Microsoft's 'Eolas patch' to hobble IE this week. Advantage: Firefox

Microsoft's 'Eolas patch' to hobble IE this week. Advantage: Firefox

Summary: A ZDNet reader that goes only by the name of John e-mailed me yesterday to remind me that  today -- April 11 2006 -- is Internet Explorer's official Eolas day of reckoning. Going out in today's superpatch Tuesday batch of patches is an update to Internet Explorer that will disable frictionless operation of ActiveX plug-ins inside of Internet Explorer.

SHARE:
TOPICS: Browser
84

A ZDNet reader that goes only by the name of John e-mailed me yesterday to remind me that  today -- April 11 2006 -- is Internet Explorer's official Eolas day of reckoning. Going out in today's superpatch Tuesday batch of patches is an update to Internet Explorer that will disable frictionless operation of ActiveX plug-ins inside of Internet Explorer.  Now, instead of one click to get something like Adobe's Macromedia Flash player to do something, it may take two (or in the case of an ActiveX control that used to automatically load without any clicks, now a click will be required).    Seen in the screenshot of Disney's Web site (above) is an example of how end-users will be prompted to click again before an ActiveX control will begin to function.  The user experience is far from ideal but Microsoft has no choice as a result of the defeat it was handed in a patent infringement suit that was filed against the company by Eolas.

I checked in with Microsoft's Internet Platforms and Security director of Marketing Gary Schare to find out how it is that business users can actually delay the update (something the aforementioned reader pointed out to me) and, what, in general, needs to be donein order to secure the return of a more friction free environment.  Via email, Schare told me:

The April IE cumulative security update goes out tomorrow and does include the ActiveX changes related to the Eolas case. The changes are really pretty minor and we’re confident most end users won’t even notice the change.
Some ActiveX controls will require an extra click before you can interact with them.
Sites can change how they embed controls to work around this and we think many will over time.  Details on how sites can implement the change are at http://msdn.microsoft.com/ieupdate/. 

The issue more people are worried about is line-of-business applications that use ActiveX. Again, most won’t be adversely affected, but enterprise customers have told us they need time to test.  That’s why we’re providing a compatibility patch to give enterprise customers more time to get ready. Mike Nash blogged about this about 2 weeks ago. 

So, the net net so far is that some ActiveX controls will require a click and the Microsoft workaround is for Web site programmers to reprogram their sites.  But there's another. 

Use Firefox.

As it turns out, as long as Firefox is an open source solution, Eolas will not pursue the developers of Firefox to the same corners of the Earth that it did with Microsoft.  Said Eolas founder Michael Doyle in an interview with eWeek:

We have from the beginning had a general policy of providing non-commercial users royalty-free licenses. We expect to be paid for the commercial use of our technologies....We released our browser back in 1995 to the world free for non-commercial use, so that should be an indicator to people that the open-source community shouldn't have anything to fear from us. The extent that those products are used commercially by others or resold commercially, sure we expect to be talking to people who are making money through the use of that technology. 

So, is it game over for Internet Explorer?  Not if you ask me (even though Firefox has a significant advantage as a result of this snafu).  When IE 7 comes out, it will include a bevy of features that could win back some of those who've defected to Firefox over the last couple of years.   At the top of the list are a bunch of security features that make IE 7 a much more integral part of the layered security that no user or business should be without (moreso than other browsers).  It's not that Firefox can't play a role in layered security.  But Microsoft has extremely detailed access to the most prevalent threats on the Net and my sense is that it knows better than most what role a browser should and shouldn't play in keeping systems safe. Beyond that, robust support for RSS and great boutique features like history searchability could turn Internet Explorer from an also-ran to a contender (although marketshare indicates the IE isn't exactly an also ran, it doesn't get nearly the buzz that Firefox gets).  Detailed information on the improvements due in IE 7 can be mined from Microsoft's Web site here.

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

84 comments
Log in or register to join the discussion
  • BRAVO !!! Excellent!!

    Good for EOLAS. Way to stand up for your intellectual property.

    I'm also very excited to hear that I have to click on something in order for Flash to run if/when I use IE. Flash is a damn blight on the internet in my opinion. I only "need" it about 4 times a year. Microsoft should have built this into IE as a feature rather than waiting to be sued.
    shawkins
    • Firefox Has An Extension

      That does just that. It displays all Flash content as an Icon that you must click on to view.
      Edward Meyers
      • Agreed

        Yeah. Flashblock is a godsend. I couldn't cope without it. No more Flash ads locking up my computer since I installed it.
        123techie123
    • Yes, FireFox fans applaud patents.

      They understand that intellectual property is essential to keeping software a money-making proposition. At least so long as Microsoft is the company paying.

      And when FireFox must pay as the result of an unforgiving patent holder, they will applaud again, knowing that IP is the new basis for the US economy. The system is working!
      Anton Philidor
      • I Don't Think So

        The Majority of the FOSS Community, and the Tim Berners-Lee, points to this case as what is wrong with the US patent system.

        Heck MS is testifying in congress that software patents are broke and need revising, IBM states the same, RIM is claiming the same in congress, and RS (and the FSF) has always said software patents were a bain for all software developers both free and non-free.

        The best thing , instead of mucking about with the patent system (Trying to add compulsory licenses to the patent system which didn't fly last year with the Pharma interest), would be to argue that the US needs to do away with software patents or raise the bar back very high, to where it was prior to 1995, for software patents so that very very few get awarded- there would still be copyright and trade secret to protect software.
        Edward Meyers
    • Yes! At last! No more Java crApplets! BRAVO

      I am very happy the APPLET tag is also affected, I was totally tired of crappy Java buttons and other crApplets. Besides the inconvenience of having to install a JVM for XP (Sun's or MS's), Java UI is, frankly, quite horrible, especially Swing-based controls!
      markbn
  • Role Playing

    [i]But Microsoft has extremely detailed access to the most prevalent threats on the Net and my sense is that it knows better than most what role a browser should and shouldn't play in keeping systems safe.[/i]

    At the very least they have a lot of experience with the roles a browser [i]shouldn't[/i] play, no?
    Yagotta B. Kidding
    • I guess they think Drive-By Spyware Installs...

      should be considered normal.
      BitTwiddler
  • Firefox Already Has These Features

    "RSS and great boutique features like history searchability"

    It has had those features for some time. It also has native SVG something that IE does not have.

    Bon Echo (Firefox 2.01a the a is for alpha and it is a bleeding edge developer release) has even more features.
    Edward Meyers
  • Security? Bah

    "At the top of the list are a bunch of security features that make IE 7 a much more integral part of the layered security that no user or business should be without"

    Anti-virus? Yup (AVG).

    Firewall? Yup (Kerio).

    Anti-spyware? Yup (Spybot and AdAware).

    Anti-spam, anti-phishing? Yup (Pegasus Mail + SpamPal). There's also anti-phishing plugins for Firefox and Thunderbird.

    Secure browser? Yup (Firefox).

    Why secure?
    a) NoScript means JavaScript is [i]off[/i] by default, blocking potentially dangerous scripts.

    b) AdBlock allows me to block potentially dangerous stuff.

    c) No DirectX means people can't run executables without my permission.

    What "security" does IE7 have that I don't already have?

    "But Microsoft has extremely detailed access to the most prevalent threats on the Net and my sense is that it knows better than most what role a browser should and shouldn't play in keeping systems safe."

    And the Open Souce community doesn't? Why not?

    "But Microsoft has extremely detailed access to the most prevalent threats on the Net and my sense is that it knows better than most what role a browser should and shouldn't play in keeping systems safe."

    I can search my history, and I have a nice RSS plugin. What's so different?
    CobraA1
    • Microsoft employee?

      "But Microsoft has extremely detailed access to the most prevalent threats on the Net and my sense is that it knows better than most what role a browser should and shouldn't play in keeping systems safe."

      That sentence makes the author sound like a Microsoft employee. What "extremely detailed access" does Microsoft have that the Internet security companies don't? It sounds like he's confusing knowledge of APIs with knowledge of Internet security threats.

      The author refers to his "sense" that Microsoft knows better than most about the role the browser should play. That isn't a really convincing argument. It actually seems to be the other way around. Firefox is more secure because it is not as highly integrated into the OS as IE is. So the statement should be that Mozilla knows better about the role that the browser should play in keeping systems safe.

      I'm not trying to bash Microsoft unfairly here. Even Bill Gates publicly admitted this spring that the company really dropped the ball on Internet browser features and security. Internet Explorer was not enhanced for years until Firefox came along.

      Even if IE7 matches Firefox in features, I think I'll stick with Firefox, for a couple reasons. The most important one is that the success of Mozilla and Firefox ensures competition in the browser market so that Microsoft doesn't get complacent again.

      The second reason is the extension feature. I have 9 extensions that have quickly become indispensable as I browse the Internet. Flashblock, BBCodeXtra, Adblock, DictionarySearch and QuickNote are all outstanding. Mozilla doesn't have to think up all of the features that a browser should have. There are potentially thousands of people out there who can and do contribute these great extensions.
      123techie123
      • Third parties.

        If FireFox has thousands of contributors, IE has millions.

        You wrote:
        "Mozilla doesn't have to think up all of the features that a browser should have. There are potentially thousands of people out there who can and do contribute these great extensions."

        I wonder if Mozilla's contributors obtined their ideas for worthwhile functions from the IE add-ons they had been using for a while.
        Anton Philidor
        • They don't solve all of the problems, though

          They don't solve one of the biggest problems, though: IE's lousy rendering.

          I've got to go out of my way to make my pages work with IE. It's bad enough important CSS features don't work work properly (or for that matter, not at all), and that I can't use transparent PNGs.

          And I've looked at XML - but that looks even worse, I'm not gonna touch that until IE7. Lemme put in an XML prolog - no, wait, that triggers quirks mode. Grr. If I want to use quirks mode, I'll use HTML Transitional. Not XML.

          Lemme put this bluntly: Web designers do not design to IE because they like it. They do so because they have to appeal to all of the people who use it.

          Given a choice, I'd much rather avoid having to code for IE. The only reason I code to IE at all is because of its popularity.
          CobraA1
        • strange

          strange how i've never heard of these features. perhaps they do exist, but it takes time and googling to hunt it all out. mozilla actively encourage users to put them all in one place so that they can be used by others easily. hell, when you start up the browser, there's a link on the firefox home page for you. all in all, not too bad from mozilla when it comes to helping the community.
          Scott W
  • Huh, when did FireFox start running ActiveX controls?

    ???
    No_Ax_to_Grind
    • Well there is an unapproved extension

      that will run DirectX. But aside from that, I do know that it does not take an extra click to get Flash media playing. Now I'm not a browser expert with programming experience, but maybe their method of opening the Flash media is one that does not violate the Eolas patent, or Eolas has no interest in going after Mozilla. Most likely it's the latter, since there's no money to be made in suing Mozilla.

      Actually this can be a good thing. No more unruly Flash ads, unless you click to get them. For Firefox, you have to install an extension to get this kind of functionality. Of course sites that rely on Flash to run its entire web content will be pissed...
      Michael Kelly
    • There Has Been A Plug-In

      For several years that can run ActiveX.
      Edward Meyers
    • As soon as you install the extension

      NT
      BitTwiddler
    • I Even Looked It Up for You

      http://www.iol.ie/~locka/mozilla/plugin.htm

      Complete with source code and is available pre-compiled for all versions of Firefox, Firebird, and Phoenix.

      The Patent covers all Plug-Ins, not just activeX, but they said they will not persue Non-Commercial entities specifically mentioning Mozilla.
      Edward Meyers
    • Active X has nothing to do with it

      There is more than one way to violate a patent you know. Active X is just how Micrsoft did. Firefox does it another way.
      voska