Plan ahead for Internet Explorer 8 so you can take advantage of the security and deployment features – and update your web sites and applications to support the new standards.
Internet Explorer 8 is far from finished. The current beta doesn’t have all the features planned for release, it doesn’t have the final user interface and the rendering engine is still being rewritten.
Microsoft has promised that it’s making major investments in improving performance, which you don’t see in the beta. And while there have been indications that the final release might be available in November, Microsoft hasn’t named a firm release date; instead it’s the now-common response that the product will ship when it’s ready.
While that’s sensible from a software development point of view, it makes planning ahead harder for business – but you can start preparing now, even without the final feature list. Because end users are likely to install the new browser themselves, you’ll want to know how you can manage and support it. Improved security means you’ll want to upgrade sooner rather than later, as web-borne threats become an increasingly significant vector for malware.
Ironically, the significant improvements in standards support in Internet Explorer 8 can break sites designed for previous versions, so you’ll want to schedule tests and updates for both internal web apps and your external web site. You can mandate the browser your own employees use for internal apps but your public site will need to be ready for the new browser.
Configure and deploy
There will be more ways to deploy IE8. You can create a customized standalone installer with the Internet Explorer Administration Kit (IEAK) – there's a beta version for IE8 already – if you want to set the home page, pre-populate Favorites and feeds, set the search provider, choose Accelerators or change a range of defaults. You can also deploy it through Active Directory, Windows Server Update Services or Microsoft System Center Configuration Manager.
If you add a customized version of IE8 to an OS image – which you can now do by slipstreaming rather than having to boot, update and recapture the image – users won’t be able to uninstall it in favour of an unauthorized browser.
You can also use the IEAK to create a configuration package that will change settings or install ActiveX controls after you've deployed IE8, and there are more than 100 new Group Policy settings covering new features like setting the default rendering mode, configuring or disabling Accelerators or blocking the integrated developer tools as well as new options to configure existing features like the SmartScreen filter.
This is the new name for the improved phishing filter, which now warns about suspect downloads as well as suspicious sites, and colours the whole page red to make it even more obvious to users. Usually there’s an option to continue to pages blocked by the filter, but you can disable that through Group Policy.
You can also lock down which ActiveX controls are allowed for specific domains and by default an ActiveX control can only run on the site that installed it; other sites have to get the user to approve that through the Information Bar.
With Vista, ActiveX controls can now be installed for only the current user without requiring administrative privileges. That means if the control is malicious, only one account on the machine is compromised. If you find that causes more support calls than it saves, you can turn it off with Group Policy too.
Simpler and more secure
There isn’t a way (as yet) to turn off domain highlighting, which may confuse users but is intended to make it clear when they’re really visiting the domain they expect and when it’s a faked URL. Deleting the browsing history preserves cookies and temporary internet files for sites saved as ‘Favourites’, which means you can clear cookies for troubleshooting without getting complaints or support calls about the side effects.
The new Cross-Site Scripting filter runs in the background to detect the most common ‘reflection’ attacks and sanitizes scripts on web sites rather than blocking the site, so a poorly coded site or compromised can be used more safely. IE8 also supports HTML 5’s new cross-document messaging (XDM) communication between IFRAMES and Access Control (XDR) objects for retrieving data from other domains, which will make mashups more secure.