather, Top News, Blogs…

Web Slices allow users to subscribe to content directly within a web pageRequires a developer to mark up their page with a couple of new CSS classes

45

Web Slice Code Sample

<div class=”hslice” id=”facebookSlice” ><p class=”entry-title”>Facebook Status Updates</p><div class=”entry-content”>

<img src=“will.jpg”>Will Mason is going to see Steve Berkoff …

<hr /><img src=“tony.jpg”>Tony Chor had a great night sailing. End

…<hr /><img src=“cyra.jpg”>Cyra Richardson Can’t seem to remember …<hr />

</div></div>

46

Provides web services with a simple right clickMaps, Blogs, Email, Productivity, Social Networking

Quickly drive users back to your siteUses Open Service Format

Simple XML fileEasy to deploy to users

window.external.IsServiceInstalled()window.external.AddService()

Accelerators

47

Be a Search Provider

48

Accelerator XML File

<?xml version="1.0" encoding="utf-8" ?> <openServiceDescription xmlns="http://www.microsoft.com/schemas/openservicedescription/1.0"> <homepageUrl>http://maps.live.com</homepageUrl> <display> <name>Map with Live Maps</name> <icon>http://maps.live.com/favicon.ico</icon> </display> <activity category="Map"> <activityAction context="selection"> <execute method="get“ action="http://maps.live.com/default.aspx?where1={selection}" /> <preview method="get" action="http://maps.live.com/geotager.aspx"> <parameter name="b" value="{selection}" />

<parameter name="clean" value="true" /> <parameter name="w" value="320" /> <parameter name="h" value="240" /> <parameter name="format" value="full" />

</preview> </activityAction> </activity></openServiceDescription>

49

Build your own IE8 - IEAK

50

Next Steps – Try it out

Download IE8www.microsoft.com/ireland/ie8irelandwww.microsoft.com/ireland/ie8independentwww.microsoft.com/ie8

Internet Explorer 8 Blog http://blogs.msdn.com/ie/

IEAK http://technet.microsoft.com/en-us/ie/bb219517.aspx

http://www.microsoft.com/ireland/ie8ireland

http://www.microsoft.com/ireland/ie8independent

http://www.microsoft.com/ie8

http://blogs.msdn.com/ie/


http://technet.microsoft.com/en-us/ie/bb219517.aspx

http://technet.microsoft.com/en-us/ie/bb219517.aspx

51

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED

OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

52

For more information

Internet Explorer 8 www.microsoft.com/ie8

Internet Explorer 8 Bloghttp://blogs.msdn.com/ie/

http://www.microsoft.com/ie8


cormac keogh microsoft ireland vikas sahni softedge systems an overview of ie8

Documents

phishing site

web page

domain highlightingwhen

antiphishing filter

personal information

antiphishing protection

overview of ie8

real site