5 Reasons Why IE9 Cannot Stop IE's Decline

TPLs are auto-updated. Once a week by default, if an alternate timeout perioud is not specified by the TPL itself.

What they managed was to run a file that already existed on the hard drive (calc.exe). Whether hackers will be able to introduce new malware through IE Protected Mode remains to be seen.

There's nothing esoteric about ad-blocking (and no one claimed it was either). It's available in every major browser.

 

I don't think customizability (yeah i know this word does not exists LOL) plays an important part in the equation.
Most users don't really care about add-ons or extension, as long as the browser works and is fast (Which IE9 does very good) they will probably stick to it.

 

Thanks for telling me that, Eice. I didn't see anywhere in IE TPL options that referred to updating.

 

It would had been far more interesting an exploit that would introduce malware to the system, yes, but nonetheless, Protected Mode wasn't able to stop the exploit.

According to Charlie Miller, he has a few exploits against Chrome, but he simply can't make them to work, because it's hard to come out of Chrome's sandbox.

Anyway, most likely most Windows Vista/7 users disable UAC, so no Protected Mode to exploit, at all. What would be the point? Unless a targeted attack, but why not simply rely on social engineering, considering it works?

 

Protected Mode was never designed to stop exploits; that requires fixing the underlying security vulnerability in the program code. Like other sandboxing or privilege restriction mechanisms, it's designed to prevent and/or limit the payload of the exploit. The exploit runs, but it and its payloads are confined by the restriction measures in place.

AFAIK, Chrome's sandbox is, on paper, stronger than IE Protected Mode because it blocks read and write requests, whereas Protected Mode blocks write requests only.

 

Customization isn't just about add-ons/extensions, though. It also can (and should be) built in to the browser. This doesn't have to be ad-blocking, which many first think of when customization is brought up. It can be privacy/security settings, tab behavior, and so on. For instance, Chrome is very much lacking in actual built in browser customizing, especially in the security settings, while Opera has a plethora of settings (perhaps settings overload, but that's neither here nor there). IE 9 is a good browser, a bit boring perhaps, but good. If I'm to use hardware acceleration, IE 9 is the browser I'd go to first. It's quite speedy overall (unless, as I pointed out in another thread, you use something like Sandboxie to contain it. IE 9 seems to be even slower under those conditions than other browsers.).

I personally don't think IE 9 will help whatever decline there may be, nor do I think it will be "king" in usage again. But, I don't believe it to be because it's a poor browser. Rather, my opinion is that the development cycle will hold it down. There are many in the world who have that bug that causes them, when something is new, drives them to it. Call them early adopters, gadget freaks, whatever, they are out there. These people will see Firefox 4, 5, 6, Chrome 11, 12, 13, and so on, and will grab them up. Chances are good that these sort of people stick to these browsers, because they keep delivering new versions with newer, better features. They know they aren't going to see another IE for the next two years, so they get bored.

Other people are just never going to let go of the past, and they have already moved on. They've had years of MS screwups hardening their hearts against Microsoft, and you're not going to really bring these people back, no matter how many shiny things you show them. At this point, I foresee IE being the "business browser", and for those that either stuck by MS through the rough times, or never really cared one way or another. It's simply my opinion though.

 

That's correct. When I mentioned Protected Mode wasn't able to stop the exploit, I meant that it failed doing what it's suppose to do - mitigate the damage.

In the contest, Protected Mode failed to mitigate what lead to the execution of calc.exe. That's why IE fell, correct? Otherwise, if Protected Mode prevented calc.exe from being executed, then Protected Mode would have done its task - mitigation.

 

Yes, I'm just pointing out that failing to mitigate the launch of calc.exe - a digitally verified program that already exists on the hard drive - doesn't really prove that Protected Mode would've failed to mitigate actual malware.

 

That's me.

 

Customizability

(I spell it with an 's' instead of a 'z' because I'm English)

I think that you are probably right about this, but I do love some of my extensions.