In addition, IE 8’s capabilities will either match or exceed those of the other browsers. Here’s a comparative look at some of the key features to be included in IE 8, and a discussion of why companies may be better off using IE 8 than one of the other browsers.
Easy to Deploy
IE 8 appears to be especially well suited for companies that want to adopt a browser across large network. In particular, Microsoft has equipped IE 8 with built-in deployment features, based on the company’s existing deployment and update platforms. In contrast, Mozilla relies on third-party Firefox client customization add-ons such as FrontMotion Firefox MSI, CCK Wizard, or FirefoxADM; and Safari and Chrome don’t as yet offer network-wide client customization deployment options at all.
Microsoft has been hyping IE 8’s ability to switch automatically to IE 7 compatibility mode when necessary. But that’s because IE versions 7 and earlier often didn’t follow Web standards, and this failure to conform forced Web developers to code their pages differently in order to render on IE. Once deployed across a network, IE 8 won’t break corporate intranet: Internal or intranet Web sites will automatically default to IE 7 compatibility so that businesses won’t have to rewrite their inward-facing corporate pages. Similarly, Web surfing or external browsing in IE 8 will default to the new “standards mode” as well. Since Firefox, Chrome, and Safari have more or less conformed to Web standards over the years, they don’t require this compatibility mode.
Taking a page from Google Chrome, IE 8 will offer built-in tab crash protection. In the event of a page fault, only the affected tab and not the entire browser will crash. The current versions of Firefox and Safari lack this isolation feature. Firefox will, however, restore the entire browser session after a browser crash; a similar feature in Safari called ‘Reopen All Windows from Last Session’ lets you restore previous browser windows whether or not the session ended with a crash.
Though Microsoft took its time before embracing tabbed browsing, IE 8 is set to make significant strides in this area. As links on a page open new tabs, color-coded related tabs appear alongside the original. Chrome, Firefox, and Safari do not offer this capability. On the other hand, Chrome, Safari, and Firefox 3.1 can pull a tab out of the browser and create a new, stand-alone browser session; IE 8 won’t be able to do this. IE 8 will offer some nice features within a tab, though: When you open a new tab, the browser will give you the option to reopen a closed tab or to restore your previous browsing session, among other choices.
Also unique to IE 8 will be “accelerators”–shortcuts to services that open within a given Web page. Instead of cutting and pasting to another tab, you may simply highlight the text and click the blue Accelerator icon to open blog, e-mail, map, search, and even translation services on the page you’re currently viewing. This page-within-a-page feature is unavailable as yet from Firefox (without add-ons), Chrome, or Safari.
Web Slices, another unique feature, is designed to monitor a specific section of a Web page–a weather radar image, say, or an eBay auction–without requiring you to revisit the page. You’ll simply select the page element and drag it to your toolbar to view as needed. Companies may be able to use Web Slices for intranet messaging and access to company services.
Mozilla dubbed its address bar in Firefox 3 the ‘Awesome Bar’ because it displays URL suggestions drawn from browser history and bookmarks. IE 8 will have its own awesome bar, with the unique ability to delete these suggestions–something Firefox doesn’t offer. Deleting suggestions may help prevent over-the-shoulder snooping and assuage privacy concerns regarding a shared computer.
If you share a computer with others, you may prefer that sites you visit not be added to your browser’s history, or that any new cookies created be deleted when your browsing session ends. Safari was the first browser to offer Private Browsing. Chrome has answered with Incognito, and Firefox plans to add some form of private browsing to its Firefox 3.1 release.
With IE 8, Microsoft will introduce In Private browsing. Both IE 8 (when it is released) and Chrome (now) display visual indicators–icons in the upper lefthand corner–to signal when you’re in a private session. Safari offers no visual cues, and Firefox hasn’t said what UI changes it plans to make. With private browsing, all client-side evidence of your surfing session should disappear when the session ends, though records of your visits will remain on external Web servers.
The private browsing feature appears to provide secrecy, but both Apple and Microsoft maintain a cache that includes Private Browsing sessions. Is that a contradiction? No. Apple uses a DS cache so that the Safari browser doesn’t have to request DNS information continually on frequently accessed sites. IE 8 will save information about your In Private sessions for sites that may be collecting information about your visits. Both Apple and Microsoft say that you can delete these caches through configuration options, however.
Perhaps the most vexing aspect of past versions of Internet Explorer has been the browser’s poor security. Here, too, Microsoft has made significant gains on the competition, starting with its ‘Trustworthy Computing’ inspection of lines of code. Both IE 8 (running in Protected Mode) and Chrome will run at low integrity, meaning that they can’t launch applications without the user’s express permission. And both browsers are designed to use ‘Data Execution Prevention’ and ‘Address Space Layout Representation’ to protect against remotely executing malware. Neither Firefox nor Safari offers similar protection.
All of the new browsers support Extended Verification SSL, a way of further establishing trust in a site you are visiting. Only Safari doesn’t change its address bar to green to signal the extra security. And all four browsers include antiphishing protection, though Safari 3.2 stops there and doesn’t yet offer antimalware protection.
Cross-Site Scripting and Other Demons
Cross-site scripting (aka “XSS”) attacks occur when a malicious Web site uses Javascipt to read or write data onto another Web site. Unlike the three competing browsers, IE 8 will offer built-in XSS protection. Firefox recommends that users install No Script, a third-party add-on. So far, Chrome and Safari don’t offer XSS-specific protection.
“Clickjacking,” a term coined by security researchers Jeremiah Grossman of WhiteHat Security and Robert Hansen of SecTheory, refers to a less common but sinister practice: Bad guys trick a user into clicking a concealed link and performing unknown actions, such as activating a peripheral device like a Webcam or deleting data from a Webmail site. Since the attack uses a common coding procedure, Microsoft says that the best way to defeat it is for developers to add a special tag–X-FRAME-OPTIONS–that IE 8 will use to filter clickjacking attempts. Firefox recommends using the No Script add-on to ward off clickjacking attempts. Chrome and Safari do not offer specific protection against clickjacking.
In light of its robust new features and the ease with which it can be deployed, IE 8 appears poised to be the most network-ready browser of the bunch. Organizations currently running Internet Explorer should definitely upgrade to IE 8 when Microsoft releases it, and those that have migrated away from Internet Explorer should evaluate the productivity and security benefits they stand to gain by returning.