Internet Explorer 8

3,476 views

Published on

Ing. Eduardo Castro Martinez, PhD
Microsoft SQL Server MVP
http://ecastrom.blogspot.com
http://comunidadwindows.org

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,476
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Internet Explorer 8

  1. 1. Internet Explorer® 8 Eduardo Castro Grupo Asesor en Informatica ecastro@grupoasesor.net 2
  2. 2. Window To Public Platform for LOB Apps Facing Website Maintain Compatible Secure IT With LOB Environment Apps Build Create User Customer Connection Trust Manageable Reliable Compatible With My Does not Site become cost center 3
  3. 3. Data, User settings Applications OS Hardware 4
  4. 4. Server Data, User settings Applications Browser Becomes The Platform Browser OS Hardware 5
  5. 5. Customer Management Reporting Travel Workflow PC Based Browser Based Research E-Mail Purchasing Personal Use 6
  6. 6. Customer • Your company has a website and does Connection business on the web • Your business on the web relies on customer Customer Trust trust that the web is a safe place to do business • You care about the integrity of your business Security data, infrastructure and PCs Compatibility & • Your company uses internal web apps and is Standards building or buying more • Your users probably spend 2 hours or more in Supportability the browser every day • Keeping up to date with browser patches and Manageability updates is hard 7
  7. 7. Enable New Business Enterprise Scenarios Reduces Ready Security Improved Improved Risks Productivity Developer Platform 9
  8. 8. Accelerators Web Slices Improved Search 10
  9. 9. New Ready Access to Online Services You Use Most Email Blog Shop Map Share Translate Find Define 11
  10. 10. http://ieaddons.com/en/accelerators/ 12
  11. 11. New Rich, Real-time Integration of Online Services zune 13
  12. 12. http://ieaddons.com/en/webslices/ 14
  13. 13. New Suggestions with Results from History Visual Search Returns Provider Quickly Specify SearchImages with Configure Multiple Search ProvidersResults 15
  14. 14. ttp://ieaddons.com/en/searchproviders/ http://es.wikipedia.org/ 16
  15. 15. Compatible Ready to Deploy Robust and Flexible Management Provides Better User Experience 17
  16. 16. Enterprise Standalone Installation Standard or custom installation package Distributed Deployment Active Directory®, WSUS, SCCM Slipstream Deployment Create Windows® installation image with Internet Explorer 8 Windows and Internet Explorer updates can be slipstreamed Use Windows Automated Installation Kit Custom Installation Packages 18
  17. 17. 19
  18. 18. Your Users There Are Are You Need A Many Spending Browser Built Dangers on More Time In For Business the Web The Browser 20
  19. 19. Group Policy (over 1300 in IE8) Control browser features, ex : Turn on/off Phishing Filter Configure browser features, ex : home page, favorites Enforce security settings, ex: trusted sites New features exposed through group policy Support Infrastructure Pay per incident support available to everyone Support agreements for Windows OS include support for Internet Explorer Professional support organization provides issue resolution New in IE8 – Crash Recovery Tabs isolated into separate processes – one tab crashing does not bring down the browser Crash recovery reloads tabs when they crash 21
  20. 20. 22
  21. 21. Internet Firefox Explorer Scheduled 13 point monthly releases updates since Feb on patch 2007 Tuesday 23
  22. 22. Application • Will our apps still work? Compatibility • Can I choose when it is Timing delivered in my environment? User • Will it require user interaction? Experience • Will it require a reboot? 24
  23. 23. Application • See Compatibility http://msdn.microsoft.com/iecompat • Scheduled, notified updates on patch Timing Tuesday • Control distribution through WSUS User • Many updates require a reboot Experience (system level components) 25
  24. 24. Application • META tag/group policy provides compatibility for Compatibility Internet Explorer 7 apps • Scheduled updates like Timing Internet Explorer 7 User • Slipstream Experience 26
  25. 25. Enterprise Centralized Management of User Settings Update settings using IEAK Group Policy Enhancements Greater control over Internet Explorer behavior New Administrative Template Many new and enhanced policy settings Usage Scenarios Configure Accelerators Control InPrivate™ settings Disable Developer Tools 27
  26. 26. Enterprise Group Policy Enhancements Turn off Compatibility View Turn off Compatibility View button Turn on Internet Explorer 7 Standards Mode Turn on Internet Explorer Standards Mode for Local Intranet Use Policy List of Internet Explorer 7 sites 28
  27. 27. Enterprise Group Policy Enhancements IE8 plays an important role in helping protect users against a range of attacks by offering new security features like the SmartScreen Filter, Data URI and Encryption support. All of these security features are GP enabled so the administrator can ensure their users are safe and secure in corporate environments. 29
  28. 28. gpedit.msc 30
  29. 29. Enterprise Helps Configure Deployment Settings Create Customized, Branded Versions Improved Customization Workflow Three Licensing Modes: Independent Content Provider (ICP) Independent Service Provider (ISP) Corporate 31
  30. 30. 32
  31. 31. Volume Sophistication Type Customer Trust 33
  32. 32. Phishing Filter 1M phishing attempts blocked per week Extended Validation Certificates 5000 issued to date 34
  33. 33. Updated Safety Filter Expanding scope to incorporate new threats New Domain Name Highlighting Helps the user identify real domain name 35
  34. 34. Secure InPrivate™ Technologies SmartScreen® Filter Improved Process Model Cross-Site and Mashup Security ActiveX Security Technologies Other Security Technologies 36
  35. 35. Targeted Phishing Attack Phishing Filter evolves to SmartScreen™ Filter to encompass malware threats Domain Name Identification highlights the real domain you’re browsing on Exploit in Common ActiveX Control Per-user ActiveX contains risk to single user account. Per-site ActiveX allows developer restrict control to only their site/app Compromised Partner Site Cross Domain Requests object ensures data is only shared after a mutual validation of identity Cross-Site Scripting Filter helps protect users against a compromised site 37
  36. 36. Secure InPrivate™ Browsing Blocking Privacy Report Improved Delete Browsing History View restricted data from being saved Prevents sites from sharing details Keeps information from certain sites in visit Delete personalor blocked cookies of yourbrowser Review a site’s privacy summary history, etc. Cookies, temporary Internet files, and Favorites Retain cookies fromtemporary files forcertificate Blocks content and third-party sites 38
  37. 37. Peace SmartScreen Filter Increases anti-phishing and anti-malware protection Allows you to report unsafe sites to Microsoft Malware Blocked Notification Phishing Site Warning 39
  38. 38. Internet Explorer 8 : SmartScreen™ Filter http://207.68.169.170/fabrikam/index.html http://207.68.169.170/contoso/enroll_auth.html 40
  39. 39. Secure Standard users can install Run on current or all sites Reduced risk Less administration Per-User ActiveX Per-Site ActiveX 41
  40. 40. Secure Helps mitigate many memory-related vulnerabilities by blocking code execution from protected memory 42
  41. 41. Secure Security, compatibility and functionality Who? Can it be Where? Exploit used? Controls Per User Opt –in Per site ActiveX Killbits Doesn’t require Pre Internet Explorer Before it can Developers can elevating admin 8 be used (Internet restrict to their site privileges Can be requested Explorer 7) by site owner 43
  42. 42. Secure XSS the new buffer overflow Detects Type-1 (reflection) attacks Steal cookies Launch CSRF Log keystrokes Steal browser history Deface sites Abuse vulnerabilities Steal credentials Evade phishing filters Port-scan the Intranet Circumvent HTTPS 44
  43. 43. Secure Cross Domain Requests Cross Document Messaging (XDR) (XDM) Enables web developers Enables two domains to to more securely establish a trust communicate between relationship to exchange domains object messages Provides a mechanism to Provides a web establish trust between developer a more secure domains through an mechanism to build cross explicit acknowledgement domain communication of sharing cross domain applications Both parties know which sites are sharing information 45
  44. 44. Secure IE8 exposes a new method on the window object named toStaticHTML. When a string of HTML is passed to this function, any potentially executable script constructs are removed before the string is returned information document.attachEvent('onmessage',function(e) { if (e.domain == 'weather.example.com') { spnWeather.innerHTML = window.toStaticHTML(e.data); } } Calling: window.toStaticHTML("This is some <b>HTML</b> with embedded script following... <script>alert('bang!');</script>!"); will return: This is some <b>HTML</b> with embedded script following... ! 46
  45. 45. Secure Unfortunately, many mashups use JSON insecurely, relying on the JavaScript eval method to “revive” JSON strings back into JavaScript objects, potentially executing script functions in the process. Security- conscious developers instead use a JSON-parser to ensure that the JSON object does not contain executable script, but there’s a performance penalty for this. Internet Explorer 8 implements the ECMAScript 3.1 proposal for native JSON-handling functions (which uses Douglas Crockford’s json2.js API). The JSON.stringify method accepts a script object and returns a JSON string, while the JSON.parse method accepts a string and safely revives it into a JavaScript object. IE8 exposes a new method on the window object named toStaticHTML. When a string of HTML is passed to this function, any potentially executable script constructs are removed before the string is returned information 47
  46. 46. Secure <html> <head><title>XDR+JSON Test Page</title> <script> if (window.XDomainRequest){ var xdr1 = new XDomainRequest(); xdr1.onload = function(){ var objWeather = JSON.parse(xdr1.responseText); var oSpan = window.document.getElementById("spnWeather"); oSpan.innerHTML = window.toStaticHTML("Tonight it will be <b>" + objWeather.Weather.Forecast.Tonight + "</b> in <u>" + objWeather.Weather.City+ "</u>."); }; xdr1.open("POST", "http://evil.weather.example.com/getweather.aspx"); xdr1.send("98052"); } </script></head> <body><span id="spnWeather"></span></body> </html> 48
  47. 47. Secure <html> <head><title>XDR+JSON Test Page</title> <script> if (window.XDomainRequest){ var xdr1 = new XDomainRequest(); xdr1.onload = function(){ var objWeather = JSON.parse(xdr1.responseText); var oSpan = window.document.getElementById("spnWeather"); oSpan.innerHTML = window.toStaticHTML("Tonight it will be <b>" + objWeather.Weather.Forecast.Tonight + "</b> in <u>" + objWeather.Weather.City+ "</u>."); }; xdr1.open("POST", "http://evil.weather.example.com/getweather.aspx"); xdr1.send("98052"); } </script></head> <body><span id="spnWeather"></span></body> </html> 49
  48. 48. Secure Internet Explorer 7 Internet Explorer 8 Process Model Process Model
  49. 49. Secure Like Windows Explorer Toolbars Search Providers Accelerators InPrivate™ Blocking List InPrivate™ Subscriptions 51
  50. 50. Secure Domain Name Highlighting Application Protocol Prompt File Upload Control 52
  51. 51. Secure Improved Support for Accessibility Standards Accessible Rich Internet Applications (ARIA) User Interface Automation (UIA) Express Adaptive Page Zoom Intelligently zooms the page Text and images fit within original page dimensions 53
  52. 52. User Interface Reduces Clicks Improved Search 54
  53. 53. Faster Domain NameSuggestions Improved Certificate Autocomplete TabsValidation Tab Grouping Highlighting Reopen Closed 55
  54. 54. Faster Result Visible on on Page ClearlyHighlighting this Page Unobtrusive Find Feature Integrated FindResult Count in Search Box 56
  55. 55. Improved Interoperability Integrated Developer Tools Features for Rich Applications 57
  56. 56. Spend more time innovating and less time special-casing Compatibility Most standards-compliant (full CSS2.1 support) version of Internet Explorer and Interoperability with other browsers means “write once, run anywhere” Interoperability Compatibility modes for viewing/debugging content written for Internet Explorer 7 and Internet Explorer 5.5 Develop, test and debug without leaving the browser Built-in Built-in developer toolbar enables debugging and performance tuning HTML, CSS, Javascript without leaving the page Developer Code profiler for identifying performance issues quickly and easily Tools Change Internet Explorer layout version on the fly to thoroughly test display scenarios Build the richest experiences on the Web Rich, AJAX support enhancements enable rich, dynamic experiences Web Slices Innovative Best cross-document/domain messaging implementation with XDR/XDM Experiences Improved display and scripting performance makes this the fastest Internet Explorer ever All right out of the box – no assembly required 58
  57. 57. Developer Developers can specify layout engine <meta http-equiv="X-UA-Compatible" content="IE=8" > <meta http-equiv="X-UA-Compatible" content="IE=7" > Consider using custom response headers in IIS7 59
  58. 58. 60
  59. 59. Page Built For Internet Page1. IdentifyInternet Built For browser Explorer 6 Explorer 7 2. Serve right page Page Built To Standards I’m IE6 I’m Safari I’m Firefox I’m IE7 6 7 61
  60. 60. 1. Identify browser 2. Serve right page Page Built To Standards I’m Safari I’m Firefox I’m IE8 8 62
  61. 61. Safari, Firefox and IE8 all display the same way Decide when your business can afford to stop supporting IE6 and IE7 to save your developers time But be aware IE6, IE7 and IE8 look the same to 8 most web servers so be sure to send the right page to IE8 IE8 will display pages the same way as IE7 But you need to tell IE8 to display that way See http://msdn.microsoft.com/iecompat to learn 7&8 how to add the site compatibility META tag to your pages/server IE6 is IE6 Get tips on migration from IE6 to IE7 at 6 http://msdn.microsoft.com/iecompat 63
  62. 62. 64
  63. 63. Enterprise Compatible with Internet Explorer 7 Ships with multiple layout engines Application Compatibility Tools Compatibility Mode Value Render Behavior IE=5 “Quirks” mode IE=6 Internet Explorer 6 Standards mode IE=7 ”Strict” mode IE=8 Internet Explorer 8 Standards mode IE=edge Uses latest standards that Internet Explorer 8 and any future versions of the browser support. Not recommended for production sites. 65
  64. 64. http://localhost/default.aspx 66
  65. 65. <meta http-equiv="X-UA-Compatible" content="IE=8" > Standard Mode (default) Higher Web Interoperability Standards Existing Internet Explorer 7 Mode <meta http-equiv="X-UA-Compatible" content="IE=7" > 67
  66. 66. Compatibility Mode Value Render Behavior IE=5 “Quirks” mode IE=7 ”Standards” mode IE=EmulateIE7 Display standards DOCTYPEs in Internet Explorer 7 Standards mode; Display quirks DOCTYPEs in Quirks mode IE=8 Internet Explorer 8 Standards mode IE=edge Uses latest standards that Internet Explorer 8 and any future versions of the browser support. Not recommended for production sites. 68
  67. 67. CSS 2.1 compliance DOM Improvements CSS 2.1 HTML Improvements Acid2 Test compliance This means HTML Data URI Support Improved Namespace Support And more ACID 2
  68. 68. Developer CSS 2.1 Compliance Helps standardize web page development DOM Improvements Addresses Cross-browser inconsistencies HTML Improvements Upgraded support for presentational elements Take full advantage of HTML 4 Acid2 Test Compliance 70
  69. 69. 71
  70. 70. Internet Explorer 8 Developer Features Compatibility Developer Tools Build Rich Experiences
  71. 71. Developer Toolbar Eases development and troubleshooting Allows real-time testing, editing, debugging: CSS and HTML Script performance DOM Enables developers to rapidly prototype, test, and deploy web sites 73
  72. 72. Break Point Debugging Toolbar JavaScript Debugging Window JavaScript Debugging Tools 74
  73. 73. 75
  74. 74. 76
  75. 75. <meta http-equiv="X-UA-Compatible" content="IE=7" > 77
  76. 76. http://localhost/gallery_test.aspx#frame 78
  77. 77. Developer 79
  78. 78. http://www.msn.com/ 80
  79. 79. Developer Browser components updated Better Navigation Uses windows.location.hash event // Set up a handler for hash changes. window.onhashchange = new function() { if (window.location.hash == "hashdata") { // Perform work... } } ... // Changing the hash fragment will raise onhashchange. window.location.hash = "hashdata"; 81
  80. 80. Integral to AJAX and Mashups Data Shared // Page A posts message to a secure Page B. document.postMessage ("Hello world", "https://wingtiptoys.com"); Web page is requesting data from a URL in the following zone: // Page B on wingtiptoys.com // Create an XDR window.attachEvent("onmessage","HandleMessage"); object. Then open a connection and send data Trusted (Internet) Trusted (Intranet) // using POST. <script> var xdr = new XDomainRequest(); Restricted Intranet Internet xdr.open("POST", // The message handler for incoming messages. "http://www.contoso.com/xdr.ashx"); Local function HandleMessage(e) xdr.send("argument=value"); Web page is Local // the { in Set up an event handler for when the data is loaded. Allow Allow Allow Allow Allow Block xdr.onload = new function() following Intranet // Verify the domain and scheme zone: Block { // match the ones Allow allow. Allow Allow we Allow Block // Grab the response(e.data != "" && e.origin == Trusted (Intranet) if text. Block Allow Allow Allow Allow Block var response = xdr.responseText; ‘http://www.contoso.com’)) } Trusted { (Internet) Block Block Block Allow Allow Block ... Internet Block Block Block Allow Allow Block Restricted Block Block Block Block Block Block 82
  81. 81. http://www.ie8demos.com/travelsite/blog.aspx 83
  82. 82. Developer <?xml version="1.0" encoding="UTF-8" ?> <openServiceDescription xmlns="http://www.microsoft.com/schemas/openservicedescription/1.0"> <homepageUrl>http://ie8.ebay.com</homepageUrl> <display> <name>Find product with eBay</name> <icon>http://ie8.ebay.com/resources/images/favicon.ico</icon> </display> <activity category="Find"> <activityAction context="selection"> <preview action="http://ie8.ebay.com/activities/preview/index.php?query={selection}" /> <execute method="get" action="http://ie8.ebay.com/index.php?query={selection}" /> </activityAction> </activity> </openServiceDescription> 84
  83. 83. View Web Slice <div class=”hslice” id=”1”> <p class=”entry-title”>Las Vegas 79°</p> <div class=”entry-content”> Discover <!-- HTML body content to render. --> ...WebSlice </div> </div> Enable Content 85
  84. 84. Developer <div class="hslice" id="1"> <p class="entry-title">Title for WebSlice</p> <div class="entry-content">Information to be displayed in Web Slice </div> </div> <div class="hslice" id="2"> <p class="entry-title">Title for WebSlice2</p> <div class="entry-content">Information to be displayed in Web Slice2 </div> </div> 86
  85. 85. Execute Script Faster Improved Display Performance
  86. 86. 88
  87. 87. Customer • Reach beyond the page with Accelerators, Web Connection Slices and Visual Search • Highlight safe browsing features like Safety Filter, Customer Trust EV certificates and Domain Name Identification • Turn on safer browsing features for your users and Security in your web apps Compatibility & • Use the “META” tag and plan for standards Standards • Broad group policy support, crash recovery and Supportability professional support • Regular, scheduled patches, managed distribution, Manageability easier image management 89
  88. 88. What security principles are used during development? What evolving threats does it help protect against? What is the approach to application compatibility? Do I have control over the security and user features I expose to my users? What options do I have for deployment beyond end-user install? Who do I call when there is a technical problem I can’t solve? 90
  89. 89. Download and evaluate Internet Explorer 8 Beta 2 http://www.microsoft.com/ie8 Use http://msdn.microsoft.com/iecompat to become Internet Explorer 7 compatibility Add the META tag to ensure compatibility with Internet Explorer 8 Plan deployments using the Internet Explorer Deployment Guide E-mail iedeploy@microsoft.com with questions 91
  90. 90. Internet Explorer 8 puts the web at your service through seamlessly integrated services, flexible configuration options and low customer support costs that OEMs have come to expect with the world’s most popular web browser. Seamlessly expose online services to your customers and increase business value in the browser Business • Rich search experience using Visual Search Suggestions in IE8 • Quick access to the information customer care about – Web Slices e.g. OEM offers, Opportunities blogs, sport scores, stock ticker, social networking status etc. • Email, Shop, Map, Blog, Share, Translate, Lookup with Accelerators Create flexible and reliable browser configurations on their disk Flexible images, with direct support from Microsoft • IEAK and OPK enable customization and image creation Configuration • Direct support from MSFT OEM field team Reduce support costs when your customers use the most reliable and Low Support secure browser [from Microsoft] • Reset IE8 to factory settings / no add-ons mode Costs • [Better] Protect your customers’ information -Anti-malware/phishing • Know where you are on the web - Domain highlighting 92
  91. 91. [More] Freedom from intrusion International Domain Names Pop-up Blocker in IE7 Social Engineering & Exploits Increased usability Reduce unwanted communications [Improved] Protection Secure Development Lifecycle from harm Extended Validation (EV) SSL certs Browser & Web Server Exploits SmartScreen® Filter [Improved] Protection from deceptive websites, Domain Highlighting malicious code, online fraud, identity theft XSS Filter/ DEP/NX ActiveX Controls Control of information User-friendly, discoverable notices P3P-enabled cookie controls Choice and control Delete Browsing History Clear notice of information use InPrivate™ Browsing & Blocking Provide only what is needed 93
  92. 92. [More] Freedom from intrusion International Domain Names Pop-up Blocker in IE7 Social Engineering & Exploits Increased usability Reduce unwanted communications [Improved] Protection Secure Development Lifecycle from harm Extended Validation (EV) SSL certs Browser & Web Server Exploits SmartScreen® Filter Protection from deceptive websites, Domain Highlighting malicious code, online fraud, identity theft XSS Filter/ DEP/NX ActiveX Controls Control of information User-friendly, discoverable notices P3P-enabled cookie controls Choice and control Delete Browsing History Clear notice of information use InPrivate™ Browsing & Blocking Provide only what is needed 94
  93. 93. Deployment Custom Enterprise Ready Packages Management Reduces Security Privacy Reliability Risks Security Accessibility Improved Performance Tab Grouping Productivity Smart Bars Enhanced Find Enable New Accelerators Improved Business Scenarios Web Slices Search Improved Developer Interoperability Application Platform Developer Tools Development 95
  94. 94. 11 de noviembre 2008, Hotel Barceló San José Palacio, Costa Rica
  95. 95. Hora IT Pros Desarrolladores 8:00 AM Registro 9:00 AM Bienvenida Windows 2008, SQL Server 2008 y Desarrollo de Web Parts, 9:30 AM MOSS 2007, Héctor Insua Gilberto Bermúdez 11:00 AM Refrigerio Configuración de colaboración para Silverlight y SharePoint, Luis Diego 11:15 AM Extranets con MOSS 2007, Carlos González Rojas 12:15 PM Almuerzo Disaster Recovery, Luis Du Solier, Procesos de Negocios con 1:00 PM Ricardo Muñoz Workflows, Héctor Insua 2:00 PM Refrigerio Como llevar a cabo una SharePoint Designer para 2:15 PM implementación exitosa de principiantes, Manfred Guendel SharePoint, Héctor Insua Panel: Valor de negocio de la Panel: Arquitectura de Información 3:45 PM colaboración y productividad para MOSS 2007 empresarial 5:00 PM Fin del evento
  96. 96. Internet Explorer® 8 Eduardo Castro Grupo Asesor en Informatica ecastro@grupoasesor.net 98
  97. 97. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be re gistered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

×