The IE7 blog is providing more details about security for the upcoming IE7 via Rob Franco, Lead Program Manager for IE Security:

We are using the same Longhorn security infrastructure to limit IE to just enough privileges to browse the web but not enough to modify user files or settings by default. As a result, even if a malicious site attacks a vulnerability in IE, the site’s code won’t have enough privileges to install software, copy files to Startup folder, or hijack the settings for the browser’s homepage or search provider.

Unfortunately this is only going to be available to Longhorn users, so in other words, unless I’m misunderstanding this: if you don’t upgrade, then you won’t be running as secure an IE browser? Nice way to force people to upgrade, Microsoft. What about your existing customers? Take care of them!

It’s sort of like being forced to display the space hogging MSN toolbar to be able to use the much more useful tabbed browsing. All or nothing. The tabbed browsing is great, btw, and hey, it’s free, so how can anybody complain about that, but if you look at having a minimum amount of space in the browser for tools, forcing users to add something they don’t/won’t use just to get something they will use, is a myopic strategy.

Scoble is currently on vactaion but maybe when he gets back maybe he’ll be able to try and bring some clarity to why Microsoft makes business decisions like this? He left a rather harried and promotional post about this on his blog:

The IE Blog is rocking. Today they posted a post clarifying low-rights IE. Is that a hint of what’s coming. Yes.

To which I left the following comment:

When you get back from your vacation and get settled, this is one that deserves more than a sentence, Robert.

I don’t see what’s so ‘rocking’ about this at all. They are saying that when Longhorn comes out they are going to fix the security problem with low rights management that’s built into Longhorn. That leads to it only being available for those who have Longhorn which will be ready … when? At some point in 2006.

In the meantime, Apple will continue to add updates and have Leopard waiting in the wings and Firefox will feast on the whole “IE isn’t secure” mantra, further diminishing IE usage.

By the time Longhorn comes out it is very likely that IE will not be the dominant browser any longer. And forcing customers to upgrade to Longhorn to get a more secure browser is like an auto dealership saying: “your brakes would be safer if you buy our new car.”

Some Microsoft customers may not be able to afford to upgrade their machines and because they are left with IE included as part of the OS, they are supposed to just left being high risk fodder? Or do they need to seek out the instructions for how to remove IE from Windows?

Maybe the IE7 blog should be addressing what the customers who are left in the all-too-familiar product lifecycle path should do about maximum securing IE7 on a non-Longhorn box?

We’ll definitely be upgrading at least two of our business machines to Longhorn, and possibly one of the portable ones: Tablet or laptop, but not sure all of our machines will be getting the Longhorn upgrade. Probably because by the time this comes our we’ll be buying new hardware which will hopefully have Longhorn on it. If the price is $200, then that means on or near Longhorn launch day, M$ will be into us for $600 at least. We might just switch to 100% Firefox on the machines that aren’t upgraded.

That’s not what Microsoft wants their customers with legacy systems doing, is it? Maybe it’s just me here that’s concerned about running an insecure browser for the next 12-18 months, or however long it is before Longhorn comes out. If the IE blog wants to start rocking, then it needs to give customers like me the maximum amount of tools and tips to secure IE now.

• Windows XP Reloaded
• IE 7 to support png, tabbed browsing, RSS aggregator and more?
• Tabbed browsing in IE via MSN Toolbar
• Flexbeta: 13 Reasons To Use Firefox Over IE
• Using the PayPal security key
• Longhorn not to hit stores until 2006